MSS*: Chapter 3 Shopping carts & Payment gateways - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

MSS*: Chapter 3 Shopping carts & Payment gateways

Description:

MSS*: Chapter 3 Shopping carts & Payment gateways * McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley. 2003. – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 20
Provided by: sceUhclE
Category:

less

Transcript and Presenter's Notes

Title: MSS*: Chapter 3 Shopping carts & Payment gateways


1
MSS Chapter 3Shopping carts Payment gateways
McClure, Stuart, Saumil Shah, and Shreeraj
Shah. Web Hacking attacks and defense. Addison
Wesley. 2003.
2
Evolution of Shopping
  • Farmers market ? Store shopping ?
    Supermarket ? Catalog shopping
  • ? On-line shopping combines the experience of
    both in-store shopping and catalog shopping
  • Web-based applications offer more interactivity
    and multimedia presentation than a printed
    catalog.
  • Web-based applications typically provide
    searching capabilities, which are not available
    in the traditional in-store shopping or catalog
    shopping.
  • Web-based applications can be tailored to
    different shopping styles. ? no-pressure
    shopping experience
  • Q Are there any drawbacks or specific
    requirements?

3
Evolution of Shopping
  • What are the factors that may drive potential
    customers away from web-based shopping?
  • Is concern over security real?
  • Ease of use
  • Anything else?

4
Traditional retail business
5
computerized retail business
6
E-commerce model
7
E-commerce model
  • Characteristics
  • A web portal represents the companys web
    identity.
  • The portal serves as an entry into the electronic
    store.
  • A web site hosting multiple applications that
    interact with an array of servers (other web
    sites, financial processing, transaction
    processing, back-end databases, etc.)
  • Q What makes an e-commerce different from a
    computerized retail business?

8
E-commerce model
  • An exercise The e-commerce model diagram is not
    really an ER diagram. Modify/refine the model
    and turn it into a real ER or EER diagram.
  • Hint Add relationships
  • Part of your project preliminary design

9
E-commerce model
  • The need for peer-to-peer communications
  • An extranet is an inter-network linking different
    companies internal network.
  • What are the requirements of an inter-company
    web-based application?
  • Trust!
  • Authentication
  • Non-repudiation
  • Anything else?
  • ? Web-services

10
Web Services
  • Multi-party Web services

11
E-shopping cart systems
  • Uses of an e-shopping cart
  • Temporarily stores what the customer has picked
  • Provides a summary of the items (prices, SH
    cost, etc.) in the cart when needed (per the
    customers request or at the time of checkout)
  • The customer may replace items in the cart until
    the transaction is finalized.

12
E-shopping cart systems
  • The e-shopping cart application forms the heart
    of the e-shopping application.
  • It binds the customer, the product catalog, the
    inventory system, and the payment system
    together.

13
E-shopping cart systems
  • Implementation requirements
  • Accuracy It correctly records what the customer
    has picked and changed.
  • Flexibility It allows the customer to freely
    replace items in the cart.
  • Integration with the product catalog, the
    inventory system, and the payment gateway.
  • Integrity No tampering of the carts content,
    whether by malicious 3rd party or programming
    errors (e.g., across two different carts)

14
E-shopping cart systems
  • Components
  • Session management
  • Product catalog application
  • Payment gateway
  • Back-end databases (e.g., product inventory,
    customer information)

15
E-shopping cart systems
  • Sample problems with insecure shopping carts
  • Remote command execution over HTTP
  • Unprotected sensitive information retrievable via
    HTTP
  • Improper or no input sanitization ? results in
    remote command execution
  • Modified hidden HTML form fields

16
Payment processing system
  • The checkout process
  • Finalize the order
  • Choose method of payment
  • Verify of the chosen payment method
  • Log all transactions
  • Fulfill the order
  • Generate a receipt

17
Payment processing system
  • The payment gateway interface Figure next page
  • Interacts with the order information page, the
    back-end databases, and the payment gateway
  • Provided by the institution that hosts the
    payment gateway (e.g., Verisign or PayPal)
  • Integrated into the e-shopping application and
    invoked by the electronic storefront app.
  • SSL encrypted interface with the payment gateway
    (Q how about i/f with other components?)

18
Payment processing system
19
Payment processing system
  • Payment system implementation issues
  • Never trust sensitive data passed from the
    client side. Why?
  • Do not store temporary info within the Web
    servers document folder. Why?
  • Temporary info should be destroyed after its use.
  • Use SSL to encrypt communication links. Why?
  • Carefully protect user profiles!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "MSS*: Chapter 3 Shopping carts & Payment gateways" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!