WebHub Paradigm Increases Likelihood of eCommerce Security Compared to Active Server Pages -- ASP.SANTA ROSA Santa Rosa, city, Argentina Santa Rosa, city (1991 pop. 80,629), capital of La Pampa prov., central Argentina. It is a modern city and road junction surrounded by a rich agricultural and cattle-raising area. , Calif.--(BUSINESS WIRE)--March 25, 1999--ECommerce customers of a New Zealand New Zealand (zē`lənd), island country (2005 est. pop. 4,035,000), 104,454 sq mi (270,534 sq km), in the S Pacific Ocean, over 1,000 mi (1,600 km) SE of Australia. The capital is Wellington; the largest city and leading port is Auckland. distributor were shocked to read ComputerWorld News Wire's March 10, 1999 edition, headlining that a design flaw had allowed any of the distributor's customers to access the invoices of all other customers via the web. The distributor's site, developed using Microsoft ASP, connected to a back-end accounting records database. Unbeknownst to the distributor, the site had a common security flaw -- changing a number on the URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. revealed confidential invoices that belonged to other users. Even though the problem is now patched, the negative publicity forced the distributor to withdraw its high profile campaign to market its eCommerce solution. Unfortunately, security breach nightmares resulting from poor design decisions are not uncommon, and they can ruin a company almost overnight. WebHub, the high-performance, object-oriented web development framework from HREF (Hypertext REFerence) The HTML code used to create a link to another page. The HREF is an attribute of the anchor tag, which is also used to identify sections within a document. Tools Corp., protects businesses from many such security snafus. Its architecture makes it easy to implement security features by giving programmers ideal places to "hook in" code for security checks. Developers can build in security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security at a very low level, so that every point of access to every aspect of the site is controlled. Ann Lynnworth, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of HREF Tools Corp. commented, "It's easy to see how this sort of mistake can be made with ASP -- the temptation to put raw data keys, such as account and invoice numbers, into the URL exists because of the direct link to the database. The company made two fundamental errors -- firstly, in not obscuring the document key, and secondly, in not validating the invoice ID against the dealer account ID. "This could have been done with ASP using scripts or custom objects, but some developers avoid scripts due to the maintenance headaches and avoid objects due to the design difficulties. It's easier with WebHub because WebHub includes a complete component library that, among other things, keeps private data private." For information on the full range of WebHub security features, visit http://www.href.com/security. To view the ComputerWorld wire, see http://www.idg.co.nz/nzweb/d052.html. HREF Tools Corp. (http://www.href.com) is a privately held company privately held company A firm whose shares are held within a relatively small circle of owners and are not traded publicly. , founded in 1995 to bring high-quality, object-oriented web development tools and off-the-shelf web application servers to the Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. market. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion