E-Commerce Security B2B

1.1.
Introduction
Ecommerce (e-commerce) or electronic commerce, a subset of E-business, is
the purchasing, selling, and exchanging of goods and services over computer
networks (such as the Internet) through which transactions or terms of sale
are performed electronically. Contrary to popular belief, ecommerce is not
just on the Web. In fact, ecommerce was alive and well in business to
business transactions before the Web back in the 70s via EDI (Electronic
Data Interchange) through VANs (Value-Added Networks). Ecommerce can
be broken into four main categories: B2B, B2C, C2B, and C2C.[1]
 B2B (Business-to-Business): Companies doing business with each other

such as manufacturers selling to distributors and wholesalers selling to
retailers. Pricing is based on quantity of order and is often negotiable. [1]
 B2C (Business-to-Consumer): Businesses selling to the general public

typically through catalogs utilizing shopping cart software. By dollar
volume, B2B takes the prize, however B2C is really what the average Joe
has in mind with regards to ecommerce as a whole. [1]
 C2B (Consumer-to-Business): A consumer posts his project with a set

budget online and within hours companies review the consumer's
requirements and bid on the project. The consumer reviews the bids and
selects the company that will complete the project. Elance empowers
consumers around the world by providing the meeting ground and platform
for such transactions. [1]
 C2C (Consumer-to-Consumer): There are many sites offering free

classifieds, auctions, and forums where individuals can buy and sell thanks
to online payment systems like PayPal where people can send and receive
money online with ease. eBay's auction service is a great example of where
person-to-person transactions take place every day since 1995. [1]
Companies using internal networks to offer their employees products and
services online--not necessarily online on the Web--are engaging in B2E
(Business-to-Employee) ecommerce. [1]
 G2G (Government-to-Government):, G2E (Government-to-Employee),

G2B (Government-to-Business), B2G (Business-to-Government), G2C
(Government-to-Citizen), C2G (Citizen-to-Government) are other forms of
ecommerce that involve transactions with the government--from
1
procurement to filing taxes to business registrations to renewing licenses.
There are other categories of ecommerce out there, but they tend to be
superfluous. [1]
1.2. Security of E-commerce

Security is a great concern in this kind of systems, even more than in the
case of consumer to company e-business because of the fear of losing trade
secrets, the sheer number of transactions, and the importance of those
transactions. [2]
The architecture discussed previously shows three places where security

could be compromised:
1.2.1. The Website Security
The security in the own sites is quite difficult to solve completely. The
reason is that the security model behind most commercial platforms is based
on ACLs (Access Control Lists) and this model is basically flawed. A better
idea would be to use a capabilities-based operating system in which software
running on top of it is constrained to do what it says it does, based on the
principle of the minimum privileges needed to do an intended operation. [2]
Some operating systems as Amoeba or Mungi are capability-based but they
are not very extended in the commercial world. [2]
The lack of systems like that one means that we need a very competent
system administrator that takes care of seeking and applying the latest
security patches to avoid buffer overflows and DoS (Denial of Service)
attacks [Neu00] and that makes sure that the system is doing all what is
supposed to do, but no more than this. [2]
1.2.2. Security in the Network
Our system cannot be called secure if the link between two of the sites in the
system can be compromised. We can imagine an eavesdropper getting into
the network and watching the flow of information as it travels over the
Internet, or evechanging that information with disastrous consequences.
Our proposal to address this concern is to use an implementation of the SSL
v3 (Secure Sockets Layer) like the one provided by the Open SSL project
(http://www.openssl.org). [2]
2
With SSL we can establish a secure communication between a client and a
server using public key cryptography. SSL stands between the TCP layer
and the applications layer allowing software systems to make it near
impossible for an outsider to get information from the transactions.[2]
1.2.3. Client Identification and CA’s
We can imagine a more disastrous situation that the one described in the
previous point. Whatif a stranger pretends to be a legitimate partner making
transactions on its behalf?. We need a method to assure that one node asking
us to do some transaction is really what it pretends to be. [2]
We will not reinvent the wheel here, we will relay in one or more nodes in
our system that will act as CAs (Certification Authority). These network of
machines will have a copy of the keys of every node in the system so when
some client node wants to begin a transaction, it will give the AC a copy of
it's public key so the AC can verify if he is what he says, then it sends the
result to the server node and lets it act accordingly. [2]
1.3. Problem Statement
How can appropriate security features, attributes, safeguards, and

countermeasures be “designed in” to an e-commerce system, implemented
and tested
1. 4. Key Research Questions

 What are the most effective security threats in e-commerce B2B
application?
 What are the contrameasure of security?
 How can we implement secure B2B application?
3
1.5. Aims and Objectives
The aim of project is to design and implement and test secure B2B
application.
To investigate security issues on B2B application, to design secure B2B

application, to implement secure B2B application and to test secure B2B
application.
1.6. Scope and Constraints

Scope of the project is limited to B2B application, mainly focused on
electronic issues.
4
2.1. Introduction
Electronic commerce is a revolution in business practices. If organizations

are going to take advantage of new Internet technologies, then they must
take a strategic perspective. That is, care must be taken to make a close link
between corporate strategy and electronic commerce strategy. [3]
Electronic commerce, in a broad sense, is the use of computer networks to
improve organizational performance. Increasing profitability, gaining market
share, improving customer service, and delivering products faster are some
of the organizational performance gains possible with electronic commerce.
Electronic commerce is more than ordering goods from an on-line catalog. It
involves all aspects of an organization's electronic interactions with its
stakeholders, the people who determine the future of the organization. Thus,
electronic commerce includes activities such as establishing a Web page to
support investor relations or communicating electronically with college
students who are potential employees. In brief, electronic commerce
involves the use of information technology to enhance communications and
transactions with all of an organization's stakeholders. Such stakeholders
include customers, suppliers, government regulators, financial institutions,
mangers, employees, and the public at large. [3]
2.2. B2B E-Commerce
The leading items in B2B EC are computing electronics, utilities, shipping

and warehousing, motor vehicles, petrochemicals, paper and office products,
food and agriculture. B2B EC is the electronic support of business
transactions between companies and covers a broad spectrum of applications
that enable an enterprise or business to form electronic relationships with
their distributors, resellers, suppliers, and other partners B2B EC does not
just comprise the transaction via the Internet, but also the exchange of
information before and the service after a transaction. From the purchasing
company’s point of view, B2B EC is a medium for facilitating procurement
management by reducing the purchase price and the cycle time According to
Schneider and Schnetkamp, Business-to-Business EC is expected to grow
explosively in the next years and to continue to be the major share of the
electronic commerce market. [4]
The development of B2B EC took place in three, partly overlapping, stages.
Stage one was the Electronic data interchange (EDI), which realized the
5
standardized, bilateral exchange of business information (e.g. orders and
requests for products) electronically. [4]
A necessary condition for realizing the exchange of data were expensive,
proprietary networks, called Value Added Networks (VAN). As a
consequence, just large companies were able to use this method. EDI made
faster processes possible and lowered the error rates due to former manual
processing. EDI has been used since the 1970s The problem of the highly
expensive Value Added Networks was solved through the worldwide
acceptance of the Internet. The Internet made Internet catalogues, which
were the second stage of the B2B EC’s development, possible. Companies
were able to present information on their products via the Internet. [4]
Prospective buyers had permanent access to actual data. Providing
information this way is a lot more cost-effective than using paper, telephone
and fax. Especially by using Internet catalogues, it was possible to handle
small and standardized transactions more efficiently. [4]
Supporting business transactions with Internet catalogues was given special
emphasis until 1999 the third and present stage of B2B EC (since 1999) are
electronic markets (e-markets). E-markets are “virtual rooms” in which
different participants are able to interact via the Internet. Several buyers,
sellers and service-providers have access to the e-markets. E-markets do not
just provide information like the Internet catalogues, but also support the
negotiation, the transaction and the services afterwards. [4]
2.3. Internet and B2B-marketing
The internet has changed communication radically in industrial marketing.

As the internet has become an important source of information among third-
party location information (e.g. convention and visitors bureau resources),
and personal and colleagues’ experiences, it has also become an important
channel for communicating with customers and developing relationships
because of the possibility of two-way interaction on the internet.[5]
Typically, internet marketing devices like e-marketing platforms are less
expensive compared to other marketing platforms and via web channels it is
often possible to reach customers that would be out of reach of physical
distribution channels. Due to this Sheth and Sharma (2005).[5]
state that reducing costs and enhancing reach are primary advantages of e-
marketing. However, B2B companies spend more on their online marketing
budgets than B2C companies. The reason for this is a less specialized
approach of B2B companies when planning e-marketing activities in
6
comparison with B2C companies. Hence more holistic online marketing
planning and prioritization methods are needed. (Bach Jensen 2006). [5]
E-marketing has changed the focus of marketing from a “supplier
perspective” to a “customer perspective” since through the web, companies
can better address the individual needs of their customers and build
customers‟ loyalty. Due to customer data collection possibilities companies
can also segment customers to financially and strategically viable groups,
which allows better targeting. The value of customer input to products, i.e.
co-creation in the web environment, is also emphasized. Moreover,
companies allowing co-creation have an advantage when compared to firms
that do not. (Sheth and Sharma 2005.).[5]
E-marketing has brought many advantages for companies but still there
remain obstacles to its effective use. Samiee (2008) highlights that while the
use of the internet no longer offers a competitive advantage, not having any
presence on the internet whatsoever increasingly leads to a competitive
disadvantage. Typical challenges that B2B companies using e-marketing
face are security issues and business conducting norms.[5]
As confidentiality of personal communications is extremely important in
business marketing the potential loss of proprietary data over the internet
remains a critical issue. Also conducting business via personal face-to-face
communication is the norm in the B2B environment. These issues may slow
down the deployment of the internet in B2B activities.[5]
2.4. The Role of B2B E-commerce Solution
With the recent business and technological developments occurring at such a

rapid pace, our understanding of the nature of B2B e-commerce and
electronic markets is likely to evolve from a number of different
perspectives. Among them we .re consider the new kinds of business models
that have been developed, and the manner in which the participating .firms
view these innovations. Some of the leading questions of our time are as
follows: What will be the successful business models for B2B e-commerce?
What are the most successful strategies for B2B e-markets and the .firms
that adopt them? How can industry operating B2B e-marketplaces be
leveraged in supply chain management? What theoretical perspectives will
help us to understand what is going on?[6]
 Ray Hackney: A number of business models have been described

within the e-commerce marketing literature, but there have been a few new
ones that are specific to B2B e-commerce. The first is what we may call the
7
virtual marketplace, a place for products used in a single enterprise. The next
business model, the virtual alliance, is slightly more complex. By sharing
business resources, this model permits the participating firms to operate
around a common system interface, which enables cross-referencing of key
data related to electronic procurement. Finally, the virtual community
business model expands upon the virtual alliance, by permitting multilateral
data sharing and participation.[6]
 Eric Clemons: B2B e-commerce has been in existence for a long
time – since the first implementation of inter organizational systems such as
electronic data interchange systems. In prior research in IOS, the move-to-
the-middle theory tells us that for many products, there is a need for
coordination (Clemons et al. 1993). This theory also helps us understand
various issues in today’s B2B e-commerce research. For example, for a pure
commodity product with a nearly infinite number of buyers and sellers, an
exchange is fine. But, for a product with a limited number of buyers, limited
number of sellers and highly variable demand, you would almost certainly
want explicit coordination. [6]
In this context, it is crucial to understand the role of B2B e-commerce in
terms of channel coordination, which coordinates the production schedule of
suppliers with the production schedule of one’s own factory. Some B2B
exchanges emphasize the need for liquidity. But liquidity alone cannot
ensure success in the arena of B2B ecommerce because inter.rm
coordination lies at the heart of inter organizational interactions. One of the
reasons that many B2B exchanges fail in today’s markets is that they do not
offer enough support for channel coordination between the buyers and
suppliers participating in B2B e-marketplaces.[6]
 Peter Weill: Shared infrastructure models and intermediaries are

examples of B2B exchanges where potentially high levels of value can be
created (Weill and Vitale 2001). One of the big issues with the shared
infrastructure model is how you manage information, what information
fields or information elements are shared across the competitors, and what
information fields are private (Weill and Broadbent 1998). One of the
reasons these shared infrastructure models are taking so long to implement is
because .firms are still in the midst of trying to understand how to manage
information. A related issue is that sharing infrastructures tends to reduce or
remove one of the strategic dimensions that companies can leverage.[6]
 Kevin Lynch: Another important aspect of the business models of

B2B e-commerce involves inter.rm collaboration Langley (2000). There are
8
two types of collaboration in B2B e-commerce. The fi.rst type is vertical
collaboration, in which fi.rms are effectively collaborating backwards and
forwards through the supply chain with either or both of their suppliers or
customers. Typically the return on investment (ROI) from vertical
collaboration has results from rapid communication. This involves better
information flow across the supply chain and less latency in communicating
changes through the supply chain. Vertical collaboration via B2B solutions
enables manufacturers to obtain demand information faster and with greater
accuracy.[6]
The second type of collaboration is horizontal collaboration where
companies are neither the suppliers nor the customers of each other; instead,
they are mainly competitors, but they are working on some basic problem in
the economy. In logistics, a good example of the problem that fi.rms are
sharing in the industry is asset repositioning. Asset repositioning causes a
hidden cost in the economy that no one party controls directly, but all parties
involved bear the cost. In the case of truck delivery, the time and distance
that a truck driver has to take to get to the next pick-up from the last delivery
destination is an asset repositioning cost. So, through horizontal
collaboration, we create the possibility for bringing together both the
demand and the supply, including the carriers and the shippers. This way, we
can optimize schedules and squeeze more inefficiency out of the process.
The key thing is to reveal this hidden cost – the asset repositioning cost –
and then use a network approach to attack that cost, to measure and reduce
it, and to share the savings across the network.[6]
2.5. Security Issues of B2B E-commerce
The rapid development of Internet has promoted electronic commerce

explosion. However, at the same time, the internet businesses have brought
large security issues such as mutual trust, intellectual property, and possible
attacks to the network. And with the development of electronic commerce,
these issues have obtained more and more attentions. [7]
Security threats may result from the following attacks: [8]

 From unauthorized reading of electronic messages, which may contain
Sensible personal or commercial data.
 From unauthorized modifications of data on its way to recipients.
 From erasing data or making information inaccessible for authorized
people.
9
 from simulating a trustworthy identity to communication partners with
intent to obtain by fraud private and confidential information.
2.5.1 Threats and Countermeasures
E-commerce B2B threats and countermeasures may include the following:

