Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Introduction
Ecommerce (e-commerce) or electronic commerce, a subset of E-business, is
the purchasing, selling, and exchanging of goods and services over computer
networks (such as the Internet) through which transactions or terms of sale
are performed electronically. Contrary to popular belief, ecommerce is not
just on the Web. In fact, ecommerce was alive and well in business to
business transactions before the Web back in the 70s via EDI (Electronic
Data Interchange) through VANs (Value-Added Networks). Ecommerce can
be broken into four main categories: B2B, B2C, C2B, and C2C.[1]
1
procurement to filing taxes to business registrations to renewing licenses.
There are other categories of ecommerce out there, but they tend to be
superfluous. [1]
The security in the own sites is quite difficult to solve completely. The
reason is that the security model behind most commercial platforms is based
on ACLs (Access Control Lists) and this model is basically flawed. A better
idea would be to use a capabilities-based operating system in which software
running on top of it is constrained to do what it says it does, based on the
principle of the minimum privileges needed to do an intended operation. [2]
Some operating systems as Amoeba or Mungi are capability-based but they
are not very extended in the commercial world. [2]
The lack of systems like that one means that we need a very competent
system administrator that takes care of seeking and applying the latest
security patches to avoid buffer overflows and DoS (Denial of Service)
attacks [Neu00] and that makes sure that the system is doing all what is
supposed to do, but no more than this. [2]
Our system cannot be called secure if the link between two of the sites in the
system can be compromised. We can imagine an eavesdropper getting into
the network and watching the flow of information as it travels over the
Internet, or evechanging that information with disastrous consequences.
Our proposal to address this concern is to use an implementation of the SSL
v3 (Secure Sockets Layer) like the one provided by the Open SSL project
(http://www.openssl.org). [2]
2
With SSL we can establish a secure communication between a client and a
server using public key cryptography. SSL stands between the TCP layer
and the applications layer allowing software systems to make it near
impossible for an outsider to get information from the transactions.[2]
We can imagine a more disastrous situation that the one described in the
previous point. Whatif a stranger pretends to be a legitimate partner making
transactions on its behalf?. We need a method to assure that one node asking
us to do some transaction is really what it pretends to be. [2]
We will not reinvent the wheel here, we will relay in one or more nodes in
our system that will act as CAs (Certification Authority). These network of
machines will have a copy of the keys of every node in the system so when
some client node wants to begin a transaction, it will give the AC a copy of
it's public key so the AC can verify if he is what he says, then it sends the
result to the server node and lets it act accordingly. [2]
3
1.5. Aims and Objectives
The aim of project is to design and implement and test secure B2B
application.
4
2.1. Introduction
5
standardized, bilateral exchange of business information (e.g. orders and
requests for products) electronically. [4]
A necessary condition for realizing the exchange of data were expensive,
proprietary networks, called Value Added Networks (VAN). As a
consequence, just large companies were able to use this method. EDI made
faster processes possible and lowered the error rates due to former manual
processing. EDI has been used since the 1970s The problem of the highly
expensive Value Added Networks was solved through the worldwide
acceptance of the Internet. The Internet made Internet catalogues, which
were the second stage of the B2B EC’s development, possible. Companies
were able to present information on their products via the Internet. [4]
Prospective buyers had permanent access to actual data. Providing
information this way is a lot more cost-effective than using paper, telephone
and fax. Especially by using Internet catalogues, it was possible to handle
small and standardized transactions more efficiently. [4]
Supporting business transactions with Internet catalogues was given special
emphasis until 1999 the third and present stage of B2B EC (since 1999) are
electronic markets (e-markets). E-markets are “virtual rooms” in which
different participants are able to interact via the Internet. Several buyers,
sellers and service-providers have access to the e-markets. E-markets do not
just provide information like the Internet catalogues, but also support the
negotiation, the transaction and the services afterwards. [4]
6
comparison with B2C companies. Hence more holistic online marketing
planning and prioritization methods are needed. (Bach Jensen 2006). [5]
E-marketing has changed the focus of marketing from a “supplier
perspective” to a “customer perspective” since through the web, companies
can better address the individual needs of their customers and build
customers‟ loyalty. Due to customer data collection possibilities companies
can also segment customers to financially and strategically viable groups,
which allows better targeting. The value of customer input to products, i.e.
co-creation in the web environment, is also emphasized. Moreover,
companies allowing co-creation have an advantage when compared to firms
that do not. (Sheth and Sharma 2005.).[5]
E-marketing has brought many advantages for companies but still there
remain obstacles to its effective use. Samiee (2008) highlights that while the
use of the internet no longer offers a competitive advantage, not having any
presence on the internet whatsoever increasingly leads to a competitive
disadvantage. Typical challenges that B2B companies using e-marketing
face are security issues and business conducting norms.[5]
As confidentiality of personal communications is extremely important in
business marketing the potential loss of proprietary data over the internet
remains a critical issue. Also conducting business via personal face-to-face
communication is the norm in the B2B environment. These issues may slow
down the deployment of the internet in B2B activities.[5]
9
from simulating a trustworthy identity to communication partners with
intent to obtain by fraud private and confidential information.
10
Unwanted advertising could be added to the site. Cookies can be read with
JavaScript on most browsers and thus most session ids, leading to hijacked
accounts. As a countermeasure all characters that have special meaning to
HTML has to be converted into HTML entities on server side. Only user
input known as safe should be accepted, e.g. requesting a document only a
valid file name should be accepted. [8]
Caching Logging of user access data: may compromise user’s
privacy. Accessing a HTML site a user sends a lot of private and context
information to a web server side. An example is the result of a search
request. The search engine responds with a complete list of strikes.
Combining this information with the user’s IP address may enable providers
to create a personal profile. Insufficient protection of cached user data may
enable attackers to misuse foreign IP addresses. As a countermeasure clients
may use proxy servers to mask critical header data. [8]
Auditing: Many industries are required by legal regulations to be
auditable and traceable. That means to record all activities that affect user
state or balances and to make it possible to determine when and where an
activity took place. Well-written applications should be able to easily track
or identify potential fraud or anomalies of protected audit and error logs. [8]
Cookies: To enhance the stateless HTML protocol, servers are
enabled to store cookies on a user’s side. Cookies do not contain executable
code but information about users, domains, and session identifiers. They are
critical to both privacy and security. Setting cookies enables a server to
collect data about users and to create a personal profile. Especially setting
unnoticed cookies that are stored beyond session duration enables providers
to send undesired advertisement or to sell personal data to other commercial
dealers. Cookies enable attackers to infiltrate active contents that can be
misused, leading to hijacked accounts, processing of malicious code, session
replay attacks (see below), or unauthorized access to protected memory. As a
countermeasure non-persistent cookies should be used. When a session is
closed by logging off a user or idle expiring, it should be ensured that the
client side cookies are cleared as well as all server side session state
information, e.g. in order to prevent session replay attacks. [8]
Session Replay Attacks: Session replay attacks are simple if the
attacker is in a position to record a session. The attacker will record the
session between the client and the server and replay the client's part
afterwards to successfully attack the server. This type of attack only works if
the authentication mechanism does not use random values to prevent this
attack. [8]
11
Exploitation of Trust: Computers interconnected with networks often
have trust relationships with one another. If attackers can forge their identity,
appearing to be using the trusted computer, they may be able to gain
unauthorized access to other computers. [8]
Web Spoofing: Caused by the absence of authentication an attacker
may masquerade a web server address and use it to present a manipulated
web site to potential victims. Often masquerade of URLs is done by minimal
changes of location identifiers. After spoofing the server address attackers
are able to manipulate the web browsers status indication too, e.g. to
simulate a SSL connection adding a faked icon to status band. [8]
Phishing: These attacks are known as Phishing (password fishing).
Delivery via web site, email or instant message, the attack asks users to click
on a link to re-validate or reactivate their account. Attackers leverage the
trust of well-known enterprises or public services to gain valuable
information; usually details of accounts, or enough information to open
accounts, obtain loans, or buy goods through e-commerce sites. Phishing
attacks are one of the highest visibility problems for banking and ecommerce
sites. Banks, Internet service providers (ISPs), stores and other Phishing
targets are victimized as well as their (potential) customers.
To minimize the risk of Phishing providers should create a policy detailing
exactly what they will do and will not do, and they should publish it on their
web site. Because users are the primary attack target for Phishing attacks,
providers should train their users to be wary of Phishing attempts. To ease
validation of URLs a server should use hostnames and no IP addresses.
Attackers will often ask users to provide their credit card number, password
or PIN. Providers should tell their users that they will not ask them for
secrets and to notify them if someone has done this. Providers should add
authentication both to email clients and to client – server communication to
make email communication safer. [8]
Packet Sniffer: A packet sniffer is a program that captures critical
data from information packets as they are transferred over the network. That
data may include user names, passwords, and other secret information being
transferred in clear text. Those captured data enable intruders to launch
widespread attacks on networks and systems.
