Website security rules and ecommerce tips

This 'website security rules and ecommerce tips' article is supplied by Web Site Security, where you can find more information about website security rules and ecommerce tips.

Website Security Issues - An Overview



An unfortunate fact is that there are lots of ways in which website security can be adversely affected. For example, security hazards lurk insidiously that may impinge on Web servers and LANs (local area networks) on which Web sites reside, even by the typical use of a Web browser.

Web Masters shoulder the responsibility when coping with the major risks. As soon as a Web server is installed at a site, a window is made in the local area network through which anyone who's using the Internet can peek. Naturally, nearly all website visitors see no more than what they're supposed to look at, but a number of them try to locate parts of the site which aren't designed to be perceptible to all and sundry. Unscrupulous visitors wish to do other than simply look; they try to unlock the window and creep through it. The damage intruders could cause might be sheer vandalism, for example changing the website's home page with their own that might say or show anything at all, or else it might be larceny, like appropriating a contacts or orders database.

It is difficult to evade the virtual certainty that complicated computer software has bugs. Regardless of how thoroughly it is tested, there does exist frequently a certain order of events or user actions, though it may be uncommon, that causes a failure. Computer software bugs create gaps in system security. A Web server is intricate software which may quite likely include a security gap.

It is not merely the intricacy of a Web server which can create a problem, but also its open architecture. Consider a CGI script as a case in point. A CGI script can be processed at the server in reply to a remote call from a client. This could be a request from a program or even the click of a button in a browser. If the CGI script contains a bug, there is a possibility of a security violation.

Network Administrators also have to face problems from Web servers on account of the risk they pose to the security of the local area network. Despite the fact that there should be no unauthorised incursions, access has to be granted to web site visitors. This means that access to the network has to be controlled. The Administrator therefore has to perform a delicate balancing act. Even the most robust firewall may be undermined if the Web server is configured badly. Concomitant with this constraint, normal use of the web site can be impossible if the firewall is configured poorly. Reaching a model solution is even more complicated if an intranet exists as part of the system. Usually, the Web server in that case must be configured to recognise and authenticate domains and user groups, which are apt to have varying permission levels and access privileges.

Hint: For advice with reference to a specialised view of web site security, like "website security rules and ecommerce tips", search for the full phrase on the Net.

Nearly everybody using a browser to surf the Net trust that they are doing so namelessly and in safety. It is not so. Web browsers can process self-contained software programs on the client computer that are located on a web site. Current browsers display a caution and ask permission to execute such programs. Described commonly as "active content", e.g., ActiveX controls or Java applets, these programs, if malicious, may easily leave a virus or other hazardous software on the browser user's PC. As soon as it is in the system it can inflict all kinds of damage and can be extremely tough to eradicate.

This is also a worry for Network Administrators. Web browsers provide a means for potentially malicious software to permeate through the local area network's firewall. Once it is in the system, the harm it is able to cause can go from stealthily gaining possession of sensitive information to wanton spoliation.

Apart from the matters in re active content, just surfing the Web leaves a trail of the user's activities in the browser's history. This may be used by web sites and installed software programs to determine an exact profile of the user's behaviour and preferences. While this may be unacceptable as an invasion of privacy by some, it can be advantageous by offering relevant subject matter immediately, so exonerating the user of the task of searching for it.

Confidentiality is an issue which concerns not only browser users but also Web Masters and Network Administrators for the duration of the actual transmission of information by means of the Web. TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental language of communication for the Net. When it was created, security was not the principal aspect of its blueprint. Both network and Internet transmissions should therefore not be considered as essentially confidential. When the browser on a local PC downloads a private file from the remote Web server, or the browser user fills out a form with personal data and clicks the 'Submit' button, the transmitted information might be intercepted without authorisation.

To find out more about 'website security rules and ecommerce tips', visit website-security.biz.