Specifications
E-commerce and Security
P
ART III
328
In this chapter, we will explain how to deal with user data securely from input, through trans-
mission, and in storage. This will allow us to implement a transaction between us and a user
securely from end to end. Topics include
• Providing secure transactions
• Using Secure Sockets Layer (SSL)
• Providing secure storage
• Why are you storing credit card numbers?
• Using encryption in PHP
Providing Secure Transactions
Providing secure transactions using the Internet is a matter of examining the flow of informa-
tion in your system and ensuring that at each point, your information is secure. In the context
of network security, there are no absolutes. No system is ever going to be impenetrable. By
secure we mean that the level of effort required to compromise a system or transmission is
high compared to the value of the information involved.
If we are to direct our security efforts effectively, we need to examine the flow of information
through all parts of our system. The flow of user information in a typical application, written
using PHP and MySQL, is shown in Figure 15.1.
User’s
Browser
Stored
Pages &
Scripts
Web
Server
Data
Files
PHP
Engine
MySQL
Data
MySQL
Engine
Internet
FIGURE 15.1
User information is stored or processed by the following elements of a typical Web application environment.
The details of each transaction occurring in your system will vary, depending both on your sys-
tem design and on the user data and actions that triggered the transaction. You can examine all
of these in a similar way. Each transaction between a Web application and a user begins with
19 7842 CH15 3/6/01 3:40 PM Page 328