Posted by: Shofiur Rahman

Posted on: June 27, 2012 4:32 pm

-

To authenticate a user includes the following steps:

  • Identifying visitors
  • Implementing access control
  • Authentication

Identifying Visitors

The web is fairly anonymous medium, but it is often useful to know who is visiting your site to focus on right business area. You are able to get little about the visitors due to users privacy. With a little work server can find out quite lot about users computers, networks, browsers, etc.  From visitor’s IP address you are able to know visitor’s geographic location.

Implementing access control

Simple access control is not difficult to implement. A simple PHP script is shown below.

<?php
//create short names for variables

$name = $HTTP_POST_VARS['name'];

$password = $HTTP_POST_VARS['password'];

if(empty($name) || empty($password)){

//Visitor needs to enter a name and passwor.

?>

<strong>Please Log In</strong>

<form method=”post” action=”login.php”>
<label>User Name: </label> <input type=”text” name=”name” />
<label>Password:</label> <input type=”password” name=”password” />
<input type=”submit” value=”Log In” />

</form>

<?php

}

else if($name==’user’&& $password==’pass’){

//login successful

}

else {
//login failed
}

?>

Encrypting passwords

To secure the access control you need to implement encryption algorithm on the user login. The PHP function crypt () provides a one-way cryptographic hash function. The prototype for this function is

String crypt (string str [, string salt])

Basic Authentication in PHP

There are some built-in authentication facilities in to HTTP. Scripts or web servers can request authentication from a web browser. The web browser is then responsible for displaying a dialog box or similar device to get required information from the user.

PHP scripts are generally cross-platform, but using basic authentication relies on environment variables set by the server.  A sample of HTTP basic authentication using PHP is shown below.

<?php
// if we are using IIS, we need to set $PHP_AUTH_USER and $PHP_AUTH_PW

if(substr($SERVER_SOFTWARE, 0, 9) == ‘Microsoft’ && !isset($PHP_AUTH_USER) && !isset($PHP_AUTH_PW) && substr($HTTP_AUTHORIZATION, 0, 6) == ‘Basic’)
{

list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(‘:’, base64_decode(substr($HTTP_AUTHORIZATION, 6)));

}

//Replace this if statement with a database query or similar

if($PHP_AUTH_USER!=’user’ || $PHP_AUTH_PW != ‘pass’)

{

// Visitor has not yet given details, or their
// name and password combination are not correct

header(‘WWW-Authenticate: Basic realm=”Realm-Name”‘);
if(substr($SERVER_SOFTWARE, 0, 9) == ‘Microsoft’)
header(‘Status: 401 Unauthorized’);

else
header(‘HTTP/1.0 401 Unauthorized’);

echo ‘You are not authorized to view this resource.’;

}

else {

// visitor provided correct details.

}

?>

Posted by: Shofiur Rahman

Posted on: June 13, 2012 4:41 pm

-

Disclosure of secret data:

In ecommerce website confidential information provided by a customer, such as his password, contact details and credit card details. To reduce the risk of exposure, you need to limit the methods by which information can be accessed and introduce user authentication with the system.

Passing or demolition of data:

It can be more costly for you to lose data than to have it exposed.  If you spent months build up your site, gather user data and orders, how much would it cost you, in time, reputation, and pounds to lose all that information? If you have no backups of any of your data, you need to rewrite the website in a hurry and start from scratch.  So you need to integrate ‘backup system’ with your ecommerce website.

Mutation of data:

Although the loss of data could be damaging, mutation could be worse. To protect mutation of data you need to look at some points such as file permission, data encryptions and digital signature etc.

Denial of service:

One of the most difficult threats to guard against is denial of service. These attacks are so difficult to guard against is that there are a huge number of ways of carrying them out. Methods include installing a program on a target machine that uses most of the systems processor time, reverse spamming, etc.

Inaccuracy in software:

Errors in software can lead to all sorts of unpredictable behavior including service unavailability, security breaches, financial losses and poor customer service. Common causes of errors that you can look for include poor specifications, faulty assumptions made by developers and inadequate testing.

Repudiation:

The final risk we will consider is repudiation. Repudiation occurs when a party involved in a transaction denies having taken part.

Posted by: SEO Positive

Posted on: January 14, 2009 9:09 pm

-

With the emerging technology of today, the world of the internet has evolved into a new generation in which people get more involved in online websites, and online shopping. The internet has become one huge supermarket. E-commerce websites have become a popular thing on the internet with many retail outlets starting up an e-commerce website to sell their products through, especially with a big credit crunch hitting many parts of the world, an e-commerce store is far cheap to optimise and run than paying out for a retail outlet.

In an ecommerce website design there are important parameters than need to be met some of which are to ensure that you have a clear and professional layout of products and services that are offered to your customers. Another one is to ensure that you have a good navigation system so that your customers are able to find what they need to find with ease.

Having a good looking and well navigated ecommerce website is only half of the hurdle to being successful on the internet, and selling your products to make a comfortable living. The other thing that you need to ensure when starting up an ecommerce website is to ensure that it is seen by those people that are going to buy your services or products off of it, as it is useless if it is not seen by your target market. Now how are you going to ensure that your website is seen by potential clients?

There are two major ways to get your website seen by your target audience. The first, and most popular due to being more cost effective is search engine optimisation (SEO). Search engine optimisation is a form of online marketing that will help your website be promoted in the major search engines that people usually search from, for example Google, Yahoo, MSN. The other way to promote your website to attract more vistors would be by Pay Per Click marketing, this is a much quicker way of getting your site seen, however it is also much more expensive, and usually only a short term solution to market a website while search engine optimisation is underway.

The main key points to remember when deciding that you want to start an ecommerce website would be:

Get the design, layout and navigation on the website right.

Ensure you know how your going to promote your website once it is build.

Once you have these two points worked out, you should have a great ecommerce website in the making.

Authors
Categories
Archives
Blogroll