To be protected against sniffer programs data should be transferred
encrypted. [8]
Denial of Service: The goal of DoS attacks is not to gain
unauthorized access to systems and data but to prevent legitimate users of
services, e.g. customers of an Internet shop, for using them. DoS attacks may
12
appear in various forms. Attackers may flood a network with large volumes
of data or intentionally consume a lean or limited resource. They may
disrupt physical components of a network or manipulate transferred data.
Often so called bot networks are used to perform DoS attacks.
Countermeasures against DoS attacks depend on the form of the discovered
attack. As an example attacks are performed by flooding a target with SYN
(short for synchronization) requests using a forged IP address and without
completing the initial request. In this case the potential for DoS attacks can
be reduced by performing egress filtering on all outbound traffic looking for
forged source addresses. In general only authenticated and authorized users
should be allowed to take up significant CPU, disk space, and network
resources. [8]
Bot Networks Bots (short for robots) are programs that are covertly
installed on a user’s computer in order to allow an unauthorized user to
control the computer remotely. Bots are designed to let an attacker create a
network of compromised computers known as a bot network, which can be
remotely controlled to collectively conduct malicious activities. [8]
Malicious Code malicious code is a general term for programs that,
when executed, would cause undesired results on a system. The presence of
malicious code usually is overlooked until the damage is discovered.
Malicious code includes Trojan horses, viruses, and worms. [8]
14
Countermeasures include:
Developer side
User Side
15
3.1. Methodology
The method is a one of the most and commonly used method in the
computer science field. Construct can be new theory, algorithm, model,
software, or a framework. And this is the methodology that addressed to be
used in this research.
(5) Linking the results back to the theory and demonstrating their practical
contribution.
(6) Examining the general is ability of the results. The purpose of this
chapter is to introduce readers to the principles of the constructive research
approach.
16
3.3. Software Development Activities
Planning.
Implementation, testing and documenting.
Deployment and maintenance.
Fig 3.1
17
4.1. Introduction
Design is the process of collecting ideas, and aesthetically arranging and
implementing them, guided by certain principles for a specific purpose. [10]
Web design is a similar process of creation, with the intention of presenting
the content on electronic web pages, which the end-user can access through
the Internet with the help of a web browser. [10]
Web is contain functional and non-functional requirements.
In this section, the basic structure of the tables composing the database for
the project are shown along with information about primary and foreign
keys.
18
4.2.1.1. ER Diagram:
Website Database
19
Virtual Bank
Current_amount
address
Issuing_date Customer_id
Exp_date
vc_id
date
Report
Fetch
Ip_adder
R_id Customer_id
This sub-section covers the database schemas for both website and virtual
bank.
Website Database
abc_addresses:
20
abc_ant_messages
abc_banner_descriptio
abc_banner_stat
abc_banners
abc_block_descriptions
abc_block_layouts
date_modified (timestamp))
abc_block
21
(block_id int(10), parent_block_id int(10), template varchar(255), date_added
(timestamp),
date_modified (timestamp))
abc_blocks
date_modified (timestamp))
abc_categories
date_modified (timestamp))
abc_categories_to_stores
abc_category_descriptions
abc_content_descriptions
abc_contents
abc_contents_to_stores
22
abc_countries
abc_country_descriptions
abc_coupon_descriptions
abc_coupons
abc_coupons_products
abc_currencies
abc_custom_blocks
abc_custom_lists
abc_customer_groups
23
(customer_group_id int(11), name varchar(32), tax_exempt tinyint(1))
abc_customer_notifications
abc_customer_transactions
abc_customers
abc_dataset_column_properties
abc_dataset_definition
abc_dataset_properties
abc_dataset_values
24
value_varchar varchar(255), value_text (text), value_timestamp (timestamp),
value_boolean tinyint(1), value_sort_order int(11), row_id int(10) )
abc_datasets
abc_download_attribute_values
abc_download_descriptions
abc_downloads
abc_encryption_keys
abc_extension_dependencies
abc_extensions
abc_field_descriptions
25
int(11), error_text varchar(255))
abc_field_values
abc_fields
abc_fields_group_descriptions
abc_fields_groups
abc_form_descriptions
abc_form_groups
abc_forms
abc_global_attributes
26
abc_global_attributes_description
abc_global_attributes_groups
abc_global_attributes_groups_descriptions
abc_global_attributes_type_descriptions
abc_global_attributes_types
abc_global_attributes_value_descriptions
abc_global_attributes_values
abc_language_definitions
abc_languages
27
int(3), Status int(1))
abc_layouts
abc_length_class_descriptions
abc_length_classes
abc_locations
abc_manufacturers
abc_manufacturers_to_stores
abc_messages
abc_online_customers
abc_order_data
28
date_modified (timestamp))
abc_order_data_types
abc_order_downloads
abc_order_downloads_history
abc_order_history
abc_order_options
abc_order_products
abc_order_status_ids
29
(order_status_id int(11), status_text_id varchar(64))
abc_order_statuses
abc_order_totals
abc_orders
abc_page_descriptions
30
abc_pages
abc_pages_forms
abc_pages_layouts
abc_product_descriptions
abc_product_discounts
abc_product_filter_descriptions
abc_product_filter_ranges
abc_product_filter_ranges_descriptions
abc_product_filters
abc_product_option_descriptions
abc_product_option_value_descriptions
abc_product_option_values
abc_product_options
abc_product_specials
abc_product_tags
abc_products
32
Price decimal(15,4), tax_class_id int(11), date_available (date), Weight
decimal(5,2), weight_class_id int(11), Length decimal(5,2), Width Width
decimal(5,2), Height decimal(5,2), length_class_id int(11), Status int(1), Viewed
int(5), sort_order int(11), subtract int(1), minimum int(11), maximum int(11),
Cost decimal(15,4), call_to_order smallint(6), settings (longtext), date_added
(timestamp), date_modified (timestamp))
abc_products_featured
(product_id int(11))
abc_products_related
abc_products_to_categories
abc_products_to_downloads
abc_products_to_stores
abc_resource_descriptions
abc_resource_library
abc_resource_map
33
tinyint(1), sort_order int(3), date_added (timestamp), date_modified (timestamp))
abc_resource_types
abc_reviews
abc_settings
abc_stock_statuses
abc_store_descriptions
abc_stores
abc_task_details
abc_task_steps
34
abc_tasks
abc_tax_class_descriptions
abc_tax_classes
abc_tax_rate_descriptions
abc_tax_rates
abc_url_aliases
abc_user_groups
abc_user_notifications
35
(timestamp))
abc_users
abc_weight_class_descriptions
abc_weight_classes
abc_zone_descriptions
abc_zones
abc_zones_to_locations
36
4.2.1.3. Data Dictionary
This sub-section cover the data dictionary for both website and virtual bank
abc_addresses
Column Type Null Default Comments
address_id int(11) No Primary
customer_id int(11) No Foreign
company varchar(32) No Company
firstname varchar(32) No First Name
lastname varchar(32) No Last name
address_1 varchar(128) No Delivery address
address_2 varchar(128) No Alternative Delivery address
postcode varchar(10) No Post code
city varchar(128) No City
country_id int(11) No 0 Country ID
zone_id int(11) No 0 Zone ID
Indexes
abc_ant_messages
Column Type Null Default Comments
Id varchar(60) No Primary
Priority int(11) No 0 Priority
start_date timestamp No 0000-00-00 00:00:00 Start Date
37
end_date timestamp Yes NULL End Date
viewed_date timestamp Yes NULL Viewed Date
viewed int(11) No 0 Viewed
title varchar(255) Yes NULL Title
description Text Yes NULL Description
html Longtext Yes NULL Static Pages
Uniform Resource
url Text Yes NULL
Locator
Language code(country
language_code varchar(2) No En
code)
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_banner_description
Column Type Null Default Comments
banner_id int(11) No Primary
language_id int(11) No Foreign
name varchar(255) No Translatable
description Longtext No Translatable
meta Text Yes NULL Translatable
date_added timestamp No 0000-00-00 00:00:00 Date added
date_modified timestamp No CURRENT_TIMESTAMP Date of modification
Indexes
38
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
Y E language_i
10 A No
d
abc_banner_status
Column Type Null Default Comments
rowid int(11) No Primary
banner_id int(11) No Foreign
type int(11) No Type of Banner
time timestamp No CURRENT_TIMESTAMP Time
store_id int(11) No Foreign
user_info text Yes NULL User Information
Indexes
abc_banners
Column Type Null Default Comments
banner_id int(11) No Primary
Current Status of
status int(1) No 0
Page Content
banner_type int(11) No 1 Banner Type
Banner Group
banner_group_name varchar(255) No
Name
start_date timestamp Yes NULL Initial Date
