| Electronic Commerce (EC, e-commerce) means a kind of worldwide business through internet or other electronic tools, like telegraph, telephone, radio, TV, faxes, computer and so on. With the continuous development of network technology and information technology, e-commerce activities gradually come into the lives of ordinary people. E-commerce makes business activities more convenient, more transparent and faster, the information becomes more concentrated and the resources get better integrated. Now, the business activities increasingly rely on electronic and network business system.This article firstly introduced the classification of e-commerce systems and the development of all types of e-commerce systems, also with the research status at home and abroad. Secondly, we described the generic security problems of e-commerce systems from the aspects of the personal account information security, payment information security and the state laws and regulations in detail. And then, we combined with the present stage in China’s domestic situation and the domestic current situation of the development of computer industry, and analyzed the domestic e-commerce system security problems from the capital security, information security, cargo security, systems design ideas, technical equipment and technical measures and domestic credit system and so on. Finally, this article designed and implemented an electronic commerce system of B2C mode from the perspective of security, to protect the security of users, consumers, enterprises and guarantee the availability, practicability, applicability and friendliness of the system.With e-commerce system login subsystem piece, this paper provides a unique design idea, from the design of the database, to the fields of database, as well as the design of the detailed secure login subsystem processes, including design of account lockout feature to prevent the account was "violent" crack, design of password retrieve function to solve the problem of forgetting the password of system account, design of restricting IP addresses to prevent the system broken by hackers and criminals attack, SQL injection and other means of attack system, design of account synchronization and designed to address the security of user information.We used the mature information encryption technology when user login and when private information is transmitted, to ensure the security of the account information and other private information. In the payment process, the mature third-party payment interface, such as alipay, micro letter to pay, is introduced to guarantee payment security. In system permissions management, a variety of user roles are designed, and different roles have different permissions, and the configurability of roles and permissions are guaranteed, to ensure the safe and orderly system operation. At the same time, the system recorded the operation log and error log of all users. At last, this article shows the final system design and operation results. |
PDF Full Text Request