 Dynamic Code: Implementing the Common Gateway Interface (CGI)
allows input form the user to be sent to an external program or script,
processed there and the result given back to the user (see “The Open Web
Application Security Project, A Guide to Building Secure Web Applications
and Web Services” [OWASP-Guide]). CGI is one example for processing
dynamic information supplied by a user or a data store and giving the
dynamic output back. This kind of processing is now common practice for
web applications. CGI’s lack of session management and authorization
controls retarded the development of commercially useful web applications.
To avoid buffer overflows or resource leaks, one of the most common
security issues, web developers moved to interpreted scripting languages
first, and then to Sun’s J2EE web development platform or Microsoft’s
ASP.NET framework, depending on the used platform. [8]
 Mobile Code: Mobile code, respectively active contents, is
downloaded from a server to a client machine and processed there. It is a
threat on the client side whereas CGI scripts are processed on the server side
and enables attackers to damage a server. [8]
 Server Side Includes: Dynamic HTML pages may be created
invarious ways, e.g. by server side includes. A client does not send
executable code but commands identified by keywords like exec or include
to a server side. The server executes the commands and creates a modified
HTML page. Countermeasures against Misuse of Dynamically Created Web
Sites To bind the risks of dynamically created web sites and to prevent
common web attacks, such as replay, request forging, and man in the middle
attacks, it is recommendable to add authentication and session control to
client – server communication. [8]
 Cross Site Scripting: All dynamically created web sites are

vulnerable to malicious code attacks caused by non-proper validated user
input. All clients accessing such a manipulated site are affected by cross site
scripting because the malicious code is automatically executed if the
according script language, e.g. JavaScript, is activated. A malicious attacker
may use this to present new forms, fooling users to enter sensitive data.
10
Unwanted advertising could be added to the site. Cookies can be read with
JavaScript on most browsers and thus most session ids, leading to hijacked
accounts. As a countermeasure all characters that have special meaning to
HTML has to be converted into HTML entities on server side. Only user
input known as safe should be accepted, e.g. requesting a document only a
valid file name should be accepted. [8]
 Caching Logging of user access data: may compromise user’s
privacy. Accessing a HTML site a user sends a lot of private and context
information to a web server side. An example is the result of a search
request. The search engine responds with a complete list of strikes.
Combining this information with the user’s IP address may enable providers
to create a personal profile. Insufficient protection of cached user data may
enable attackers to misuse foreign IP addresses. As a countermeasure clients
may use proxy servers to mask critical header data. [8]
 Auditing: Many industries are required by legal regulations to be
auditable and traceable. That means to record all activities that affect user
state or balances and to make it possible to determine when and where an
activity took place. Well-written applications should be able to easily track
or identify potential fraud or anomalies of protected audit and error logs. [8]
 Cookies: To enhance the stateless HTML protocol, servers are
enabled to store cookies on a user’s side. Cookies do not contain executable
code but information about users, domains, and session identifiers. They are
critical to both privacy and security. Setting cookies enables a server to
collect data about users and to create a personal profile. Especially setting
unnoticed cookies that are stored beyond session duration enables providers
to send undesired advertisement or to sell personal data to other commercial
dealers. Cookies enable attackers to infiltrate active contents that can be
misused, leading to hijacked accounts, processing of malicious code, session
replay attacks (see below), or unauthorized access to protected memory. As a
countermeasure non-persistent cookies should be used. When a session is
closed by logging off a user or idle expiring, it should be ensured that the
client side cookies are cleared as well as all server side session state
information, e.g. in order to prevent session replay attacks. [8]
 Session Replay Attacks: Session replay attacks are simple if the
attacker is in a position to record a session. The attacker will record the
session between the client and the server and replay the client's part
afterwards to successfully attack the server. This type of attack only works if
the authentication mechanism does not use random values to prevent this
attack. [8]
11
 Exploitation of Trust: Computers interconnected with networks often
have trust relationships with one another. If attackers can forge their identity,
appearing to be using the trusted computer, they may be able to gain
unauthorized access to other computers. [8]
 Web Spoofing: Caused by the absence of authentication an attacker
may masquerade a web server address and use it to present a manipulated
web site to potential victims. Often masquerade of URLs is done by minimal
changes of location identifiers. After spoofing the server address attackers
are able to manipulate the web browsers status indication too, e.g. to
simulate a SSL connection adding a faked icon to status band. [8]
 Phishing: These attacks are known as Phishing (password fishing).
Delivery via web site, email or instant message, the attack asks users to click
on a link to re-validate or reactivate their account. Attackers leverage the
trust of well-known enterprises or public services to gain valuable
information; usually details of accounts, or enough information to open
accounts, obtain loans, or buy goods through e-commerce sites. Phishing
attacks are one of the highest visibility problems for banking and ecommerce
sites. Banks, Internet service providers (ISPs), stores and other Phishing
targets are victimized as well as their (potential) customers.
To minimize the risk of Phishing providers should create a policy detailing
exactly what they will do and will not do, and they should publish it on their
web site. Because users are the primary attack target for Phishing attacks,
providers should train their users to be wary of Phishing attempts. To ease
validation of URLs a server should use hostnames and no IP addresses.
Attackers will often ask users to provide their credit card number, password
or PIN. Providers should tell their users that they will not ask them for
secrets and to notify them if someone has done this. Providers should add
authentication both to email clients and to client – server communication to
make email communication safer. [8]
 Packet Sniffer: A packet sniffer is a program that captures critical
data from information packets as they are transferred over the network. That
data may include user names, passwords, and other secret information being
transferred in clear text. Those captured data enable intruders to launch
widespread attacks on networks and systems.
To be protected against sniffer programs data should be transferred
encrypted. [8]
 Denial of Service: The goal of DoS attacks is not to gain
unauthorized access to systems and data but to prevent legitimate users of
services, e.g. customers of an Internet shop, for using them. DoS attacks may
12
appear in various forms. Attackers may flood a network with large volumes
of data or intentionally consume a lean or limited resource. They may
disrupt physical components of a network or manipulate transferred data.
Often so called bot networks are used to perform DoS attacks.
Countermeasures against DoS attacks depend on the form of the discovered
attack. As an example attacks are performed by flooding a target with SYN
(short for synchronization) requests using a forged IP address and without
completing the initial request. In this case the potential for DoS attacks can
be reduced by performing egress filtering on all outbound traffic looking for
forged source addresses. In general only authenticated and authorized users
should be allowed to take up significant CPU, disk space, and network
resources. [8]
 Bot Networks Bots (short for robots) are programs that are covertly
installed on a user’s computer in order to allow an unauthorized user to
control the computer remotely. Bots are designed to let an attacker create a
network of compromised computers known as a bot network, which can be
remotely controlled to collectively conduct malicious activities. [8]
 Malicious Code malicious code is a general term for programs that,
when executed, would cause undesired results on a system. The presence of
malicious code usually is overlooked until the damage is discovered.
Malicious code includes Trojan horses, viruses, and worms. [8]
 Other Damage Software: Also spyware that is intended to collect

secret data such as usernames, passwords, banking information, and credit
card details, and adware that is intended to collect personal data for profiling
and undesired advertising, often are overlooked until the damage is
discovered. [8]
Countermeasures against Malicious Code and other Damage Software:
To be protected against malicious code and other damage software it is
recommendable for organizations and their staff members as well as private
users to install firewalls, antivirus, and anti-spy software and to keep them
up-to-date.[8]
 SQL Injection: SQL injection refers to the insertion of SQL meta-
characters in user input, such that the attacker's queries are executed by the
back-end database. Typically, attackers will first determine if a site is
vulnerable to such an attack by sending in the single-quote (') character. The
results from an SQL injection attack on a vulnerable site may range from a
detailed error message, which discloses the back-end technology being used,
or allowing the attacker to access restricted areas of the site because he
13
manipulated the query to an always-true Boolean value, or it may even allow
the execution of operating system commands. SQL injection techniques
differ depending on the type of database being used. In its default
configuration, MS SQL server runs with Local System privileges and has the
'xp_cmdshell' extended procedure, which allows execution of operating
system commands. [9]
 Price Manipulation: This is a vulnerability that is almost
completely unique to online shopping carts and payment gateways. In the
most common occurrence of this vulnerability, the total payable price of the
purchased goods is stored in a hidden HTML field of a dynamically
generated web page. An attacker can use a web application proxy such as
Achilles to simply modify the amount that is payable, when this information
flows from the user's browser to the web server. Shown below is a snapshot
of just such a vulnerability that was discovered in one of the penetration
testing assignments of mine. [9]
 Buffer overflows: Buffer overflow vulnerabilities are not very
common in shopping cart or other web applications using Perl, PHP, ASP,
etc. However, sending in a large number of bytes to web applications that are
not geared to deal withthem can have unexpected consequences. In My one
of the penetration testing assignment, it was possible to disclose the path of
the PHP functions being used by sending in a very large value in the input
fields. [9]
 Remote command execution: The most devastating web
application vulnerabilities occur when the CGI
script allows an attacker to execute operating system commands due to
inadequate input validation. This is most common with the use of the
'system' call in Perl and PHP scripts. [9]
 Weak Authentication andAuthorization: Authentication
mechanisms that do not prohibit multiple failed logins can be
attacked using tools such as Brutus. Similarly, if the web site uses HTTP
Basic Authentication or does not pass session IDs over SSL (Secure Sockets
Layer), an attacker can sniff the traffic to discover user's authentication
and/or authorization credentials. [9]
14
Countermeasures include:
 Developer side
• Use proper input validation

• Proper sanitizing of input values
• Update web server with security patches.
• Keep your support lists private-it may leak the information about reported
vulnerability to outside user.
• Use secured programming techniques.
 User Side
• Use strong password

• Don’t click on suspected links.
• Install anti phishing toolbar to web browser
• Update machine with internet security software's. [9]
15
3.1. Methodology
The method is a one of the most and commonly used method in the
computer science field. Construct can be new theory, algorithm, model,
software, or a framework. And this is the methodology that addressed to be
used in this research.
The aim of constructive research is to solve practical problems while

producing an academically appreciated theoretical contribution. The
solutions, that is, constructs, can be processes, practices, tools or
organization charts. The research process involves the following:
(1) Selecting a practically relevant problem.
(2) Obtaining a comprehensive understanding of the study area.
(3) Designing one or more applicable solutions to the problem.
(4) Demonstrating the solution’s feasibility.
(5) Linking the results back to the theory and demonstrating their practical
contribution.
(6) Examining the general is ability of the results. The purpose of this
chapter is to introduce readers to the principles of the constructive research
approach.
3.2. Software Development Processes

A software development processes, also known as software development
lifecycle, is a structure imposed on the development of software product.
Similar terms include software lifecycle and software process. There are
several models for such processes, each describing approaches to a variety
of tasks or activities that take place during the process. Some people
consider a lifecycle model a more general term and a software development
process a more specific term. For example, there are many specific software
development processes that fit the spiral lifecycle model.
16
3.3. Software Development Activities
 Planning.
 Implementation, testing and documenting.
 Deployment and maintenance.
3.4. Iterative Processes

Software development process is most commonly built around iterative and
incremental approach. This model is used at this research as well and project
work is spilt in to iteration. Every iteration includes such phrases as
requirement, analysis, design, implementation and testing. The product is
incrementally enhanced with additional functionality in every iteraton.
Fig 3.1
17
4.1. Introduction
Design is the process of collecting ideas, and aesthetically arranging and
implementing them, guided by certain principles for a specific purpose. [10]
Web design is a similar process of creation, with the intention of presenting
the content on electronic web pages, which the end-user can access through
the Internet with the help of a web browser. [10]
Web is contain functional and non-functional requirements.
4.1.1. The Functional Requirements of the B2B Software as follow:

1- Browsing.
2- Login.
3- Selecting.
4- Carting.
5- Stock control.
6- Purchasing.
7- User management.
8- Processing payment transactions.
4.1.2. The Non-functional Requirements are:

1- Reliability.
2- Availability.
3- Security.
4- Accessibility.
5- Integrity.
6- Respond.
7- High usability or user friendly design.
4.2. Design of the Project
In this phase each components of the software will be defined as functional

component associated with its security issues to apply the suitable
countermeasure in the implementation phase.
4.2.1. Database Design
In this section, the basic structure of the tables composing the database for
the project are shown along with information about primary and foreign
keys.
18
4.2.1.1. ER Diagram:
 Website Database
19
 Virtual Bank
Current_amount
address
Issuing_date Customer_id
Exp_date
vc_id
VARTUAL CARD ACCOUNT

VALID
ATE
v_card_activation phone email
date
Report
Fetch
Ip_adder
R_id Customer_id
4.2.1.2. Database Schema:
This sub-section covers the database schemas for both website and virtual
bank.
 Website Database
abc_addresses:
(address_id int(11), customer_id int(11), company varchar(32), firstname

varchar(32), lastname varchar(32), address_1 varchar(128) , address_2
varchar(128), postcode varchar(10), city varchar(128), country_id int(11),
zone_id int(11)
20
abc_ant_messages
(Id varchar(60), Priority int(11), start_date (timestamp), end_date (timestamp),

viewed_date (timestamp), viewed int (11), title varchar(255), description(text),
html (longtext), url (text), language_code varchar(2), date_modified
(timestamp))
abc_banner_descriptio
(banner_id int(11), language_id int(11), name varchar(255), description

(longtext), meta (text), date_added (timestamp), date_modified (timestamp)).
abc_banner_stat
(row_id int(11), banner_id int(11), type int(11), time (timestamp), store_id

int(11), user_info (text)).
abc_banners
(banner_id int(11), status int(1), banner_type int(11), banner_group_name

varchar(255), start_date (timestamp), end_date (timestamp), blank tinyint(1),
target_url (text), sort_order int(11), date_added (timestamp), date_modified
(timestamp)).
abc_block_descriptions
(block_description_id int(10), custom_block_id int(10), language_id int(10), block_wrappe

block_framed tinyint(1), name varchar(255), title varchar(255), description varchar(2
(longtext), date_added (timestamp), date_modified (timestamp))
abc_block_layouts
(instance_id int(10), layout_id int(10), block_id int(10), custom_block_id int(10),
parent_instance_id int(10), position smallint(5), status smallint(1), date_added (timestamp),
date_modified (timestamp))
abc_block
21
(block_id int(10), parent_block_id int(10), template varchar(255), date_added
(timestamp),
abc_blocks
(block_id int(10), block_txt_id varchar(255), controller varchar(255), date_added

(timestamp),
abc_categories
(category_id int(11), parent_id int(11), sort_order int(3), Status int(1), date_added

(timestamp),
abc_categories_to_stores
(category_id int(11), store_id int(11))
abc_category_descriptions
(category_id int(11), language_id int(11), Name varchar(255), meta_keywords

varchar(255), meta_description varchar(255), Description (text)).
abc_content_descriptions
(content_id int(10), language_id int(11), name varchar(255), title varchar(255),

description varchar(255), content (longtext), date_added (timestamp),
date_modified (timestamp)).
abc_contents
(content_id int(11), parent_content_id int(11), sort_order int(3), status int(1))
abc_contents_to_stores
(content_id int(11), store_id int(11))
22
abc_countries
(country_id int(11), iso_code_2 varchar(2), iso_code_3 varchar(3), address_format