end_date timestamp Yes NULL Finishing Date
39
blank tinyint(1) No 0 Empty
target_url Text Yes NULL Desired address
sort_order int(11) No Sorting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
abc_block_descriptions
Column Type Null Default Comments
block_description_id int(10) No Primary
custom_block_id int(10) No Foreign
language_id int(10) No Foreign
block_wrapper varchar(255) No 0 Block Wrapper
block_framed tinyint(1) Yes 1 Block Framed
name varchar(255) No Translatable
title varchar(255) No Translatable
description varchar(255) No Translatable
content longtext No Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
40
abc_block_layouts
Column Type Null Default Comments
instance_id int(10) No Primary
layout_id int(10) No 0 Foreign
block_id int(10) No 0 Foreign
custom_block_id int(10) No 0 Foreign
parent_instance_id int(10) No 0 Foreign
position smallint(5) No 0 Position
Current Status of Page
status smallint(1) No 0
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_block
Column Type Null Default Comments
block_id int(10) No Primary
parent_block_id int(10) No 0 Foreign
template varchar(255) No Template
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
41
Indexes
abc_blocks
Column Type Null Default Comments
block_id int(10) No Primary
block_txt_id varchar(255) No Foreign
controller varchar(255) No Controller of Blocks
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_categories
Column Type Null Default Comments
category_id int(11) No Primary
parent_id int(11) No 0 Foreign
sort_order int(3) No 0 Sorting
Current Status of Page
Status int(1) No 1
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
42
Uniqu Packe Cardinalit Collatio Nul Comme
Keyname Type Column
e d y n l nt
E d
category_i
A No
ac_categories_i BTRE d
No No Foreign
dx E parent_id A No
status A No
abc_categories_to_stores
Column Type Null Default Comments
category_id int(11) No Primary
store_id int(11) No Foreign
Indexes
abc_category_descriptions
Column Type Null Default Comments
category_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(255) No Translatable
meta_keywords varchar(255) No Translatable
meta_description varchar(255) No Translatable
Description Text No Translatable
Indexes
43
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
d
BTRE Name of
name No No name A No
E Category
abc_content_descriptions
Column Type Null Default Comments
content_id int(10) No 0 Primary
language_id int(11) No Foreign
name varchar(255) No Translatable
title varchar(255) No Translatable
description varchar(255) No Translatable
content Longtext No Translatable
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_contents
Column Type Null Default Comments
content_id int(11) No Primary
parent_content_id int(11) No 0 Foreign
sort_order int(3) No 0 Sorting
status int(1) No 0 Current Status of Page Content
Indexes
44
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
content_id A No
PRIMAR BTRE
Yes No parent_content_ Primary
Y E 4 A No
id
abc_contents_to_stores
Column Type Null Default Comments
content_id int(11) No Primary
store_id int(11) No Foreign
Indexes
abc_countries
Column Type Null Default Comments
country_id int(11) No Primary
iso_code_2 varchar(2) No ISO Supported Char-set Standard 2
iso_code_3 varchar(3) No ISO Supported Char-set Standard 3
address_format Text No Standard American Address Format
status int(1) No 1 Current Status of Page Content
sort_order int(3) No 0 Sorting
Indexes
45
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
status 240 A No
abc_country_descriptions
Column Type Null Default Comments
country_id int(11) No Primary
language_id int(11) No Foreign
name varchar(128) No Translatable
Indexes
abc_coupon_descriptions
Column Type Null Default Comments
coupon_id int(11) No Primary
language_id int(11) No Foreign
name varchar(128) No Translatable
description Text No Translatable
Indexes
abc_coupons
Column Type Null Default Comments
46
coupon_id int(11) No Primary
code varchar(10) No Coupons Key Code
type char(1) No Type
discount decimal(15,4) No Amount of Discount
Number that correspond
logged int(1) No
to Specific Log File
shipping int(1) No Shipping Number
total decimal(15,4) No Total of Money
date_start Date No 0000-00-00 Date of Start
date_end Date No 0000-00-00 Date of End
uses_total int(11) No Uses Total
uses_customer varchar(11) No Uses Customer
Current Status of Page
status int(1) No
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_coupons_products
Column Type Null Default Comments
coupon_product_id int(11) No Primary
coupon_id int(11) No Foreign
product_id int(11) No Foreign
Indexes
47
abc_currencies
Column Type Null Default Comments
currency_id int(11) No Primary
title varchar(32) No Title
code varchar(3) No Currencies Key Code
symbol_left varchar(12) No Symbol Left
symbol_right varchar(12) No Symbol Right
decimal_place char(1) No Decimal Place
value decimal(15,8) No Value of currencies
Current Status of Page
status int(1) No
Content
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_custom_blocks
Column Type Null Default Comments
custom_block_id int(10) No Primary
block_id int(10) No Foreign
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
48
abc_custom_lists
Column Type Null Default Comments
Row-id int(11) No Primary
custom_block_id int(10) No Foreign
data_type varchar(70) No Data Type
Id int(10) No ID
sort_order int(10) No 0 Sorting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_customer_groups
Column Type Null Default Comments
customer_group_id int(11) No Primary
name varchar(32) No Customer Name
tax_exempt tinyint(1) No 0 Tax
Indexes
abc_customer_notifications
Column Type Null Default Comments
customer_id int(11) No Primary
49
sendpoint varchar(255) No Send Point
protocol varchar(30) No Transmission Protocol
Current Status of Page
status int(1) No 0
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_customer_transactions
Column Type Null Default Comments
customer_transaction_id int(11) No Primary
customer_id int(11) No 0 Foreign
order_id int(11) No 0 Foreign
user_id for
admin,
created_by int(11) No customer_id for
storefront
section
1 - admin, 0 –
section smallint(1) No 0
customer
Credit Card
credit float Yes 0
Balance
Debit Card
debit float Yes 0
Balance
text type of
transaction_type varchar(255) No
transaction
comment for
comment text Yes NULL
internal use
text for
description text Yes NULL
customer
50
Date of
date_added timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
abc_customers
Column Type Null Default Comments
customer_id int(11) No Primary
store_id int(11) No 0 Foreign
firstname varchar(32) No First Name
lastname varchar(32) No Last Name
loginname varchar(96) No Login Name
email varchar(96) No E-mail
telephone varchar(32) No Telephone Number
Fax varchar(32) No Fax Number
Sms varchar(32) No Short Message
Main Text For Hash
Salt varchar(8) No
Encryption
password varchar(40) No Customer Password
cart longtext Yes NULL Type of Cart
wishlist longtext Yes NULL Desired List
Newsletter int(1) No 0 Public Review
address_id int(11) No 0 Foreign
Current Status of
Status int(1) No
Page Content
Approved Customer
Approved int(1) No 0
Account
customer_group_id int(11) No Foreign
51
Remote Customer IP
Ip varchar(50) No 0
Address
data Text Yes NULL Customer Data
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
last_login timestamp Yes 0000-00-00 00:00:00 Date of last login
Indexes
abc_dataset_column_properties
Column Type Null Default Comments
Rowid int(11) No Primary
dataset_column_id int(11) No Foreign
Name of Column
dataset_column_property_name varchar(255) No
Property
Value of Column
dataset_column_property_value varchar(255) Yes NULL
Property
Indexes
52
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
EE y
dataset_column_proper BTR dataset_colu
No No A No Foreign
ties_idx EE mn_id
abc_dataset_definition
Column Type Null Default Comments
dataset_id int(11) No Primary
dataset_column_id int(11) No Foreign
dataset_column_name varchar(255) No Column Name
dataset_column_type varchar(100) No Column Type
dataset_column_sort_order int(11) No 0 Column Sorting
Indexes
abc_dataset_properties
Column Type Null Default Comments
Rowid int(11) No Primary
dataset_id int(11) No Foreign
dataset_property_name varchar(255) No Property Name
dataset_property_value varchar(255) Yes NULL Property Value
Indexes
53
Uniqu Packe Cardinalit Collatio Nul Comme
Keyname Type Column
e d y n l nt
dataset_property_i BTRE dataset_i
No No A No Foreign
dx E d
abc_dataset_values
Column Type Null Default Comments
dataset_column_id int(11) No Primary
value_integer int(11) Yes NULL Integer
value_float Float Yes NULL Float
value_varchar varchar(255) Yes NULL Varchar
value_text Text Yes NULL Text
value_timestamp timestamp No CURRENT_TIMESTAMP Timestamp
value_boolean tinyint(1) Yes NULL Boolean
value_sort_order int(11) No Sorting Value
row_id int(10) No 0 Foreign
Indexes
abc_datasets
Column Type Null Default Comments
dataset_id int(11) No Primary
dataset_name varchar(255) No Dataset Name
