The Security Commerce System Of O2O Poultry Products Based On Zen Cart

Zen Cart is an open-source e-commerce system,which is developed from the mature open-source framework osCommerce in 2003.Because of its free,friendly interface,maturity and its low requirements on the professional knowledge of the installation staff,it is used all over the world.But with the constant development of the technology,and its frame have developed for a long time,many functions have been unable to meet the current security requirements(such as MD5 encryption function).In addition,at that time its consideration is not rigorous enough and other reasons,which greatly reduce the security of the system.So this paper combines the current hot "Internet+" new form and takes the open-source system Zen Cart as framework to develop an 020(Offline to Online)business system by PHP language which is dedicated to sell the local poultry products of Wuping County.What's more,we enhance the security of 020 e-commerce systems according to the following aspects:1?We analyze and test the security of Zen Cart framework,and repair the vulnerabilities found,especially SQL(Structured Query Language)injection or XSS(Cross Site Scripting)attacks.At the same time,the client input parameters will be intercepted and checked to prevent SQL injection and XSS attacks by configuring security policy files in this paper.2?We enhance the session security mechanism of Zen Cart based on the following ways:This paper,which is based on the idea of session protection as proposed by Ben Adida,takes advantage of the HTML5's sessionStorage property to store the shared keys that are used in HMAC-SHA256 encryption.Moreover,the request path,current timestamp,and parameter are encrypted by using HMAC-SHA256 in the client.The client then submits the result to the web server as per request.Finally,the web server recalculates the HMAC-SHA256 value to validate the request by comparing it with the submitted value.In this way,the Zen Cart s open-source system is reinforced.3?We configure the security mechanism of MySQL database,including access control which granted to the user rights by the Least Privilege Rule and some of the conventional configuration.We also configure the security of Web server,including SSL(Secure Sockets Layer)configuration,php.ini configuration and some of the conventional configuration,etc.After that,the system will be deployed in the Linux + Nginx + MySQL + Apache environment to run.And under the same security configuration strategy,we use the popular web security scanning tool IBM Security AppScan to test the security of business systems which includes the developed business system and the security business system after reinforcement.At the same time,we test the performance of the system before and after reinforcement,and then the results will be analyzed and compared.The results show that the system can effectively protect the session security,prevent SQL injection and XSS attacks,and almost does not affect the original performance overhead.Finally,we put the system in Google Chrome,IE,Firefox and other mainstream web browsers for compatibility testing.The results show that the system can be well compatible with all browsers and running smoothly.