HREF Tools Corp.
WebHub Paradigm Increases Likelihood of eCommerce Security Compared to Active Server Pages (ASP)
Santa Rosa, CA - ECommerce customers of a New Zealand distributor were shocked to read ComputerWorld News Wire's March 10, 1999 edition, headlining that a design flaw had allowed any of the distributor#s customers to access the invoices of all other customers via the web.
The distributor's site, developed using Microsoft ASP, connected to a back-end accounting records database. Unbeknownst to the distributor, the site had a common security flaw - changing a number on the URL revealed confidential invoices that belonged to other users. Even though the problem is now patched, the negative publicity forced the distributor to withdraw its high profile campaign to market its eCommerce solution.
Unfortunately, security breach nightmares resulting from poor design decisions are not uncommon, and they can ruin a company almost overnight.
WebHub, the high-performance, object-oriented web development framework from HREF Tools Corp., protects businesses from many such security snafus. Its architecture makes it easy to implement security features by giving programmers ideal places to "hook in" code for security checks. Developers can build in security measures at a very low level, so that every point of access to every aspect of the site is controlled.
Ann Lynnworth, CEO of HREF Tools Corp. commented, "It's easy to see how this sort of mistake can be made with ASP - the temptation to put raw data keys, such as account and invoice numbers, into the URL exists because of the direct link to the database. The company made two fundamental errors # firstly, in not obscuring the document key, and secondly, in not validating the invoice ID against the dealer account ID. This could have been done with ASP using scripts or custom objects, but some developers avoid scripts due to the maintenance headaches and avoid objects due to the design difficulties. It's easier with WebHub because WebHub includes a complete component library that, among other things, keeps private data private. "
For information on the full range of WebHub security features, visit www.href.com/security.
HREF Tools Corp. (www.href.com) is a privately held company, founded in 1995 to bring high-quality, object-oriented web development tools and off-the-shelf web application servers to the Windows NT market.
