Docsity
Log in
Sign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log in
Sign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Search for study opportunitiesNEW

Connect with the world's best universities and choose your course of study

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

HTTP in Electronic Commerce: Authentication, Sessions, and Security, Slides of Fundamentals of E-Commerce

Fundamentals of E-Commerce

Various improvements and extensions to http protocol for electronic commerce, including session management, user identification and authentication, security, and https. It explains the problem of stateless http and solutions like url rewriting and cookies for session tracking. The document also covers different authentication methods and their drawbacks, as well as security issues and possible solutions.

Typology: Slides

2012/2013

Uploaded on 07/30/2013

asif.ali
asif.ali šŸ‡®šŸ‡³

5

(3)

146 documents

1 / 10

Toggle sidebar

Related documents

E-commerce Security: SSL, S-HTTP, and Digital Signatures
ELECTRONIC COMMERCE SECURITY
Secure Electronic Commerce: Advanced Issues and Technologies
Understanding URLs and HTTP in Electronic Commerce
Password Security and Authentication: Length, Complexity, and Recovery
Web Application Security Lab: ECE4112 Internetwork Security
Secure Electronic Commerce Components-Security of Systems-Handout
(1)
Digital Certificates and Electronic Payments in Electronic Commerce
Security Protocols: IPSec and SSL with focus on SAs and SSL Sessions
Categories of electronic commerce, college study notes - Electronic commerce
Electronic Mail Security-System Security and Cryptography-Lecture Slides
Electronic Mail Security - Network Security and Cryptography - Lecture Slides
Zero-Interaction Authentication System: Enhancing Laptop Security with ZIA
Zero-Interaction Authentication: A Security Solution for Convenience and Protection
ECE8843 Quiz 1: Data & Network Security - Encryption, Authentication, Honey Nets
Cookies and Web Authentication: Password-Based Systems and Security Issues
Authentication Systems: Passwords, Challenge-Response, Biometrics, and Security - Prof. Da
Security in Distributed Systems: Authentication, Access Control, and Management - Prof. Br
Transaction and Network Security - Electronic Business - Exam
E-Commerce and Web Security: A Comprehensive Guide
Electronic Fulfillment - E-Commerce - Lecture Slides
Email Security - Introduction to Computer Security - Lecture Slides
Understanding E-Commerce Security: Firewalls, Filters, Proxies, Check Point
Philippine E-Commerce Act 2000: Legal Recognition of Electronic Documents & Signatures
E-Commerce Jurisdiction & Enforcement: Laws, Contracts, Security, Privacy
Network Security: Cryptography, Authentication, and Internet Security Threats
Understanding WAP and its Role in Electronic Commerce
Electronic Commerce Systems: Tech, Categories, and Processes
Security Analysis of Electronic Voting Systems: A Case Study on Diebold's Accuvote-TS - Pr
Identification and Authentication in Computer Security

Partial preview of the text

Download HTTP in Electronic Commerce: Authentication, Sessions, and Security and more Slides Fundamentals of E-Commerce in PDF only on Docsity! 3-21Electronic Commerce (WS-02/03) HTTP/1.1 (2) Further improvements: + Virtual hosts supported via new header field HOST: Several servers can be made available through a single TCP address (IP-address:port combination). See chapter 3.6). Host: eurift.sts.tu-harburg.de:80 Host: wips.sts.tu-harburg.de:80 + New request methods PUT, DELETE, TRACE, OPTIONS + Partial transmissions of resource entities (documents) + Content Negotiation (negotiation of visualization, language, quality, encoding) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Encoding: gzip Accept-Language: de Accept-Charset: iso-8859-1,*,utf-8 + Improved Authentication Identical IP address (134.28.70.3) and port distinguished by HOST field Docsity.com 3-22Electronic Commerce (WS-02/03) HTTP Extensions o Session Management: Adding session management to the stateless HTTP request/response protocol o User identification and authentication o Security: Adding layers for securing HTTP: S/HTTP, HTTPS, IPSEC o Refresh / Redirect: Trigger actions at the client browser o more... Docsity.com 3-25Electronic Commerce (WS-02/03) HTTP Authentication (1) Basic Authentication (since HTTP/1.0): o Identification and password are transmitted as plain text. THIS IS INSECURE! Digest Access Authentication (since HTTP/1.1): o Client encrypts identification and password using a one-way function and sends this digest to the server. Server performs same computation and compares results. Docsity.com 3-26Electronic Commerce (WS-02/03) HTTP Authentication (2) Drawbacks: o Does not fit into page design o Cannot be visualized following the companyā€˜s corporate design o Language cannot be selected Docsity.com 3-27Electronic Commerce (WS-02/03) HTTP Authentication (3) Security problem not yet solved: o Replay attack: ā€œMan in the middle-attackā€: Attacker copies authentication message and replays it to the server, this will authenticate him. Possible solution: Authentication message is only valid one time. For this, encrypt the following items (and combinations thereof) into the client request: o Server-generated nonce (nonce = ā€œnumber, generated onceā€) o Client IP-address o Timestamp o Identification o Password o Request method o Requested URI o ... Docsity.com

Documents

Summaries

Exercises

Exam

Lecture notes

Thesis

Study notes

Schemes

Document Store

View all

questions

Latest questions

Biology and Chemistry

Psychology and Sociology

Management

Physics

University

United States of America (USA)

United Kingdom

India

Docsity logo

Sell documents

Seller's Handbook

About us

Career

Contact us

Partners

How does Docsity work

Koofers

EspaƱol

Italiano

English

Srpski

Polski

Š ŃƒŃŃŠŗŠøŠ¹

PortuguĆŖs

FranƧais

Deutsch

United Kingdom

United States of America

India

Terms of Use

Cookie Policy

Cookie setup

Privacy Policy

Sitemap Resources

Sitemap Latest Documents

Sitemap Languages and Countries

Copyright Ā© 2024 Ladybird Srl - Via Leonardo da Vinci 16, 10126, Torino, Italy - VAT 10816460017 - All rights reserved