I am currently working on a project where I have to design / implement the billing/invoicing system for our companies new project. We will be generating the invoices once a month as pdf files and sending out a link to the file to the customer.
The framework in use will be .Net 3.5 / C#. As I do not have a lot of experience doing this from scratch I was wondering if there were some best practices from a software perspective that I should consider while doing this that are specific to this type of application?
I realize this question is probably pretty subjective, but I'm looking for guidelines that keep in mind that - specifically those that would commonly be missed or might not be obvious.
Keep it secure! Make sure your users can get the information through a password-protected HTTPS connection! Let the users pick their own passwords. And be careful because billing/invoice information is considered very sensitive, thus be prepared someone will attempt to hack into this system. There will be people who will attempt to abuse this invoice system so one thing is important: Security!
Some companies have gone completely broke after having to pay for damages simply because a hacker gained access to their system!
Start with writing a multi-tier design, which should involve multiple, physical servers. One database server with customer invoice/billing data. One middle-tier business server to store your business logic. And one web server which can only talk to the business layer and not to the database in the background! If possible, keep the database in a different network. Preferably a network that has no gateways to the outside world.