Transcript Chapter_8 - Sushant`s Technical Articles

Chapter 8
Building the Transaction
Database
Objective:
Database Tables used for Transaction.
Registering Users.
Gracefully Handling Form Errors.
Using the Secure Sockets Layer.
Transaction Database Tables
User Table – Used o store user
Information
Cart Table – Used to store customer
shopping cart.
Order Table – Holds information of all
the products that that have been
ordered in addition to information about
the status of an order.
User Table schema
User_id
User_name
User_pwd
User_email
User_street
User_city
User_zip
User_state
User_cctype
User_ccexpires
User_ccname
Registering Users
Before customer can add items to their
shopping cart, they must first register.
Instead of entering address and
payment information every time a new
item is bought, the customer can enter
this information once.
It enables customers to retain a
shopping cart over many visits to your
Web site.
Gracefully Handling Form Errors
The Error Form displays an error
message and asks the user to return to
the previous page to correct the
mistake.
When the user clicks the return button
all the original data that the user
entered into the HTML form is passed
back to the form.
Bcoz the information is passed back to
the form, there is no need to start filling
out the form again.
Secure Socket layer
During Registration the user enter the
credit card information in the form.
This information is transmitted across
the internet in plain text, which is
dangerous.
The information in internet passes
through various intermediate
connections.
An individual with impure intensions
could teal the information while it is on
its way to destination.
To protect the customer’s credit card
information, you must use the Secure
Socket Layer(SSL).
SSL is a technology originally developed
by Netscape that enables you o transfer
information securely across the internet.
It provides solution to three distinct
security problems:
Encryption
Authentication
Data Integrity
Information that flows between Web
Server & Web Browser is encrypted by
encoding the information with a publicly
known encryption algorithm and a
secret session encryption key.
The number of bits in the session key
determines the strength of the
encryption.
Two standard key sizes are 40 bit & 128
bit key.
40 bit key is hacked but 128 is
considered unbreakable with current
technology.
SSL is also used to authenticate a Web
server.
To enable SSL on your Web server, server
certificate should be installed.
This server certificate prevents other web site
from pretending to be your web site.
Server certificate contains information about
your Web site, your organization & the issuer
of the certificate.
Finally SSL protects the integrity of the data
as it is transmitted across the internet by
including MCA (Message Authentication code)
with the data as it is transmitted.
Enabling SSL on your Web Server
SSL is used with IIS and not PWS.
Enabling SSL is time consuming &
Expensive.
Ex VeriSign charges $349 for 40 bit SSL
key & $895 for 128 bit key.
To enable SSL with IIS Server the
following are the three steps:
Generate a certificate Request File and
an Encryption Key pair file using MS Key
Manager.
Apply for a Server Certificate from a
certificate authority by providing your
Certificate Request File.
Install your server certificate by using
MS Key Manager.
Generating the Certificate Request
File
Use MS Key Manager to create
Certificate Request File also called
Certificate Signing Request (CSR).
To access MS Key manage, Launch
Internet Service manager, select key,
Create New key. This creates wizard
that will guide you through the task of
creating the CRF
Following Information is supplied
to create CRF
Request File
Key name
Password
Key size
Organization
Organizational Unit
Common Name
Country/Region
State/Provision
Locality
Your Name
Email Address
Phone Number
Applying for a Server certificate
The CRF should be sent to a
certificating authority to get your server
certificate.
The three popular authorities are:
VeriSign Inc.
Thawte Counselting
GTE CyberTrust Solutions
To apply for VeriSign server certificate
go to http://www.verisign.com and
choose Secure Server ID.
Provide VerSign with identifying
information about your organization
then submit the you CRF through an
online form.
After your information is verified, an
email is sent to you instructing o
download the new Server certificate.
Installing Server Certificate
Last step is to install server certificate, that is
received from the certifying authority.
To install the server certificate launch the
Internet Service Manager and select MS Key
manager.
Next Choose Key, install Key certificate.
Open the new certificate file file from the
hardware and supply the same password as
used in CRF.
Next specify the IP address and port to use
SSL.
The Server certificate lasts for a period
of time.
The exact expiry date is given in the
right frame of MS Key manager.
Can be renewed before expiry.
Using SSL in ASP Page
After installing your Server Certificate, you
can request any page from he web site
securely.
O request a page using SSL, the address
must begin with protocol https:// rather than
http://.
To force user to use SSL, you can use
Internet Service Manager to configure a
directory to require SSL.
To do this, launch the Internet Service
Manager and open the property sheet
for one of the directories within your
website.
Next click Edit button under Secure
Communications & choose Require
Secure Channel When access this
resource.
SSL should be enabled during
registration in online store.