KNOWLEDGE PORTAL ON E-COMMERCE SECURITY MECHANISMS

Team - CACSCI 5234 Web Security

PURPOSE:

Collect and document information of ecommerce security mechanisms.

Using: wiki engine for collaboration

TIER DIAGRAMS

Internet

Database

Wiki Web Server

System Architecture

-Client 1 -22 -23

TOPIC

POSTS

WIKI PAGE

COMMENTSACCESS RIGHTS

COMMUNITY

TAGS

Conceptual Design

Detailed Design

Images & Media

Statistics & Logging

User Accounts, Privilages,Watchlist

MiscellaneousCaching Tables

IPBlocks

Parser Testing

Intermediate Tables

Security Measures Included

HTTPS – Authenticate server to the clientDemo - SSL certificate invocation

Database Firewall – Port management rules limit vulnerability of direct attack on databaseIllustrate – rules and ports

Database SSH – Secure tunnel between the application and the databaseDemo – SSH tunnel creation

Security Measures

Application Security – user access, database information hiding, cookie and session timeouts

Cross Side Scripting – Disable unused features on the wiki. Limit access to the scripting variables. E.g $wguseFilesCss

Hide database information – put the database information on a separate file, then include it during runtime. require_once (“c:\mysql_info.php”);$db_name=”wikidb”;

Statistics and Ranking

Implement ranking using extensions Add the extensions to the ./extensions folder. Call the extension at runtime using

require_once() function

Contributions.php ContributionsScore.php

Ranking can be based on the number of edits or the volume contained in each edit a user posts to the wiki.

THANKS