(text), status int(1), sort_order int(3))
abc_country_descriptions
(country_id int(11), language_id int(11), name varchar(128))
abc_coupon_descriptions
(coupon_id int(11), language_id int(11), name varchar(128), description (text))
abc_coupons
(coupon_id int(11), code varchar(10), type char(1), discount decimal(15,4), logged

int(1), shipping int(1), total decimal(15,4), date_start (Date), date_end (Date),
uses_total int(11), uses_customer varchar(11), status int(1), date_added
(timestamp), date_modified (timestamp))
abc_coupons_products
(coupon_product_id int(11), coupon_id int(11), product_id int(11))
abc_currencies
(currency_id int(11), title varchar(32), code varchar(3), symbol_left varchar(12),

symbol_right varchar(12), decimal_place char(1), value decimal(15,8), status
int(1), date_modified (timestamp))
abc_custom_blocks
(custom_block_id int(10), block_id int(10), date_added (timestamp),

abc_custom_lists
(Row-id int(11), custom_block_id int(10), data_type varchar(70), id int(10),

sort_order int(10), date_added (timestamp), date_modified (timestamp)).
abc_customer_groups
23
(customer_group_id int(11), name varchar(32), tax_exempt tinyint(1))
abc_customer_notifications
(customer_id int(11), sendpoint varchar(255), protocol varchar(30), status int(1),

date_added (timestamp), date_modified (timestamp))
abc_customer_transactions
(customer_transaction_id int(11), customer_id int(11), order_id int(11),

created_by int(11), section smallint(1), credit (float), debit (float),
transaction_type varchar(255), comment (text), description (text), date_added
(timestamp), date_modified (timestamp) )
abc_customers
(customer_id int(11), store_id int(11), firstname varchar(32), lastname

varchar(32), loginname varchar(96), email varchar(96), telephone varchar(32),
fax varchar(32), sms varchar(32), salt varchar(8), password varchar(40), cart
(longtext), wishlist (longtext), newsletter int(1), address_id int(11), status int(1),
approved int(1), customer_group_id int(11), ip varchar(50), data (text),
date_added (timestamp), date_modified (timestamp), last_login (timestamp) )
abc_dataset_column_properties
(row_id int(11), dataset_column_id int(11), dataset_column_property_name

varchar(255), dataset_column_property_value varchar(255) )
abc_dataset_definition
(dataset_id int(11), dataset_column_id int(11), dataset_column_name varchar(255),

dataset_column_type varchar(100), dataset_column_sort_order int(11) )
abc_dataset_properties
(row_id int(11), dataset_id int(11), dataset_property_name varchar(255),

dataset_property_value varchar(255) )
abc_dataset_values
(dataset_column_id int(11), value_integer int(11), value_float (float),
24
value_varchar varchar(255), value_text (text), value_timestamp (timestamp),
value_boolean tinyint(1), value_sort_order int(11), row_id int(10) )
abc_datasets
(dataset_id int(11), dataset_name varchar(255), dataset_key varchar(255))
abc_download_attribute_values
(download_attribute_id int(11), attribute_id int(11), download_id int(11),

attribute_value_ids (text))
abc_download_descriptions
(download_id int(11), language_id int(11), name varchar(64))
abc_downloads
(download_id int(11), filename varchar(128), mask varchar(128),

max_downloads int(11), expire_days int(11), sort_order int(11), activate
varchar(64), activate_order_status_id int(11), shared int(1), status int(1),
abc_encryption_keys
(key_id int(3), key_name varchar(32), status int(1), comment (text))
abc_extension_dependencies
(extension_id int(11), extension_parent_id int(11))
abc_extensions
(extension_id int(11), type varchar(32), key varchar(32), category varchar(32),

status smallint(1), priority smallint(1), version varchar(32), license_key
varchar(32), date_installed (timestamp), date_added (timestamp), date_modified
(timestamp))
abc_field_descriptions
(field_id int(11), name varchar(255), description varchar(255), language_id
25
int(11), error_text varchar(255))
abc_field_values
(value_id int(11), field_id int(11), value (text), language_id int(11))
abc_fields
(field_id int(11), form_id int(11), field_name varchar(40), element_type char(1),

sort_order int(3), attributes varchar(255), settings (text), required char(1), status
smallint(1), regexp_pattern varchar(255))
abc_fields_group_descriptions
(group_id int(11), name varchar(255), description varchar(255), language_id

int(11))
abc_fields_groups
(field_id int(11), group_id int(11), sort_order int(3))
abc_form_descriptions
(form_id int(11), language_id int(11), description varchar(255))
abc_form_groups
(group_id int(11), group_name varchar(40), form_id int(11), sort_order int(3),

status smallint(1))
abc_forms
(form_id int(11), form_name varchar(40), controller varchar(100), success_page

varchar(100), status smallint(1))
abc_global_attributes
(attribute_id int(11), attribute_parent_id int(11), attribute_group_id int(11),

attribute_type_id int(11), element_type char(1), sort_order int(3), required
smallint(1), settings (text), status smallint(1), regexp_pattern varchar(255))
26
abc_global_attributes_description
(attribute_id int(11), language_id int(11), Name varchar(64), placeholder

varchar(255), error_text varchar(255))
abc_global_attributes_groups
(attribute_group_id int(11), sort_order int(3), status smallint(1))
abc_global_attributes_groups_descriptions
(attribute_group_id int(11), language_id int(11), name varchar(64))
abc_global_attributes_type_descriptions
(attribute_type_id int(11), language_id int(11), type_name varchar(64),

abc_global_attributes_types
(attribute_type_id int(11), type_key varchar(64), controller varchar(100),

sort_order int(3), status smallint(1))
abc_global_attributes_value_descriptions
(attribute_value_id int(11), attribute_id int(11), language_id int(11), Value (text))
abc_global_attributes_values
(attribute_value_id int(11), attribute_id int(11), sort_order int(3))
abc_language_definitions
(language_definition_id int(11), language_id int(11), Section tinyint(1), Block

varchar(160), language_key varchar(170), language_value (text), date_added
abc_languages
(language_id int(11), Name varchar(32), Code varchar(5), Locale varchar(255),

Image varchar(255), Directory varchar(32), Filename varchar(64), sort_order
27
int(3), Status int(1))
abc_layouts
(layout_id int(10), template_id varchar(100), layout_name varchar(255),

layout_type smallint(1), date_added (timestamp), date_modified (timestamp))
abc_length_class_descriptions
(length_class_id int(11), language_id int(11), Title varchar(32), Unit varchar(4))
abc_length_classes
(length_class_id int(11), Value decimal(15,8))
abc_locations
(location_id int(11), Name varchar(32), description varchar(255), date_added

abc_manufacturers
(manufacturer_id int(11), Name varchar(64), sort_order int(3))
abc_manufacturers_to_stores
(manufacturer_id int(11), store_id int(11))
abc_messages
(msg_id int(11), Title varchar(128), Message (text), Status char(1), Viewed

int(11), Repeated int(11), date_added (timestamp), date_modified (timestamp))
abc_online_customers
(customer_id int(11), IP varchar(50), url (text), Referrer (text) , date_added

(timestamp))
abc_order_data
(order_id int(11), type_id int(11), data (text), date_added (timestamp),
28
abc_order_data_types
(type_id int(11), language_id int(11), Name varchar(64), date_added

abc_order_downloads
(order_download_id int(11), order_id int(11), order_product_id int(11), Name

varchar(64), filename varchar(128), Mask varchar(128), download_id int(11),
Status int(1), remaining_count int(11), percentage int(11), expire_date
(Datetime), sort_order int(11), Activate varchar(64), activate_order_status_id
int(11), attributes_data (Longtext), date_added (Timestamp), date_modified
(Timestamp))
abc_order_downloads_history
(order_download_history_id int(11), order_download_id int(11), order_id int(11),

order_product_id int(11), Filename varchar(128), Mask varchar(128),
download_id int(11), download_percent int(11), Time (timestamp))
abc_order_history
(order_history_id int(11), order_id int(11), order_status_id int(5), Notify int(1),

comment (text), date_added (timestamp), date_modified (timestamp))
abc_order_options
(order_option_id int(11), order_id int(11), order_product_id int(11),

product_option_value_id int(11), name varchar(255), sku varchar(64), value
(Text), price decimal(15,4), prefix char(1), settings (Longtext))
abc_order_products
(order_product_id int(11), order_id int(11), product_id int(11), name

varchar(255), model varchar(24), Sku varchar(64), price decimal(15,4), total
decimal(15,4), Tax decimal(15,4), quantity int(4), subtract int(1))
abc_order_status_ids
29
(order_status_id int(11), status_text_id varchar(64))
abc_order_statuses
(order_status_id int(11), language_id int(11), name varchar(32))
abc_order_totals
(order_total_id int(10), order_id int(11), Title varchar(255), Text varchar(255),

Value decimal(15,4), sort_order int(3), Type varchar(255), Key varchar(128))
abc_orders
(order_id int(11), invoice_id int(11), invoice_prefix varchar(10), store_id int(11),

store_name varchar(64), store_url varchar(255), customer_id int(11),
customer_group_id int(11), firstname varchar(32), lastname varchar(32),
telephone varchar(32 fax varchar(32), email varchar(96), shipping_firstname
varchar(32), shipping_lastname varchar(32), shipping_company varchar(32),
shipping_address_1 varchar(128), shipping_address_2 varchar(128),
shipping_city varchar(128), shipping_postcode varchar(10), shipping_zone
varchar(128), shipping_zone_id int(11), shipping_country varchar(128),
shipping_country_id int(11), shipping_address_format (Text), shipping_method
varchar(128), shipping_method_key varchar(128), payment_firstname
varchar(32), payment_lastname varchar(32), payment_company varchar(32),
payment_address_1 varchar(128), payment_address_2 varchar(128),
payment_city varchar(128), payment_postcode varchar(10), payment_zone
varchar(128), payment_zone_id int(11), payment_country varchar(128),
payment_country_id int(11), payment_address_format (Text), payment_method
varchar(128), payment_method_key varchar(128), comment (Text), total
decimal(15,4), order_status_id int(11), language_id int(11), currency_id int(11),
currency varchar(3), value decimal(15,8), coupon_id int(11), date_added
(Timestamp), date_modified (Timestamp), IP varchar(50), payment_method_data
(Text))
abc_page_descriptions
(page_id int(10), language_id int(11), name varchar(255), title varchar(255),

seo_url varchar(100), keywords varchar(255), description varchar(255), content
(text), date_added (timestamp), date_modified (timestamp))
30
abc_pages
(page_id int(10), parent_page_id int(10), controller varchar(100), key_param

varchar(40), key_value varchar(40), date_added (timestamp), date_modified
(timestamp))
abc_pages_forms
(page_id int(10), form_id int(10))
abc_pages_layouts
(layout_id int(10), page_id int(10))
abc_product_descriptions
(product_id int(11), language_id int(11), Name varchar(255), meta_keywords

varchar(255), meta_description varchar(255), Description (longtext), Blurb
(text))
abc_product_discounts
(product_discount_id int(11), product_id int(11), customer_group_id int(11),

Quantity int(4), Priority int(5), Price decimal(15,4), date_start (date), date_end
(date), date_added (timestamp), date_modified (timestamp))
abc_product_filter_descriptions
(filter_id int(11), value varchar(255), language_id int(11))
abc_product_filter_ranges
(range_id int(11), feature_id int(11), filter_id int(11), from decimal(12,2), To

decimal(12,2), sort_order int(3))
abc_product_filter_ranges_descriptions
(range_id int(11), name varchar(255), language_id int(11))
abc_product_filters
(filter_id int(11), filter_type char(1), categories_hash (text), feature_id int(11),

31
sort_order int(3), Status smallint(1))
abc_product_option_descriptions
(product_option_id int(11), language_id int(11), product_id int(11), Name

varchar(255), option_placeholder varchar(255), error_text varchar(255))
abc_product_option_value_descriptions
(product_option_value_id int(11), language_id int(11), product_id int(11),

Name (Text), grouped_attribute_names (Text))
abc_product_option_values
(product_option_value_id int(11), product_option_id int(11), product_id int(11),

group_id int(11), sku varchar(255), quantity int(4), subtract int(1), price
decimal(15,4), prefix char(1), weight decimal(15,8), weight_type varchar(3),
attribute_value_id int(11), grouped_attribute_data (Text), sort_order int(3),
default smallint(6))
abc_product_options
(product_option_id int(11), attribute_id int(11), product_id int(11), group_id

int(11), sort_order int(3), status int(1), element_type char(1), required
smallint(1), regexp_pattern varchar(255), settings (text))
abc_product_specials
(product_special_id int(11), product_id int(11), customer_group_id int(11),

Priority int(5), Price decimal(15,4), date_start (date), date_end (date),
abc_product_tags
(product_id int(11), Tag varchar(32), language_id int(11))
abc_products
(product_id int(11), Model varchar(64), Sku varchar(64), location varchar(128),

quantity int(4), stock_status_id int(11), manufacturer_id int(11), shipping int(1),
ship_individually int(1), free_shipping int(1), shipping_price decimal(15,4),
32
Price decimal(15,4), tax_class_id int(11), date_available (date), Weight
decimal(5,2), weight_class_id int(11), Length decimal(5,2), Width Width
decimal(5,2), Height decimal(5,2), length_class_id int(11), Status int(1), Viewed
int(5), sort_order int(11), subtract int(1), minimum int(11), maximum int(11),
Cost decimal(15,4), call_to_order smallint(6), settings (longtext), date_added
abc_products_featured
(product_id int(11))
abc_products_related
(product_id int(11), related_id int(11))
abc_products_to_categories
(product_id int(11), category_id int(11))
abc_products_to_downloads
(product_id int(11), download_id int(11))
abc_products_to_stores
(product_id int(11), store_id int(11))
abc_resource_descriptions
(resource_id int(10), language_id int(11), name varchar(255), title varchar(255),

description (text), resource_path varchar(255), resource_code (text), date_added
abc_resource_library
(resource_id int(11), type_id int(11), date_added (timestamp), date_modified

(timestamp))
abc_resource_map
(resource_id int(11), object_name varchar(40), object_id int(11), default
33
tinyint(1), sort_order int(3), date_added (timestamp), date_modified (timestamp))
abc_resource_types
(type_id int(11), type_name varchar(40), default_directory varchar(255),

default_icon varchar(255), file_types varchar(40), access_type tinyint(1))
abc_reviews
(review_id int(11), product_id int(11), customer_id int(11), author varchar(64),

text (longtext), rating int(1), status int(1), date_added (timestamp),
abc_settings
(setting_id int(11), store_id int(11), group varchar(32), Key varchar(64), value

(text), date_added (timestamp), date_modified (timestamp))
abc_stock_statuses
(stock_status_id int(11), language_id int(11), name varchar(32))
abc_store_descriptions
(store_id int(11), language_id int(11), description (longtext), title (longtext),

meta_description (longtext), meta_keywords (longtext))
abc_stores
(store_id int(11), name varchar(64), alias varchar(15), status int(1))
abc_task_details
(task_id int(11), created_by varchar(255), settings (longtext), date_added

abc_task_steps
(step_id int(11), task_id int(11), sort_order int(11), status int(11), last_time_run

(timestamp), last_result int(11), max_execution_time int(11), controller
(longtext), date_added (timestamp), date_modified (timestamp))
34
abc_tasks
(task_id int(11), name varchar(255), starter int(11), status int(11), start_time

(datetime), last_time_run (timestamp), progress int(11), last_result int(11),
run_interval int(11), max_execution_time int(11), date_added (timestamp),
abc_tax_class_descriptions
(tax_class_id int(11), language_id int(11), title varchar(128), description

varchar(255))
abc_tax_classes
(tax_class_id int(11), date_added (timestamp), date_modified (timestamp))
abc_tax_rate_descriptions
(tax_rate_id int(11), language_id int(11), description varchar(255))
abc_tax_rates
(tax_rate_id int(11), location_id int(11), zone_id int(11), tax_class_id int(11),

priority int(5), rate decimal(15,4), rate_prefix char(1), threshold_condition
char(2), threshold decimal(15,4), tax_exempt_groups (text), date_added
abc_url_aliases
(url_alias_id int(11), Query varchar(255), Keyword varchar(255), language_id

int(11))
abc_user_groups
(user_group_id int(11), Name varchar(64), permission (longtext), date_added

abc_user_notifications
(user_id int(11), store_id int(11), Section tinyint(1), sendpoint varchar(255),

Protocol varchar(30), Uri (text), date_added (timestamp), date_modified
35
(timestamp))
abc_users
(user_id int(11), user_group_id int(11), username varchar(20), Salt varchar(8),

password varchar(40), firstname varchar(32), Lastname varchar(32), Email
varchar(96), Status int(1), IP varchar(50), last_login (datetime), date_added
abc_weight_class_descriptions
(weight_class_id int(11), language_id int(11), Title varchar(32), Unit varchar(4))
abc_weight_classes
(weight_class_id int(11), Value decimal(15,8))
abc_zone_descriptions
(zone_id int(11), language_id int(11), Name varchar(128))
abc_zones
(zone_id int(11), country_id int(11), Code varchar(32), Status int(1), sort_order

int(3))
abc_zones_to_locations
(zone_to_location_id int(11), country_id int(11), zone_id int(11), location_id

int(11), date_added (timestamp), date_modified (timestamp))
2.1.2.2. Virtual Bank Database
Account(vcc_id int(12),customer_ID int(4),Current_amount

int(12),customer_addr varchar(20),phone int(20),E_mail
varchar(25))
Vcard(vc_id int(12),Issuing_date Date,Exp_date

