English  |  正體中文  |  简体中文  |  Items with full text/Total items : 54137/89020 (61%)
Visitors : 10553148      Online Users : 34
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/74579

    Title: 建構一個更安全的電子商務交易環境
    Other Titles: Build a more secure environment for e-commerce transactions
    Authors: 康振昌;Kang, Cheng-Chang
    Contributors: 淡江大學資訊工程學系碩士在職專班
    黃連進;Hwang, Lain-Jinn
    Keywords: 資訊安全;Information security
    Date: 2011
    Issue Date: 2011-12-28 18:56:44 (UTC+8)
    Abstract: 一般電子商務網頁伺服器導入SSL或SET電子資料安全交易機制,目的是防止交易資料在傳輸的過程中被竊取或被篡改的情形,以完成資料通訊過程中的私密性。但是仍然時有所聞惡意的攻擊者趁虛而入電子商務網頁伺服器竊取或篡改交易資料的情形。因為網頁程式讀取或操作資料庫時,如果執行過程中未檢查從客戶端傳回網頁的變數資料,這種網頁變數資料的傳遞方式,容易造成網路上惡意的攻擊程式,發現網頁程式的弱點進行攻擊行為,產生資料在傳輸的過程中被竊取或被篡改的資訊安全問題。

    本篇論文將作者處理許多發生資訊安全實務案例中,根據解決使用者問題的處理方式,挑選出一個如何防止發生個人資料外洩的電子商務交易事件為代表,利用防禦資料隱碼攻擊的方式,整合資訊安全系統架構中,弱點管理(Vulnerability Management)、威脅管理(Threat Management)、系統記錄檔管理(Log Management)防護網路應用層功能之實務應用。此安全防護機制不需要變更既有的網路組態與現有的網站應用程式,並且減少網站維護者微調防護設定的時間,是一個有效又更加安全的電子商務交易防護機制。
    Implementing electronic transaction data security mechanism (such as SSL and SET) upon e-commerce web servers is to ensure data communication privacy via protecting the transaction data from being stolen or changed in the transmission process。While malicious attacks of stealing or changing transaction data on e-commerce web servers are still happening。When web programs are accessing or manipulating on the database, the malicious attacking program would use this weak point and effect the attack if there is no examination of web page variable data in the transmitting data back from client end. This results in information security problem of data stolen or changes in the transmission process.

    The writer of this paper, based on previous experience in preventing personal data leaking of e-commerce transaction, developed a security protection mechanism defending SQL injection and integrating Vulnerability Management, Threat Management and Log Management of network application layer protection。This security protection mechanism of e-commerce transaction is proved to be effective and secure with advantages of no changes in existing network configuration / web page programs and time reduction in network setting adjustment of website administrator.
    Appears in Collections:[Graduate Institute & Department of Computer Science and Information Engineering] Thesis

    Files in This Item:

    File SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback