Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

351

352

353

354

355

356

357

358

359

360

• Decide that your information is too sensitive to risk any chance of interception and find

another way to distribute your information.

The Internet is also a fairly anonymous medium. It is difficult to be certain whether the person

you are dealing with is who they claim to be. Even if you can assure yourself about a user to

your own satisfaction, it might be difficult to prove this beyond a sufficient level of doubt in a

forum such as a court. This causes problems with repudiation, which we discussed in Chapter

13, “E-commerce Security Issues.”

In summary, privacy and repudiation are big issues when conducting transactions over the

Internet.

There are at least two different ways you can secure information flowing to and from your

Web server through the Internet:

• SSL (Secure Sockets Layer)

• S-HTTP (Secure Hypertext Transfer Protocol)

Both these technologies offer private, tamper resistant messages and authentication, but SSL is

readily available and widely used whereas S-HTTP has not really taken off. We will look at

SSL in detail later in this chapter.

Your System

The part of the universe that you do have control over is your system. Your system is repre-

sented by the components within the dotted line as shown previously in Figure 15.1. These

components might be physically separated on a network, or all exist on the one physical

machine.

It is fairly safe to not worry about the security of information while the various third-party

products that we use to deliver our Web content are handling it. The authors of those particular

pieces of software have probably given them more thought than you have time to give them.

As long as you are using an up-to-date version of a well-known product, you will be able to

find any well-known problems by judicious application of your favorite Web search engine.

You should make it a priority to keep up-to-date with this information.

If installation and configuration are part of your role, you do need to worry about the way soft-

ware is installed and configured. Many mistakes made in security are a result of not following

the warnings in the documentation, or involve general system administration issues that are

topics for another book. Buy a good book on administering the operating system you intend to

use, or hire an expert system administrator.

Implementing Secure Transactions with PHP and MySQL

HAPTER 15

MPLEMENTING

ECURE

TRANSACTIONS

331

19 7842 CH15 3/6/01 3:40 PM Page 331