Upload
abner-lamb
View
212
Download
0
Embed Size (px)
Citation preview
KNOWLEDGE PORTAL ON E-COMMERCE SECURITY MECHANISMS
Team - CACSCI 5234 Web Security
PURPOSE:
Collect and document information of ecommerce security mechanisms.
Using: wiki engine for collaboration
TIER DIAGRAMS
Internet
Database
Wiki Web Server
System Architecture
-Client 1 -22 -23
TOPIC
POSTS
WIKI PAGE
COMMENTSACCESS RIGHTS
COMMUNITY
TAGS
Conceptual Design
Detailed Design
Images & Media
Statistics & Logging
User Accounts, Privilages,Watchlist
MiscellaneousCaching Tables
IPBlocks
Parser Testing
Intermediate Tables
Security Measures Included
HTTPS – Authenticate server to the clientDemo - SSL certificate invocation
Database Firewall – Port management rules limit vulnerability of direct attack on databaseIllustrate – rules and ports
Database SSH – Secure tunnel between the application and the databaseDemo – SSH tunnel creation
Security Measures
Application Security – user access, database information hiding, cookie and session timeouts
Cross Side Scripting – Disable unused features on the wiki. Limit access to the scripting variables. E.g $wguseFilesCss
Hide database information – put the database information on a separate file, then include it during runtime. require_once (“c:\mysql_info.php”);$db_name=”wikidb”;
Statistics and Ranking
Implement ranking using extensions Add the extensions to the ./extensions folder. Call the extension at runtime using
require_once() function
Contributions.php ContributionsScore.php
Ranking can be based on the number of edits or the volume contained in each edit a user posts to the wiki.
THANKS