Lient,server scripting/internet security

This assignment is designed to assess the following intended learning outcomes:
1. Understand and communicate effectively how the Internet works and the technical and other reasons for its development
2. Describe the characteristics of specific application layer protocols used on the Internet
3. Analyse the Internet security issues facing both users and network managers

Your Task:
Igor Rippemoff is a Russian entrepreneur with fewer scruples than either Bernard Madoff or Robert Maxwell. He has made his reputation (and money) through mail order sales of items such as air guitars (see, for example, Axemail 2011), invisible clothes (Andersen, 1837) (special enhanced rates for Emperors, Tsars and other hereditary monarchs with high vanity ratings; pricing structure for commoners dependent on income bracket), and holidays on the moon for your great-great-great-grandchildren.
With the introduction of the Internet to the population of the former Soviet Union, he sees an opportunity to branch out into on-line sales. His company has assembled a collection of products for marketing purposes: the products may (or may not) be available, and may (or may not) match the descriptions attached to them (images are always a?for illustration purposes only; colour and specification may differa?). Rippemoff realises that one attribute of a successful operation of this type is the ability to change, so the list of products will be modified frequently to attract additional customers.

1. Explain why a dynamic website with a server-scripted link to a database would be better than a static website for the Rippemoff Enterprises (RE) on-line catalogue.

Among the products available on the RE website is a range of soft drinks called hydratas. The product actually consists of an empty plastic bottle with a label carrying the instructions a?Just add cold water for a refreshing drink with absolutely no artificial additives or flavouringsa. Hydratas come in a range of sizes, and multipacks of the popular sizes are also available.
Assume that the RE homepage contains a hyperlinked alphabetical list of products, so that hydratas come between a?hybrid teaa and a?hydroelectric powera.

2. When a user clicks on the a?hydratasa link, the browser displays a table showing all the different versions of hydrata (50 ml, 100 ml, 250 ml, and so on up to the giant 5 litre size, plus multipacks) with their prices. Describe the processes that are needed at the client and at the server to achieve this.
(Highly technical details such as the syntax of SQL queries are not needed. Details of message transfer between client and server (TCP/IP, etc.) are not needed.)

A customer decides to send an order to RE for some hoodies he has seen advertised on their website. He sends an e-mail to RE specifying what he would like to order (size, colour, logo, quantity, etc.), and, by way of payment, his credit card details.

3. Explain why it is important that (a) the e-mail is sent securely, and (b) the sender and receiver are properly identified to each other.

4. Explain (a) how the necessary security and authentication could be achieved using PKI, and (b) why this type of e-commerce (sending credit card details by e-mail) is not recommended for either customer or merchant, even using PKI. (Hint: If RE were encouraging customers to pay in this way, what sort of precautions would they have to take to comply with the UK DPA (Data Protection Act)?)

Andersen, H. C. (1837) The Emperoras New Clothes (various versions available)
Axemail (2009) Axe Air a Air Guitar Package online at AxeAir_-_Air_Guitar_Package.html (accessed 21.2.11)