Manualshelf

Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23
351352353354355356357358359360
We will look at the cURL library, which can be used to simulate connections from a browser,
in Chapter 17, Using Network and Protocol Functions.This is useful to us as developers, but
can also be used maliciously.
Although we cannot change or control the way that our users machines are set up, we do need
to bear it in mind. The variability of user machines might be a factor in how much functional-
ity we provide via server-side scripting (such as PHP) and how much we provide via client-
side scripting (such as JavaScript).
Functionality provided by PHP can be compatible with every users browser, as the end result
is merely an HTML page. Using anything but very basic JavaScript will involve taking into
account the different capabilities of individual browser versions.
From a security perspective, we are better off using server-side scripting for such things as data
validation because, that way, our source code will not be visible to the user. If we validate data
in JavaScript, users will be able to see the code and perhaps circumvent it.
Data that needs to be retained can be stored on our own machines, as files or database records,
or on our users machines as cookies. We will look at using cookies for storing some limited
data (a session key) in Chapter 20, Using Session Control in PHP.
The majority of data we store should reside on the Web server, or in our database. There are a
number of good reasons to store as little information as possible on the users machine. If the
information is outside your system, you have no control over how securely it is stored, you
cannot be sure that the user will not delete it, and you cannot stop the user from modifying it
in an attempt to confuse your system.
The Internet
Like the users machine, you have very little control over the characteristics of the Internet,
but, like the users machine, this does not mean that you can ignore these characteristics when
designing your system.
The Internet has many fine features, but it is an inherently insecure network. When sending
information from one point to another, you need to bear in mind that others could view or alter
the information you are transmitting, as we discussed in Chapter 13. With this in mind, you
can decide what action to take.
Your response might be to
Transmit the information anyway, knowing that it might not be private.
Encrypt or sign the information before transmitting it to keep it private or protect it from
tampering.
E-commerce and Security
P
ART III
330
19 7842 CH15 3/6/01 3:40 PM Page 330