Data Security Analysis in E-commerce Papers
E-commerce information system stores a large number of confidential and sensitive data, which are important information when e-commerce enterprises operate.
If these data have security problems, it will bring great risks to enterprise management.
This paper will discuss the data security of e-commerce system, so as to give some reasonable suggestions and strategies to improve its security technology and management level.
Second, e-commerce database and its security issues
1, Overview of e-commerce data security
The specific meaning of e-commerce data security is to ensure the confidentiality, integrity, consistency, availability and non-repudiation of e-commerce database information.
Confidentiality refers to protecting the data in the database from disclosure and unauthorized access; Integrity refers to protecting the data in the database from being destroyed and deleted; Consistency refers to ensuring that the data in the database meets the requirements of entity integrity, referential integrity and user-defined integrity; Availability refers to ensuring that the data in the database are not used by authorized users due to human or natural reasons; Non-repudiation is to ensure that users can not deny a series of operations such as accessing, modifying and querying the database afterwards, which is convenient for analysis and investigation afterwards.
2, e-commerce database security threats.
(1) Hacking.
There are always various security vulnerabilities in the network, and the hacker's attack behavior is a big hidden danger that threatens the data security of e-commerce.
Hackers usually attack the network to disrupt the normal operation of the system or steal important business secrets.
Hackers usually use the following attack methods: stealing-that is, hackers steal user secrets by intercepting important data on communication channels and decrypting them; Retransmission attack-hackers tamper with the stolen data and send it back to the server or database users, which will affect the normal operation of the system; Circuitous attack-after hackers master the security vulnerabilities of e-commerce database system, they bypass the database system and directly access confidential data; Fake attacks-hackers first block the communication port between the server and the client by sending a large number of meaningless messages, and then illegally operate the database system by impersonating the client or server; Ultra vires attack-hackers belong to legitimate users, but through some means, they can access unauthorized data.
(2) system vulnerabilities.
Network intruders aiming at e-commerce database system can obtain the data operation authority of the system according to the security vulnerabilities of the system itself.
Vulnerabilities are often caused by the database management system not patching in time or always choosing the default settings in the security settings.
In addition, if the level of security inspection measures of the database is too low, or the audit mechanism is improperly applied, there will be software risks and management risks. , the system will form security loopholes, thus giving saboteurs the opportunity to invade.
Third, e-commerce data security solutions
1, encryption scheme
Some business secret data in e-commerce system are not allowed to be accessed by ordinary users at will.
The purpose of encryption scheme is to control that these confidential data can only be accessed by specific authorized personnel.
The encryption of database management system takes the field as the smallest unit, and encryption and decryption are usually realized by the key of symmetric cryptography mechanism.
When data is encrypted, the database management system converts plaintext data into ciphertext data through the key, and the storage state of data in the database is ciphertext data. When the authorized user inquires, the ciphertext data is taken out and decrypted, so as to recover the plaintext data.
The security of the database is further improved.
2. Access control scheme
In the database management system, different users have different permissions.
Therefore, it is necessary to ensure that a user can only access or access the data range corresponding to his own authority.
The user's authority includes two aspects: one is which data objects the user can access in the database, and the other is what operations the user can perform on these data objects.
When a user accesses the database, the system will judge whether to allow or prohibit the operation according to the user's level and authority, so as to protect sensitive data from being leaked or tampered with.
There are three access control schemes called discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC).
3. Certification scheme
Identity authentication technology is a security strategy for database management system to prevent all kinds of counterfeit attacks.
When users access sensitive and critical data, they must authenticate between the customer and the database management system.
Password identification is a way of identity authentication in database management system. The system assigns a fixed user name and password to each specific user in advance. A lot of data in e-commerce system is open, so it is necessary to authenticate each user who accesses the system to prevent unauthorized users from illegally destroying sensitive and confidential data.
4. Audit scheme
Audit scheme is a security scheme for database management system to monitor all operation processes of related users. The specific method of this security scheme is to store the operations that each user exerts on the database in the audit log record, including user's modification, query and deletion.
This effective mechanism can ensure the information security of the database management system to the greatest extent.
There are two audit methods: user audit and system audit.
When users enable the audit function, all the details of each user's database operation will be recorded in the data dictionary, including user name, operation type and so on. System audit is performed by DBA.
5. Backup scheme
The faults or obstacles of e-commerce database can be divided into the following three categories: system faults, transaction faults and media faults.
When a certain kind of fault occurs, in order to minimize the loss of enterprises, data must be recovered in the shortest time. Therefore, it is necessary to formulate a set of reasonable and economical backup and recovery strategies according to the actual situation of enterprises and the types and characteristics of data.
The so-called database backup and recovery scheme is to restore the database to the backup state with the data stored in the backup medium when the database system fails and it is difficult to recover in a short time.
According to different types of database management systems, there are different backup schemes for data backup.
For example, for SQL Server, there are database backup, transaction log backup, incremental backup and file and filegroup backup.
The database management system of e-commerce information system must establish detailed backup and recovery strategies.
Four. Concluding remarks
For e-commerce companies, the importance of data security is self-evident. In the management of confidential and sensitive data, various security policies must be implemented according to the specific security requirements of the application environment.
Data Security Analysis in E-commerce Paper 2[ Abstract]
Hotel e-commerce can not only bring convenience to customers, but also bring economic benefits and advanced management to hotels. This paper studies the application status, advantages, solutions and problems in the development of hotel e-commerce, and discusses its possible development trend.
