Chapter 8 Building the Transaction Database Objective: Database Tables used for Transaction. Registering Users. Gracefully Handling Form Errors. Using the Secure Sockets Layer.

Transaction Database Tables User Table – Used o store user Information Cart Table – Used to store customer shopping cart. Order Table – Holds information of all the products that that have been ordered in addition to information about the status of an order.

User Table schema User_id User_name User_pwd User_email User_street User_city User_zip User_state User_cctype User_ccexpires User_ccname

Registering Users Before customer can add items to their shopping cart, they must first register. Instead of entering address and payment information every time a new item is bought, the customer can enter this information once. It enables customers to retain a shopping cart over many visits to your Web site.

Gracefully Handling Form Errors The Error Form displays an error message and asks the user to return to the previous page to correct the mistake. When the user clicks the return button all the original data that the user entered into the HTML form is passed back to the form. Bcoz the information is passed back to the form, there is no need to start filling out the form again.

Secure Socket layer During Registration the user enter the credit card information in the form. This information is transmitted across the internet in plain text, which is dangerous. The information in internet passes through various intermediate connections.

An individual with impure intensions could teal the information while it is on its way to destination. To protect the customer’s credit card information, you must use the Secure Socket Layer(SSL). SSL is a technology originally developed by Netscape that enables you o transfer information securely across the internet.

It provides solution to three distinct security problems: Encryption Authentication Data Integrity Information that flows between Web Server & Web Browser is encrypted by encoding the information with a publicly known encryption algorithm and a secret session encryption key.

The number of bits in the session key determines the strength of the encryption. Two standard key sizes are 40 bit & 128 bit key. 40 bit key is hacked but 128 is considered unbreakable with current technology. SSL is also used to authenticate a Web server.

To enable SSL on your Web server, server certificate should be installed. This server certificate prevents other web site from pretending to be your web site. Server certificate contains information about your Web site, your organization & the issuer of the certificate. Finally SSL protects the integrity of the data as it is transmitted across the internet by including MCA (Message Authentication code) with the data as it is transmitted.

Enabling SSL on your Web Server SSL is used with IIS and not PWS. Enabling SSL is time consuming & Expensive. Ex VeriSign charges $349 for 40 bit SSL key & $895 for 128 bit key.

To enable SSL with IIS Server the following are the three steps: Generate a certificate Request File and an Encryption Key pair file using MS Key Manager. Apply for a Server Certificate from a certificate authority by providing your Certificate Request File. Install your server certificate by using MS Key Manager.

Generating the Certificate Request File Use MS Key Manager to create Certificate Request File also called Certificate Signing Request (CSR). To access MS Key manage, Launch Internet Service manager, select key, Create New key. This creates wizard that will guide you through the task of creating the CRF

Following Information is supplied to create CRF Request File Key name Password Key size Organization Organizational Unit Common Name Country/Region State/Provision Locality Your Name Email Address Phone Number

Applying for a Server certificate The CRF should be sent to a certificating authority to get your server certificate. The three popular authorities are: VeriSign Inc. Thawte Counselting GTE CyberTrust Solutions

To apply for VeriSign server certificate go to http://www. verisign To apply for VeriSign server certificate go to http://www.verisign.com and choose Secure Server ID. Provide VerSign with identifying information about your organization then submit the you CRF through an online form. After your information is verified, an email is sent to you instructing o download the new Server certificate.

Installing Server Certificate Last step is to install server certificate, that is received from the certifying authority. To install the server certificate launch the Internet Service Manager and select MS Key manager. Next Choose Key, install Key certificate. Open the new certificate file file from the hardware and supply the same password as used in CRF. Next specify the IP address and port to use SSL.

The Server certificate lasts for a period of time. The exact expiry date is given in the right frame of MS Key manager. Can be renewed before expiry.

Using SSL in ASP Page After installing your Server Certificate, you can request any page from he web site securely. O request a page using SSL, the address must begin with protocol https:// rather than http://. To force user to use SSL, you can use Internet Service Manager to configure a directory to require SSL.

To do this, launch the Internet Service Manager and open the property sheet for one of the directories within your website. Next click Edit button under Secure Communications & choose Require Secure Channel When access this resource. SSL should be enabled during registration in online store.