Date,V_card_activation int(1))
Report(r_id int(11),customer_id int(12),date,ip_adder varchar(15))
36
4.2.1.3. Data Dictionary
This sub-section cover the data dictionary for both website and virtual bank
4. 2.1.3.1. Website Database
abc_addresses
Column Type Null Default Comments
address_id int(11) No Primary
customer_id int(11) No Foreign
company varchar(32) No Company
firstname varchar(32) No First Name
lastname varchar(32) No Last name
address_1 varchar(128) No Delivery address
address_2 varchar(128) No Alternative Delivery address
postcode varchar(10) No Post code
city varchar(128) No City
country_id int(11) No 0 Country ID
zone_id int(11) No 0 Zone ID
Indexes
Uniqu Packe Cardinalit Collatio Nul Comme

Keyname Type Column
e d y n l nt
BTRE
PRIMARY Yes No address_id 0 A No Primary
E
customer_i
A No
ac_addresses_i BTRE d Address
No No
dx E country_id A No IDs
zone_id A No
abc_ant_messages
Id varchar(60) No Primary
Priority int(11) No 0 Priority
start_date timestamp No 0000-00-00 00:00:00 Start Date
37
end_date timestamp Yes NULL End Date
viewed_date timestamp Yes NULL Viewed Date
viewed int(11) No 0 Viewed
title varchar(255) Yes NULL Title
description Text Yes NULL Description
html Longtext Yes NULL Static Pages
Uniform Resource
url Text Yes NULL
Locator
Language code(country
language_code varchar(2) No En
code)
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
Uniqu Packe Cardinalit Collatio Nul Commen

Keyname Type Column
e d y n l t
id A No
BTRE
PRIMARY Yes No language_cod Primary
E 0 A No
e
daterange_id BTRE start_date A No Date
No No
x E end_date A Yes Limits
abc_banner_description
banner_id int(11) No Primary
language_id int(11) No Foreign
name varchar(255) No Translatable
description Longtext No Translatable
meta Text Yes NULL Translatable
date_added timestamp No 0000-00-00 00:00:00 Date added
date_modified timestamp No CURRENT_TIMESTAMP Date of modification
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE Yes No banner_id A No Primary
38
Keyname Type Column
e d y n l t
Y E language_i
10 A No
d
abc_banner_status
rowid int(11) No Primary
banner_id int(11) No Foreign
type int(11) No Type of Banner
time timestamp No CURRENT_TIMESTAMP Time
store_id int(11) No Foreign
user_info text Yes NULL User Information
Indexes

Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No rowid 40 A No Primary
E
banner_i
A No
d Banner
ac_banner_stat_i BTRE type A No status
No No
dx E
time A No IDs
store_id A No
abc_banners
banner_id int(11) No Primary
Current Status of
status int(1) No 0
Page Content
banner_type int(11) No 1 Banner Type
Banner Group
banner_group_name varchar(255) No
Name
start_date timestamp Yes NULL Initial Date
end_date timestamp Yes NULL Finishing Date
39
blank tinyint(1) No 0 Empty
target_url Text Yes NULL Desired address
sort_order int(11) No Sorting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
Keyname Type Unique Packed Column Cardinality Collation Null Comment

PRIMARY BTREE Yes No banner_id 10 A No Primary
abc_block_descriptions
block_description_id int(10) No Primary
custom_block_id int(10) No Foreign
block_wrapper varchar(255) No 0 Block Wrapper
block_framed tinyint(1) Yes 1 Block Framed
title varchar(255) No Translatable
description varchar(255) No Translatable
content longtext No Content
Date of
Modification
Indexes
Uniqu Packe Cardinali Collatio Nul Comme

Keyname Type Column
e d ty n l nt
block_description
A No
PRIMAR BTRE _id
Yes No Primary
Y E custom_block_id A No
language_id 11 A No
40
abc_block_layouts
instance_id int(10) No Primary
layout_id int(10) No 0 Foreign
block_id int(10) No 0 Foreign
custom_block_id int(10) No 0 Foreign
parent_instance_id int(10) No 0 Foreign
position smallint(5) No 0 Position
Current Status of Page
status smallint(1) No 0
Content
Indexes
Uniq Pack Cardinal Collati Nu Comme

Keyname Type Column
ue ed ity on ll nt
BTRE
PRIMARY Yes No instance_id 199 A No Primary
E
instance_id A No
layout_id A No
block_id A No
ac_block_layouts BTRE
Yes No parent_instanc Foreign
_idx E A No
e_id
custom_block_
199 A No
id
abc_block
block_id int(10) No Primary
parent_block_id int(10) No 0 Foreign
template varchar(255) No Template
41
Indexes

Keyname Type Column
e d y n l t
block_id A No
PRIMAR BTRE
Yes No parent_block_i Primary
Y E 84 A No
d
abc_blocks
block_id int(10) No Primary
block_txt_id varchar(255) No Foreign
controller varchar(255) No Controller of Blocks
Indexes

PRIMARY BTREE Yes No block_id 31 A No Primary
abc_categories
category_id int(11) No Primary
parent_id int(11) No 0 Foreign
sort_order int(3) No 0 Sorting
Status int(1) No 1
Content
Indexes

Keyname Type Column
e d y n l nt
PRIMARY BTRE Yes No category_i 4 A No Primary
42
Keyname Type Column
e d y n l nt
E d
category_i
A No
ac_categories_i BTRE d
No No Foreign
dx E parent_id A No
status A No
abc_categories_to_stores
Indexes

Keyname Type Column
e d y n l t
category_i
PRIMAR BTRE A No
Yes No d Primary
Y E
store_id 4 A No
abc_category_descriptions
Name varchar(255) No Translatable
meta_keywords varchar(255) No Translatable
meta_description varchar(255) No Translatable
Description Text No Translatable
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE category_id A No
Yes No Primary
Y E language_i 4 A No
43
Keyname Type Column
e d y n l t
d
BTRE Name of
name No No name A No
E Category
abc_content_descriptions
content_id int(10) No 0 Primary
content Longtext No Translatable
Indexes

Keyname Type Column
e d y n l t
content_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 8 A No
d
abc_contents
content_id int(11) No Primary
parent_content_id int(11) No 0 Foreign
status int(1) No 0 Current Status of Page Content
Indexes

Keyname Type Column
e d y n l t
44
Keyname Type Column
e d y n l t
content_id A No
PRIMAR BTRE
Yes No parent_content_ Primary
Y E 4 A No
id
abc_contents_to_stores
content_id int(11) No Primary
Indexes

content_id A No
PRIMARY BTREE Yes No Primary
store_id 0 A No
abc_countries
country_id int(11) No Primary
iso_code_2 varchar(2) No ISO Supported Char-set Standard 2
iso_code_3 varchar(3) No ISO Supported Char-set Standard 3
address_format Text No Standard American Address Format
status int(1) No 1 Current Status of Page Content
Indexes

Keyname Type Column
e d y n l t
BTRE country_i
PRIMARY Yes No 240 A No Primary
E d
iso_code_
240 A No
ac_countries_id BTRE 2
No No Foreign
x E iso_code_
240 A No
3
45
Keyname Type Column
e d y n l t
status 240 A No
abc_country_descriptions
country_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l t
country_id A No
PRIMAR BTRE
Y E 240 A No
d
abc_coupon_descriptions
coupon_id int(11) No Primary
description Text No Translatable
Indexes

Keyname Type Column
e d y n l t
coupon_id A No
PRIMAR BTRE
Y E 3 A No
d
abc_coupons
46
coupon_id int(11) No Primary
code varchar(10) No Coupons Key Code
type char(1) No Type
discount decimal(15,4) No Amount of Discount
Number that correspond
logged int(1) No
to Specific Log File
shipping int(1) No Shipping Number
total decimal(15,4) No Total of Money
date_start Date No 0000-00-00 Date of Start
date_end Date No 0000-00-00 Date of End
uses_total int(11) No Uses Total
uses_customer varchar(11) No Uses Customer
status int(1) No
Content
Indexes

PRIMARY BTREE Yes No coupon_id 3 A No Primary
abc_coupons_products
coupon_product_id int(11) No Primary
coupon_id int(11) No Foreign
product_id int(11) No Foreign
Indexes
Uniq Pack Cardinal Collati Nu Comm

Keyname Type Column
ue ed ity on ll ent
BTR coupon_produ
EE ct_id
ac_coupons_produc BTR coupon_id A No
No No Foreign
ts_idx EE product_id A No
47
abc_currencies
currency_id int(11) No Primary
title varchar(32) No Title
code varchar(3) No Currencies Key Code
symbol_left varchar(12) No Symbol Left
symbol_right varchar(12) No Symbol Right
decimal_place char(1) No Decimal Place
value decimal(15,8) No Value of currencies
status int(1) No
Content
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE currency_i
Yes No 3 A No Primary
Y E d
abc_custom_blocks
custom_block_id int(10) No Primary
block_id int(10) No Foreign
Indexes

Keyname Type Column
e d y n l t
custom_block_i
PRIMAR BTRE A No
Yes No d Primary
Y E
block_id 11 A No
48
abc_custom_lists
Row-id int(11) No Primary
custom_block_id int(10) No Foreign
data_type varchar(70) No Data Type
Id int(10) No ID
Indexes
Uniq Pack Cardina Collati Nu Comm

Keyname Type Column
ue ed lity on ll ent
BTR
EE
ac_custom_block_id_l BTR custom_bloc
No No A No Foreign
ist_idx EE k_id
abc_customer_groups
customer_group_id int(11) No Primary
name varchar(32) No Customer Name
tax_exempt tinyint(1) No 0 Tax
Indexes

Keyname Type Column
e d y n l nt
PRIMAR BTRE customer_group_
Y E id
abc_customer_notifications
customer_id int(11) No Primary
49
sendpoint varchar(255) No Send Point
protocol varchar(30) No Transmission Protocol
status int(1) No 0
Content
Indexes

Keyname Type Column
e d y n l t
customer_i
A No
PRIMAR BTRE d
Yes No Primary
Y E sendpoint A No
Protocol 0 A No
abc_customer_transactions
customer_transaction_id int(11) No Primary
customer_id int(11) No 0 Foreign
order_id int(11) No 0 Foreign
user_id for
admin,
created_by int(11) No customer_id for
storefront
section
1 - admin, 0 –
section smallint(1) No 0
customer
Credit Card
credit float Yes 0
Balance
Debit Card
debit float Yes 0
Balance
text type of
transaction_type varchar(255) No
transaction
comment for
comment text Yes NULL
internal use
text for
description text Yes NULL
customer
50
Date of
date_added timestamp No 0000-00-00 00:00:00
Addition
Date of
Modification
Indexes
Uniq Pack Cardina Collat Nu Comm

Keyname Type Column
ue ed lity ion ll ent
BTR customer_transac Primar
PRIMARY Yes No 0 A No
EE tion_id y
ac_customer_transact BTR customer_id A No Foreig
No No
ions_idx EE order_id A No n
abc_customers
store_id int(11) No 0 Foreign
firstname varchar(32) No First Name
lastname varchar(32) No Last Name
loginname varchar(96) No Login Name
email varchar(96) No E-mail
telephone varchar(32) No Telephone Number
Fax varchar(32) No Fax Number
Sms varchar(32) No Short Message
Main Text For Hash
Salt varchar(8) No
Encryption
password varchar(40) No Customer Password
cart longtext Yes NULL Type of Cart
wishlist longtext Yes NULL Desired List
Newsletter int(1) No 0 Public Review
address_id int(11) No 0 Foreign
Current Status of
Status int(1) No
Page Content
Approved Customer
Approved int(1) No 0
Account
customer_group_id int(11) No Foreign
51
Remote Customer IP
Ip varchar(50) No 0
Address
data Text Yes NULL Customer Data
last_login timestamp Yes 0000-00-00 00:00:00 Date of last login
Indexes

Keyname Type Column
Primar
PRIMARY BTREE Yes No customer_id 0 A No
y
Custom
customers_loginn er
BTREE Yes No Loginname 0 A No
ame Login
Name
store_id A No
address_id A No
ac_customers_idx BTREE No No Foreign
customer_gro
A No
up_id
ac_customers_na FULLTE Firstname No
No No Foreign
me_idx XT Lastname No
abc_dataset_column_properties
Rowid int(11) No Primary
dataset_column_id int(11) No Foreign
Name of Column
dataset_column_property_name varchar(255) No
Property
Value of Column
dataset_column_property_value varchar(255) Yes NULL
Property
Indexes

Keyname Type Column
PRIMARY BTR Yes No Rowid 0 A No Primar
52
Keyname Type Column
EE y
dataset_column_proper BTR dataset_colu
No No A No Foreign
ties_idx EE mn_id
abc_dataset_definition
dataset_id int(11) No Primary
dataset_column_id int(11) No Foreign
dataset_column_name varchar(255) No Column Name
dataset_column_type varchar(100) No Column Type
dataset_column_sort_order int(11) No 0 Column Sorting
Indexes

Keyname Type Column
ue ed ity on ll nt
BTRE dataset_colum
E n_id
dataset_definition BTRE
No No dataset_id A No Foreign
_idx E
abc_dataset_properties
Rowid int(11) No Primary
dataset_id int(11) No Foreign
dataset_property_name varchar(255) No Property Name
dataset_property_value varchar(255) Yes NULL Property Value
Indexes

Keyname Type Column
e d y n l nt
BTRE
E
53
Keyname Type Column
e d y n l nt
dataset_property_i BTRE dataset_i
No No A No Foreign
dx E d
abc_dataset_values
dataset_column_id int(11) No Primary
value_integer int(11) Yes NULL Integer
value_float Float Yes NULL Float
value_varchar varchar(255) Yes NULL Varchar
value_text Text Yes NULL Text
value_timestamp timestamp No CURRENT_TIMESTAMP Timestamp
value_boolean tinyint(1) Yes NULL Boolean
value_sort_order int(11) No Sorting Value
row_id int(10) No 0 Foreign
Indexes

Keyname Type Column
e d ty n l nt
BTRE value_sort_or
E der
value_integer A Yes
value_float A Yes
dataset_values_ BTRE
No No value_varchar A Yes Foreign
idx E
value_boolean A Yes
row_id A No
abc_datasets
dataset_id int(11) No Primary
dataset_name varchar(255) No Dataset Name
dataset_key varchar(255) Yes Key of Dataset
54
Indexes

PRIMARY BTREE Yes No dataset_id 6 A No Primary
abc_download_attribute_values
download_attribute_id int(11) No Primary
attribute_id int(11) No Foreign
download_id int(11) No Foreign
attribute_value_ids text Yes NULL Foreign
Indexes
Uniq Pack Cardin Collat Nu Comm

Keyname Type Column
ue ed ality ion ll ent
BTR download_attri Primar
EE bute_id y
ac_download_attribute_ BTR attribute_id A No Foreig
No No
values_idx EE download_id A No n
abc_download_descriptions
download_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l t
download_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 0 A No
55
abc_downloads
download_id int(11) No Primary
filename varchar(128) No Name of File
mask varchar(128) No Mask
Maximum
max_downloads int(11) Yes NULL
Downloads
expire_days int(11) Yes NULL Expire Day
activate varchar(64) No Activation
activate_order_status_id int(11) No 0 Foreign
Shared
shared int(1) No 0
Downloads
Current Status
status int(1) No 0
of Page Content
Date of
date_added timestamp No 0000-00-00 00:00:00
Addition
Date of
Modification
Indexes

