Web Community

Security is a very cretical issue in e-commerce. Still many users do not appriciate e-commerce becuase they are worried about security issues. A develper must be aware of all aspects related to security before implementing any e-commerce project.
First let us identify the most commen threats. The major ones are:
-  Malicious code: Code designed to cause harm, in some way. The majority are bundled with free software, and the effects range from displaying adverts to logging every keystroke.
-  spoofing attack: which is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
- Sniffing: a packet sniffer (also known as a network analyzer or protocol analyzer or, for particular types of networks, an Ethernet sniffer or wireless sniffer) is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network.
-  Hacking and cybervandalism
-  Credit card fraud/theft
-  Denial of service attacks

The tecnology solutions for these problems are many depending on the problems wanted to solved. Some are:
 
-Protecting Internet communications (encryption)
-Securing channels of communication (SSL, S-HTTP, VPNs)
-Protecting networks (firewalls)
-Protecting servers and clients
Here are some details about encryption and SSL:

 
* Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver
nPurpose:
Secure stored information
Secure information transmission
Encryption Provides:
Message integrity
Nonrepudiation
Authentication
Confidentiality
 
Encryption lead to the talk of Cryptography which is the science or study of secret writing (cipher texts)
Basic idea:  convert clear text (also called plain text – the original message) to ciphertext  (the encrypted message)
It has three Main Categories
1-Secret Key (Symmetric Encryption)  single key is used to encrypt and decrypt information
2- Public/Private Key (Asymmetric Encryption) two keys are used: one for encryption (public key) and one for decryption (private key)
3- One-way Function: information is encrypted to produce a “digest” of the original information that can be used later to prove its authenticity.

 
Secure Sockets Layer (SSL)

SSL Characteristics
Operates at the TCP/IP transport layer
Encrypts (decrypts) input from application (transport) layer
Any program using TCP can be modified to use SSL connections
SSL connection uses a dedicated TCP/IP socket  (e.g. port 443 for https or port 465 for ssmtp)
SSL is flexible in choice of which symmetric encryption, message digest, and authentication algorithms can be used
When SSL client makes contact with SSL server they try to pick strongest encryption methods they have in common
SSL provides built in data compression
 When SSL connection established browser-to-server and server-to-browser communications are encrypted.  This includes:
URL of requested document
Contents of the document
Contents of browser forms
Cookies sent from browser to server
Cookies sent from server to browser
Contents of HTTP header
But NOT particular browser to particular server
socket addresses not encrypted
can use proxy server for privacy

 This Contribution si by or from: Imad AlMuallem.