dataset_key varchar(255) Yes Key of Dataset
54
Indexes
abc_download_attribute_values
Column Type Null Default Comments
download_attribute_id int(11) No Primary
attribute_id int(11) No Foreign
download_id int(11) No Foreign
attribute_value_ids text Yes NULL Foreign
Indexes
abc_download_descriptions
Column Type Null Default Comments
download_id int(11) No Primary
language_id int(11) No Foreign
name varchar(64) No Translatable
Indexes
55
abc_downloads
Column Type Null Default Comments
download_id int(11) No Primary
filename varchar(128) No Name of File
mask varchar(128) No Mask
Maximum
max_downloads int(11) Yes NULL
Downloads
expire_days int(11) Yes NULL Expire Day
sort_order int(11) No Sorting
activate varchar(64) No Activation
activate_order_status_id int(11) No 0 Foreign
Shared
shared int(1) No 0
Downloads
Current Status
status int(1) No 0
of Page Content
Date of
date_added timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
abc_encryption_keys
Column Type Null Default Comments
key_id int(3) No Primary
key_name varchar(32) No Key Name
status int(1) No Current Status of Page Content
comment text No Comment
56
Indexes
abc_extension_dependencies
Column Type Null Default Comments
extension_id int(11) No Primary
extension_parent_id int(11) No Foreign
Indexes
abc_extensions
Column Type Null Default Comments
extension_id int(11) No Primary
type varchar(32) No Type of Extensions
key varchar(32) No Extension Key
category varchar(32) No Extension Category
Current Status of Page
status smallint(1) No
Content
priority smallint(1) No 0 Extension Priority
version varchar(32) Yes NULL Extension Version
license_key varchar(32) Yes NULL License Key
date_installed Timestamp No 0000-00-00 00:00:00 Date of Installation
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
57
Indexes
abc_field_descriptions
Column Type Null Default Comments
field_id int(11) No 0 Primary
name varchar(255) No Translatable
description varchar(255) No Translatable
language_id int(11) No Foreign
error_text varchar(255) No Translatable
Indexes
Indexes
58
abc_fields
Column Type Null Default Comments
field_id int(11) No Primary
form_id int(11) No 0 Foreign
field_name varchar(40) No Name of Field
element_type char(1) No I Type of Element
sort_order int(3) No Sorting
attributes varchar(255) No Attributes
settings Text No Setting of Field
required char(1) No N Required of Fields
status smallint(1) No 0 Current Status of Page Content
regexp_pattern varchar(255) No Registration Parameter Pattern
Indexes
abc_fields_group_descriptions
Column Type Null Default Comments
group_id int(11) No 0 Primary
name varchar(255) No Translatable
description varchar(255) No Translatable
language_id int(11) No Foreign
Indexes
59
abc_fields_groups
Column Type Null Default Comments
field_id int(11) No Primary
group_id int(11) No Foreign
sort_order int(3) No Sorting
Indexes
abc_form_descriptions
Column Type Null Default Comments
form_id int(11) No 0 Primary
language_id int(11) No Foreign
description varchar(255) No Translatable
Indexes
abc_form_groups
Column Type Null Default Comments
group_id int(11) No Primary
group_name varchar(40) No Name of Group
form_id int(11) No 0 Foreign
sort_order int(3) No Sorting
status smallint(1) No 0 Current Status of Page Content
60
Indexes
abc_forms
Column Type Null Default Comments
form_id int(11) No Primary
form_name varchar(40) No Name of Form
controller varchar(100) No Controller of Forms
success_page varchar(100) No Static Page of Success
status smallint(1) No 0 Current Status of Page Content
Indexes
abc_global_attributes
Column Type Null Default Comments
attribute_id int(11) No Primary
attribute_parent_id int(11) No 0 Foreign
attribute_group_id int(11) Yes NULL Foreign
attribute_type_id int(11) No Foreign
element_type char(1) No I Element Type
sort_order int(3) No 0 Sorting
required smallint(1) No 0 Required Global Attributes
settings Text No Settings of Global Attributes
status smallint(1) No 0 Current Status of Page Content
61
regexp_pattern varchar(255) Yes NULL Registration Parameter Pattern
Indexes
abc_global_attributes_descriptions
Column Type Null Default Comments
attribute_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(64) No Translatable
placeholder varchar(255) Yes Translatable
error_text varchar(255) No Translatable
Indexes
abc_global_attributes_groups
Column Type Null Default Comments
attribute_group_id int(11) No Primary
sort_order int(3) No 0 Sorting
status smallint(1) No 0 Current Status of Page Content
62
Indexes
abc_global_attributes_groups_descriptions
Column Type Null Default Comments
attribute_group_id int(11) No Primary
language_id int(11) No Foreign
name varchar(64) No Translatable
Indexes
abc_global_attributes_type_descriptions
Table comments: utf8_general_ci
Indexes
63
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
language_id 2 A No
abc_global_attributes_types
Column Type Null Default Comments
attribute_type_id int(11) No Primary
type_key varchar(64) No Key
controller varchar(100) No Controller of Global Attributes Type
sort_order int(3) No 0 Sorting
status smallint(1) No 0 Current Status of Page Content
Indexes
abc_global_attributes_value_descriptions
Column Type Null Default Comments
attribute_value_id int(11) No Primary
attribute_id int(11) No Foreign
language_id int(11) No Foreign
Value Text No Translatable
Indexes
64
abc_global_attributes_values
Column Type Null Default Comments
attribute_value_id int(11) No Primary
attribute_id int(11) No Foreign
sort_order int(3) No 0 Sorting
Indexes
abc_language_definitions
Column Type Null Default Comments
language_definition_id int(11) No Primary
language_id int(11) No Foreign
Section tinyint(1) No 0 0-SF, 1-ADMIN
Block varchar(160) No Block
language_key varchar(170) No Key of Language
language_value Text No Translatable
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
65
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
language_key 4459 A No
ac_lang_definiti FULLTE
No No language_value No Foreign
on_idx XT
abc_languages
Column Type Null Default Comments
language_id int(11) No Primary
Name varchar(32) No Name
Code varchar(5) No Language Code
Locale varchar(255) No Location
Image varchar(255) No Image
Directory Where Language configuration
Directory varchar(32) No
Exist
Filename varchar(64) No File name
sort_order int(3) No 0 Sorting
Status int(1) No Current Status of page Content
Indexes
abc_layouts
Column Type Null Default Comments
layout_id int(10) No Primary
template_id varchar(100) No Foreign
layout_name varchar(255) No Name of Layout
66
layout_type smallint(1) No 0 Type of Layout
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_length_class_descriptions
Column Type Null Default Comments
length_class_id int(11) No Primary
language_id int(11) No Foreign
Title varchar(32) No Translatable
Unit varchar(4) No Translatable
Indexes
abc_length_classes
Column Type Null Default Comments
length_class_id int(11) No Primary
Value decimal(15,8) No Value of length class
Indexes
67
abc_locations
Column Type Null Default Comments
location_id int(11) No Primary
Name varchar(32) No Name of Location
description varchar(255) No Description of Location
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_manufacturers
Column Type Null Default Comments
manufacturer_id int(11) No Primary
Name varchar(64) No Name of Manufacturer
sort_order int(3) No Sorting
Indexes
abc_manufacturers_to_stores
Column Type Null Default Comments
manufacturer_id int(11) No Primary
store_id int(11) No Foreign
68
Indexes
abc_messages
Column Type Null Default Comments
msg_id int(11) No Primary
Title varchar(128) No Title of Message
Message Text No Message
Status char(1) No Current Status
Viewed int(11) No 0 Viewed Message
Repeated int(11) No 0 Repeated Message
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_online_customers
Column Type Null Default Comments
customer_id int(11) No Primary
Online Remote Customer IP
Ip varchar(50) No
Address
url text No Uniform Resource Locator
Referrer text No Redirected Address
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
69
Indexes
abc_order_data
Column Type Null Default Comments
order_id int(11) No Primary
type_id int(11) No Foreign
Data Text Yes NULL Current Date
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_order_data_types
Column Type Null Default Comments
type_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(64) No Translatable
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
70
Keyname Type Unique Packed Column Cardinality Collation Null Comment
PRIMARY BTREE Yes No type_id 2 A No Primary
abc_order_downloads
Column Type Null Default Comments
order_download_id int(11) No Primary
order_id int(11) No Foreign
order_product_id int(11) No Foreign
Name varchar(64) No Name of Order
Filename varchar(128) No File Name
Mask varchar(128) No Layered Data
download_id int(11) No Foreign
Status int(1) No 0 Current Status
Remaining
remaining_count int(11) Yes NULL
Account
Percentage of