Keyname Type Column
ue ed ity on ll nt
BTR
PRIMARY Yes No download_id 0 A No Primary
EE
activate_order_stat
ac_downloads BTR A No
No No us_id Foreign
_idx EE
Shared A No
abc_encryption_keys
key_id int(3) No Primary
key_name varchar(32) No Key Name
status int(1) No Current Status of Page Content
comment text No Comment
56
Indexes
Uniq Packe Cardinali Collati Nu Comme

Keyname Type Column
ue d ty on ll nt
BTRE
PRIMARY Yes No key_id 0 A No Primary
E
encryption_keys_key_ BTRE key_na Key
Yes No 0 A No
name E me Name
abc_extension_dependencies
extension_id int(11) No Primary
extension_parent_id int(11) No Foreign
Indexes

Keyname Type Column
e d y n l nt
extension_id A No
PRIMAR BTRE
Yes No extension_parent Primary
Y E 0 A No
_id
abc_extensions
extension_id int(11) No Primary
type varchar(32) No Type of Extensions
key varchar(32) No Extension Key
category varchar(32) No Extension Category
status smallint(1) No
Content
priority smallint(1) No 0 Extension Priority
version varchar(32) Yes NULL Extension Version
license_key varchar(32) Yes NULL License Key
date_installed Timestamp No 0000-00-00 00:00:00 Date of Installation
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
57
Indexes

Keyname Type Column
e d y n l t
BTRE extension_i
E d
extension_ke BTRE
Yes No key 51 A No Foreign
y E
abc_field_descriptions
field_id int(11) No 0 Primary
error_text varchar(255) No Translatable
Indexes

Keyname Type Column
e d y n l t
field_id A No
PRIMAR BTRE
Y E 4 A No
d
abc_field_values
value_id int(11) No Primary
field_id int(11) No 0 Foreign
value text No Translatable
Indexes

PRIMARY BTREE Yes No value_id 0 A No Primary
58
abc_fields
field_id int(11) No Primary
form_id int(11) No 0 Foreign
field_name varchar(40) No Name of Field
element_type char(1) No I Type of Element
attributes varchar(255) No Attributes
settings Text No Setting of Field
required char(1) No N Required of Fields
status smallint(1) No 0 Current Status of Page Content
regexp_pattern varchar(255) No Registration Parameter Pattern
Indexes

PRIMARY BTREE Yes No field_id 4 A No Primary
field_id A No
field_id BTREE No No form_id A No Foreign
status A No
abc_fields_group_descriptions
group_id int(11) No 0 Primary
Indexes

Keyname Type Column
e d y n l t
group_id A No
PRIMAR BTRE
Y E 0 A No
d
59
abc_fields_groups
field_id int(11) No Primary
group_id int(11) No Foreign
Indexes

PRIMARY BTREE Yes No field_id 0 A No Primary
field_id A No
field_id BTREE No No Foreign
group_id A No
abc_form_descriptions
form_id int(11) No 0 Primary
Indexes

Keyname Type Column
e d y n l t
form_id A No
PRIMAR BTRE
Y E 1 A No
d
abc_form_groups
group_id int(11) No Primary
group_name varchar(40) No Name of Group
form_id int(11) No 0 Foreign
60
Indexes

PRIMARY BTREE Yes No group_id 0 A No Primary
group_id A No
group_id BTREE No No Foreign
form_id A No
abc_forms
form_id int(11) No Primary
form_name varchar(40) No Name of Form
controller varchar(100) No Controller of Forms
success_page varchar(100) No Static Page of Success
Indexes

Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No form_id 1 A No Primary
E
form_nam BTRE form_nam Name of
Yes No 1 A No
e E e Form
abc_global_attributes
attribute_id int(11) No Primary
attribute_parent_id int(11) No 0 Foreign
attribute_group_id int(11) Yes NULL Foreign
attribute_type_id int(11) No Foreign
element_type char(1) No I Element Type
required smallint(1) No 0 Required Global Attributes
settings Text No Settings of Global Attributes
61
regexp_pattern varchar(255) Yes NULL Registration Parameter Pattern
Indexes

Keyname Type Column
ue ed ity on ll nt
BTR
PRIMARY Yes No attribute_id 6 A No Primary
EE
attribute_paren
A No
t_id
ac_global_attribute BTR attribute_grou Ye
No No A Foreign
s_idx EE p_id s
attribute_type_
A No
id
abc_global_attributes_descriptions
attribute_id int(11) No Primary
placeholder varchar(255) Yes Translatable
Indexes

Keyname Type Column
e d y n l t
attribute_id A No
PRIMAR BTRE
Y E 6 A No
d
abc_global_attributes_groups
attribute_group_id int(11) No Primary
62
Indexes

Keyname Type Column
e d y n l nt
PRIMAR BTRE attribute_group_
Y E id
abc_global_attributes_groups_descriptions
attribute_group_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l nt
attribute_group_
PRIMAR BTRE A No
Yes No id Primary
Y E
language_id 0 A No
abc_global_attributes_type_descriptions
Table comments: utf8_general_ci

attribute_type_id int(11) No Primary
type_name varchar(64) No Translatable
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE attribute_type_i
Yes No A No Primary
Y E d
63
Keyname Type Column
e d y n l t
language_id 2 A No
abc_global_attributes_types
attribute_type_id int(11) No Primary
type_key varchar(64) No Key
controller varchar(100) No Controller of Global Attributes Type
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE attribute_type_i
Y E d
abc_global_attributes_value_descriptions
attribute_value_id int(11) No Primary
Value Text No Translatable
Indexes

Keyname Type Column
e d y n l t
attribute_value_
A No
PRIMAR BTRE id
Yes No Primary
Y E attribute_id A No
language_id 31 A No
64
abc_global_attributes_values
attribute_value_id int(11) No Primary
Indexes

Keyname Type Column
BTR attribute_val Primar
EE ue_id y
ac_global_attributes_va BTR
No No attribute_id A No Foreign
lues_idx EE
abc_language_definitions
language_definition_id int(11) No Primary
Section tinyint(1) No 0 0-SF, 1-ADMIN
Block varchar(160) No Block
language_key varchar(170) No Key of Language
language_value Text No Translatable
Date of
Modification
Indexes

Keyname Type Column
language_definit
A No
ion_id
PRIMARY BTREE Yes No language_id A No Primar
y
Section A No
Block A No
65
Keyname Type Column
language_key 4459 A No
ac_lang_definiti FULLTE
No No language_value No Foreign
on_idx XT
abc_languages
language_id int(11) No Primary
Name varchar(32) No Name
Code varchar(5) No Language Code
Locale varchar(255) No Location
Image varchar(255) No Image
Directory Where Language configuration
Directory varchar(32) No
Exist
Filename varchar(64) No File name
Status int(1) No Current Status of page Content
Indexes

Keyname Type Column
e d y n l nt
BTRE language_i
E d
language_i
ac_languages_i BTRE A No
Yes No d Foreign
dx E
Code 1 A No
BTRE
Name No No Name A No Name
E
abc_layouts
layout_id int(10) No Primary
template_id varchar(100) No Foreign
layout_name varchar(255) No Name of Layout
66
layout_type smallint(1) No 0 Type of Layout
Indexes

PRIMARY BTREE Yes No layout_id 9 A No Primary
abc_length_class_descriptions
length_class_id int(11) No Primary
Title varchar(32) No Translatable
Unit varchar(4) No Translatable
Indexes

Keyname Type Column
e d y n l t
length_class_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 3 A No
abc_length_classes
length_class_id int(11) No Primary
Value decimal(15,8) No Value of length class
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE length_class_i
Y E d
67
abc_locations
location_id int(11) No Primary
Name varchar(32) No Name of Location
description varchar(255) No Description of Location
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE location_i
Y E d
abc_manufacturers
manufacturer_id int(11) No Primary
Name varchar(64) No Name of Manufacturer
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE manufacturer_i
Y E d
abc_manufacturers_to_stores
manufacturer_id int(11) No Primary
68
Indexes

Keyname Type Column
e d y n l t
manufacturer_i
PRIMAR BTRE A No
Yes No d Primary
Y E
store_id 0 A No
abc_messages
msg_id int(11) No Primary
Title varchar(128) No Title of Message
Message Text No Message
Status char(1) No Current Status
Viewed int(11) No 0 Viewed Message
Repeated int(11) No 0 Repeated Message
Indexes

PRIMARY BTREE Yes No msg_id 0 A No Primary
abc_online_customers
Online Remote Customer IP
Ip varchar(50) No
Address
url text No Uniform Resource Locator
Referrer text No Redirected Address
69
Indexes
Uniq Packe Cardinali Collati Nul Comme

Keyname Type Column
ue d ty on l nt
BTRE
PRIMARY Yes No ip 1 A No Primary
E
ac_online_customers BTRE date_add
No No A No Foreign
_idx E ed
abc_order_data
order_id int(11) No Primary
type_id int(11) No Foreign
Data Text Yes NULL Current Date
Indexes

order_id A No
type_id 0 A No
abc_order_data_types
type_id int(11) No Primary
Indexes
70
PRIMARY BTREE Yes No type_id 2 A No Primary
abc_order_downloads
order_download_id int(11) No Primary
order_id int(11) No Foreign
order_product_id int(11) No Foreign
Name varchar(64) No Name of Order
Filename varchar(128) No File Name
Mask varchar(128) No Layered Data
Status int(1) No 0 Current Status
Remaining
remaining_count int(11) Yes NULL
Account
Percentage of
percentage int(11) Yes 0
Download
expire_date Datetime Yes NULL Expire Date
Activate varchar(64) No Activation
activate_order_status_id int(11) No 0 Foreign
Attributes of
attributes_data Longtext Yes NULL
Data
Date of
date_added Timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified Timestamp No CURRENT_TIMESTAMP
Modification
Indexes

Keyname Type Column
BTR order_download_i Primar
EE d y
order_id A No
ac_order_downloa BTR
No No order_product_id A No Foreign
ds_idx EE
download_id A No
71
Keyname Type Column
Status A No
activate_order_sta
A No
tus_id
abc_order_downloads_history
order_download_history_id int(11) No Primary
order_download_id int(11) No Foreign
Filename varchar(128) No File Name
Mask varchar(128) No Mask
Percentage
download_percent int(11) Yes 0 of
Download
Time of
Time timestamp No CURRENT_TIMESTAMP
Download
Indexes
Typ Uniq Pack Cardin Collat N Com

Keyname Column
e ue ed ality ion ull ment
order_download_h
A No
istory_id
BTR order_download_i
PRIMARY Yes No A No Primar
EE d y
order_id A No
order_product_id 1 A No
ac_order_downloads_ BTR Foreig
No No download_id A No
history_idx EE n
abc_order_history
72
order_history_id int(11) No Primary
order_status_id int(5) No Foreign
Notify int(1) No 0 Notification
comment Text No Comment
Indexes
Uniq Packe Cardinali Collati Nu Comme

Keyname Type Column
ue d ty on ll nt
BTRE order_history
E _id
order_id A No
ac_order_history BTRE order_status_
No No A No Foreign
_idx E id
Notify A No
abc_order_options
order_option_id int(11) No Primary
product_option_value_id int(11) No 0 Foreign
name varchar(255) No Name of Order
sku varchar(64) No Sku*****
value Text No Value of Order
price decimal(15,4) No 0.0000 Price of Order
prefix char(1) No Prefix
settings Longtext Yes NULL Settings
Indexes

Keyname Type Column
PRIMARY BTR Yes No order_option_id 0 A No Primary
73
Keyname Type Column
EE
order_id A No
ac_order_option BTR order_product_id A No
No No Foreign
s_idx EE product_option_va
A No
lue_id
abc_order_products
order_product_id int(11) No Primary
name varchar(255) No Name of Product
model varchar(24) No Model Of Product
Sku varchar(64) No Sku
price decimal(15,4) No 0.0000 Price of Product
total decimal(15,4) No 0.0000 Total of Price
Tax decimal(15,4) No 0.0000 Tax
quantity int(4) No 0 Quantity of Products
subtract int(1) No 0 Subtract
Indexes
Uniq Packe Cardinal Collati Nu Comme

Keyname Type Column
ue d ity on ll nt
BTRE order_product
E _id
ac_order_products BTRE order_id A No
No No Foreign
_idx E product_id A No
abc_order_status_ids
order_status_id int(11) No Primary
status_text_id varchar(64) No Foreign
74
Indexes

Keyname Type Column
ue d ity on ll nt
order_status
A No
BTRE _id
PRIMARY Yes No Primary
E status_text_i
13 A No
d
ac_order_status_ids BTRE status_text_i
Yes No 13 A No Foreign
_idx E d
abc_order_statuses
order_status_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l t
order_status_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 13 A No
abc_order_totals
order_total_id int(10) No Primary
Title varchar(255) No Title of Order
Text varchar(255) No Text
Value decimal(15,4) No 0.0000 Value of Order
Type varchar(255) No Type of Order
Key varchar(128) No Key
75
Indexes

Keyname Type Column
ue ed ity on ll nt
BTRE order_total
E _id
idx_orders_total_orde BTRE
No No order_id A No Foreign
rs_id E
abc_orders
order_id int(11) No Primary
invoice_id int(11) No 0 Foreign
invoice_prefix varchar(10) No Prefix
store_name varchar(64) No Store Name
Server
store_url varchar(255) No Address of
store
customer_id int(11) No 0 Foreign
customer_group_id int(11) No 0 Foreign
Customer
Firstname varchar(32) No
First Name
Customer
Lastname varchar(32) No
Last Name
Telephone
Telephone varchar(32) No
Number
Fax varchar(32) No Fax Number
Email varchar(96) No E-mail
Shipping First
shipping_firstname varchar(32) No
Name
Shipping Last
shipping_lastname varchar(32) No
Name
Shipping
shipping_company varchar(32) No
Company
First Shipping
shipping_address_1 varchar(128) No
Address
shipping_address_2 varchar(128) No Second
76
Shipping
Address
City of
shipping_city varchar(128) No
Shipping
Shipping Post
shipping_postcode varchar(10) No
Code
Shipping
shipping_zone varchar(128) No
Zone
shipping_zone_id int(11) No Foreign
Country of
shipping_country varchar(128) No
Shipping
shipping_country_id int(11) No Foreign
Shipping
shipping_address_format Text No Address
Format
Shipping
shipping_method varchar(128) No
Method
Key of
shipping_method_key varchar(128) No Shipping
Method
First Name of
payment_firstname varchar(32) No
Payment
Last Name of
payment_lastname varchar(32) No
Payment
Payment
payment_company varchar(32) No
Company
First Payment
payment_address_1 varchar(128) No
Address
Second
payment_address_2 varchar(128) No Payment
Address
payment_city varchar(128) No Payment City
Payment Post
payment_postcode varchar(10) No
Code
Payment
payment_zone varchar(128) No
Zone
payment_zone_id int(11) No Foreign
Payment
payment_country varchar(128) No
Country
payment_country_id int(11) No Foreign
77
Format of
payment_address_format Text No Payment
Address
Method of
payment_method varchar(128) No
Payment
Key of
payment_method_key varchar(128) No Payment
Method
Comment Text No Comment
Total of
Total decimal(15,4) No 0.0000
Payment
order_status_id int(11) No 0 Foreign
currency_id int(11) No Foreign
Currency varchar(3) No Currency
Value decimal(15,8) No Value
coupon_id int(11) No Foreign
Date of
date_added Timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified Timestamp No CURRENT_TIMESTAMP
Modification
Ip varchar(50) No IP Address
Data of
payment_method_data Text No Payment
Method
Indexes

