mss: chapter 3 shopping carts & payment gateways
DESCRIPTION
MSS: Chapter 3 Shopping carts & Payment gateways. Evolution of Shopping. Farmers’ market Store shopping Supermarket Catalog shopping On-line shopping: combines the experience of both in-store shopping and catalog shopping - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/1.jpg)
csci5931 Web Security 1
MSS: Chapter 3
Shopping carts & Payment gateways
![Page 2: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/2.jpg)
csci5931 Web Security 2
Evolution of Shopping Farmers’ market Store shopping
Supermarket Catalog shopping On-line shopping: combines the experience of
both in-store shopping and catalog shopping+ Web-based applications offer more interactivity and
multimedia presentation than a printed catalog.+ Web-based applications typically provide searching
capabilities, which are not available in the traditional in-store shopping or catalog shopping.
+ Web-based applications can be tailored to different shopping styles. “no-pressure” shopping experience
Q: Are there any drawbacks or specific requirements?
![Page 3: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/3.jpg)
csci5931 Web Security 3
Evolution of Shopping
What are the factors that may drive potential customers away from web-based shopping?- Is concern over security real?- Ease of use- Anything else?
![Page 4: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/4.jpg)
csci5931 Web Security 4
E-commerce model
c.f.,: traditional retail business (Fig. 3-1) c.f.,: computerized retail business (Fig. 3-2) Figure 3-3 (p.97): e-commerce model Characteristics:
A web portal represents the company’s web identity. The portal serves as an entry into the electronic store. A web site hosting multiple applications that interact
with an array of servers (other web sites, financial processing, transaction processing, back-end databases, etc.)
Q: What makes an e-commerce different from a computerized retail business?
![Page 5: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/5.jpg)
csci5931 Web Security 5
E-commerce model
An exercise: The e-commerce model on page 97 is not really an ER diagram. Modify/refine the model and turn it into a real ER or EER diagram.
Hint: Add relationshipsPart of your project: preliminary design
![Page 6: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/6.jpg)
csci5931 Web Security 6
E-commerce model
The need for peer-to-peer communicationsAn extranet is an inter-network linking
different companies’ internal network.What are the requirements of an inter-
company web-based application? Trust! Authentication Non-repudiation Anything else?
Web-services
![Page 7: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/7.jpg)
csci5931 Web Security 7
Web Services
Multi-party Web services (see the announcement on 1/22)
![Page 8: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/8.jpg)
csci5931 Web Security 8
Web Services
An excellent survey of web security technologies and web service background information
Part of assignment 2May be used as this semester’s projects or a
thesis
![Page 9: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/9.jpg)
csci5931 Web Security 9
E-shopping cart systems Uses of an e-shopping cart:
Temporarily stores what the customer has picked;
Provides a summary of the items (prices, S&H cost, etc.) in the cart when needed (per the customer’s request or at the time of checkout);
The customer may replace items in the cart until the transaction is finalized.
![Page 10: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/10.jpg)
csci5931 Web Security 10
E-shopping cart systems The e-shopping cart application forms the
heart of the e-shopping application. It binds the customer, the product catalog,
the inventory system, and the payment system together. (See Fig. 3-7, p.103.)
![Page 11: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/11.jpg)
csci5931 Web Security 11
E-shopping cart systems Implementation requirements:
Accuracy: It correctly records what the customer has picked and changed.
Flexibility: It allows the customer to freely replace items in the cart.
Integration: with the product catalog, the inventory system, and the payment gateway.
Integrity: No tampering of the cart’s content, whether by malicious 3rd party or programming errors (e.g., across two different carts)
![Page 12: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/12.jpg)
csci5931 Web Security 12
E-shopping cart systems Components:
Session management Product catalog application Payment gateway Back-end databases (e.g., product inventory,
customer information)
See Fig. 3-7 (p.103) and Fig. 3-9 (p.109)
![Page 13: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/13.jpg)
csci5931 Web Security 13
E-shopping cart systems Sample problems with insecure shopping
carts: Remote command execution over HTTP Unprotected sensitive information retrievable
via HTTP Improper or no ‘input sanitization’ results
in remote command execution Modified hidden HTML form fields
![Page 14: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/14.jpg)
csci5931 Web Security 14
Payment processing system The checkout process:
1. Finalize the order2. Choose method of payment3. Verify of the chosen payment method4. Log all transactions5. Fulfill the order6. Generate a receipt
![Page 15: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/15.jpg)
csci5931 Web Security 15
Payment processing system The payment gateway interface:
See Fig. 3-9 Interacts with the order information page, the
back-end databases, and the payment gateway Provided by the institution that hosts the
payment gateway (e.g., Verisign or PayPal) Integrated into the e-shopping application and
invoked by the electronic storefront app. SSL encrypted interface with the payment
gateway (Q: how about i/f with other components?)
![Page 16: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/16.jpg)
csci5931 Web Security 16
Payment processing system Payment system implementation issues:
Never trust “sensitive” data passed from the client side. Why?
Do not store temporary info within the Web server’s document folder. Why?
Temporary info should be destroyed after its use.
Use SSL to encrypt communication links. Why?
Carefully protect user profiles!
![Page 17: MSS: Chapter 3 Shopping carts & Payment gateways](https://reader036.vdocument.in/reader036/viewer/2022082517/5681305d550346895d9625f6/html5/thumbnails/17.jpg)
csci5931 Web Security 17
Next
Java security model (GS: Ch1, 2, 3)