percentage int(11) Yes 0
Download
expire_date Datetime Yes NULL Expire Date
sort_order int(11) No Sorting
Activate varchar(64) No Activation
activate_order_status_id int(11) No 0 Foreign
Attributes of
attributes_data Longtext Yes NULL
Data
Date of
date_added Timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified Timestamp No CURRENT_TIMESTAMP
Modification
Indexes
71
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
Status A No
activate_order_sta
A No
tus_id
abc_order_downloads_history
Column Type Null Default Comments
order_download_history_id int(11) No Primary
order_download_id int(11) No Foreign
order_id int(11) No Foreign
order_product_id int(11) No Foreign
Filename varchar(128) No File Name
Mask varchar(128) No Mask
download_id int(11) No Foreign
Percentage
download_percent int(11) Yes 0 of
Download
Time of
Time timestamp No CURRENT_TIMESTAMP
Download
Indexes
abc_order_history
Column Type Null Default Comments
72
order_history_id int(11) No Primary
order_id int(11) No Foreign
order_status_id int(5) No Foreign
Notify int(1) No 0 Notification
comment Text No Comment
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_order_options
Column Type Null Default Comments
order_option_id int(11) No Primary
order_id int(11) No Foreign
order_product_id int(11) No Foreign
product_option_value_id int(11) No 0 Foreign
name varchar(255) No Name of Order
sku varchar(64) No Sku*****
value Text No Value of Order
price decimal(15,4) No 0.0000 Price of Order
prefix char(1) No Prefix
settings Longtext Yes NULL Settings
Indexes
73
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
EE
order_id A No
ac_order_option BTR order_product_id A No
No No Foreign
s_idx EE product_option_va
A No
lue_id
abc_order_products
Column Type Null Default Comments
order_product_id int(11) No Primary
order_id int(11) No Foreign
product_id int(11) No Foreign
name varchar(255) No Name of Product
model varchar(24) No Model Of Product
Sku varchar(64) No Sku
price decimal(15,4) No 0.0000 Price of Product
total decimal(15,4) No 0.0000 Total of Price
Tax decimal(15,4) No 0.0000 Tax
quantity int(4) No 0 Quantity of Products
subtract int(1) No 0 Subtract
Indexes
abc_order_status_ids
Column Type Null Default Comments
order_status_id int(11) No Primary
status_text_id varchar(64) No Foreign
74
Indexes
abc_order_statuses
Column Type Null Default Comments
order_status_id int(11) No Primary
language_id int(11) No Foreign
name varchar(32) No Translatable
Indexes
abc_order_totals
Column Type Null Default Comments
order_total_id int(10) No Primary
order_id int(11) No Foreign
Title varchar(255) No Title of Order
Text varchar(255) No Text
Value decimal(15,4) No 0.0000 Value of Order
sort_order int(3) No Sorting
Type varchar(255) No Type of Order
Key varchar(128) No Key
75
Indexes
abc_orders
Column Type Null Default Comments
order_id int(11) No Primary
invoice_id int(11) No 0 Foreign
invoice_prefix varchar(10) No Prefix
store_id int(11) No 0 Foreign
store_name varchar(64) No Store Name
Server
store_url varchar(255) No Address of
store
customer_id int(11) No 0 Foreign
customer_group_id int(11) No 0 Foreign
Customer
Firstname varchar(32) No
First Name
Customer
Lastname varchar(32) No
Last Name
Telephone
Telephone varchar(32) No
Number
Fax varchar(32) No Fax Number
Email varchar(96) No E-mail
Shipping First
shipping_firstname varchar(32) No
Name
Shipping Last
shipping_lastname varchar(32) No
Name
Shipping
shipping_company varchar(32) No
Company
First Shipping
shipping_address_1 varchar(128) No
Address
shipping_address_2 varchar(128) No Second
76
Shipping
Address
City of
shipping_city varchar(128) No
Shipping
Shipping Post
shipping_postcode varchar(10) No
Code
Shipping
shipping_zone varchar(128) No
Zone
shipping_zone_id int(11) No Foreign
Country of
shipping_country varchar(128) No
Shipping
shipping_country_id int(11) No Foreign
Shipping
shipping_address_format Text No Address
Format
Shipping
shipping_method varchar(128) No
Method
Key of
shipping_method_key varchar(128) No Shipping
Method
First Name of
payment_firstname varchar(32) No
Payment
Last Name of
payment_lastname varchar(32) No
Payment
Payment
payment_company varchar(32) No
Company
First Payment
payment_address_1 varchar(128) No
Address
Second
payment_address_2 varchar(128) No Payment
Address
payment_city varchar(128) No Payment City
Payment Post
payment_postcode varchar(10) No
Code
Payment
payment_zone varchar(128) No
Zone
payment_zone_id int(11) No Foreign
Payment
payment_country varchar(128) No
Country
payment_country_id int(11) No Foreign
77
Format of
payment_address_format Text No Payment
Address
Method of
payment_method varchar(128) No
Payment
Key of
payment_method_key varchar(128) No Payment
Method
Comment Text No Comment
Total of
Total decimal(15,4) No 0.0000
Payment
order_status_id int(11) No 0 Foreign
language_id int(11) No Foreign
currency_id int(11) No Foreign
Currency varchar(3) No Currency
Value decimal(15,8) No Value
coupon_id int(11) No Foreign
Date of
date_added Timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified Timestamp No CURRENT_TIMESTAMP
Modification
Ip varchar(50) No IP Address
Data of
payment_method_data Text No Payment
Method
Indexes
78
Uniqu Packe Cardinali Collatio Nul Comme
Keyname Type Column
e d ty n l nt
_id
payment_zone_id A No
payment_country
A No
_id
language_id A No
currency_id A No
coupon_id A No
abc_page_descriptions
Column Type Null Default Comments
page_id int(10) No 0 Primary
language_id int(11) No Foreign
Name varchar(255) No Translatable
Title varchar(255) No Translatable
seo_url varchar(100) No Seo-Server Address*
Keywords varchar(255) No Translatable
description varchar(255) No Translatable
Content text Yes NULL Translatable
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_pages
Column Type Null Default Comments
page_id int(10) No Primary
parent_page_id int(10) No 0 Foreign
79
Controller varchar(100) No Controller
key_param varchar(40) No Key Parameter
key_value varchar(40) No Key Value
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_pages_forms
Column Type Null Default Comments
page_id int(10) No Primary
form_id int(10) No Foreign
Indexes
abc_pages_layouts
Column Type Null Default Comments
layout_id int(10) No Primary
page_id int(10) No Foreign
80
Indexes
abc_product_descriptions
Column Type Null Default Comments
product_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(255) No Translatable
meta_keywords varchar(255) No Translatable
meta_description varchar(255) No Translatable
Description Longtext No Translatable
Blurb Text No Translatable
Indexes
abc_product_discounts
Column Type Null Default Comments
product_discount_id int(11) No Primary
product_id int(11) No Foreign
customer_group_id int(11) No Foreign
Quantity int(4) No 0 Quantity of
81
Product
Priority int(5) No 1 Priority
Price decimal(15,4) No 0.0000 Price
date_start Date No 0000-00-00 Start Date
date_end Date No 0000-00-00 End Date
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
abc_product_filter_descriptions
Column Type Null Default Comments
filter_id int(11) No Primary
Value varchar(255) No Translatable
language_id int(11) No Foreign
Indexes
abc_product_filter_ranges
Column Type Null Default Comments
range_id int(11) No Primary
82
feature_id int(11) Yes NULL Foreign
filter_id int(11) No Foreign
From decimal(12,2) No 0.00 From Location
To decimal(12,2) No 0.00 To Location*
sort_order int(3) No 0 Sorting
Indexes
abc_product_filter_ranges_descriptions
Column Type Null Default Comments
range_id int(11) No Primary
Name varchar(255) No Translatable
language_id int(11) No Foreign
Indexes
abc_product_filters
Column Type Null Default Comments
filter_id int(11) No Primary
filter_type char(1) No Type of Filter
categories_hash text No Categories
feature_id int(11) Yes NULL Foreign
83
sort_order int(3) No 0 Sorting
Status smallint(1) No 0 Current Status
Indexes
abc_product_option_descriptions
Column Type Null Default Comments
product_option_id int(11) No Primary
language_id int(11) No Foreign
product_id int(11) No Foreign
Name varchar(255) No Translatable
option_placeholder varchar(255) Yes Translatable
error_text varchar(255) No Translatable
Indexes
abc_product_option_value_descriptions
Column Type Null Default Comments
product_option_value_id int(11) No Primary
language_id int(11) No Foreign
product_id int(11) No Foreign
Name Text Yes NULL Translatable
grouped_attribute_names Text Yes NULL Grouping of Attribute Names
84
Indexes
abc_product_option_values
Column Type Null Default Comments
product_option_value_id int(11) No Primary
product_option_id int(11) No Foreign
product_id int(11) No Foreign
group_id int(11) No 0 Foreign
Sku varchar(255) Yes NULL Sku****
Quantity int(4) No 0 Quantity of Product
Subtract int(1) No 0 Subtract
Price decimal(15,4) No Price of Product
Prefix char(1) No Prefix
Weight decimal(15,8) No Weight of Product
weight_type varchar(3) No Type of Weight
attribute_value_id int(11) Yes NULL Foreign
grouped_attribute_data Text Yes NULL Group of Attribute Data