Keyname Type Column
e d ty n l nt
order_id A No
BTRE
PRIMARY Yes No customer_id A No Primary
E
order_status_id 0 A No
invoice_id A No
store_id A No
ac_orders_i BTRE customer_group_
No No A No Foreign
dx E id
shipping_zone_id A No
shipping_country A No
78
Keyname Type Column
e d ty n l nt
_id
payment_zone_id A No
payment_country
A No
_id
language_id A No
currency_id A No
coupon_id A No
abc_page_descriptions
page_id int(10) No 0 Primary
seo_url varchar(100) No Seo-Server Address*
Keywords varchar(255) No Translatable
Content text Yes NULL Translatable
Indexes

Keyname Type Column
e d y n l t
page_id A No
PRIMAR BTRE
Y E 8 A No
d
abc_pages
page_id int(10) No Primary
parent_page_id int(10) No 0 Foreign
79
Controller varchar(100) No Controller
key_param varchar(40) No Key Parameter
key_value varchar(40) No Key Value
Indexes

Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No page_id 8 A No Primary
E
page_id A No
controller A No
ac_pages_id BTRE
Yes No key_para Foreign
x E A No
m
key_value 8 A No
abc_pages_forms
page_id int(10) No Primary
form_id int(10) No Foreign
Indexes

form_id A No
page_id 0 A No
abc_pages_layouts
layout_id int(10) No Primary
page_id int(10) No Foreign
80
Indexes

layout_id A No
page_id 8 A No
abc_product_descriptions
product_id int(11) No Primary
meta_keywords varchar(255) No Translatable
meta_description varchar(255) No Translatable
Description Longtext No Translatable
Blurb Text No Translatable
Indexes

Keyname Type Column
product_
A No
BTR id
PRIMARY Yes No Primary
EE language
0 A No
_id
BTR
Name No No name A No Name
EE
product_
ac_product_descriptions_n BTR A No
No No id Foreign
ame_idx EE
name A No
abc_product_discounts
product_discount_id int(11) No Primary
Quantity int(4) No 0 Quantity of
81
Product
Price decimal(15,4) No 0.0000 Price
date_start Date No 0000-00-00 Start Date
date_end Date No 0000-00-00 End Date
Date of
Modification
Indexes

Keyname Type Column
BTR product_discou
EE nt_id
product_id A No
ac_product_discoun BTR
No No customer_grou Foreign
ts_idx EE A No
p_id
abc_product_filter_descriptions
filter_id int(11) No Primary
Value varchar(255) No Translatable
Indexes

Keyname Type Column
e d y n l t
filter_id A No
PRIMAR BTRE
Y E 0 A No
d
abc_product_filter_ranges
range_id int(11) No Primary
82
feature_id int(11) Yes NULL Foreign
filter_id int(11) No Foreign
From decimal(12,2) No 0.00 From Location
To decimal(12,2) No 0.00 To Location*
Indexes

PRIMARY BTREE Yes No range_id 0 A No Primay
from A No
From BTREE No No Source
to A No
filter_id BTREE No No filter_id A No Foreign
feature_id BTREE No No feature_id A Yes Foreign
abc_product_filter_ranges_descriptions
range_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l t
range_id A No
PRIMAR BTRE
Y E 0 A No
d
abc_product_filters
filter_id int(11) No Primary
filter_type char(1) No Type of Filter
categories_hash text No Categories
feature_id int(11) Yes NULL Foreign
83
Status smallint(1) No 0 Current Status
Indexes

PRIMARY BTREE Yes No filter_id 0 A No Primary
feature_id BTREE No No feature_id A Yes Foreign
abc_product_option_descriptions
product_option_id int(11) No Primary
option_placeholder varchar(255) Yes Translatable
Indexes
Uniq Pack Cardina Collat Nu Comm

Keyname Type Column
ue ed lity ion ll ent
product_opti
BTR A No Primar
PRIMARY Yes No on_id
EE y
language_id 0 A No
ac_product_option_descri BTR Foreig
No No product_id A No
ptions_idx EE n
abc_product_option_value_descriptions
product_option_value_id int(11) No Primary
Name Text Yes NULL Translatable
grouped_attribute_names Text Yes NULL Grouping of Attribute Names
84
Indexes
Typ Uni Pac Cardin Colla N Com

Keyname Column
e que ked ality tion ull ment
product_option N
A
BTR _value_id o Primar
PRIMARY Yes No
EE N y
language_id 0 A
o
ac_product_option_value_ BTR N Foreig
No No product_id A
descriptions_idx EE o n
abc_product_option_values
product_option_value_id int(11) No Primary
product_option_id int(11) No Foreign
group_id int(11) No 0 Foreign
Sku varchar(255) Yes NULL Sku****
Quantity int(4) No 0 Quantity of Product
Subtract int(1) No 0 Subtract
Price decimal(15,4) No Price of Product
Prefix char(1) No Prefix
Weight decimal(15,8) No Weight of Product
weight_type varchar(3) No Type of Weight
attribute_value_id int(11) Yes NULL Foreign
grouped_attribute_data Text Yes NULL Group of Attribute Data
Default smallint(6) Yes 0 Default
Indexes

Keyname Type Column
BTR product_option_v Primar
EE alue_id y
ac_product_option_v BTR product_option_i Foreig
No No A No
alues_idx EE d n
85
Keyname Type Column
product_id A No
group_id A No
attribute_value_i Ye
A
d s
abc_product_options
product_option_id int(11) No Primary
group_id int(11) No 0 Foreign
element_type char(1) No I Type of Element
Required smallint(1) No 0 Required Element
regexp_pattern varchar(255) No Pattern***
Settings Text Yes NULL Setting of Options
Indexes

Keyname Type Column
ue ed ity on ll nt
BTR product_optio
EE n_id
attribute_id A No
ac_product_option BTR
No No product_id A No Foreign
s_idx EE
group_id A No
abc_product_specials
product_special_id int(11) No Primary
86
Price of Special
Price decimal(15,4) No 0.0000
Product
date_start Date No 0000-00-00 Start Date
date_end Date No 0000-00-00 End Date
Date of
Modification
Indexes

Keyname Type Column
ue ed ity on ll nt
BTR product_specia
EE l_id
product_id A No
ac_product_special BTR
No No customer_grou Foreign
s_idx EE A No
p_id
abc_product_tags
Tag varchar(32) No Translatable
Indexes

Keyname Type Column
e d y n l t
product_id A No
PRIMAR BTRE tag A No
Yes No Primary
Y E language_i
0 A No
d
abc_products
87
Model varchar(64) No Model of Product
Sku varchar(64) No Sku****
Location varchar(128) No Location of Product
Quantity int(4) No 0 Quantity of Product
stock_status_id int(11) No Foreign
manufacturer_id int(11) No Foreign
Shipping int(1) No 1 Product Shipping
ship_individually int(1) No 0 Shipping Individually
free_shipping int(1) No 0 Free Shipping
shipping_price decimal(15,4) No 0.0000 Price of Shipping
Price decimal(15,4) No 0.0000 Price of Product
tax_class_id int(11) No Foreign
date_available Date No Available Date
Weight decimal(5,2) No 0.00 Weight of Product
weight_class_id int(11) No 0 Foreign
Length decimal(5,2) No 0.00 Length of Product
Width decimal(5,2) No 0.00 Width of Product
Height decimal(5,2) No 0.00 Height of Product
length_class_id int(11) No 0 Foreign
Viewed int(5) No 0 Viewed
Subtract int(1) No 1 Subtract
Minimum int(11) No 1 Minimum Quantity*
Maximum int(11) No 0 Maximum Quantity
Cost decimal(15,4) No 0.0000 Cost
call_to_order smallint(6) No 0 Call to Ordering
settings Longtext Yes NULL Setting of Order
Indexes

Keyname Type Column
ue d ity on ll nt
88
Keyname Type Column
ue d ity on ll nt
BTRE
PRIMARY Yes No product_id 0 A No Primary
E
stock_status_
A No
id
manufacturer
A No
BTRE _id
ac_products_idx No No Foreign
E weight_class
A No
_id
length_class_
A No
id
product_id A No
ac_products_status BTRE status A No
No No Foreign
_idx E date_availabl
A No
e
abc_products_featured
product_id int(11) No 0 Primary
Indexes

PRIMARY BTREE Yes No product_id 8 A No Primary
abc_products_related
related_id int(11) No Foreign
Indexes

product_id A No
related_id 0 A No
89
abc_products_to_categories
category_id int(11) No Foreign
Indexes

Keyname Type Column
e d y n l t
product_id A No
PRIMAR BTRE
Yes No category_i Primary
Y E 0 A No
d
abc_products_to_downloads
Indexes

Keyname Type Column
e d y n l t
product_id A No
PRIMAR BTRE
Yes No download_i Primary
Y E 0 A No
d
abc_products_to_stores
Indexes

PRIMARY BTREE Yes No product_id A No Primary
90
store_id 0 A No
abc_resource_descriptions
resource_id int(10) No 0 Primary
Name varchar(255) Yes Translatable
Title varchar(255) Yes Translatable
description text Yes NULL Translatable
resource_path varchar(255) Yes NULL Path of Resource
resource_code text Yes NULL Code of Resource
Indexes

Keyname Type Column
resource
A No
BTR _id Primar
PRIMARY Yes No
EE language y
99 A No
_id
resource
A No
ac_resource_descriptions_ BTR _id
No No Foreign
name_idx EE Ye
Name A
s
resource
A No
ac_resource_descriptions_t BTR _id
No No Foreign
itle_idx EE Ye
Title A
s
abc_resource_library
resource_id int(11) No Primary
type_id int(11) No Foreign
91
Indexes

Keyname Type Column
e d ty n l nt
BTRE resource_
E id
resource_
ac_resource_library BTRE A No
No No id Foreign
_idx E
type_id A No
abc_resource_map
resource_id int(11) No Primary
object_name varchar(40) No Name of Object
object_id int(11) No Foreign
Default tinyint(1) No 0 0-no, 1-Yes
Indexes

Keyname Type Column
ue ed ity on ll nt
resource_
A No
id
BTR
PRIMARY Yes No object_na Primary
EE A No
me
object_id 11 A No
resource_
A No
ac_resource_map_sorti BTR id
No No Foreign
ng_idx EE sort_orde
A No
r
92
abc_resource_types
type_id int(11) No Primary
type_name varchar(40) No Name of Resource Type
default_directory varchar(255) No Default Directory of Resource Type
default_icon varchar(255) Yes NULL Default Icon Resource Type
file_types varchar(40) No Types of File
access_type tinyint(1) No 0 0-Public, 1-Secured
Indexes

PRIMARY BTREE Yes No type_id 6 A No Primary
type_id A No
group_id BTREE No No Foreign
type_name A No
abc_reviews
review_id int(11) No Primary
customer_id int(11) No Foreign
author varchar(64) No Author of Reviews
text longtext No Text of Reviews
rating int(1) No Rating of Reviews
status int(1) No 0 Current Status
Indexes

Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No review_id 0 A No Primary
E
ac_reviews_id BTRE No No product_id A No Foreign
93
Keyname Type Column
e d y n l t
x E customer_i
A No
d
abc_settings
setting_id int(11) No Primary
group varchar(32) No Group of Setting
Key varchar(64) No Key of Setting
value text No Value of Setting
Indexes

Keyname Type Column
e d y n l nt
setting_i
A No
d
PRIMARY BTREE Yes No store_id A No Primary
Group A No
Key 214 A No
ac_settings_i FULLTEX
No No Value 1 No Foreign
dx T
abc_stock_statuses
stock_status_id int(11) No Primary
94
Indexes

Keyname Type Column
e d y n l t
stock_status_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 3 A No
abc_store_descriptions
store_id int(11) No Primary
description Longtext No Translatable
Title Longtext No Translatable
meta_description Longtext No Translatable
meta_keywords Longtext No Translatable
Indexes

Keyname Type Column
e d y n l t
store_id A No
PRIMAR BTRE
Y E 0 A No
d
abc_stores
store_id int(11) No Primary
name varchar(64) No Name of Store
alias varchar(15) No Alias of Store
status int(1) No Current Status
Indexes

PRIMARY BTREE Yes No store_id 1 A No Primary
95
abc_task_details
task_id int(11) No Primary
created_by varchar(255) Yes Creator of Task
settings longtext Yes NULL Setting of Task
Indexes

PRIMARY BTREE Yes No task_id 0 A No Primary
abc_task_steps
step_id int(11) No Primary
task_id int(11) No Foreign
sort_order int(11) Yes 0 Sorting
0 - disabled, 1 -
ready, 2 - running,
status int(11) Yes 0 3 - failed, 4 -
scheduled, 5 –
completed
Last Time of
last_time_run timestamp No 0000-00-00 00:00:00
Running
1 - success, 0 –
last_result int(11) No 0
failed
Maximum
max_execution_time int(11) Yes 0
Execution Time
controller varchar(255) Yes Controller of Task
settings longtext Yes NULL Setting of Task
Date of
Modification
96
Indexes
Uniqu Packe Colum Cardinalit Collatio Nul Commen

Keyname Type
e d n y n l t
BTRE
PRIMARY Yes No step_id 0 A No Primary
E
task_steps_id BTRE
No No task_id A No Foreign
x E
abc_tasks
task_id int(11) No Primary
name varchar(255) No Name of Task
0 - storefront, 1 -
starter int(11) Yes NULL
admin side, 2 – any
0 - disabled, 1 -
ready, 2 - running,
status int(11) Yes 0 3 - failed, 4 -
scheduled, 5 –
completed
start_time datetime Yes NULL Start Time
last_time_run timestamp No 0000-00-00 00:00:00 Last Time of Run
percentage of
progress int(11) No 0
progress
1 - success, 0 –
last_result int(11) No 0
failed
interval in seconds
run_interval int(11) No 0 since last run, 0 -
without interval
Maximum
max_execution_time int(11) Yes 0
Execution Time
Date of
Modification
Indexes

Keyname Type
e d n y n l t
97
Keyname Type
e d n y n l t
BTRE
PRIMARY Yes No task_id 0 A No Primary
E
task_name_id BTRE
Yes No name 0 A No Foreign
x E
abc_tax_class_descriptions
tax_class_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l t
tax_class_i
A No
PRIMAR BTRE d
Yes No Primary
Y E language_i
1 A No
d
abc_tax_classes
tax_class_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE tax_class_i
Y E d
98
abc_tax_rate_descriptions
tax_rate_id int(11) No Primary
Indexes

Keyname Type Column
e d y n l t
tax_rate_id A No
PRIMAR BTRE
Y E 1 A No
d
abc_tax_rates
tax_rate_id int(11) No Primary
location_id int(11) No 0 Foreign
zone_id int(11) Yes 0 Foreign
tax_class_id int(11) No Foreign
Rate decimal(15,4) No 0.0000 Rate of Tax
rate_prefix char(1) No % Rate of Prefix
Condition of
threshold_condition char(2) No
Threshold
threshold decimal(15,4) No 0.0000 Threshold
tax_exempt_groups Text Yes NULL Tax Exempt Group
Date of
Modification
Indexes

