1.2. Understanding Security Threats
Depending on your role in the security issue (as defined in the previous section), you might define "security threat" in various ways. A customer of an e-commerce Web site views the term "security threat" in more general, conceptual terms. "I want my information to be protected" or "I don't want anyone to steal my information" or "I want to be confident in the online ordering process" are statements that customers might make in regard to how they think about e-commerce security. Such statements are definitely important, but they often involve an enormous number of variables, from the physical operation of the Web server hardware to well-designed code.
As an IT professional in either the developer or administrator role (but again, for this book, we assume you're in the developer role), you'll view security threats in more tangible terms. To be sure, security is often a state of mind (more on that idea later), but you, as the developer, need to be aware of very real nuts-and-bolts issues of security as you develop secure PHP and MySQL code. (We look extensively at secure PHP programming in Chapter 4 of this minibook, as well as programming secure e-commerce applications in Chapter 5 of this minibook.)
So, depending on the type of Web site you are developing, some common security threats you need to be aware of might include the following:
Loss of data: You might say to yourself, "Well, if I lose my customer's data, that's better than having it ...