sort_order int(3) No Sorting
Default smallint(6) Yes 0 Default
Indexes
85
Uniq Pack Cardin Collat Nu Comm
Keyname Type Column
ue ed ality ion ll ent
product_id A No
group_id A No
attribute_value_i Ye
A
d s
abc_product_options
Column Type Null Default Comments
product_option_id int(11) No Primary
attribute_id int(11) No Foreign
product_id int(11) No Foreign
group_id int(11) No 0 Foreign
sort_order int(3) No 0 Sorting
Status int(1) No 1 Current Status
element_type char(1) No I Type of Element
Required smallint(1) No 0 Required Element
regexp_pattern varchar(255) No Pattern***
Settings Text Yes NULL Setting of Options
Indexes
abc_product_specials
Column Type Null Default Comments
product_special_id int(11) No Primary
product_id int(11) No Foreign
customer_group_id int(11) No Foreign
86
Priority int(5) No 1 Priority
Price of Special
Price decimal(15,4) No 0.0000
Product
date_start Date No 0000-00-00 Start Date
date_end Date No 0000-00-00 End Date
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
abc_product_tags
Column Type Null Default Comments
product_id int(11) No Primary
Tag varchar(32) No Translatable
language_id int(11) No Foreign
Indexes
abc_products
Column Type Null Default Comments
87
product_id int(11) No Primary
Model varchar(64) No Model of Product
Sku varchar(64) No Sku****
Location varchar(128) No Location of Product
Quantity int(4) No 0 Quantity of Product
stock_status_id int(11) No Foreign
manufacturer_id int(11) No Foreign
Shipping int(1) No 1 Product Shipping
ship_individually int(1) No 0 Shipping Individually
free_shipping int(1) No 0 Free Shipping
shipping_price decimal(15,4) No 0.0000 Price of Shipping
Price decimal(15,4) No 0.0000 Price of Product
tax_class_id int(11) No Foreign
date_available Date No Available Date
Weight decimal(5,2) No 0.00 Weight of Product
weight_class_id int(11) No 0 Foreign
Length decimal(5,2) No 0.00 Length of Product
Width decimal(5,2) No 0.00 Width of Product
Height decimal(5,2) No 0.00 Height of Product
length_class_id int(11) No 0 Foreign
Status int(1) No 0 Current Status
Viewed int(5) No 0 Viewed
sort_order int(11) No 0 Sorting
Subtract int(1) No 1 Subtract
Minimum int(11) No 1 Minimum Quantity*
Maximum int(11) No 0 Maximum Quantity
Cost decimal(15,4) No 0.0000 Cost
call_to_order smallint(6) No 0 Call to Ordering
settings Longtext Yes NULL Setting of Order
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
88
Uniq Packe Cardinal Collati Nu Comme
Keyname Type Column
ue d ity on ll nt
BTRE
PRIMARY Yes No product_id 0 A No Primary
E
stock_status_
A No
id
manufacturer
A No
BTRE _id
ac_products_idx No No Foreign
E weight_class
A No
_id
length_class_
A No
id
product_id A No
ac_products_status BTRE status A No
No No Foreign
_idx E date_availabl
A No
e
abc_products_featured
Column Type Null Default Comments
product_id int(11) No 0 Primary
Indexes
abc_products_related
Column Type Null Default Comments
product_id int(11) No Primary
related_id int(11) No Foreign
Indexes
89
abc_products_to_categories
Column Type Null Default Comments
product_id int(11) No Primary
category_id int(11) No Foreign
Indexes
abc_products_to_downloads
Column Type Null Default Comments
product_id int(11) No Primary
download_id int(11) No Foreign
Indexes
abc_products_to_stores
Column Type Null Default Comments
product_id int(11) No Primary
store_id int(11) No 0 Foreign
Indexes
90
Keyname Type Unique Packed Column Cardinality Collation Null Comment
store_id 0 A No
abc_resource_descriptions
Column Type Null Default Comments
resource_id int(10) No 0 Primary
language_id int(11) No Foreign
Name varchar(255) Yes Translatable
Title varchar(255) Yes Translatable
description text Yes NULL Translatable
resource_path varchar(255) Yes NULL Path of Resource
resource_code text Yes NULL Code of Resource
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_resource_library
Column Type Null Default Comments
resource_id int(11) No Primary
type_id int(11) No Foreign
91
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_resource_map
Column Type Null Default Comments
resource_id int(11) No Primary
object_name varchar(40) No Name of Object
object_id int(11) No Foreign
Default tinyint(1) No 0 0-no, 1-Yes
sort_order int(3) No 0 Sorting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
92
abc_resource_types
Column Type Null Default Comments
type_id int(11) No Primary
type_name varchar(40) No Name of Resource Type
default_directory varchar(255) No Default Directory of Resource Type
default_icon varchar(255) Yes NULL Default Icon Resource Type
file_types varchar(40) No Types of File
access_type tinyint(1) No 0 0-Public, 1-Secured
Indexes
abc_reviews
Column Type Null Default Comments
review_id int(11) No Primary
product_id int(11) No Foreign
customer_id int(11) No Foreign
author varchar(64) No Author of Reviews
text longtext No Text of Reviews
rating int(1) No Rating of Reviews
status int(1) No 0 Current Status
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
93
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
x E customer_i
A No
d
abc_settings
Column Type Null Default Comments
setting_id int(11) No Primary
store_id int(11) No 0 Foreign
group varchar(32) No Group of Setting
Key varchar(64) No Key of Setting
value text No Value of Setting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_stock_statuses
Column Type Null Default Comments
stock_status_id int(11) No Primary
language_id int(11) No Foreign
name varchar(32) No Translatable
94
Indexes
abc_store_descriptions
Column Type Null Default Comments
store_id int(11) No Primary
language_id int(11) No Foreign
description Longtext No Translatable
Title Longtext No Translatable
meta_description Longtext No Translatable
meta_keywords Longtext No Translatable
Indexes
abc_stores
Column Type Null Default Comments
store_id int(11) No Primary
name varchar(64) No Name of Store
alias varchar(15) No Alias of Store
status int(1) No Current Status
Indexes
95
abc_task_details
Column Type Null Default Comments
task_id int(11) No Primary
created_by varchar(255) Yes Creator of Task
settings longtext Yes NULL Setting of Task
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_task_steps
Column Type Null Default Comments
step_id int(11) No Primary
task_id int(11) No Foreign
sort_order int(11) Yes 0 Sorting
0 - disabled, 1 -
ready, 2 - running,
status int(11) Yes 0 3 - failed, 4 -
scheduled, 5 –
completed
Last Time of
last_time_run timestamp No 0000-00-00 00:00:00
Running
1 - success, 0 –
last_result int(11) No 0
failed
Maximum
max_execution_time int(11) Yes 0
Execution Time
controller varchar(255) Yes Controller of Task
settings longtext Yes NULL Setting of Task
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
96
Indexes
abc_tasks
Column Type Null Default Comments
task_id int(11) No Primary
name varchar(255) No Name of Task
0 - storefront, 1 -
starter int(11) Yes NULL
admin side, 2 – any
0 - disabled, 1 -
ready, 2 - running,
status int(11) Yes 0 3 - failed, 4 -
scheduled, 5 –
completed
start_time datetime Yes NULL Start Time
last_time_run timestamp No 0000-00-00 00:00:00 Last Time of Run
percentage of
progress int(11) No 0
progress
1 - success, 0 –
last_result int(11) No 0
failed
interval in seconds
run_interval int(11) No 0 since last run, 0 -
without interval
Maximum
max_execution_time int(11) Yes 0
Execution Time
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
97
Uniqu Packe Colum Cardinalit Collatio Nul Commen
Keyname Type
e d n y n l t
BTRE
PRIMARY Yes No task_id 0 A No Primary
E
task_name_id BTRE
Yes No name 0 A No Foreign
x E
abc_tax_class_descriptions
Column Type Null Default Comments
tax_class_id int(11) No Primary
language_id int(11) No Foreign
title varchar(128) No Translatable
description varchar(255) No Translatable
Indexes
abc_tax_classes
Column Type Null Default Comments
tax_class_id int(11) No Primary
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
98
abc_tax_rate_descriptions
Column Type Null Default Comments
tax_rate_id int(11) No Primary
language_id int(11) No Foreign
description varchar(255) No Translatable
Indexes
abc_tax_rates
Column Type Null Default Comments
tax_rate_id int(11) No Primary
location_id int(11) No 0 Foreign
zone_id int(11) Yes 0 Foreign
tax_class_id int(11) No Foreign
Priority int(5) No 1 Priority
Rate decimal(15,4) No 0.0000 Rate of Tax
rate_prefix char(1) No % Rate of Prefix
Condition of
threshold_condition char(2) No
Threshold
threshold decimal(15,4) No 0.0000 Threshold
tax_exempt_groups Text Yes NULL Tax Exempt Group
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification
Indexes
99
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
E
location_id A No
ac_tax_rates_i BTRE zone_id A Yes
No No Foreign
dx E tax_class_i
A No
d
abc_url_aliases
Column Type Null Default Comments
url_alias_id int(11) No Primary
Query varchar(255) No Request
Keyword varchar(255) No Translatable
language_id int(11) No 1 Foreign
Indexes
abc_user_groups
Column Type Null Default Comments