Keyname Type Column
e d y n l t
PRIMARY BTRE Yes No tax_rate_id 1 A No Primary
99
Keyname Type Column
e d y n l t
E
location_id A No
ac_tax_rates_i BTRE zone_id A Yes
No No Foreign
dx E tax_class_i
A No
d
abc_url_aliases
url_alias_id int(11) No Primary
Query varchar(255) No Request
Keyword varchar(255) No Translatable
language_id int(11) No 1 Foreign
Indexes

Keyname Type Column
e d ty n l nt
BTRE url_alias_i
E d
Keyword A No
ac_url_aliases_id BTRE
Yes No language_ Foreign
x E 4 A No
id
Query A No
ac_url_aliases_id BTRE
Yes No language_ Foreign
x2 E 4 A No
id
abc_user_groups
user_group_id int(11) No Primary
Name varchar(64) No Name of User Group
permission longtext No Permission
100
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE user_group_i
Y E d
abc_user_notifications
user_id int(11) No Primary
Section tinyint(1) No 1 - admin, 0 – storefront
sendpoint varchar(255) No Send Point of User
Protocol varchar(30) No Transmission Protocol
Uri text No Uri****
Indexes

user_id A No
store_id A No
PRIMARY BTREE Yes No section A No Primary
sendpoint A No
protocol 0 A No
abc_users
user_id int(11) No Primary
user_group_id int(11) No Foreign
username varchar(20) No User Name
Salt varchar(8) No Salt
password varchar(40) No User Password
firstname varchar(32) No User First Name
101
Lastname varchar(32) No User Last Name
Email varchar(96) No E-mail
Status int(1) No Current Status
Ip varchar(50) No IP Address*
last_login datetime No 0000-00-00 00:00:00 User Last Login
Indexes

PRIMARY BTREE Yes No user_id 1 A No Primary
abc_weight_class_descriptions
weight_class_id int(11) No Primary
Unit varchar(4) No Translatable
Indexes

Keyname Type Column
e d y n l t
weight_class_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 4 A No
abc_weight_classes
weight_class_id int(11) No Primary
Value decimal(15,8) No 0.00000000 Value of Weight
102
Indexes

Keyname Type Column
e d y n l t
PRIMAR BTRE weight_class_i
Y E d
abc_zone_descriptions
zone_id int(11) No Primary
language_id int(11) No Forreign
Indexes

Keyname Type Column
e d y n l t
zone_id A No
PRIMAR BTRE
Y E 3934 A No
d
abc_zones
zone_id int(11) No Primary
country_id int(11) No Foreign
Code varchar(32) No Zone Code
Indexes

Keyname Type Column
e d y n l t
PRIMARY zone_id A No
BTRE
l Yes No country_i Primary
E 3934 A No
h d
103
abc_zones_to_locations
zone_to_location_id int(11) No Primary
country_id int(11) No Foreign
zone_id int(11) No 0 Foreign
location_id int(11) No Foreign
Indexes

Keyname Type Column
BTR zone_to_locati
EE on_id
country_id A No
ac_zones_to_locatio BTR
No No zone_id A No Foreign
ns_idx EE
location_id A No
2.1.3.2. Virtual Bank Database
Accounts
Field Type Null Default Comments

vcc_id int(12) No Virtual Credit Card ID (Index)
customer_ID int(4) No Customer ID (Primary)
Current_amount int(12) No Current Amount
customer_addr char(20) No Customer Address
phone int(20) No Phone Number
E_mail varchar(25) No E_mail
vcard
Field Type Null Default Comments

vc_id int(12) No Virtual Card ID (Primary)
Issuing_date Date No Issuing Date
104
Exp_date Date No Expire Date
V_card_activation int(1) No 0 Virtual Card Activation
4.2.2. User Interface Design
Before implementing the actual design of the project, a few user interface
designs were constructed to visualize the user interaction with the system as
they browse for Products, create a shopping cart and purchase Products.
4. 2.3. Implementation Technologies
The objective of this project is to develop a secure B2B application when the
user types in the URL website in the address field of the browser, a Web
Server is contacted to get the requested information.
4.2.4. Software and Tools:
 Web Server
Running ubuntu 16.10 as an operating system, with apache 7.0.
 DB Server
MySQL 5.7.17 for the website, and MySQL (windows 7) 5.0.51B for bank
db-server, this server connects only to the IMA DB sever.
4.2.5. Security Policy
4.2.5.1. Introduction
In business, a security policy is a document that states in writing how a

company plans to protect the company's physical and information
technology (IT) assets. A security policy is often considered to be a "living
document", meaning that the document is never finished, but is continuously
updated as technology and employee requirements change. A company's
security policy may include an acceptable use policy, a description of how
the company plans to educate its employees about protecting the company's
assets, an explanation of how security measurements will be carried out and
105
enforced, and a procedure for evaluating the effectiveness of the security
policy to ensure that necessary corrections will be made.
This Security Policy shall be reviewed at the time of any change in the
IT environment or once every year, whichever is earlier. The review shall be
carried out for assessing the following:
1-Impact on the risk profile due to, but not limited to, the changes in the
deployed technology, network security architecture, regulatory and /or legal
requirements.
2-The effectiveness of the security controls specified in the policy.
As a result of the review, the existing policy may be updated or modified.
 Scope
This policy applies to the use of information, electronic and computing

devices, and network resources to conduct IMA business or interacts with
internal networks and business systems, whether owned or leased by IMA,
the employee, customer, or a third party. All employees, contractors, and
other parties at IMA and its subsidiaries are responsible for exercising good
judgment regarding appropriate use of information, electronic devices, and
network resources in accordance with IMA policies and standards, and local
laws and regulation. Exceptions to this policy are documented.
This policy applies to employees, contractors at IMA, including all

personnel affiliated with third parties. This policy applies to all equipment
that is owned or leased by IMA.
4.2.5.2. Physical Security Recommendations

Physical security is the protection of personnel, hardware, software,
networks and data from physical actions and events that could cause serious
loss or damage to an enterprise, agency or institution. This includes
protection from fire, flood, natural disasters, burglary, theft, vandalism and
terrorism.
106
4.2.5.3. Consider the following list of guidelines when you develop a
security policy for your site:
 Restrict access to the systems that are configured with Trusted
Extensions. The most secure locations are generally interior rooms that
are not on the ground floor.
 Monitor and document access to systems that are configured with
Trusted Extensions.
 Secure computer equipment to large objects such as tables and desks to
prevent theft. When equipment is secured to a wooden object, increase
the strength of the object by adding metal plates.
 Consider removable storage media for sensitive information. Lock up all
removable media when the media are not in use.
 Store system backups and archives in a secure location that is separate
from the location of the systems.
 Restrict physical access to the backup and archival media in the same
manner as you restrict access to the systems.
 Install a high-temperature alarm in the computer facility to indicate
when the temperature is outside the range of the manufacturer's
specifications. A suggested range is 10°C to 32°C (50°F to 90°F).
 Install a water alarm in the computer facility to indicate water on the
floor, in the subfloor cavity, and in the ceiling.
 Install a smoke alarm to indicate fire, and install a fire-suppression
system.
 Install a humidity alarm to indicate too much or too little humidity.
 Consider TEMPEST shielding if machines do not have it. TEMPEST
shielding might be appropriate for facility walls, floors, and ceilings.
 Allow only certified technicians to open and close TEMPEST equipment
to ensure its ability to shield electromagnetic radiation.
107
 Check for physical gaps that allow entrance to the facility or to the
rooms that contain computer equipment. Look for openings under raised
floors, in suspended ceilings, in roof ventilation equipment, and in
adjoining walls between original and secondary additions.
 Prohibit eating, drinking, and smoking in computer facilities or near
computer equipment. Establish areas where these activities can occur
without threat to the computer equipment.
 Protect architectural drawings and diagrams of the computer facility.
 Restrict the use of building diagrams, floor maps, and photographs of the
computer facility.
4.2.5.4. Usage Policy
Is a document stipulating constraints and practices that a user must agree to

for access to a corporate network or the Internet.
Many businesses facilities require that employees, customer or third party to

sign an acceptable use policy before being granted a network ID
The information provided to the B2B e commerce application during

application process is protected in transit by using a network protocol called
Secure Sockets Layer (SSL). SSL is the industry standard technology for
secure online transactions. A simple way to know your transmission is
protected is by referencing the URL. If it starts with https:// you can be
assured that it is using SSL. Transactions are processed only from secure
browsers. These browsers encrypt the information sent using SSL, which
scrambles the data to make it extremely difficult for anyone who intercepts
the information to read it. B2B application has associated with an e-banking
system for the goal of protecting customer’s personal and financial
information. Transmissions from this e-banking system also are encrypted
and sent via dedicated leased private circuits. In addition, the computers
housing the data are protected by physical security measures, including more
than one level of locked access.
All information provided during the application process or payment process
including (company name, address, public email, phone number and e-bank
account number), is not shared, sold or rented to any outside parties.
108
-Safeguarding Information
To minimize the risk of loss and/or additional expenses that could occur
from compromised account information, B2B application will not retain any
of the following information electronically:
 E-bank account number.
 Associated private information of the company.
 Protection of information is important to B2B, and as a result, payment
via email is not accepted.
 B2B protects against unauthorized disclosures by limiting access only to
those of account holders who need the information to do their jobs.
- Access Control Policy (Based on Users Roles).
Access control is a security technique that can be used to regulate who or

what can view or use resources in a computing environment.
There are two main types of access control: physical and logical. Physical
access control limits access to campuses, buildings, rooms and physical IT
assets. Logical access limits connections to computer networks, system files
and data.
The four main categories of access control are:
 Mandatory access control

 Discretionary access control
 Role-based access control
 Rule-based access control
Access control systems perform authorization identification, authentication,

access approval, and accountability of entities through login credentials
including passwords, personal identification numbers (PINs), biometric
scans, and physical or electronic keys.
4.2.5.5. Password Policy
Set of rules designed to enhance computer security by encouraging users to

employ strong passwords and use them properly.
109
Password policy is offend part of an organization official regulation and may
be thought as part of security awareness training, the following policies are
applied for each component of the application based on users roles.
-Administrative Passwords
Administrative passwords are subject to stringent composition, frequent

change, and limited access. This includes passwords for routers, switches,
WAN links, firewalls, servers, Internet connections, administrative-level
network operating system accounts, and any other IT resource.
Passwords for administrative resources must meet the following criteria:
 Passwords must not be shared

 Passwords should not be written down
 Passwords will expire every 40 days
- User as Customer and Third Party
 Usernames and passwords must not be shared by users

 All users will have an alphanumeric password of at least 8 characters,
and single special character.
 All accounts will be assigned a password of a minimum of 8 characters,
At least one character should be in upper case.
- User as Client
 Passwords must meet the following criteria:

 Password may not contain all or part of the user's account name.
 Password is at least six characters long.
 Password contains characters from three of the following four
categories:
o English uppercase characters (A...Z)
o English lowercase characters (a...z)
o Base 10 digits (0...9)
No alphanumeric (exclamation point [!], dollar sign [$], pound sign [#],
percent sign [%], etc.)
110
4.2.5.6. Database Security Policy
The key to any successful database security policy is to know why you're
protecting each database, which databases to protect, and how to best secure
data against all types of threats keeping various compliance regulations such
as SOX, HIPAA, PCI DSS, GLBA and European Union directives in mind.
In recent research, Forrester recommends that enterprises build a
comprehensive database security strategy on the following three pillars:
 Build a strong foundation with authentication, authorization, access

control, discovery and classification, and patch management.
 Take preventative measures with data masking, encryption and change
management.
 Establish database intrusion detection with auditing, monitoring and
vulnerability assessment.
-The server hosting the database must comply with the Client Computing
Security Standard (CCSS) and Critical Server Security Standard (CSSS). All
servers that host databases, database services, or database applications and
that have been deemed “critical” based on the criteria in the Critical Server
Security Standard (CSSS) must comply with this standard.
-This standard applies to all servers that have been deemed “critical” based
on the following criteria:
 It contains or serves Restricted Data, as defined in the Data Governance
& Classification Policy.
 Loss of service carries a significant financial liability, including grants
and/or contracts.
 Loss of service results in a significant negative impact(s) for the unit or
for the reputation of the B2B application.
-Network and Firewalls Special considerations are required when
configuring network and host based firewalls to protect database servers,
which go beyond the requirements specified in the Critical Server Security
Standard (CSSS).
-Restricted Data Sometimes Restricted Data must be stored in database

servers for use in search or other functions.
111
-Auditing and Monitoring Database servers that meet the requirements of
this standard or contain Restricted Data and as a result administrators are
responsible for knowing what data is locate on their servers.
112
5.1. Test-bed Design
The test execution environment configured for testing on this project,
consists of specific hardware (Router, server and external cloud server),
software (apache, mysql, mod-security, and open-SSL), Operating system
(ubuntu Linux), network configuration (NAT, firewall, and port forwarding),
the product under test, other system software and application software.
5.2. Network Environment

The network for this project consists of three servers and a gateway router
connected to the Internet these components as follow:
5.3. DB Servers
5.3.1. MySQL Database
In this project, MySQL is used as the backend database, due to:
1. MySQL is open source database system.

2. It is fast, reliable and easy to use.
3. Compatibility
4. Additional security components ( privileges )
5.3.2. Database Servers Consistent of :

• Integrated DB server with web server
• Virtual bank DB server
5.4. Web Server

Ubuntu was selected as a web server because it surpasses windows server in
various features as follow:[11]
Table 5.1
Ubuntu Windows
Open source Closed source
Does not support executable files (.exe), mostly Support executable files (.exe), susceptible
it is virus free OS for virus threats.
Can also work as server Does not support server.
Supports multiple desktop environment Does not supports multiple desktop
environment
113
Has its own software manager Does not has its own software manager
Higher security Less security
5.5. Apache Server

Apache server 2.4 has been used to run the website instead of IIS because of
 IIS only runs on Windows while Apache is a cross platform

application.[12]
 The Windows OS is prone to security risks.[12]
5.6. Gateway Router

Sony Ericsson special purpose Home Router (limited security features
included)
5.6.1. Network Topology
Figure 5.1
5.7. Website Implementation

Any user can register and view available products, only registered member
can purchase products regardless of quantity, Contact Us page is available to
contact Admin for queries.
There are three types of users available: Visitor, User and Admin.
114
 Visitor can view available products.
 User can view and purchase products.
 An Admin has some extra privilege including all privilege of visitor and
user.
Admin can add products, edit product information and add/remove product.
Admin can add user, edit user information and can remove user. Admin can
ship order to user based on order placed by sending confirmation mail.
5.8. Web Pages Details

 Home Page
 Contact Us Page
 Preview Page
 About Us Page
 Register Page
 Customer Login Page
 Admin Login page
 Admin Page
 Success URL
 Failed URL
 Products Page
 User Track
5.9. Project Detail
Browser WEB-server Website
DB
V-bank
DB
DB
Figure 5.2
115
5.10. Implementing Security Design
5.10.1. Network Security Configurations
 IP-NAT configuration
 Firewall
 DOS detection
5.10.2. Servers
These are the configurations that was applied on the servers to implement
security for this application.
5.10.3. Information Leakage

In default Apache configuration have much sensitive information
disclosures, which can be used to prepare for an attack. It’s one of the most
critical tasks for an administrator to understand and secure them. As per
report by Cenzic, 16% of vulnerability is found in Info leakage. We require
some tool to examine HTTP Headers for verification.
5.10.4. Remove Server Version Banner

This will help to prevent exposing what web server version that running.
Exposing version means helping hacker to speedy the reconnaissance
process. The default configuration will expose Apache Version and OS type
as shown below.
Figure 5.3
5.10.4.1. Implementation
The below configuration should be add to httpd.conf or apache2.conf within
the server
116
Server Tokens Prod
Server Signature Off
Server Signature will remove the version information from the page
generated like 403, 404, 502, etc. by apache web server. Server Tokens will
change Header to production only, i.e. Apache
5.10.4.2. Verification
After changing the default configuration, the response header should not
content information about the server.
Figure 5.4
Figure 5.5
5.11. Disable Directory Browser Listing

