Professional Documents
Culture Documents
AIOU-Ass1 5576 Autumn2014
AIOU-Ass1 5576 Autumn2014
ASSIGNMENT No. 1
by
Assignment #1
Code 5576
Q.1 What is E-Commerce? Discuss its role in business in Pakistan. Describe and discuss
the framework for E-Commerce and its major components.
E-COMMERCE
Commonly people use the terms e-commerce and e-business interchangeably. Mostly
the term E-commerce is referred to the online shopping (on internet), and sometimes
people use the term e-business while they are talking about e-commerce activities.
However, e-commerce
E-Commerce is technique to use electronic means of communication to generate
economic values / activities including management, facilitation and execution of
business and in trade.
Electronic communication is used as the medium through which economic values are
designed, produced, advertise, catalogued, inventoried, purchase and settlement of
accounts for business. E-commerce is dependent upon the technology
Hardware
Software
Benefits of E-commerce
E-commerce enables and facilitates
Implementation of E-commerce
Telecommunication technology plays fundamental and vital role in all aspects of ecommerce. E-commerce implements through the following infrastructures.
Development of internet
Via wire
E Commerce
Page 1 of 22
Assignment #1
Code 5576
Cell phones
Televisions
Radio
Search Engines
E-commerce services:
Modern telecommunications allow services delivered globally. Areas where services
have global competition are:
Accounting
Entertainment deliverance
Banking Sector
A well-developed financial service/ banking sector is essential for the growth of ecommerce. Solutions for the two fundamental issues affecting e-commerce will
determine its worldwide growth:
E Commerce
Page 2 of 22
Assignment #1
Code 5576
Credit Cards
Debit Cards
The use of credit and debit cards to make payment over the internet has raised security
concerns.
The need for security has led to new e-commerce services such as secure payment
services i.e. pay, Pal etc, which make use of encryption and other security features.
ROLE OF E-COMMERCE IN PAKISTAN
When the government started an information technology and e-commerce initiative in
early 2000, the banks were expected to lead the way into e-commerce. Although, the
banking sector is the leading spender on information communications technology, the
most progress in e-commerce has been in e-government. Almost all branches of
commercial banks in urban areas are now computerized. Many banks offer online funds
transfers from overseas and within country, buying mobile phone and internet cards
through your online wallet and other small scale online transactions. Almost all banks
now offer mobile-phone banking, where customers can pay utility bills using their mobile
phones. Further, money can be transferred to any city within minutes now. This is all the
progression of Ecommerce in Pakistan.
From local shops to online buying of books, laptops, gadgets, cars, and now clothing,
grocery, and other daily use items, Pakistan has undergone a considerable
development in Ecommerce industry. Pakwheels.com, Beliscity.com, Shophive.com,
and now Groupin.pk are serving users with what actually need. Although the
progression of ecommerce cannot be compared to that of developed countries or even
Indian e-commerce, there has been a significant development in terms of number of
online shops and transactions. The development is on quite slower pace like Internet
merchant accounts were permitted by the State Bank of Pakistan in February 2001 but
due to inadequate infrastructure and security concerns only Citibank offered these
accounts in 2006. These merchant accounts are used by airlines and chain of hotels
and a very few medium scale businesses.
Pakistan is still an under developing country and is in a process of making its way
towards the world of technology. The internet is prevailing like dark cloud on Pakistan
and it will hit the Pakistan economy positively in the near future. People are getting
aware of the importance of business on the internet rapidly and this will prove good in
E Commerce
Page 3 of 22
Assignment #1
Code 5576
the favor of Pakistan. Banks are playing an important role in increasing the awareness
of e-Commerce in Pakistan, like introducing Debit Cards for internet usage, recharging
cell phone and paying bills directly from bank account while sitting at home and so on.
But what Pakistan need at the moment is sped up growth in the sector.
There is good scope of e-commerce in Pakistan not only for buyers and sellers, but too
many employment opportunities are there in web business which can stimulate the
economic growth of the country. A strong surveillance from Government on Cyber
Crime can make the environment much better and fruitful. Besides that we need social
entrepreneurs to bring a change in status quo.
FRAMEWORK & MAJOR COMPONENTS
A framework can be defined as a structure for supporting or attaching something else,
particularly a support that is used as the foundation for something being created.
Hence, an e-commerce framework comprises the set of infrastructure required for
carrying out the e-commerce business. This set of infrastructure typically includes the
network requirements and the different software applications that are for e-commerce.
The e-commerce vision summarized above assumes a series of essential infrastructure
services and values steady with a broad architectural framework. This framework must
allow flexibility,
interoperability and
directness
necessary for
the
successful
Features.
Requirements.
Luxuries.
Features are those elements of the framework that make it more prominent and clear
from other offerings.
E Commerce
Page 4 of 22
Assignment #1
Code 5576
Requirements are the basic requirements of the framework that allow it to do its work.
If one among these is lost, then it becomes difficult to use a particular framework, even
with the presence of any other features.
Luxuries are the components whose presence is not so important, but they are
required to make the case for a framework that comes at a bonus price. The luxury
components add something extra to the system to make it worthy of the premium price.
The three important factors to look for in any e-commerce framework are:
Template management.
The framework should be adaptable in order to be able to cope with future evolution of
the site and market. At the same time, it should be able to support the existing business
and make it as easy as possible.
COMPONENTS OF E-COMMERCE FRAMEWORK
The important components of this framework are:
1. Network Infrastructure
2. Multimedia Contents And Network Publishing
3. Messaging And Information Distribution Infrastructure
4. Common Business Services Infrastructure
5. Public Policy And Technical Standards
1. Network Infrastructure
Network Infrastructure, called as INFORMATION SUPERHIGHWAY, is the path
through which actual information flows and moves between sender and receiver.
