Chapter 9 : System Security - SAKET-SK/Online-Electronic-Store-Project GitHub Wiki

The protection of computer-based resources that includes hardware, software, data, procedures and people against unauthorized use or natural Disaster is known as System Security.

System Security can be divided into four related issues:

  • Security
  • Integrity
  • Privacy
  • Confidentiality

SYSTEM SECURITY refers to the technical innovations and procedures applied to the hardware and operation systems to protect against deliberate or accidental damage from a defined threat.

DATA SECURITY is the protection of data from loss, disclosure, modification and destruction.

SYSTEM INTEGRITY refers to the proper functioning of hardware and programs, appropriate physical security and safety against external threats such as eavesdropping and wiretapping.

PRIVACY defines the rights of the user or organizations to determine what information they are willing to share with or accept from others and how the organization can be protected against unwelcome, unfair or excessive dissemination of information about it.

CONFIDENTIALITY is a special status given to sensitive information in a database to minimize the possible invasion of privacy. It is an attribute of information that characterizes its need for protection.

SECURITY IN SOFTWARE

CLIENT SIDE VALIDATION

  • VBScript is used to ensure that those required fields are filled with suitable data only. Maximum lengths of the fields of the forms are appropriately defined.
  • Forms cannot be submitted without filling up the mandatory data so that manual mistakes of submitting empty fields that are mandatory can be sorted out at the client side to save the server time and load.
  • Tab-indexes are set according to the need and taking into account the ease of use while working with the system.

SERVER-SIDE VALIDATION

  • Server-side constraint has been imposed to check for the validity of the primary key and foreign key. A primary key value cannot be duplicated. Any attempt to duplicate the primary value results in a message informing the user about those values through the forms using a foreign key can be updated only if the existing foreign key values are updated.
  • User is informed through appropriate messages about the successful operations or exceptions occurring at server side.
  • Various Access Control Mechanisms have been built so that one user may not interfere with another. Access permissions to various types of users are controlled according to the organizational structure. Only permitted users can log on to the system and can have access according to their category. Usernames, passwords, and permissions are controlled on the server side.
  • Using server-side validation, constraints on several restricted operations are imposed.