Disable directory listing in a browser so the visitor doesn’t see what all file
and folders under root or subdirectory. The default settings.
5.11.1. Implementation
The following options should be added to httpd.conf or apache2.conf as
shown below
<Directory /opt/apache/htdocs>
Options None
117
Order allow, deny
Allow from all
</Directory>
5.11.2. Verification
Browser should not disclose any directory content and the following error
massage should appear and also custom error massage can be configured as
shown in figure (5.6).
Figure 5.6
5.12. E-tag
It allows remote attackers to obtain sensitive information like inode number,
multipart MIME boundary, and child process through e-tag header. To
prevent this vulnerability.
The following option should be added to httpd.conf file or apache2.conf
FileETag None
The response header from the server should not content e-tag option as
shown in figure (5.7)
118
Figure 5.7
5.13. Authorization
5.13.1. Run Apache from Non-privileged Account
Default apache configuration is to run as nobody or daemon. a separate non-
privileged user for Apache should be configured. The purpose is to protect
other services running in case of any security hole.
5.13. 2. Implementation
The figure shows the commands used to create users with system privileges
#groupadd apache
# useradd –G apache apache
Change apache installation directory ownership to newly created non-

privileged user
# chown –R apache: apache /opt/apache
User apache
Group apache
5.13. 3. Verification
Figure (5.8) shows the privileges assigned for the new user
# ps –ef |grep http
119
Figure 5.8
5.14. Protect Binary and Configuration Directory Permission

By default, permission for binary and configuration is 755 that mean any
user on a server can view the configuration.
The following command will limits the user permissions on the specified
directories
# chmod –R 750 bin conf
5.14.2. Verification:
As shown in figure (5.9) both bin/ and conf/ directories have only read
permission.
Figure 5.9
5.15. System Settings Protection

In a default installation, users can override apache configuration using
.htaccess file. to stop users changing apache server settings, this options was
configured (AllowOverride None) as shown below. This was done at the
root level.
<Directory />
Options -Indexes
AllowOverride None
</Directory>
120
5.16. HTTP Request Methods
HTTP 1.1 protocol support many request methods which may not be
required and some of them are having potential risk. Typically just GET,
HEAD, POST request methods are needed in a web application, which can
be configured in the respective Directory directive. Default apache
configuration support OPTIONS, GET, HEAD, POST, PUT, DELETE,
TRACE, CONNECT method in HTTP 1.1 protocol.
5.16.1.Implementation
To the HTTP methods the following options was added .htaccess in the
website directory
<LimitExcept GET POST HEAD>
deny from all
</LimitExcept>
5.17. Web Application Security
Apache web server misconfiguration or not hardened properly can exploit
web application.
5.17. 1. Disable Trace HTTP Request

By default Trace method is enabled in Apache web server. Having this
enabled can allow Cross Site Tracing attack and potentially giving an option
to a hacker to steal cookie information.
First the server was tested against TRACE re request using telnet with
listening port, The following show the TRACE request for the server
#telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TRACE / HTTP/1.1 Host: test
HTTP/1.1 200 OK
Date: Sat, 31 Aug 2013 02:13:24 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: message/http 20
TRACE / HTTP/1.1
Host: test 0
Connection closed by foreign host.
121
#
In above TRACE request it has responded the query.
In order to avoid the risk of the trace request the following option was
disabled in httpd.conf file
TraceEnable off
5.17. 3. Verification
The server was tested after implementing the previous option and the
TRACE request as shown below
#telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TRACE / HTTP/1.1 Host: test
HTTP/1.1 405 Method Not Allowed
Date: Sat, 31 Aug 2013 02:18:27 GMT
Server: Apache Allow:
Content-Length: 223
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>405 Method Not Allowed</title>
</head><body> <h1>Method Not Allowed</h1>
<p>The requested method TRACE is not allowed for
the URL /.</p> </body></html>
Connection closed by foreign host.
#
In above TRACE request it has blocked the request with HTTP 405 ethod
Not Allowed, this web server doesn’t allow TRACE request and help in
blocking Cross Site Tracing attack.
122
5.18. Set Cookie with Http Only and Secure Flag
To mitigate most of the common Cross Site Scripting attack using HttpOnly
and Secure flag in a cookie. Without having HttpOnly and Secure, it is
possible to steal or manipulate web application session and cookies.
In order to implement Http Only and Secure flag the following options was
added to in httpd.conf file this option requires mod_header to be enabled on
the server.
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
As shown in figure (5.10) Set-Cookie is flagged with Http Only and Secure.
Figure 5.10
5.19. Clickjacking Attack

Clickjacking is well-known web application vulnerabilities.
the following option will mitigate this type of attack , and should be
configured in httpd.conf or apache2.conf file as follow
Header always append X-Frame-Options SAMEORIGIN
123
The HTTP response headers X-Frame-Options was set to SAMEORGIN as
shown in figure (5.11) .
Figure 5.11
5.20. Server Side Include

Server Side Include (SSI) has a risk of increasing the load on the server.
Disabling SSI by adding Includes in Options directive. SSI attack allows the
exploitation of a web application by injecting scripts in HTML pages or
executing codes remotely.
To disable server side include the following options was configured in

httpd.conf file
<Directory /opt/apache/htdocs>
Options –Indexes -Includes
Order allow,deny
Allow from all
</Directory>
5.21. X-XSS Protection

Cross Site Scripting (XSS) protection can be bypassed in many browsers.
And requires an option which can help the server to avoid it.
124
The following header option was added to httpd.conf to avoid X-XSS
Header set X-XSS-Protection “1; mode=block”
The HTTP response header shows XSS Protection is enabled and a mode is
blocked as in figure (5.12).
Figure 5.12
5.22. Disable HTTP 1.0 Protocol

The older version of HTTP has security weakness related to session
hijacking. And should be disabled using mod-rewrite module.
The following options was configured in ,htaccess file within the directory
to force using HTTP/1.1
125
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
5.23. Timeout value configuration

By default Apache time-out value is 300 seconds, which can be a victim of
Slow Loris attack and DoS.
5.23.1. Implementation:
In order to shorten the server delay time the following command was added
to apache2.conf file
Timeout 60
5.24. SSL
Having SSL is an additional layer of. However, default SSL configuration
leads to certain vulnerabilities
The following command used to generate self-signed certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048

-keyout localhost.key -out localhost.crt
The following command used to generate new CSR and private key
openssl req -out localhost.csr -new -newkey

rsa:2048 -nodes -keyout localhost.key
The following command used to Add Personal Cert, Signer Cert and Key
file in httpd-ssl.conf file under below directive
SSLCertificateFile # Personal Certificate

SSLCertificateKeyFile # Key File
SSLCACertificateFile # Signer Cert file
126
In order to check the validity configuration of the certificate, sslscan
command should be used with the specified host address as shown in
figure(5.13)
sslscan localhost | grep –i key
Figure 5.13
As shown in figure (12) SSL key is 2048 bit, which is stronger.
5.25. SSL Version

Older versions of SSL protocol have some vulnerabilities, though newer
version is used in this project.
SSLProtocol directive was configured in httpd-ssl.conf to accept only TLS
1.0+ as shown below
SSLProtocol –ALL +TLSv1 +TLSv1.1 +TLSv1.2
The following command used to check the allowed version of SSL protocol
sslscan –no-failed localhost
5.26. Mod Security

Mod Security is an open-source Web Application Firewall, which can be
used with Apache. Was used as an additional security layer for the server, it
has multiple rules that deals with various type of threats, the Core Rules use
the following techniques:
127
 HTTP Protection – detecting violations of the HTTP protocol and a
locally defined usage policy
 Real-time Blacklist Lookups – utilizes 3rd Party IP Reputation
 Web-based Malware Detection – identifies malicious web content by
check against the Google Safe Browsing API.
 HTTP Denial of Service Protections – defense against HTTP Flooding
and Slow HTTP DoS Attacks.
 Common Web Attacks Protection – detecting common web
application security attack
 Automation Detection – Detecting bots, crawlers, scanners and another
surface malicious activity
 Integration with AV Scanning for File Uploads – detects malicious
files uploaded through the web application.
 Tracking Sensitive Data – Tracks Credit Card usage and blocks
leakages.
 Trojan Protection – Detecting access to Trojans horses.
 Identification of Application Defects – alerts on application
misconfigurations.
 Error Detection and Hiding – Disguising error messages sent by the
server.
128
6.1. Introduction
this chapter covers the security test and result of the application it contains
all the major parts as follow (network security test, Operating system
security test, servers security test, and client side security test), the test
conducted for this application follows the standard penetration testing
technique, Tools used for testing Nmap, Nikto, Hping(DoS).
6.2. Network security test
This section shows testing results for Network core device (Router). As
shown in figure (6.1) the initial Nmap scan for the router shows only two
open ports HTTP and Custom port for WPS control
Figure 6.1
129
Figure 6.2
As shown in figure (6.2) the final scan result for router provide miner
information about the router OS and its version along with apache version.
6.3. Servers Security Test

This section shows testing results for the main server and its application
Figure 6.3
130
As shown in figure (6.3) Nikto tool provide non useful information about the
server, taking in mind that the response came from port 443 which is HTTPS
the secure socket protocol.
Figure 6.4
As shown in figure (6.4) port 80 is closed so the server only accept request
on port 443
131
Figure 6.5
As shown in figure (6.5) SQL injection is handled correctly using PDO

prepare statement
6.4. Client Side security Test
This section shows the client browser request and response
Figure 6.6
132
As shown in figure (6.6) clickjacking and XSS vulnerabilities are handled via
apache header module
133
7.1. Conclusion
B2B application security is vital in e-commerce. Hesitation or scepticism in
transaction security over the Internet is a crucial issue needs to be taken care
seriously. In the aim of constructing secure B2B application one has to be
aware of the new security threats and vulnerabilities, security defense
technologies in order to achieve higher security rate, the key for implemtnting
security is to follow a Well-defiend security policy and apply the
implementation plan.
7.2. Limitations
Although the research has reached its aims, there were some limitations..
 Hardware availability.
7.3. Recommendations
The following recommendations are offered for related research in the E-
commerce application security.
 Network devices preferred to be Enterprise specialized equipments, in

addition to Network-based firewalls
 IDS/IPS software recommended to be installed on every server that
involved in the transaction
 Certificate authority recommended rather than self-signed certificate to
provide mode security based on user public and private keys.
 Web server recommended to be as a separate machine to increase its
performance and resource sharing also this might provide better control.
134
References
1. www.digitsmith.com/ecommerce-definition.html
2. David Basanta Gutiérrez, Lourdes Tajes Martínez Computer Science

Department, University of Oviedo
3. George M. Zinkhan, Richard T. Watson - University of Georgia,Pierre

Berthon - Bentley College and Leyland F. Pitt – Simon Fraser University,"
Electronic Commerce: The Strategic Perspective ", Zurich, Switzerland,
2008
4. Birger Gröblinghoff," B2B E-Commerce: The Future of Business

Transactions & Relationships ".
5. Tuula Lehtimäki, M.Sc. (Bus. Adm.), M.Sc. (Tech.) Jari Salo, Dr. (Bus.
Adm.) Heidi Hiltula, M.Sc. (Bus. Adm.)and Mikko Lankinen, student,"
Harnessing web 2.0 for business to business marketing - Literature review
and an empirical perspective from Finland ",Oulu University Press,2009.
6. QIZHI DAI AND ROBERT J. KAUFFMAN," B2B E-Commerce

Revisited: Leading Perspectives on the Key Issues and Research
Directions",Department of Information and Decision Sciences at the Carlson
School of Management, University of Minnesota, 2002.
7. Wu Yanyan," Research on e-commerce Security based on Risk

Management
Perspective", School of Computer and Information Engineering Harbin
University of Commerce, Harbin, China, 2014
8. information-technology promotion agency, Japan “Study on Security

Countermeasures on Commercial Sites"
9. Hitesh Malviya," Common Security Vulnerabilities in Online Payment

Systems", India, 2012
10. https://www.treefrog.ca
11. http://www.techulator.com/experts/3039-Fundamental-differences-
between-Ubuntu-and-Windows.aspx
135
12. http://www.differencebetween.net/technology/difference-between-iis-
and-apache/
136

E-Commerce Security B2B

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

E-Commerce Security B2B

Caricato da

Copyright:

Formati disponibili

1.1.

 B2B (Business-to-Business): Companies doing business with each other

 B2C (Business-to-Consumer): Businesses selling to the general public

 C2B (Consumer-to-Business): A consumer posts his project with a set

 C2C (Consumer-to-Consumer): There are many sites offering free

 G2G (Government-to-Government):, G2E (Government-to-Employee),

1.2. Security of E-commerce

The architecture discussed previously shows three places where security

1.2.1. The Website Security

1.2.2. Security in the Network

1.2.3. Client Identification and CA’s

1.3. Problem Statement

How can appropriate security features, attributes, safeguards, and

1. 4. Key Research Questions

 What are the contrameasure of security?

 How can we implement secure B2B application?

To investigate security issues on B2B application, to design secure B2B

1.6. Scope and Constraints

Electronic commerce is a revolution in business practices. If organizations

2.2. B2B E-Commerce

The leading items in B2B EC are computing electronics, utilities, shipping

2.3. Internet and B2B-marketing

The internet has changed communication radically in industrial marketing.

2.4. The Role of B2B E-commerce Solution

With the recent business and technological developments occurring at such a

 Ray Hackney: A number of business models have been described

 Peter Weill: Shared infrastructure models and intermediaries are

 Kevin Lynch: Another important aspect of the business models of

2.5. Security Issues of B2B E-commerce

The rapid development of Internet has promoted electronic commerce

Security threats may result from the following attacks: [8]

2.5.1 Threats and Countermeasures

E-commerce B2B threats and countermeasures may include the following:

 Cross Site Scripting: All dynamically created web sites are

 Other Damage Software: Also spyware that is intended to collect

• Use proper input validation

• Use strong password

The aim of constructive research is to solve practical problems while

(1) Selecting a practically relevant problem.

(2) Obtaining a comprehensive understanding of the study area.

(3) Designing one or more applicable solutions to the problem.

(4) Demonstrating the solution’s feasibility.

3.2. Software Development Processes

3.4. Iterative Processes

4.1.1. The Functional Requirements of the B2B Software as follow:

4.1.2. The Non-functional Requirements are:

4.2. Design of the Project

In this phase each components of the software will be defined as functional

4.2.1. Database Design

VARTUAL CARD ACCOUNT

v_card_activation phone email

4.2.1.2. Database Schema:

(address_id int(11), customer_id int(11), company varchar(32), firstname

(Id varchar(60), Priority int(11), start_date (timestamp), end_date (timestamp),

(banner_id int(11), language_id int(11), name varchar(255), description

(row_id int(11), banner_id int(11), type int(11), time (timestamp), store_id

(banner_id int(11), status int(1), banner_type int(11), banner_group_name

(block_description_id int(10), custom_block_id int(10), language_id int(10), block_wrappe

(instance_id int(10), layout_id int(10), block_id int(10), custom_block_id int(10),

parent_instance_id int(10), position smallint(5), status smallint(1), date_added (timestamp),

(block_id int(10), block_txt_id varchar(255), controller varchar(255), date_added

(category_id int(11), parent_id int(11), sort_order int(3), Status int(1), date_added

(category_id int(11), store_id int(11))