Best Paractice for web access to user data for online ordering

[Mike Hatfield]

There is the PxPlus WebServer and Webster+. The question is about a secure way to expose user data for online orders and enquiries. I would not recommend direct access to the user data. Way too easy for a competent hacker to get through to the live data snd then to the client network.
What is the recommended best practice to achieve this.
We have some clients that use Magento and we keep Magento updated with latest data. Orders are downloaded in JSON by a background task that connects to Magento and imports the order into the application.
I guess another way would be to user the PxPlus file sync service to keep a copy of the data up to date on a separate server. You could then use Webster+ as the web interface.
What tools or methods would you use to interface with something like Wordpress?
Thanks

[pwhirley]

One of the advantages of using PXPlus web services has always been the ability to directly access the data files from the application. I'm not a hacker, but I don't think it would be terribly easy to get to the original datafiles from a website that has PXPlus (Webster+) code running behind the web server.

However, when using any of the popular content management systems to expose data that normally resides in a PXPlus database, I've always synchronized a subset of that data to a MySQL database accessible from the website code. I have, on occasion, used MS SQL Server, but only because the CMS was based on SQL Server.
Depending on the requirements, I've had routine periodic transfers of data handled by a background task, or I've executed realtime queries to insert, update or delete data in the remote/web sql database when changes are made in the application.  I'm working on a web app now which updates a MySQL database every time a record is written or removed from the PXPlus database. 
I'm not sure about "best practices", but this is what I do.
Phil