Ecommerce web site security

This 'ecommerce web site security' article is supplied by Web Site Security, where you can find more information about ecommerce web site security.

Web Site Security Considerations - An Overview



It is unfortunate, but there are a lot of ways in which web site security can be breached. For example, security risks lurk insidiously which impinge on Web servers and LANs (local area networks) where Web sites are located, even by the routine use of a Web browser.

Web Masters shoulder the responsibility when coping with the gravest threats. As soon as a Web server is installed at a site, a window is constructed in the local area network through which anyone on the Internet can peek. Naturally, the majority of web site visitors look at only what they are supposed to see, but a few try to discover areas of the site which aren't supposed to be discernible by the general public. Pernicious visitors aim to do other than just look; they try to unlock the window and creep through it. The harm they could inflict might be sheer vandalism, for instance substituting the website's home page with one of theirs that could say or display absolutely anything at all, or else it could be larceny, like gaining possession of a contacts or orders list.

It is difficult to escape the probability that intricate computer software has bugs. Regardless of how comprehensively it is tested, there's typically a certain combination of events or user actions, although it may be rare, which creates an error. Software bugs create breaches in system security. A Web server is involved software that may quite possibly contain a security crack.

It is not merely the intricacy of a Web server which may produce a glitch, but also its open architecture. Think about a CGI script as a case in point. A CGI script may be processed at the server in answer to a remote call from a client. It could be a request from a program or even the click of a button in a browser. If the CGI script includes a bug, there could be a possibility of a security violation.

Network Administrators also have to face problems from Web servers because of the threat they pose to the security of the local area network. Though there must be no unauthorized intrusions, admission has to be given to web site visitors. This means that access to the network must be controlled. The Administrator therefore needs to perform a delicate balancing act. Even the most robust firewall may be compromised if the Web server is configured badly. By the same token, normal use of the website may be impossible if the firewall is configured poorly. Attaining an ideal answer is even more tricky if an intranet is an element of the system. Usually, the Web server in that case must be configured to distinguish and validate domains and user groups, which are likely to have differing permission levels and access rights.

Suggestion: For advice regarding a particular aspect of website security, for example "ecommerce web site security", search for the complete phrase on the Internet.

Almost everyone using a browser to surf the Web trust that they really are doing it in secret and in safety. This is not the case. Web browsers may execute self-contained software programs on the client machine which are located on a website. Modern browsers display a warning and ask authorisation to execute these kinds of programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, can easily deposit a virus or other dangerous software on the browser user's computer. As soon as it's in the system it can inflict all kinds of catastrophe and can be extremely difficult to eliminate.

This is also a worry for Network Administrators. Web browsers supply a route for possibly malicious software to permeate through the local area network's firewall. When it is in the system, the damage it might inflict can stretch from surreptitiously stealing private information to wanton carnage.

Apart from the matters involving active content, merely browsing the Net leaves a trail of the user's activities in the browser's history. This might be utilised by websites and installed software programs to establish a precise profile of the user's behaviour and interests. Though this may be considered an invasion of privacy by some people, it can be constructive by supplying applicable subject matter straight away, thus exonerating the user of the task of searching for it.

Privacy is a question that worries not just browser users but also Web Masters and Network Administrators during the actual transmission of data via the Net. TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic language of communication for the Internet. When it was created, security wasn't the principal feature of its blueprint. Both network and Internet transmissions should therefore not be considered as automatically confidential. Every time the browser on a local machine downloads a sensitive file from the remote Web server, or the browser user fills out a form with confidential information and clicks the 'Submit' button, the transmitted data may be intercepted without consent.

To find out more about 'ecommerce web site security', visit website-security.biz.