E commerce

The buying and selling of products and services by businesses and consumers through an
electronic medium,
ADVANTAGES AND DISADVANTAGES OF ECOMMERCE
The invention of faster internet connectivity and powerful online tools has resulted in a new
commerce arena Ecommerce. Ecommerce offered many advantages to companies and customers
but it also caused many problems.
ADVANTAGES OF ECOMMERCE

Faster buying/selling procedure, as well as easy to find products.

Buying/selling 24/7.
More reach to customers, there is no theoretical geographic limitations.

Low operational costs and better quality of services.

No need of physical company set-ups.

Easy to start and manage a business.

Customers can easily select products from different providers without moving around
physically.

DISADVANTAGES OF ECOMMERCE

Any one, good or bad, can easily start a business. And there are many bad sites which eat
up customers money.
There is no guarantee of product quality.
Mechanical failures can cause unpredictable effects on the total processes.

As there is minimum chance of direct customer to company interactions, customer loyalty is

always on a check.
There are many hackers who look for opportunities, and thus an ecommerce site, service,

payment gateways, all are always prone to attack.

Types of ecommerce

B2B (Business-to-Business)
Companies doing business with each other such as manufacturers selling to
distributors and wholesalers selling to retailers. Pricing is based on quantity of order
and is often negotiable.

B2C (Business-to-Consumer)
Businesses selling to the general public typically through catalogs utilizing shopping
cart software. By dollar volume, B2B takes the prize, however B2C is really what the
average Joe has in mind with regards to ecommerce as a whole.
Having a hard time finding a book? Need to purchase a custom, high-end computer

system? How about a first class, all-inclusive trip to a tropical island? With the advent
ecommerce, all three things can be purchased literally in minutes without human
interaction. Oh how far we've come!

C2B (Consumer-to-Business)
A consumer posts his project with a set budget online and within hours companies
review the consumer's requirements and bid on the project. The consumer reviews
the bids and selects the company that will complete the project. Enlace empowers
consumers around the world by providing the meeting ground and platform for such
transactions.

C2C (Consumer-to-Consumer)
There are many sites offering free classifieds, auctions, and forums where individuals
can buy and sell thanks to online payment systems like PayPal where people can
send and receive money online with ease. eBay's auction service is a great example
of where person-to-person transactions take place every day since 1995.

Client-side and Server-side Scripting

Client-side Environment
The client-side environment used to run scripts is usually a browser. The processing takes
place on the end users computer. The source code is transferred from the web server to the
users computer over the internet and run directly in the browser.
The scripting language needs to be enabled on the client computer. Sometimes if a user is
conscious of security risks they may switch the scripting facility off. When this is the case
a message usually pops up to alert the user when script is attempting to run.
Server-side Environment
The server-side environment that runs a scripting language is a web server. A user's
request is fulfilled by running a script directly on the web server to generate dynamic HTML
pages. This HTML is then sent to the client browser. It is usually used to provide interactive
web sites that interface to databases or other data stores on the server.
This is different from client-side scripting where scripts are run by the viewing web browser,
usually in JavaScript. The primary advantage to server-side scripting is the ability to highly
customize the response based on the user's requirements, access rights, or queries into
data stores.

Cyber Law of India:

cybercrime is unlawful acts wherein the computer is either a tool or a target or both

Cybercrimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery,
defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers
has also given birth to a gamut of new age crimes that are addressed by the Information Technology
Act, 2000.
We can categorize Cybercrimes in two ways
The Computer as a Target:-using a computer to attack other computers.
E.g. Hacking, Virus/Worm attacks, DOS attack etc.
The computer as a weapon:-using a computer to commit real world crimes.
E.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
Cyber Crime regulated by Cyber Laws or Internet Laws.
Technical Aspects
Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse
of information technologies such as
a. Unauthorized access & Hacking:Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function
resources of a computer, computer system or computer network.
Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner
or the person in charge of a computer, computer system or computer network.
Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use readymade computer programs to attack the target computer. They possess the desire to destruct and they get the kick
out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card
information, transferring money from various bank accounts to their own account followed by withdrawal of
money.
By hacking web server taking control on another persons website called as web hijacking
b. Trojan Attack:The program that act like something useful but do the things that are quiet damping. The programs of this kind are
called as Trojans.
The name Trojan horse is popular.
Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its
machine, the attacker will then use the Client to connect to the Server and start using the trojan.

TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP
protocol as well.
c. Virus and Worm attack:A program that has capability to infect other programs and make copies of itself and spread into other programs is
called virus.
Programs that multiply like viruses but spread from computer to computer are called as worms.
d. E-mail & IRC related crimes:1. Email spoofing
Email spoofing refers to email that appears to have been originated from one source when it was actually sent
from another source. Please Read
2. Email Spamming
Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter.
3 Sending malicious codes through email
E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which
on visiting downloads malicious code.
4. Email bombing
E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular
address.
5. Sending threatening emails
6. Defamatory emails
7. Email frauds
8. IRC related
Three main ways to attack IRC are: "verbal8218;?#8220; attacks, clone attacks, and flood attacks.
e. Denial of Service attacks:Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby
denying access of service to authorized users.
Examples include
Attempts to "flood" a network, thereby preventing legitimate network traffic
Attempts to disrupt connections between two machines, thereby preventing access to a service

Attempts to prevent a particular individual from accessing a service

Attempts to disrupt service to a specific system or person.

