Active Content - E-Commerce - Lecture Slides, Slides of Fundamentals of E-Commerce

Students of Communication, study E-Commerce as an auxiliary subject. these are the key points discussed in these Lecture Slides of E-Commerce : Active Content, Programs, Threat, Content Displays, Invoice Amount, Java, Javascript, Web Pages, Downloads, Shopping Carts

Typology: Slides

2012/2013

Uploaded on 07/29/2013

alok-sarath
alok-sarath 🇮🇳

4.3

(35)

143 documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Active content
Active content, programs embedded in Web pages,
can be a threat to clients.
Active content displays moving graphics, downloads
and plays audio, places items into shopping carts,
computes the total invoice amount, etc.
Active content can be implemented in a variety of
ways:
– Java
– JavaScript
ActiveX
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Active Content - E-Commerce - Lecture Slides and more Slides Fundamentals of E-Commerce in PDF only on Docsity!

Active content

-^ Active content

, programs embedded in Web pages,

can be a threat to clients.

  • Active content displays moving graphics, downloads

and plays audio, places items into shopping carts,computes the total invoice amount, etc.

  • Active content can be implemented in a variety of

ways:– Java– JavaScript– ActiveX

Java

  • Java is a high-level, object-oriented programming

language developed by Sun Microsystems.

  • It was created for embedded systems, but its most

popular use has been in Web pages where appletsimplement client-side applications.

  • Java is platform independent.• It reduces the load on servers by downloading work

onto the client’s machine.

JavaScript

  • JavaScript is a scripting language developed by

Netscape to enable Web page designers to buildactive content.

  • When you download embedded JavaScript code

it executes on your machine. It does not operateunder the sandbox model.

  • For this reason it can invoke privacy and integrity

attacks by destroying your disk, copying creditcard numbers, recording the URLs of pages youvisit, etc. Secure connections do not help.

  • JavaScript programs must be explicitly run.

ActiveX controls

  • ActiveX is an object that contains programs and

properties that Web designers place on pagesto perform certain tasks.

  • ActiveX controls only run on Windows machines.• When embedded ActiveX controls are downloaded,

they are run on the client machine.

-^ Examples

: Flash, Shockwave

  • Once downloaded, ActiveX controls have access to

system resources, including the operating system.

Protecting client computers

The primary task in protecting a client machine isthe monitoring of active content. Each browserhandles this in a different way.The primary issue is trust of the site providing theactive content.One way to improve trust is through the use of digital certificates

Digital certificates

  • A digital certificate, or

digital ID

, is an attachment

to a Web page or e-mail message verifying theidentity of the creator of the page/message.

  • It identifies the author and has an expiration date.• A page or message with a certificate is

signed

  • The certificate is only a guarantee of the identity of

the author, not of the validity of the page/code.

  • Certificates are obtained from a

Certificate Authority

(CA) that issues them to an individual or anorganization. Example:

VeriSign

  • Identification requirements vary.

Authenticode

  • When a page with a certificate is downloaded:
    • The certificate is detached– The identity of the CA is verified– The integrity of the program is checked
      • A list of trusted CAs is built into the browser along

with their public keys.

  • Both the certificate and the key must match.