Research And Implementation Of Online Shopping Management System And Its Security Based On Struts And Hibernate Framework

With the rapid development of the information society, more and more businessmodels combine with Internet. The rapid development of e-commerce has graduallybecome one of the main commercial activities. E-commerce breaks through theconstraints of time and space of the original business model. And it greatly enhancesthe efficiency of the circulation of goods and capital. It also has the advantage of lowtransaction costs and high transaction efficiency. Therefore, whether individuals orcompanies want to build e-commerce platform to expand their commercial scale, butmany companies can t bear the cost of E-commerce website development andmaintenance. In addition its safety has been a serious issue in the development of theE-commerce website.In this paper, we research and practice e-commerce website developmentefficiency and security issues with online shopping management system as thebackground. First of all, in the aspects of development and maintenance, the paperanalyses the technology, architecture and features of Struts framework and Hibernateframework. And then use Java Web technology to combine Struts framework andHibernate frameworks in architecture building and development of site. Thus thesystem has clear code level and organization with good reusability, scalability, andimproves the website development and maintenance efficiency.In order to strengthen the security of the system, the paper research andimplement SQL injection protection and one-time password technology. In the aspectof SQL injection attack prevention, the system specifically use double protectionmode by studying principle and attack techniques of SQL injection: one layer filtersthe sensitive character and blocks malicious request further access; another layer usesparameterized queries to prevent occurrence of injection vulnerability in code layer.And the system has database permissions and other measures to maximize the defensecapabilities of SQL injection attacks. In authentication, by combining theimplementation of the system itself, the system use challenge-response mechanism tomake the system able to resist eavesdropping and replay attacks. It does not increasethe complexity of user’s use and the realization of the mechanism is completelytransparent for users.At last, the paper summarizes the whole work and prospects. The websitearchitecture and security methods in this article can be used in other websitesdevelopment, it has good practical value.