2 domains, 2 databases concept & security - ideas? :)

[rootKID]

Hello, been a while. This is as much a hyperthetical question as it is a general question for how to do this best, security wise.

So me and a friend is soon to launch a project we wonna sell out to people, however, we have 2 databases to take into consideration. Our customers localhost database, and our database at our own domain name (not online yet! will soon!).

The idea is that whenever, on a customers website, a person orders say a pizza, that pizza order will be placed in their database. HOWEVER! That order will also be counted into our database as a sort of receipt. We sell our website based on how much that specific website gets of orders and we get x-% amount of those orders and so on.

My questions is. What to take into consideration and how to do this best?

Because right now we have:

index.php (one file to rule them all............ basically we only have one file :P)

up_order.php (upload order to database"s")

Now, from what im thinking, the up_order.php file would contain the database to OUR domain (of course)! But since all of these files are gonna be placed on our customers localhost service online on their own website domain and so on, we of course don't want our PERSONAL database login information being on their website!?

So what do take into consideration when doing this, and what ways to best protect ourselves from any attacks and other stuff?

One thing i have already considered, are to have 2 seperated database logins somehow. One main-login for our database we use for whatever reason, and another that can ONLY INSERT and MAYBE also UPDATE... but we are afraid if we put the "UPDATE" part into the secondary user login we would use for user customers, they (or any hackers for that matter) are still able to use that somehow to change whatever they want inside our database, should they get access?

The reason we also consider the UPDATE part, is that if the specific restaurant wants to make changes to a customers order, we should also be able to see this so whenever we bill those customers, we dont send them bills based on some order they maybe did not deliver for some weird reason (of course... would not make sense)

In any ways, if you guys knows what type of approaches to take the best and what to take into consideration, i would LOVE you for these information!

Maybe considering encrypted information somehow to be used in a database connection?

In either way, hoping you can guide me with both information, tutorials or just in general information of what i should read up upon.

Thanks in advance!

PS: Not sure if this is the right place for me to post this, but hoping it is. If not, then please [ADMIN's], move it to the right location.

Again. Thanks! ❤️ 

[Ingolme]

The correct way to solve this is to set up an API on your server. The client would connect to your API over HTTPS with authentication information (username, password and maybe an API token) exclusive to them along with the information they want to store.

Your server would verify that the API request comes from a valid user and then it would store the information in the database.

[rootKID]

20 hours ago, Ingolme said:

The correct way to solve this is to set up an API on your server. The client would connect to your API over HTTPS with authentication information (username, password and maybe an API token) exclusive to them along with the information they want to store.

Your server would verify that the API request comes from a valid user and then it would store the information in the database.

Good option, problem is that i've never personaly created API's before. I know it is one option, and a popular one at best, so would maybe need help for the beginning.

Can you refer me to a guide somewhere online possibly?

Thanks in advance!

[Ingolme]

An API is the only secure option.

It's not exactly easy to implement, I don't think there are tutorials for it but you could search on google for PHP API tutorials. This is one of those things that are too specific to each situation to make a general tutorial out of it.

Generally, information is sent to an API in JSON format. On your server's end, to read a JSON string sent through POST you could use file_get_contents('php://input') and then json_decode() it.

$raw_data = file_get_contents('php://input');
$data = json_decode($raw_data, true);

The JSON structure is entirely up to you and it depends on what data you wish to send and interpret. You would use data in this JSON structure to both authenticate the user and run the query.

It is very important that your server is running HTTPS and that you block non-HTTPS requests, or there is absolutely no security and anybody can edit your database.