[Keywords:]
Hotel; E-commerce; Advantages; Application development
E-commerce is the product of informationization and networking in the 20th century. In recent years, with the development of knowledge economy and the construction of information expressway, e-commerce has developed on the Internet. E-commerce has become the most effective, economical and convenient marketing method for hotels with its unimaginable development speed. Some hotels make daily reservations through online reservation centers such as Ctrip and E-Dragon, and sometimes even exceed the front desk individual. Hotel online sales system is a revolutionary hotel marketing innovation. Its advantages mainly lie in effectively displaying the hotel image and service, establishing a good interactive relationship with customers, effectively managing the sales process, significantly reducing the sales cost and improving the economic benefits and management level.
First, the hotel industry's demand for e-commerce
The application of e-commerce platform in hotel industry depends on the size of market space to determine the market feasibility. According to the statistics of China Tourism Statistics Yearbook (2005), there were 242 five-star hotels, 97 four-star hotels, 39 three-star hotels, and 5,096 two-star hotels in 2004. In 2004, the total operating income was123.867 billion yuan, and the business tax was 765.438+007 billion yuan. In addition, according to the data, the current tourism market in China is about 600 billion yuan. It is expected to maintain sustained growth in the next few years. This market is large enough to attract hotels to promote their business development by establishing a perfect e-commerce system.
With the rapid development of e-commerce market in international tourism and hotel industry, online sales of hotels account for almost one-third of online travel industry. However, due to the security and trust of online payment, there are still few customers who actually pay online at present, and it will take some time to realize online sales. Nevertheless, there are many professional websites selling hotel rooms in China, and many hotels have also entered various domestic tourism business websites and related foreign websites.
Second, the advantages of hotel e-commerce
The development of hotel e-commerce first adds new service products to the hotel industry and meets the new changes in the market. Because tourists, especially business guests, still need Internet services during the journey, the development of e-commerce makes hotels increase the content of guest services and bring convenience to guests.
Hotels can purchase equipment through the internet, easily realize large-scale purchase and enjoy discounts for regular customers. For procurement projects with large amount, priority decision can generally be taken and management control should be done well. The development of e-commerce provides the whole process of services before, during and after sale, including configuration planning, inquiry, reservation, payment and distribution, which can save a lot of manpower, financial resources and material costs for hotels.
Third, the hotel e-commerce construction solutions
1. Overall scheme design review
Hotel e-commerce construction is a systematic project, which not only leads to repeated investment and waste, but also reduces the actual efficiency of the project itself if it does not meet the business needs. Therefore, the hotel e-commerce construction should be tailored to suit the actual situation, and the overall design scheme should be put forward, and the industry management department should form an expert group to demonstrate and review the overall scheme to ensure the feasibility and feasibility of the scheme.
2. Establish industry certification
Some IT companies do not understand the characteristics of the hotel industry, and clearly stipulate in the room broadband contract that the property rights of the network environment do not belong to the hotel. Therefore, the hotel has no right to add any other applications in the network environment. In view of the above problems, IT is necessary to certify those enterprises that specialize in the implementation of hotel e-commerce construction scheme to ensure the professionalism of IT companies engaged in hotel e-commerce construction and avoid detours in hotel e-commerce construction.
3. Establish service standards
For hotels, e-commerce is a tool, a means and a service. The level of service directly affects the economic benefits and competitiveness of hotels. Although there are a large number of senior technical talents in China at present, most of them are engaged in high-paying technical fields, and there is a fault phenomenon in the service industry. This has become a major bottleneck in the development of hotel e-commerce.
Four. Development and prospect of hotel e-commerce
In the future, hotel e-commerce should develop in the direction of strengthening two-way communication with customers, improving information services and increasing added value through personalized services. At present, domestic hotel e-commerce is "transaction-centered", and it is expected that hotel e-commerce will be more perfect and humanized in service in the future.
1. Standardization and normalization of e-commerce
Hotel e-commerce is a new field, and the overall formulation and implementation of hotel e-commerce norms and standards in China is still very weak, which should be the focus of the next stage of development.
The first is standardization, establishing and perfecting the hotel e-commerce standard system, providing guidance and constraints for the implementation and supervision of hotel e-commerce, market behavior of enterprises and consumers, information content and processes, technical products and services, and preventing potential factors that may adversely affect hotel e-commerce activities in advance.
The second is standardization. In foreign countries, specialized organizations (such as OTA) usually formulate a unified data format and interface standard, and hotel e-commerce websites and management information systems are developed according to this standard, so that the possibility of seamless link with hotel information systems can be guaranteed from the beginning. The data of hotel e-commerce in China should be standardized as soon as possible and in line with international standards.
2. Mobile e-commerce will become the mainstream.
Mobile e-commerce combined with intelligent network technology is a truly people-centered e-commerce application. For example, mobile payment-customers can complete the safe payment of funds to enterprises or individuals anytime and anywhere through terminals such as mobile phones. The application of new technology will make the hotel e-commerce function more perfect and its application more popular.
Verb (abbreviation of verb) conclusion
Entering the 2 1 century, e-commerce is full of vitality and develops rapidly. E-commerce has brought amazing changes to the whole market and various industries, and the hotel industry is no exception. The third generation e-commerce model based on wireless Internet is developing vigorously. We urgently hope that e-commerce will play a bridge role in the development of the hotel industry, and hope that e-commerce in hotels will develop healthily and orderly.
References:
[1] Zhang Jun, Dong: Analysis and Prospect of Hotel Computer Information Management System. Coastal Engineering, 2002, (2)
[2] Wu Ning. Tourism e-commerce theory and practice [M]. Beijing: China Tourism Publishing House, 2003.
[3] Wang Zhen Hou Gongxian. Research on the Construction of China Hotel E-commerce System [J]. Hubei Economic News, 2007, (12)
[4] Richie. E-commerce is like a mirror [M]. Beijing: Commercial Press, 2000.