WebSphere Commerce security model

Authentication is the process of verifying that users or applications are who they claim to be. In a WebSphere Commerce system, authentication is required for all users and applications that access the system, except for guest customers.

The user authentication process is configured by default to run under SSL. This ensures that a third party by using network-sniffing programs cannot snoop on the network when a user submits a password. Passwords are never decrypted during the authentication process. It is a common security practice to keep the passwords encrypted during the authentication process. All user passwords have a user-specific salt. They are one-way hashed by using SHA-1 or SHA-256, and encrypted using an encryption key based on the merchant key. The use of one way hashing ensures that user passwords are not decipherable by anyone, including the site or system administrator. The merchant key, which is specified during the installation and configuration of the WebSphere Commerce system, and can be changed as often as necessary to maintain the security of the site.

Encryption of sensitive data in the database, such as credit card data and passwords, by default, is done by using Triple DES. AES 128-bit encryption can also be used. AES is a more recent encryption algorithm, and is widely considered to be the industry standard. It is suggested that customers upgrade their encrypted database data to use AES encryption, by using the MigrateEncryptedInfo utility.

Encrypting session data, such as cookies, uses AES 128-bit encryption.

The WebSphere Commerce system has its own passwords for administration purposes. These passwords must be periodically changed as part of a WebSphere Commerce site-wide security policy.

What is authorization?

Authorization is the process of determining whether a user can run a specific operation on a resource. Authorization is determined from the access control policies that govern WebSphere Commerce resources. In a WebSphere Commerce system, access control is needed in two areas:

  • To protect the WebSphere Commerce Enterprise JavaBeans (EJB beans) from unauthorized access. This process is discussed in Enabling WebSphere Application Server security.
  • To ensure that only authorized parties can run different groups of WebSphere Commerce commands.

What are access control policies?

Assuming that you finish defining the organizations and users that participate in your e-commerce site, you can now manage their activities through a set of policies. This set of policies is a process referred to as "access control".

An access control policy is a rule that describes which group of users is authorized to run particular activities on your site. These activities can range from registration, to updating the product catalog, and granting approvals on orders, and any of the hundreds of other activities that are required to operate and maintain an e-commerce site.

The policies are what grants users access to your site. Unless they are authorized to perform their responsibilities through one or more access control policies, users have no access to any of your sites functions.

The authorization model for WebSphere Commerce is based on the enforcement of access control policies. Access control policies are enforced by the access control Policy Manager. In general, when a user attempts to access a protectable resource, the access control policy manager first determines what access control policies are applicable for that user. Then, based on the applicable access control policies, it determines whether the user is allowed to run the requested operation on the resource.

What is an audit trail?

In computing, an audit trail is used to refer to electronic or paper logs that are used to track computer activity. For example, an employee might have access to a portion of a corporate network, such as accounts receivable. Even though the employee has access to account receivable, the employee might not be authorized to access other portions of the system, such as payroll. If that employee attempts to access an unauthorized section by typing in passwords, this improper activity is recorded in the audit trail.

In e-commerce systems, audit trails are used to record customer activity. An audit trail records a customer's initial contact with the system and subsequent actions such as payment and delivery of the product or service. Companies can use the audit trail to respond to any inquiries or complaints. It can also use the audit trail to reconcile accounts, to provide analysis and historical information for plans and budgeting, and to provide a record of sales in a tax audit.

Audit trails can also be used to investigate computer crimes over cyberspace and the internet. To expose an individual conducting malicious attacks on a system, investigators can follow the audit trail that is left by the perpetrator. Sometimes the perpetrators of cyber crimes unknowingly leave behind audit trails in activity logs with their internet service providers or perhaps through chat room logs.

What is confidentiality?

Confidentiality is the process of protecting sensitive information from being deciphered by unintended recipients. In the WebSphere Commerce system, confidentiality is required when sensitive information flows from the user's browser to the WebSphere Commerce Server, and back from the WebSphere Commerce Server to the user's browser. Using Secure Sockets Layer (SSL) provides confidentiality for this scenario.

Confidentiality is also a strong requirement in the area of session management. Because the Hypertext Transfer Protocol (HTTP) protocol is state less, a cookie is commonly used to continuously identify the user to the WebSphere Commerce Server. If this cookie is stolen, then the user account can be compromised, and is commonly known as "session hijacking". WebSphere Commerce prevents session hijacking by using unique features of the cookie specifications as discussed in Session management.