The information that is recorded in these URLs includes the item number

The information that is recorded in these urls

This preview shows page 18 - 20 out of 28 pages.

record customers’ purchasing choices in the URLs. The information that is recorded in these URLs includes the item number, quantity, and price. If the price is not checked on the back end of the process, customers could change the prices of items. In one case, a customer changed P:\010Comp\Begin8\957-8\ch17.vp Friday, May 09, 2003 9:24:55 AM Color profile: Generic CMYK printer profile Composite  Default screen
Image of page 18
Network Security: A Beginner’s Guide 421 Begin8 / Network Security: A Beginner’s Guide / Maiwald / 222957-8 / 17 Blind Folio 17:421 17 E-Commerce Security Needs the price to a negative number and the organization provided a credit to the customer for each item purchased. Given this example, it becomes clear that the prices of items may be sensitive to the organization. If the URL is used to pass this information between scripts or programs, the prices (at least) should be checked at the back end before the order is processed. Sensitive information such as credit card numbers may also be stored by the organization. As mentioned before, it is never a good idea to store such valuable information on the Web server itself. The system design should provide a mechanism for getting this information off the Web server and either store it in the database server or delete it after it has been used. When deciding whether to keep credit card information or not, one consideration is how the customer feels. Some marketing groups say that a customer wants the e-commerce process to be as easy and painless as possible and that retyping credit card numbers may cause customers to go to a different site, so this may be a requirement. If it is, the card numbers must be kept someplace where the risk of a successful attack is small. Along these same lines, the organization may choose to avoid this issue entirely by using an outside partner to process the credit card transactions. If this option is chosen, the information on the purchase must be handed off to the partner. Care must be taken here to pass the information correctly. Proper Programming Techniques Any e-commerce application will require some coding either of scripts or programs. These are likely to be custom programs designed specifically for your particular environment and situation. The programs are a major source of system vulnerabilities primarily due to programmin errors. The biggest of these errors is the potential for buffer overflows. Buffer overflow problems can be reduced by correcting two errors: Do not make assumptions about the size of user input. Do not pass unchecked user input to shell commands. If the programmer makes assumptions about the size of expected user input, he is likely to define particular variable sizes. If an attacker knows this, she might be able to send input that will cause the input buffer to overflow and potentially gain access to files or the operating system (see Module 3 for a more detailed discussion of buffer overflows).
Image of page 19
Image of page 20

You've reached the end of your free preview.

Want to read all 28 pages?

  • Fall '17

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes