Security fanatic and host of the #1 Tech Podcast (Security Now) Steve Gibson, built his own e-commerce system in assembly language. This came from a need and lack of a 3rd party product that offered the features Steve needed. What really intrigued me while listening to Steve on Security Now #109 was how accessible he made his e-commerce system.
Steve’s system collects the basic info on the first page of the process and then sends it to the server for validation like does the provided e-mail address look like an e-mail address and is the credit card number properly entered. Steve then takes the customer to a second page where he asks to confirm their e-mail as well as gathering additional data. The trick to keeping track of the previous data entered without using cookies is the use of a hidden field which Steve fills with the previous data encrypted using a secret key on the server and then digitally signed using a cryptographic hash. The result is all of the users data that is essentially useless outside of the server which can then be sent back to Steve, decrypted, and used to fulfill the order.
Now this might sound a little fishy if it weren’t coming from Steve Gibson himself. But this is the guy who wrote the Ultra High Security Password Generator, which is guaranteed to never give the same password twice and is truly random.
I have always had this idea of creating my own e-commerce site to sell my photography and hearing Steve talk about designing and building his own e-commerce solution was really inspiring. You can listen to the 95 minute podcast or read the complete transcript over at GRC.com/securitynow.