Pyasa.ca is a unique concept in DVD hiring. The portal charges a fixed monthly fee for using their services providing unlimited number of DVDs to their customers in a month, they are only restricted by the number of DVDs they can possess at any given time.

It is a pretty comprehensive system that was built over several months by another developer and we were asked to fix several bugs and take up the future maintenance of the system. (Presumably the original developer is no longer of help for some reasons). The code or project had no documentation to refer back to. Worse all pages had the full paths hard coded into it(each page referred to pyasa.ca/pagename.php) so it was very challenging to test the application offline. The application had scores of credit card details on the server without encryption.

We first setup a local server and changed the DNS settings of our network to point all requests to the local server. Then we understood the code and fixed up the bugs as requested by the client locally. And during off peak hours the changes were tested and replicated on the production server. We also noticed several major security gaps especially when dealing with credit card data. We analyzed all the possible weak links in the security chain and created a robust security plan that included encrypting the credit card data on the database, hiding the encryption / decryption file from normal ftp access. Adding an htaccess based access control to credit card related functions in the administrators menu and securing up the user end of the pages to minimize transmission of card numbers over web when not required.

We are now in full control of the system from where the original developers had left it. It's now robustly secure and free of most of the bugs and has many more added features to improve control of the inventory.