Mss chapter 3 shopping carts payment gateways
Download
1 / 17

MSS: Chapter 3 - PowerPoint PPT Presentation


  • 172 Views
  • Uploaded on

MSS: Chapter 3 Shopping carts & Payment gateways Evolution of Shopping Farmers’ market  Store shopping  Supermarket  Catalog shopping  On-line shopping: combines the experience of both in-store shopping and catalog shopping

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'MSS: Chapter 3' - benjamin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Mss chapter 3 shopping carts payment gateways l.jpg

MSS: Chapter 3Shopping carts & Payment gateways

csci5931 Web Security


Evolution of shopping l.jpg
Evolution of Shopping

  • Farmers’ market  Store shopping  Supermarket  Catalog shopping

  •  On-line shopping: combines the experience of both in-store shopping and catalog shopping

    + Web-based applications offer more interactivity and multimedia presentation than a printed catalog.

    + Web-based applications typically provide searching capabilities, which are not available in the traditional in-store shopping or catalog shopping.

    + Web-based applications can be tailored to different shopping styles.  “no-pressure” shopping experience

    Q: Are there any drawbacks or specific requirements?

csci5931 Web Security


Evolution of shopping3 l.jpg
Evolution of Shopping

  • What are the factors that may drive potential customers away from web-based shopping?

    • Is concern over security real?

    • Ease of use

    • Anything else?

csci5931 Web Security


E commerce model l.jpg
E-commerce model

  • c.f.,: traditional retail business (Fig. 3-1)

  • c.f.,: computerized retail business (Fig. 3-2)

  • Figure 3-3 (p.97): e-commerce model

  • Characteristics:

    • A web portal represents the company’s web identity.

    • The portal serves as an entry into the electronic store.

    • A web site hosting multiple applications that interact with an array of servers (other web sites, financial processing, transaction processing, back-end databases, etc.)

  • Q: What makes an e-commerce different from a computerized retail business?

csci5931 Web Security


E commerce model5 l.jpg
E-commerce model

  • An exercise: The e-commerce model on page 97 is not really an ER diagram. Modify/refine the model and turn it into a real ER or EER diagram.

  • Hint: Add relationships

  • Part of your project: preliminary design

csci5931 Web Security


E commerce model6 l.jpg
E-commerce model

  • The need for peer-to-peer communications

  • An extranet is an inter-network linking different companies’ internal network.

  • What are the requirements of an inter-company web-based application?

    • Trust!

    • Authentication

    • Non-repudiation

    • Anything else?

  •  Web-services

csci5931 Web Security


Web services l.jpg
Web Services

  • Multi-party Web services (see the announcement on 1/22)

csci5931 Web Security


Web services8 l.jpg
Web Services

  • An excellent survey of web security technologies and web service background information

  • Part of assignment 2

  • May be used as this semester’s projects or a thesis

csci5931 Web Security


E shopping cart systems l.jpg
E-shopping cart systems

  • Uses of an e-shopping cart:

    • Temporarily stores what the customer has picked;

    • Provides a summary of the items (prices, S&H cost, etc.) in the cart when needed (per the customer’s request or at the time of checkout);

    • The customer may replace items in the cart until the transaction is finalized.

csci5931 Web Security


E shopping cart systems10 l.jpg
E-shopping cart systems

  • The e-shopping cart application forms the heart of the e-shopping application.

  • It binds the customer, the product catalog, the inventory system, and the payment system together. (See Fig. 3-7, p.103.)

csci5931 Web Security


E shopping cart systems11 l.jpg
E-shopping cart systems

  • Implementation requirements:

    • Accuracy: It correctly records what the customer has picked and changed.

    • Flexibility: It allows the customer to freely replace items in the cart.

    • Integration: with the product catalog, the inventory system, and the payment gateway.

    • Integrity: No tampering of the cart’s content, whether by malicious 3rd party or programming errors (e.g., across two different carts)

csci5931 Web Security


E shopping cart systems12 l.jpg
E-shopping cart systems

  • Components:

    • Session management

    • Product catalog application

    • Payment gateway

    • Back-end databases (e.g., product inventory, customer information)

    • See Fig. 3-7 (p.103) and Fig. 3-9 (p.109)

csci5931 Web Security


E shopping cart systems13 l.jpg
E-shopping cart systems

  • Sample problems with insecure shopping carts:

    • Remote command execution over HTTP

    • Unprotected sensitive information retrievable via HTTP

    • Improper or no ‘input sanitization’  results in remote command execution

    • Modified hidden HTML form fields

csci5931 Web Security


Payment processing system l.jpg
Payment processing system

  • The checkout process:

    • Finalize the order

    • Choose method of payment

    • Verify of the chosen payment method

    • Log all transactions

    • Fulfill the order

    • Generate a receipt

csci5931 Web Security


Payment processing system15 l.jpg
Payment processing system

  • The payment gateway interface:

    • See Fig. 3-9

    • Interacts with the order information page, the back-end databases, and the payment gateway

    • Provided by the institution that hosts the payment gateway (e.g., Verisign or PayPal)

    • Integrated into the e-shopping application and invoked by the electronic storefront app.

    • SSL encrypted interface with the payment gateway (Q: how about i/f with other components?)

csci5931 Web Security


Payment processing system16 l.jpg
Payment processing system

  • Payment system implementation issues:

    • Never trust “sensitive” data passed from the client side. Why?

    • Do not store temporary info within the Web server’s document folder. Why?

    • Temporary info should be destroyed after its use.

    • Use SSL to encrypt communication links. Why?

    • Carefully protect user profiles!

csci5931 Web Security


Slide17 l.jpg
Next

  • Java security model (GS: Ch1, 2, 3)

csci5931 Web Security


ad