April 2011
Intermediate to advanced
504 pages
14h 51m
English
Content preview from Web Commerce Security Design and DevelopmentBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Confidentiality, Integrity, and Availability
The critical “ility” characteristics of Web commerce computing platforms and networks build upon the fundamental information system security concepts of confidentiality, integrity, and availability (the C-I-A triad).
Confidentiality
Confidentiality refers to the prevention of intentional or unintentional unauthorized disclosure of information involved in Web commerce transactions. This information includes configuration settings, logic, and interfaces. Web commerce platforms must be protected from reconnaissance probes, denial of service (DoS) attacks, viruses, Trojan horses, man-in-the middle exploits, and a variety of other emerging threats.
Encryption is commonly used to preserve confidentiality in encapsulated data and software. The following are examples of the use of encryption in Web commerce transactions:
- Software may need access to a database. A possible scheme for protecting the database user password is to encrypt the password and store it in a protected file. The decryption key should be supplied to the software via a command line or protected file, and the salt (random bits that are used as an input to derive the cryptographic key) should be embedded in the code itself. In this way, the software requires the decryption key, salt, algorithm, and encrypted password to gain access to the database.
- An additional approach to meeting encryption requirements in scalable implementations is to encrypt data on-the-fly and store it ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.