Establishing New E-Commerce Market to Catering Specific

Establishing New E-Commerce Market to Catering Specific
Requirement with Sufficient Safety Support
LI Min, WANG Baoqin
School of Computer Science, Yangtze University, Jingzhou 434023,China
[email protected]
Abstract: The paper firstly introduces the background of building electronic market, followed by our
introduction of design. Secondly, we divide the electronic market into three modules from the angle of
users: anonymous user’s module, generally registered user’s module and administrator’s module.
Following this is the description about modules as well as functions. Based on all of the above, this
paper also studies personalized requirement of electronic market, including extracting commodity that
the user is interested in from the database after logging in, and tracing the information that the user has
browsed etc. Finally, it introduces the security solution of electronic market on the aspects of
establishing register and logging in flow, protecting access right of database, and helping the users who
forget their passwords.
Keywords: Electronic market, personalized requirement, Safety
1 .Introduction
E-Commerce is one kind of new commercial mode that based on the Internet. It involves the two
parties of business, electronic bank payment, final accounts service and customer’s data. Along with the
popularization of internet, e-commerce has been becoming the consumption method that people accept.
Although e-commerce differs from original business in realizing methods, the nature of e-commerce is
still business, that is to say, internet is only the method, while, business is the key. Therefore, profit is
what e-commerce considers. Profit means attracting customer. So, earning methods and traits of original
business can be used in e-commerce.
A representative of e-commerce is electronic market, which is a virtual supermarket based on web.
The prevalent of many kinds of electronic markets provides massive choice for consumers who
command higher on this shopping way. Satisfying individual needs in the design of electronic market
goals at making profit. What consumers concerned are exactly two points: personalization and safety.
Personalization means letting consumers feel at ease and satisfied and relaxed; Safety in the system
means preventing customers from being attacked and enclosing their privacy to people, so measures
should be taken to ensure safety of database such as protection and getting back of users’ passwords.
2. Module design
2.1 Anonymous user’s module
Users who don’t register and don’t have any records in the database are called anonymous user.
In order to change these users to registered users, the market needs to provide big convenience to
increase browsing quantity and the number of users.
Anonymous user need not log in but directly enter the home page. He can browse merchandise
in the electronic market, search for and click links that he is interested in. But he cannot purchase
merchandise. To prevent malice users from destroying web site, such restrictions are carried on
anonymous users. Moreover, no operation record is done and anonymous users don’t have any mark
retaining in database.
2.2 Generally registered user’s module
Generally registered users are consolidate buyers of electronic market, because of this, market
tries hard to retain these users and attract them to consume.
To become a registered user, you are certain to go through the register procedure, during
745
which you are wanted to fill in user name and password, and set reminding questions and answers
to helping getting password back when you forget your password. After filling in corresponding
user name and password reminding problem and answer, you can revise your password, and can use
the newly revised password when you log in the market.
After the entry, recommendations as well as history browsing will be displayed based on
previous operations of this user. Market can also retain commodity that the user didn’t purchase
successfully last time and let this user continue accomplishing the purchase. Logged users can
search and pick out commodity he interested in. After picking up, order list will be done, the market
can deliver commodity according to the list.
2.3 Administrator’s module
Administrator is the director of electronic market; he dominates the work of whole market.
Administrator’s module was supplied to facilitate the operations such as publishing announcement,
leaving comments, managing information on users, database and merchandise. Only administrator
can enter administrator’s module.
After entry, operations as follows can be done:
(1) Delete, add, revise user. But we don’t recommend this function because these operations
are considered irresponsible and impolite. He also needs to check order list at regular time, and
provides service and delivers commodity timely according to order.
(2) Delete, add, modify and recommend commodity.
(3) Backup database.
(4) Delete, modify and add announcement.
In the above modules, anonymous user is identical with general registered user in some
operations. Administrator’s module and user’s module are independent respectively. The upper
description also can be made out from the module picture of web site, which is shown in figure 1.
Figure 1: the module picture of Web Site
3 Personalize Development
3.1 First register and withdraw commodity interested to users from database automatically
746
As e-commerce Web Site, commodity information is numerous; it is possible that customer won’t
find commodity immediately if they search them in a large-scale Web Site. Generally, register the
e-commerce Web Site and then browse the commodity categories which are unchanged by users in most
situations. It will facilitate customers greatly and improve efficiency if they can withdraw the
commodity information from massive commodities during logging in. Therefore, users’ records of every
register become an important key to this procedure. Show user commodity that user click frequency is
more than all others as well as the relative commodity in a link way when they log in next time, which
provide great convenience for users.
