Should I let my “beginnerishness” hold me back? (not rhetorical) [duplicate]

Question

This question already has answers here:

Develop fast and buggy, then correct errors or be slow, careful for each line of code? [duplicate] (12 answers)

Closed 7 years ago.

My situation is that I've been programming for about three years and have learned a lot but still have a long long way to go.

I have an idea for an app that I believe would take off, but I'm afraid to build it because it involves architecting a back-end with databases and authenticated payment transactions and user accounts and I've never done any of that.

I'm afraid that if I hacked it together, people would use it and things would go wrong-- security flaws, data loss, somehow I accidentally drop_table and lose everyone's payment history, etc, because I'm not sufficiently experienced with industry practices in terms of data management, versioning, hosting transitions, and plain old coding.

But I really want to build this.

Has anyone every been in a similar situation, and do you have any advice?

Answer 1

Don't let it stop you, but don't build it for yourself either. There are very difficult and extreme restrictions on PCI compliance, which is the technical hoop you have to jump through to store credit card information.

Do yourself a big favor and use a service like Authorize.net or Stripe that lets you store all of that sensitive data on their servers and access it with authentication tokens. It reduces your risk significantly yet allows you to build what you want to.

Assuming you are willing to learn on the job, you'll figure out either the easy way or the hard way how to do data management, versioning, deployment, server admin, etc, if you're the only guy on the job. But, you're not the only person in the world; you may consider bringing someone else in that has some other skills to complement yours.

Answer 2

Don't Let Fear of Failure Hold You Back

Be brave, and don't hold yourself with fears that you don't have experience to build your idea. Definitely, there are hoops, compliance and security that you would need to consider for a growing app, but you will figure out solution once you started to research. Just don't let your fears push you back.

In terms of compliance and PCI, as mentioned previously, there are services that you may use. Azure, Amazon, Vault services, etc. are some of them.

I have tried Windows Azure Services to handle credit card transactions and it worked for me. You may get more info from a nicely compiled article - PCI Compliant Credit Card Handling on Windows Azure.

• Processing credit card transactions on Azure
• Don’t Let Your Fear Hold You Back - for nerds
• What Is Holding You Back?

Answer 3

This probably won't be a popular view but my opinion is don't do it. Or at least don't do it alone.

Security is very difficult to get it right. Even seasoned developers will often introduce subtle security flaws if they have not actively considered all the possible ramifications of a particular line of code. User authentication alone is very difficult to get it right.

If you insist on going ahead with this, I strongly suggest looking into existing libraries to help you with the security stuff. Most languages and frameworks have excellent authentication and authorization libraries. Any halfway decent framework will aid you in sanitizing your input. And for god's sake, don't roll your own cryptography schemes. IT Security stackexchange is an excellent resource for this sort of stuff but be prepared to spend a lot of time on getting things right.

You should also look into getting your code reviewed by experts especially if it involves important stuff like money or PII. Definitely think ahead about any possible compliance issues such as PCI.