Specifications
FIGURE 13.2
Web browsers prompt users for authentication when they attempt to visit a restricted directory on a Web server.
Both the Apache Web server and Microsoft’s IIS enable you to very easily protect all or part of
a site in this way. Using PHP or MySQL, there are many other ways we can achieve the same
effect. Using MySQL is faster than the built-in authentication. Using PHP, we can provide
more flexible authentication or present the request in a more attractive way.
We will see some authentication examples in Chapter 14, “Implementing Authentication with
PHP and MySQL.”
Encryption Basics
An encryption algorithm is a mathematical process to transform information into a seemingly
random string of data.
The data that you start with is often called plain text, although it is not important to the process
what the information represents—whether it is actually text, or some other sort of data.
Similarly, the encrypted information is called ciphertext, but rarely looks anything like text.
Figure 13.3 shows the encryption process as a simple flowchart. The plain text is fed to an
encryption engine, which might have been a mechanical device, such as a World War II
Engima machine, once upon a time, but is now nearly always a computer program. The engine
produces the ciphertext.
E-commerce Security Issues
C
HAPTER 13
13
E-COMMERCE
SECURITY ISSUES
293
Plain
Text
Cipher
Text
Encryption
Algorithm
FIGURE 13.3
Encryption takes plain text and transforms it into seemingly random ciphertext.
17 7842 CH13 3/6/01 3:36 PM Page 293