Design and Implementation of an E‑Commerce System: Business, Efficiency, Security, and Optimization Insights

The e‑commerce project was built from scratch between April and June 2017, delivering a complete closed‑loop covering product browsing, ordering, payment, warehousing, and logistics, and establishing three systems: buyer, seller backend, and operations center.

Business Section

Rapid iteration and frequent trial‑and‑error required deep business understanding; the inventory system was designed by first clarifying online and offline requirements, defining separate inventory and warehouse systems, and establishing a layered architecture that separates the sales layer (inventory system) from the warehouse layer (warehouse system).

Key steps included requirement gathering, concept clarification, layered design, synchronization mechanisms (top‑down and bottom‑up stock updates), and data‑structure design, illustrated with diagrams of inventory flow, system interactions, and ER models.

Efficiency Section

To accelerate development, the team focused on three aspects: reasonable reuse of existing services and frameworks, building extensible code, and improving work efficiency.

Reusable services included image, search, monitoring, and data platforms. Self‑built systems emphasized simplicity, flexibility, and extensibility, using design patterns such as Bridge (for pluggable logistics), State (order status), and Template Method (performance statistics).

Additional efficiency tips covered meeting reduction, prioritizing essential requirements, automation (e.g., using mysqldbcompare for schema diff), and writing unit tests to reduce integration effort.

Security Section

Given the monetary nature of the platform, security was addressed at multiple layers: client‑side defenses (XSS, CSRF, URL whitelist), network layer (HTTPS, internal‑external network separation, port control), application layer (business logic validation, anti‑fraud measures, secure API authentication and authorization), and data layer (MyBatis prepared statements, minimal DB privileges).

The development process followed a Software Security Development Lifecycle (SDL), integrating security considerations into requirement analysis, design, coding, testing, and maintenance, with a visual SDL workflow diagram.

Optimization Section

Performance improvements targeted link optimization (reducing data transfer, connection tuning, concurrency) and architectural optimization (evaluating monolithic vs. service‑oriented architectures). The final architecture adopted a slightly modified monolith with three independent applications (buyer, seller, operations) and shared service JARs, while planning future service‑oriented migration.

Specific optimizations included using WebP images, enabling gzip and HTTP/2 on Tomcat, TCP parameter tuning, CDN caching, and separating static resources from Java services. After these changes, page load time dropped from ~5 s to under 3 s.

Team‑Building Section

Team‑building insights emphasized clear role division with high cohesion and low coupling, deep business involvement for developers, and establishing technical standards (onboarding guides, API design, Java coding, SQL, database design, project management templates, performance testing, release checklists) to reduce risk and accelerate onboarding.

Conclusion

The article summarizes how, by aligning technical design with business needs and iteratively optimizing for efficiency, security, and performance, a startup e‑commerce platform can be built rapidly while maintaining scalability and reliability.