mss chapter 3 shopping carts payment gateways l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
MSS: Chapter 3 Shopping carts & Payment gateways PowerPoint Presentation
Download Presentation
MSS: Chapter 3 Shopping carts & Payment gateways

Loading in 2 Seconds...

play fullscreen
1 / 17

MSS: Chapter 3 Shopping carts & Payment gateways - PowerPoint PPT Presentation


  • 187 Views
  • Uploaded on

MSS: Chapter 3 Shopping carts & Payment gateways Evolution of Shopping Farmers’ market  Store shopping  Supermarket  Catalog shopping  On-line shopping: combines the experience of both in-store shopping and catalog shopping

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'MSS: Chapter 3 Shopping carts & Payment gateways' - benjamin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
evolution of shopping
Evolution of Shopping
  • Farmers’ market  Store shopping  Supermarket  Catalog shopping
  •  On-line shopping: combines the experience of both in-store shopping and catalog shopping

+ Web-based applications offer more interactivity and multimedia presentation than a printed catalog.

+ Web-based applications typically provide searching capabilities, which are not available in the traditional in-store shopping or catalog shopping.

+ Web-based applications can be tailored to different shopping styles.  “no-pressure” shopping experience

Q: Are there any drawbacks or specific requirements?

csci5931 Web Security

evolution of shopping3
Evolution of Shopping
  • What are the factors that may drive potential customers away from web-based shopping?
    • Is concern over security real?
    • Ease of use
    • Anything else?

csci5931 Web Security

e commerce model
E-commerce model
  • c.f.,: traditional retail business (Fig. 3-1)
  • c.f.,: computerized retail business (Fig. 3-2)
  • Figure 3-3 (p.97): e-commerce model
  • Characteristics:
    • A web portal represents the company’s web identity.
    • The portal serves as an entry into the electronic store.
    • A web site hosting multiple applications that interact with an array of servers (other web sites, financial processing, transaction processing, back-end databases, etc.)
  • Q: What makes an e-commerce different from a computerized retail business?

csci5931 Web Security

e commerce model5
E-commerce model
  • An exercise: The e-commerce model on page 97 is not really an ER diagram. Modify/refine the model and turn it into a real ER or EER diagram.
  • Hint: Add relationships
  • Part of your project: preliminary design

csci5931 Web Security

e commerce model6
E-commerce model
  • The need for peer-to-peer communications
  • An extranet is an inter-network linking different companies’ internal network.
  • What are the requirements of an inter-company web-based application?
    • Trust!
    • Authentication
    • Non-repudiation
    • Anything else?
  •  Web-services

csci5931 Web Security

web services
Web Services
  • Multi-party Web services (see the announcement on 1/22)

csci5931 Web Security

web services8
Web Services
  • An excellent survey of web security technologies and web service background information
  • Part of assignment 2
  • May be used as this semester’s projects or a thesis

csci5931 Web Security

e shopping cart systems
E-shopping cart systems
  • Uses of an e-shopping cart:
    • Temporarily stores what the customer has picked;
    • Provides a summary of the items (prices, S&H cost, etc.) in the cart when needed (per the customer’s request or at the time of checkout);
    • The customer may replace items in the cart until the transaction is finalized.

csci5931 Web Security

e shopping cart systems10
E-shopping cart systems
  • The e-shopping cart application forms the heart of the e-shopping application.
  • It binds the customer, the product catalog, the inventory system, and the payment system together. (See Fig. 3-7, p.103.)

csci5931 Web Security

e shopping cart systems11
E-shopping cart systems
  • Implementation requirements:
    • Accuracy: It correctly records what the customer has picked and changed.
    • Flexibility: It allows the customer to freely replace items in the cart.
    • Integration: with the product catalog, the inventory system, and the payment gateway.
    • Integrity: No tampering of the cart’s content, whether by malicious 3rd party or programming errors (e.g., across two different carts)

csci5931 Web Security

e shopping cart systems12
E-shopping cart systems
  • Components:
    • Session management
    • Product catalog application
    • Payment gateway
    • Back-end databases (e.g., product inventory, customer information)
    • See Fig. 3-7 (p.103) and Fig. 3-9 (p.109)

csci5931 Web Security

e shopping cart systems13
E-shopping cart systems
  • Sample problems with insecure shopping carts:
    • Remote command execution over HTTP
    • Unprotected sensitive information retrievable via HTTP
    • Improper or no ‘input sanitization’  results in remote command execution
    • Modified hidden HTML form fields

csci5931 Web Security

payment processing system
Payment processing system
  • The checkout process:
    • Finalize the order
    • Choose method of payment
    • Verify of the chosen payment method
    • Log all transactions
    • Fulfill the order
    • Generate a receipt

csci5931 Web Security

payment processing system15
Payment processing system
  • The payment gateway interface:
    • See Fig. 3-9
    • Interacts with the order information page, the back-end databases, and the payment gateway
    • Provided by the institution that hosts the payment gateway (e.g., Verisign or PayPal)
    • Integrated into the e-shopping application and invoked by the electronic storefront app.
    • SSL encrypted interface with the payment gateway (Q: how about i/f with other components?)

csci5931 Web Security

payment processing system16
Payment processing system
  • Payment system implementation issues:
    • Never trust “sensitive” data passed from the client side. Why?
    • Do not store temporary info within the Web server’s document folder. Why?
    • Temporary info should be destroyed after its use.
    • Use SSL to encrypt communication links. Why?
    • Carefully protect user profiles!

csci5931 Web Security

slide17
Next
  • Java security model (GS: Ch1, 2, 3)

csci5931 Web Security