What is EDI (Electronic Data Interchange)?

What is EDI? Electronic Data Interchange (EDI) is
the computer-to-computer exchange of business
documents in a standard electronic format between business
partners.
By moving from a paper-based exchange of business document to one that is electronic, businesses
enjoy major benefits such as reduced cost, increased processing speed, reduced errors and
improved relationships with business partners.

Computer-to-computer EDI replaces postal mail, fax and email. While email is
also an electronic approach, the documents exchanged via email must still be
handled by people rather than computers. Having people involved slows down the
processing of the documents and also introduces errors. Instead, EDI documents
can flow straight through to the appropriate application on the receivers computer
(e.g., the Order Management System) and processing can begin immediately.

A typical manual process looks like this, with lots of paper and people involvement:

The EDI process looks like this no paper, no people involved:

Business documents These are any of the documents that are typically
exchanged between businesses. The most common documents exchanged via EDI
are purchase orders, invoices and advance ship notices. But there are many, many
others such as bill of lading, customs documents, inventory documents, shipping
status documents and payment documents.

Standard format Because EDI documents must be processed by computers

rather than humans, a standard format must be used so that the computer will be
able to read and understand the documents. A standard format describes what
each piece of information is and in what format (e.g., integer, decimal, mmddyy).
Without a standard format, each company would send documents using its
company-specific format and, much as an English-speaking person probably doesnt
understand Japanese, the receivers computer system doesnt understand the
company-specific format of the senders format.

There are several EDI standards in use today, including ANSI, EDIFACT, TRADACOMS and ebXML.
And, for each standard there are many different versions, e.g., ANSI 5010 or EDIFACT version D12,
Release A. When two businesses decide to exchange EDI documents, they must agree on the
specific EDI standard and version.
Businesses typically use an EDI translator either as in-house software or via an EDI service
provider to translate the EDI format so the data can be used by their internal applications and thus
enable straight through processing of documents.

Business partners The exchange of EDI documents is typically between two

different companies, referred to as business partners or trading partners. For
example, Company A may buy goods from Company B. Company A sends orders to
Company B. Company A and Company B are business partners.

Maintaining state between Client and Server

HTTP is a stateless protocol. Once the server serves any request from the user, it cleans
up all the resources used to serve that request. These resources include the objects
created during that request, the memory allocated during that request, etc. For a guy
coming from a background of Windows application development, this could come as a
big surprise because there is no way he could rely on objects and member variables
alone to keep track of the current state of the application.
If we have to track the users' information between page visits and even on multiple
visits of the same page, then we need to use the State management techniques
provided by ASP.NET. State management is the process by which ASP.NET let the
developers maintain state and page information over multiple request for the same or
different pages.

Types of State Management

There are mainly two types of state management that ASP.NET provides:
1.
2.

Client side state management

Server side state management
When we use client side state management, the state related information will be stored
on client side. This information will travel back and forth with every request and
response. This can be visualized as:

Note: Image taken from Microsoft press' Book.

The major benefit of having this kind of state management is that we relieve the server
from the burden of keeping the state related information, it saves a lot of server
memory. The downside of client side state management is that it takes more bandwidth
as considerable amount of data is traveling back and forth. But there is one more
problem which is bigger than the bandwidth usage problem. The client side state
management makes the information travel back and forth and hence this information
can be intercepted by anyone in between. So there is no way we can store the sensitive
information like passwords, credit card number and payable amount on client side, we
need server side state management for such things.

Server side state management, in contrast to client side, keeps all the information in
user memory. The downside of this is more memory usage on server and the benefit is
that users' confidential and sensitive information is secure.

Note: Image taken from Microsoft press' Book.

We cannot say that we will use any one type of state management in our application.
We will have to find a mix of client side and server side state management depending
on the type and size of information. Now let us look at what are the different ways we
can manage state on client side and server side.

Client side state management techniques

View State
Control State
Hidden fields
Cookies
Query Strings
Server side state management techniques
Application State
Session State
ASP object model

The interaction between Web clients and servers is complex, with many messages
passed between the two.
However, most of the time we only need to work with one part of this complex
interaction, for example a cookie sent by a user's browser to our Web server.
One of the goals of ASP, and object-oriented programming in general, is to hide
unneeded complexity from the developer.
The designers of ASP have built a model of this complex interaction in the ASP object
model. As we work with ASP, we will do so through the five "built-in" objects of ASP:
1.Application,
2.Request,
3.Response,
4.Server, and

5.Session.