| Since 21st century, the development of E-government is an important prerequisite for a country or area to participate in global competition, enhance global competitiveness and grab growth opportunity of economy and society. As one major component of E-government, E-bidding system is an important process of government informazation.Traditional bidding progress always costs lot of human and material resources. Moreover, because of area limitation, bidding information is limited in scope. This limits the choices of tenderers as well as business development of bidders. The openness and extensive coverage of the Internet makes up for the shortage of traditional bidding. E-bidding is a brand new bidding mode which is paperless, high-efficiency, automatic and standardized. However, the open internet brings a lot of unsafe factors at the same time. So we have to take according security technologies to ensure the security of E-bidding system. The main content of this paper are mainly described as follows:Firstly, this paper investigates the structure and process of E-bidding and analyzes the network information security risks of E-bidding system, including identity authentication, information leakage, information destruction, client safety and safety management. Then this paper investigates network information security technologies in E-bidding system which includes cryptography, database security, inside and outside network isolation, information hiding and firewall.Secondly, this paper raises the security goal of wangcang county e-bidding system in Guangyuan city, Sichuan Province. Then this paper designs the security solution of this e-bidding system, including firewall, VPN, IDS (Intrusion Detection System), vulnerability scanning, anti-virus software, data storage and fault tolerant processing. At last this paper implements the application security of this e-bidding system which includes identity authentication, Brute force attack prevention; XSS attack prevention, SQL injection prevention, logging and exception handling, cryptography and authorization. To be detail, this paper use AES cryptographic algorithm and mixed hash function to enhance security. SQL injection prevention includes danger character filter, post authentication, URL encode, exception and error information shield, client side and server side verification, type-safe SQL parameters and parameter data type convention. Logging and exception handling is implemented by Enterprise Library 5.0 and IIS logging is analyzed by an excellent open-source logging software called AWStats. The role based authorization is flexible to control all resources of the system. |
PDF Full Text Request