3.2 Track user browsing commodity information
Retrieves their information from history record when register each time, and then lists, namely
continues the same operation as last time. In addition, it may fail to make deal for some reasons during
purchase, it doesn’t matter, if really fail, the database will save the purchase records, so customer will
find the commodity in the shopping basket that customer should have succeeded in purchasing last time.
Realize this function needs to rest on some push-down buttons, for example, commodities in shopping
basket won’t be deleted from database if log out without knobbing down the generating order form. In
this way, brings convenience to the users and attracts them as well.
．Safety Solution
4
4.1 Establishing register and log in flow
Session’s object can be used to carry on the entries procedure certification to avoid no registered
user from not going through the entry procedure interface but directly entering the application system.
The biggest merit of Session’s object is that it can retain the information of certain user, and let the
follow-up pages read the information, thus it stops the leaving out of user’s information and damage to
database. Electronic market can use Session’s variable to indicate user. Session is one kind of server end
mechanism. When program needs to create session for certain client-side requirement, the server firstly
checks whether this requirement has contained a session identity called Session ID, which will be
returned to preserve at the client-side during this responds. Therefore, session itself is secure, which
adds a lock above the safe protection in electronic market. All successfully entered users will assign
values to session variables. When user wants to visit database or do other operations, session is checked
to see whether it is NULL. If yes, which means the user didn’t pass the certification, program will refuse
his further operation.
4.2
Protecting the accessing right of database
The security of database is necessary, because it is easy to be attacked. When issued in public
network such as Internet and visited by ASP.NET application, the protected database should possess
higher priority. The reasons that cause database vulnerable to be attacked probably are unsecured
password storage, database configuration in a wrong way or no database configuration and unable to
distinguish the database back door.
Super user account has the privilege of carrying out any operation on database. As many developers
and DBA still haven’t changed the default password (for example, sa is the default account of SQL
Serve DB), which make database fully open to the whole world. Hackers will try to use the default ID
and password firstly if they know what kind of database product you are using. We should protect
database with very safe reliable password, and change the password frequently.
Setting Web application in order to use administrator account that owns full powers is a serious
error. Developers will work easier when using administrator account, which avoids the necessary of
object configuration and reserved authority, those are the reasons why using the account. But it will lead
to many problems, for example, hackers will disseminate malicious codes to server.
Therefore we need to abide by an ordinary principle to reduce the risk; the principle is we should
run application with unprivileged user account (also be called minimum privilege principle).
Users who accept minimum privilege principle abide by three basic rules as followed:
747
confer user minimum privilege which can make sure of completing tasks
confer application minimum privilege which can make sure of implementing its functions
confer system minimum privilege which can make sure of performing principle in a relatively
large network
Therefore restricting users’ authority is in order to prevent them from entering into administrator
interface, we can protect database in some degree when verifying the logging in manager in order to
exclude non administrator account.
4.3 Helping user who forgets his password
This system adopts the method of presenting question and answering to get back user’s password
Anybody who forgets his password and wants to get back the password or tries to modify user’s
password has to input user name firstly, and then retrievals whether the name exists in database; if exists,
user has to input information of the question presented and the answer which have been submitted when
finished registration., then compare them with the records stored in database; user can input a new
password if the comparison is completely consistent; the database should update use’s information at the
some time, which makes sure that user registers with new password.
5 Conclusions
The paper takes designing an e-commerce market and researching its personalization and safety as
theme, places restrictions on procedure according to different login user type. On the foundation of
completing the e-commerce market, retrieval and show commodities which customer care for from
user’s record, save commodities for failing to make deal, all of which reflect personalization; as respect
of safety, the system restricts some authority on accessing to database and protects and gets back
password and so on.
6
Acknowledgements
The paper is sponsored by the National 863 High-tech Project under grant number 2006AA04A130,
the
Key Project of Hubei Province Educational Department (class—A) under grant number
D200712001 also a team project sponsored by science & research fund of Yangtze University.
References
[1] Ulrich Frank, Carola Lange. E-MEMO: a method to support the development of customized
electronic commerce systems. Information Systems and E-Business Management , 2006(4):1 24
[2] Xiaotong Li, Jatinder N. D. Gupta, James V. Koch. Effect of technological breakthroughs on
electronic markets. Electronic Commerce Research , 2006(6): 389 404
[3] Kwang Moon Cho. XML Security Model for Secure Information Exchange in E-Commerce.
Lecture Notes in Computer Science, 2006:1003 1011
[4] Robert J. Kauffman, Charles A. Wood. Doing their bidding: An empirical examination of factors
that affect a buyer’s utility in Internet auctions. Information Technology and Management , 2006,
7(3): 171 190
～
～
748
～
～