user_group_id int(11) No Primary
Name varchar(64) No Name of User Group
permission longtext No Permission
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
100
Indexes
abc_user_notifications
Column Type Null Default Comments
user_id int(11) No Primary
store_id int(11) No Foreign
Section tinyint(1) No 1 - admin, 0 – storefront
sendpoint varchar(255) No Send Point of User
Protocol varchar(30) No Transmission Protocol
Uri text No Uri****
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_users
Column Type Null Default Comments
user_id int(11) No Primary
user_group_id int(11) No Foreign
username varchar(20) No User Name
Salt varchar(8) No Salt
password varchar(40) No User Password
firstname varchar(32) No User First Name
101
Lastname varchar(32) No User Last Name
Email varchar(96) No E-mail
Status int(1) No Current Status
Ip varchar(50) No IP Address*
last_login datetime No 0000-00-00 00:00:00 User Last Login
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
abc_weight_class_descriptions
Column Type Null Default Comments
weight_class_id int(11) No Primary
language_id int(11) No Foreign
Title varchar(32) No Translatable
Unit varchar(4) No Translatable
Indexes
abc_weight_classes
Column Type Null Default Comments
weight_class_id int(11) No Primary
Value decimal(15,8) No 0.00000000 Value of Weight
102
Indexes
abc_zone_descriptions
Column Type Null Default Comments
zone_id int(11) No Primary
language_id int(11) No Forreign
Name varchar(128) No Translatable
Indexes
abc_zones
Column Type Null Default Comments
zone_id int(11) No Primary
country_id int(11) No Foreign
Code varchar(32) No Zone Code
Status int(1) No 1 Current Status
sort_order int(3) No 0 Sorting
Indexes
103
abc_zones_to_locations
Column Type Null Default Comments
zone_to_location_id int(11) No Primary
country_id int(11) No Foreign
zone_id int(11) No 0 Foreign
location_id int(11) No Foreign
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
Indexes
Accounts
104
Exp_date Date No Expire Date
V_card_activation int(1) No 0 Virtual Card Activation
Before implementing the actual design of the project, a few user interface
designs were constructed to visualize the user interaction with the system as
they browse for Products, create a shopping cart and purchase Products.
The objective of this project is to develop a secure B2B application when the
user types in the URL website in the address field of the browser, a Web
Server is contacted to get the requested information.
Web Server
DB Server
MySQL 5.7.17 for the website, and MySQL (windows 7) 5.0.51B for bank
db-server, this server connects only to the IMA DB sever.
4.2.5.1. Introduction
105
enforced, and a procedure for evaluating the effectiveness of the security
policy to ensure that necessary corrections will be made.
This Security Policy shall be reviewed at the time of any change in the
IT environment or once every year, whichever is earlier. The review shall be
carried out for assessing the following:
1-Impact on the risk profile due to, but not limited to, the changes in the
deployed technology, network security architecture, regulatory and /or legal
requirements.
Scope
106
4.2.5.3. Consider the following list of guidelines when you develop a
security policy for your site:
Restrict access to the systems that are configured with Trusted
Extensions. The most secure locations are generally interior rooms that
are not on the ground floor.
Monitor and document access to systems that are configured with
Trusted Extensions.
Secure computer equipment to large objects such as tables and desks to
prevent theft. When equipment is secured to a wooden object, increase
the strength of the object by adding metal plates.
Consider removable storage media for sensitive information. Lock up all
removable media when the media are not in use.
Store system backups and archives in a secure location that is separate
from the location of the systems.
Restrict physical access to the backup and archival media in the same
manner as you restrict access to the systems.
Install a high-temperature alarm in the computer facility to indicate
when the temperature is outside the range of the manufacturer's
specifications. A suggested range is 10°C to 32°C (50°F to 90°F).
Install a water alarm in the computer facility to indicate water on the
floor, in the subfloor cavity, and in the ceiling.
Install a smoke alarm to indicate fire, and install a fire-suppression
system.
Install a humidity alarm to indicate too much or too little humidity.
Consider TEMPEST shielding if machines do not have it. TEMPEST
shielding might be appropriate for facility walls, floors, and ceilings.
Allow only certified technicians to open and close TEMPEST equipment
to ensure its ability to shield electromagnetic radiation.
107
Check for physical gaps that allow entrance to the facility or to the
rooms that contain computer equipment. Look for openings under raised
floors, in suspended ceilings, in roof ventilation equipment, and in
adjoining walls between original and secondary additions.
Prohibit eating, drinking, and smoking in computer facilities or near
computer equipment. Establish areas where these activities can occur
without threat to the computer equipment.
Protect architectural drawings and diagrams of the computer facility.
Restrict the use of building diagrams, floor maps, and photographs of the
computer facility.
4.2.5.4. Usage Policy
108
-Safeguarding Information
To minimize the risk of loss and/or additional expenses that could occur
from compromised account information, B2B application will not retain any
of the following information electronically:
E-bank account number.
Associated private information of the company.
Protection of information is important to B2B, and as a result, payment
via email is not accepted.
B2B protects against unauthorized disclosures by limiting access only to
those of account holders who need the information to do their jobs.
There are two main types of access control: physical and logical. Physical
access control limits access to campuses, buildings, rooms and physical IT
assets. Logical access limits connections to computer networks, system files
and data.
109
Password policy is offend part of an organization official regulation and may
be thought as part of security awareness training, the following policies are
applied for each component of the application based on users roles.
-Administrative Passwords
- User as Client
No alphanumeric (exclamation point [!], dollar sign [$], pound sign [#],
percent sign [%], etc.)
110
4.2.5.6. Database Security Policy
The key to any successful database security policy is to know why you're
protecting each database, which databases to protect, and how to best secure
data against all types of threats keeping various compliance regulations such
as SOX, HIPAA, PCI DSS, GLBA and European Union directives in mind.
In recent research, Forrester recommends that enterprises build a
comprehensive database security strategy on the following three pillars:
-The server hosting the database must comply with the Client Computing
Security Standard (CCSS) and Critical Server Security Standard (CSSS). All
servers that host databases, database services, or database applications and
that have been deemed “critical” based on the criteria in the Critical Server
Security Standard (CSSS) must comply with this standard.
-This standard applies to all servers that have been deemed “critical” based
on the following criteria:
It contains or serves Restricted Data, as defined in the Data Governance
& Classification Policy.
Loss of service carries a significant financial liability, including grants
and/or contracts.
Loss of service results in a significant negative impact(s) for the unit or
for the reputation of the B2B application.
-Network and Firewalls Special considerations are required when
configuring network and host based firewalls to protect database servers,
which go beyond the requirements specified in the Critical Server Security
Standard (CSSS).
111
-Auditing and Monitoring Database servers that meet the requirements of
this standard or contain Restricted Data and as a result administrators are
responsible for knowing what data is locate on their servers.
112
5.1. Test-bed Design
The test execution environment configured for testing on this project,
consists of specific hardware (Router, server and external cloud server),
software (apache, mysql, mod-security, and open-SSL), Operating system
(ubuntu Linux), network configuration (NAT, firewall, and port forwarding),
the product under test, other system software and application software.
5.3. DB Servers
5.3.1. MySQL Database
In this project, MySQL is used as the backend database, due to:
Table 5.1
Ubuntu Windows
Open source Closed source
Does not support executable files (.exe), mostly Support executable files (.exe), susceptible
it is virus free OS for virus threats.
Can also work as server Does not support server.
