View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
If you plan on opening a cybershop or conducting business on the Internet, then PKI (public/private key infrastructure) will be very important to you and should be implemented on your server.
The server will have a private key (digital signature) and provide its public key for the customers to download and install in his browser. This is to verify if the server they are doing transactions with is authentic (not spoofed).
Turn off the features of the Web server that you really don’t use.
The more features a server provides, the more trouble (security holes) it may introduce.
E.g., turn off using server-side includes. This feature opens security holes, most notably, the possibility of allowing an intruder to execute any command (embeded in an HTML document) on the server with the ‘exec’ include.
1.The user, using a Web browser, selects an item that activates a CGI program. The client (user) sends the server the name of the program and any associated data, such as information entered on a form.
Don’t make assumptions about the program’s operating environment. Instead, set the environment variables (such as PATH on UNIX) within your program or use complete path names.
This is because if you don’t, the intruder may be able to redirect executing a system command specified in your program to executing the Trojan horse program (command) instead that they manipulated to upload to your server.