Threats of E-Commerce in Database

Threats Of Database In E-Commerce

Submitted By: MD. Arafat Hossen ID: UG-02-22-09-012 Dept. of CSE

Submitted To: Fernaz Nawrin Nur Lecturer Dept. Of CSE

Electronic commerce, commonly known as e-commerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. Electronic commerce draws on such technologies as electronic funds transfer, supply chain management, Internet marketing, online transaction processing,etc…

Introduction to security issues Mechanisms used to grant and revoke privilege in

relational database in SQL An overview of the mechanisms for enforcing

multiple levels of security Briefly discusses the security problem in statistical

database Introduces flow control and mentions problems

associated with convert channels. A brief summary of encryption and public key

infrastructure schemes.

Types of SecurityTypes of Security• Legal and ethical issues regarding the right to access certain

information. In US there are many laws governing privacy of information.

• Policy issues at the governmental, institutional, or corporate level as to what kinds of information should not be made publicly available – for example, credit ratings and personal medical records

• System-related issues such as the system levels at which various security functions should be enforced-- for example, whether a security function should be handled at the physical H/W, OS, or DBMS levels.

• The need in some organizations to identify multiple security levels and to categorize the data and users based on these classified. The security policy of the organization with respect to permitting access to various classifications of data must be enforced.

Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially.• Loss of integrity• Loss of availability• Loss of confidentially

Database threats: E-commerce systems store user data and retrieve

product information from databases connected to the web-server.

Besides product information, databases connected to the web contain valuable and

private information that could irreparably damage a company if it were disclosed or altered. Some

databases store username/password pairs in a non-secure way. If someone obtains user

authentication information, then he or she can pretext as a legal database user and reveal

private and costly information.

Integrity refer to requirement that information be protected from improper modification.

Modification of data includes• Creation• Insertion• Modification• Deletion• Change the status of data

Integrity is lost if unauthorized changes are make to the data by either intentional or accidental acts.

If continue use the contaminated system or corrupt data cause the result in inaccuracy, fraud, or erroneous decision

Database availability refers to making objects available to human user or a program to which they have a legitimate right

Database confidentially refers to the protection of data from unauthorized disclosure.

The impact range from• Violent of data privacy act to the damage of

national security Unauthorized could result in loss of public

confidence, embarrassment, or legal action against the organization.

To protect database against these types of 4 kinds of countermeasures can be implemented:• Access control• Inference control• Flow control• Encryption• Backup the Database regularly

Thank You Teacher and Class

Any Questions????