Supports multiple desktop environment Does not supports multiple desktop
environment
113
Has its own software manager Does not has its own software manager
Higher security Less security
Figure 5.1
There are three types of users available: Visitor, User and Admin.
114
Visitor can view available products.
User can view and purchase products.
An Admin has some extra privilege including all privilege of visitor and
user.
Admin can add products, edit product information and add/remove product.
Admin can add user, edit user information and can remove user. Admin can
ship order to user based on order placed by sending confirmation mail.
DB
V-bank
DB
DB
Figure 5.2
115
5.10. Implementing Security Design
5.10.1. Network Security Configurations
IP-NAT configuration
Firewall
DOS detection
5.10.2. Servers
These are the configurations that was applied on the servers to implement
security for this application.
Figure 5.3
5.10.4.1. Implementation
The below configuration should be add to httpd.conf or apache2.conf within
the server
116
Server Tokens Prod
Server Signature Off
Server Signature will remove the version information from the page
generated like 403, 404, 502, etc. by apache web server. Server Tokens will
change Header to production only, i.e. Apache
5.10.4.2. Verification
After changing the default configuration, the response header should not
content information about the server.
Figure 5.4
Figure 5.5
5.11.1. Implementation
The following options should be added to httpd.conf or apache2.conf as
shown below
<Directory /opt/apache/htdocs>
Options None
117
Order allow, deny
Allow from all
</Directory>
5.11.2. Verification
Browser should not disclose any directory content and the following error
massage should appear and also custom error massage can be configured as
shown in figure (5.6).
Figure 5.6
5.12. E-tag
It allows remote attackers to obtain sensitive information like inode number,
multipart MIME boundary, and child process through e-tag header. To
prevent this vulnerability.
5.12.1. Implementation
The following option should be added to httpd.conf file or apache2.conf
FileETag None
5.12.2. Verification
The response header from the server should not content e-tag option as
shown in figure (5.7)
118
Figure 5.7
5.13. Authorization
5.13.1. Run Apache from Non-privileged Account
Default apache configuration is to run as nobody or daemon. a separate non-
privileged user for Apache should be configured. The purpose is to protect
other services running in case of any security hole.
5.13. 2. Implementation
The figure shows the commands used to create users with system privileges
#groupadd apache
# useradd –G apache apache
User apache
Group apache
5.13. 3. Verification
Figure (5.8) shows the privileges assigned for the new user
119
Figure 5.8
5.14.1. Implementation
The following command will limits the user permissions on the specified
directories
# chmod –R 750 bin conf
5.14.2. Verification:
As shown in figure (5.9) both bin/ and conf/ directories have only read
permission.
Figure 5.9
5.15.1. Implementation
<Directory />
Options -Indexes
AllowOverride None
</Directory>
120
5.16. HTTP Request Methods
HTTP 1.1 protocol support many request methods which may not be
required and some of them are having potential risk. Typically just GET,
HEAD, POST request methods are needed in a web application, which can
be configured in the respective Directory directive. Default apache
configuration support OPTIONS, GET, HEAD, POST, PUT, DELETE,
TRACE, CONNECT method in HTTP 1.1 protocol.
5.16.1.Implementation
To the HTTP methods the following options was added .htaccess in the
website directory
<LimitExcept GET POST HEAD>
deny from all
</LimitExcept>
5.17. Web Application Security
Apache web server misconfiguration or not hardened properly can exploit
web application.
First the server was tested against TRACE re request using telnet with
listening port, The following show the TRACE request for the server
#telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TRACE / HTTP/1.1 Host: test
HTTP/1.1 200 OK
Date: Sat, 31 Aug 2013 02:13:24 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: message/http 20
TRACE / HTTP/1.1
Host: test 0
Connection closed by foreign host.
121
#
5.17.2. Implementation
In order to avoid the risk of the trace request the following option was
disabled in httpd.conf file
TraceEnable off
5.17. 3. Verification
The server was tested after implementing the previous option and the
TRACE request as shown below
#telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TRACE / HTTP/1.1 Host: test
HTTP/1.1 405 Method Not Allowed
Date: Sat, 31 Aug 2013 02:18:27 GMT
Server: Apache Allow:
Content-Length: 223
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>405 Method Not Allowed</title>
</head><body> <h1>Method Not Allowed</h1>
<p>The requested method TRACE is not allowed for
the URL /.</p> </body></html>
Connection closed by foreign host.
#
In above TRACE request it has blocked the request with HTTP 405 ethod
Not Allowed, this web server doesn’t allow TRACE request and help in
blocking Cross Site Tracing attack.
122
5.18. Set Cookie with Http Only and Secure Flag
To mitigate most of the common Cross Site Scripting attack using HttpOnly
and Secure flag in a cookie. Without having HttpOnly and Secure, it is
possible to steal or manipulate web application session and cookies.
5.18.1. Implementation
In order to implement Http Only and Secure flag the following options was
added to in httpd.conf file this option requires mod_header to be enabled on
the server.
5.18.2. Verification
As shown in figure (5.10) Set-Cookie is flagged with Http Only and Secure.
Figure 5.10
5.19.1. Implementation
the following option will mitigate this type of attack , and should be
configured in httpd.conf or apache2.conf file as follow
123
5.19.2. Verification
The HTTP response headers X-Frame-Options was set to SAMEORGIN as
shown in figure (5.11) .
Figure 5.11
5.20.1. Implementation
<Directory /opt/apache/htdocs>
Options –Indexes -Includes
Order allow,deny
Allow from all
</Directory>
124
5.21.1. Implementation
The following header option was added to httpd.conf to avoid X-XSS
5.21.2. Verification
The HTTP response header shows XSS Protection is enabled and a mode is
blocked as in figure (5.12).
Figure 5.12
5.22.1. Implementation
The following options was configured in ,htaccess file within the directory
to force using HTTP/1.1
125
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
5.23.1. Implementation:
In order to shorten the server delay time the following command was added
to apache2.conf file
Timeout 60
5.24. SSL
Having SSL is an additional layer of. However, default SSL configuration
leads to certain vulnerabilities
5.24.1. Implementation
The following command used to generate self-signed certificate
The following command used to generate new CSR and private key
The following command used to Add Personal Cert, Signer Cert and Key
file in httpd-ssl.conf file under below directive
126
5.24.2. Verification
In order to check the validity configuration of the certificate, sslscan
command should be used with the specified host address as shown in
figure(5.13)
Figure 5.13
5.25.1. Implementation
SSLProtocol directive was configured in httpd-ssl.conf to accept only TLS
1.0+ as shown below
5.25.2. Verification
The following command used to check the allowed version of SSL protocol
128
6.1. Introduction
this chapter covers the security test and result of the application it contains
all the major parts as follow (network security test, Operating system
security test, servers security test, and client side security test), the test
conducted for this application follows the standard penetration testing
technique, Tools used for testing Nmap, Nikto, Hping(DoS).
This section shows testing results for Network core device (Router). As
shown in figure (6.1) the initial Nmap scan for the router shows only two
open ports HTTP and Custom port for WPS control
Figure 6.1
129
Figure 6.2
As shown in figure (6.2) the final scan result for router provide miner
information about the router OS and its version along with apache version.
Figure 6.3
130
As shown in figure (6.3) Nikto tool provide non useful information about the
server, taking in mind that the response came from port 443 which is HTTPS
the secure socket protocol.
Figure 6.4
As shown in figure (6.4) port 80 is closed so the server only accept request
on port 443
131
Figure 6.5
Figure 6.6
132
As shown in figure (6.6) clickjacking and XSS vulnerabilities are handled via
apache header module
133
7.1. Conclusion
B2B application security is vital in e-commerce. Hesitation or scepticism in
transaction security over the Internet is a crucial issue needs to be taken care
seriously. In the aim of constructing secure B2B application one has to be
aware of the new security threats and vulnerabilities, security defense
technologies in order to achieve higher security rate, the key for implemtnting
security is to follow a Well-defiend security policy and apply the
implementation plan.
7.2. Limitations
Although the research has reached its aims, there were some limitations..
Hardware availability.
7.3. Recommendations
The following recommendations are offered for related research in the E-
commerce application security.
134
References
1. www.digitsmith.com/ecommerce-definition.html
5. Tuula Lehtimäki, M.Sc. (Bus. Adm.), M.Sc. (Tech.) Jari Salo, Dr. (Bus.
Adm.) Heidi Hiltula, M.Sc. (Bus. Adm.)and Mikko Lankinen, student,"
Harnessing web 2.0 for business to business marketing - Literature review
and an empirical perspective from Finland ",Oulu University Press,2009.
10. https://www.treefrog.ca
11. http://www.techulator.com/experts/3039-Fundamental-differences-
between-Ubuntu-and-Windows.aspx
135
12. http://www.differencebetween.net/technology/difference-between-iis-
and-apache/
136