| Prev | Next
Menu: Products - Portfolio - Services - Download - Order - Company
 
Topic #6.6.1.4.
WebHub News
   Availability  
   Inside Scoop  
   2.00 Release  
   Security  
   1.50 Release  
   1.27 Upgrade  
   1.00 Release  
   0.89 Release  
   WH 1995-1999  
*

  

Browsing >>Security: Press Release March 25, 1999

HREF Tools Corp.
300 B Street
Santa Rosa CA 95401
http://www.href.com

 

WebHub Paradigm Increases Likelihood of eCommerce Security Compared to Active Server Pages (ASP)

Santa Rosa, CA - ECommerce customers of a New Zealand distributor were shocked to read ComputerWorld News Wire's March 10, 1999 edition, headlining that a design flaw had allowed any of the distributor#s customers to access the invoices of all other customers via the web.

The distributor's site, developed using Microsoft ASP, connected to a back-end accounting records database. Unbeknownst to the distributor, the site had a common security flaw - changing a number on the URL revealed confidential invoices that belonged to other users. Even though the problem is now patched, the negative publicity forced the distributor to withdraw its high profile campaign to market its eCommerce solution.

Unfortunately, security breach nightmares resulting from poor design decisions are not uncommon, and they can ruin a company almost overnight.

WebHub, the high-performance, object-oriented web development framework from HREF Tools Corp., protects businesses from many such security snafus. Its architecture makes it easy to implement security features by giving programmers ideal places to "hook in" code for security checks. Developers can build in security measures at a very low level, so that every point of access to every aspect of the site is controlled.

Ann Lynnworth, CEO of HREF Tools Corp. commented, "It's easy to see how this sort of mistake can be made with ASP - the temptation to put raw data keys, such as account and invoice numbers, into the URL exists because of the direct link to the database. The company made two fundamental errors # firstly, in not obscuring the document key, and secondly, in not validating the invoice ID against the dealer account ID. This could have been done with ASP using scripts or custom objects, but some developers avoid scripts due to the maintenance headaches and avoid objects due to the design difficulties. It's easier with WebHub because WebHub includes a complete component library that, among other things, keeps private data private. "

For information on the full range of WebHub security features, visit http://www.href.com/security.

HREF Tools Corp. (http://www.href.com) is a privately held company, founded in 1995 to bring high-quality, object-oriented web development tools and off-the-shelf web application servers to the Windows NT market.


 
Path:  www.href.com to; Company to; Company News to; WebHub News to; Security

Copyright © 1995-2010 HREF Tools Corp. All Rights Reserved Worldwide.
Running: WebHub-v2.112 on Microsoft-IIS/6.0,
Local Time: Wed, 17 Mar 2010 19:23:38.
Session 1602735973, 4 pages sent to CCBot/1.0 ( http://www.commoncrawl.org/bot.html) at 38.107.191.115;
Time to produce this page: 16msec.