Information Superhighway consists of:
Cable TV systems that provide coaxial cables and direct broadcast satellite
networks.
Computer networks include private networks and public data networks like the
Internet.
All these modes of communication are interconnected. They are connected with
routers, switches, bridges, gateways etc which are devices to connect similar and
different network. All the information flow on these lines and through these devices
and reach the desired destinations.
E Commerce
Page 5 of 22
Assignment #1
Code 5576
E Commerce
Page 6 of 22
Assignment #1
Code 5576
Q.2 Compare the two and three tier Web Client server architectures, and indicate
the role of each tier in each architecture. Which architecture is the most likely
candidate for an electronic commerce site.
TWO TIER WEB CLIENT SERVER ARCHITECTURE
The term TIER refers to the relationship between the logical division of the application
components, i.e. presentation, application logic and data management, and the physical
architecture in which these components are divided.
Two-tier client server architecture uses only two sets of computers, one set of clients
and one set of servers. The two-tier architecture is like client server application. The
direct communication takes place between client and server. There is no intermediate
between client and server. The two-tier client server architecture delivers the
presentation component on the client and the database management on the server.
The figure shows the architecture of two-tier. Here the communication is one to one. Let
us see the concept of two tier with real time application. For example now we have a
need to save the employee details in database. The two tiers of two-tier architecture is
1. Client Application (Client tier)
2. Database (Data tier)
E Commerce
Page 7 of 22
Assignment #1
Code 5576
Disadvantages:
Fast communication
E Commerce
Page 8 of 22
Assignment #1
Code 5576
CONCLUSION
Three-Tier web server architecture is most appropriate for electronic commerce, as it
provides fast communication, better performance and also provides the business
processes logic and the data access.
E Commerce
Page 9 of 22
Assignment #1
Code 5576
Q.3
Why are programs such as CGI scripts and java programmes that run on client
machines or on a web server considered security threats? Explain how programs
could breach security. Do Java script programs pose an equally serious security
risk?
CGI SCRIPTS
Common Gateway Interface (CGI) is a bit of software that translates what has
happened in one piece of software, into something that a different piece of software can
understand. In other words, CGI is a method for creating programmes that allow
external applications to interface with web servers in a standard way.
They may intentionally or unintentionally leak information about the host system
that will help hackers break in.
2.
Scripts that process remote user input, such as the contents of a form or a
"searchable index" command, may be vulnerable to attacks in which the remote
user tricks them into executing commands.
CGI scripts are potential security holes even though you run your server as "nobody". A
subverted CGI script running as "nobody" still has enough privileges to mail out the
system password file, examine the network information maps, or launch a log-in session
on a high numbered port (it just needs to execute a few commands in Perl to
accomplish this). Even if your server runs in a chroot directory, a buggy CGI script can
leak sufficient system information to compromise the host.
There are two ways in which CGI script vulnerabilities tend to manifest. The first is by
leaking system information that should be kept confidential, and the second by allowing
remote users to execute inappropriate commands.
The first case is less immediately dangerous, but harder to protect against. Practically
any piece of system information can be useful to a sufficiently wily attacker, and many
useful functions require the system to provide some data about itself. Some kinds of
E Commerce
Page 10 of 22
Assignment #1
Code 5576
information that should not be disclosed without excellent justification include physical
paths to users' home directories, such as is returned by the finger daemon, information
about what programs users are running, such as is given by the w command, and
information on which daemons are running on the system, such as is returned by ps.
The second case represents a much more direct threat to the integrity of the system.
CGI scripts will generally be executed with the privilege of the web server; so if that
server is properly set up as an unprivileged user then damage will usually be
constrained to those parts of the system to which the server has access. Common
effects of such vulnerabilities include defacement of the web site and denial of web
service.
Finally, it is important to note that all of the general programming security concerns
apply to CGI programs like they do to any others.
JAVA PROGRAMMES
Java is a programming language and computing platform first released by Sun
Microsystems in 1995. Java is a software platform that is owned and supported by
Oracle. The Java platform consists of the Java Virtual Machine (JVM), which is installed
on the host computer, and user applications that are written using the Java
programming language.
The JVM is powerful, flexible and easily deployed to a wide range of devices. The JVM
software runs like any other program on the host. The JVM provides a bridge between
Java applications and the host computer.
Java can be used to create complete applications that may run on a single computer or
be distributed among servers and clients in a network.
Java applications are used widely to perform necessary business functions. Like most
available software, there have been security vulnerabilities found in Java. Combined
with its popularity, Java is particularly attractive to cyber adversaries seeking
unauthorized access into corporate networks.
SECURITY ISSUES
Java is heavily scrutinized by the IT community for new security flaws because it is
widely used and has a history of exploitable security vulnerabilities. The two categories
of Java intrusion are:
exploits that target security vulnerabilities in the JVM, via drive-by browser
exploitation
E Commerce
Page 11 of 22
Assignment #1
Code 5576
malicious Java applications that run outside the sandbox as privileged applications,
which may be found on websites or as email attachments.
Once an adversary executes malicious code using either method, the compromised
system could be used to conduct activities such as stealing valuable information or
gaining access to other computers on the network.
Exploitation of the JVM is mostly associated with browsing to a malicious or
compromised website, but can also occur when opening an email or attachment. This
type of exploitation allows an adversary to run malicious non-Java code outside of the
JVM that compromises the native system. The adversary will gain the same level of
access as the user, or possibly even higher.
Java exploits are valued because they can grant access to a system without the
knowledge or authorization of the user.
Exploits targeting those vulnerabilities that have not been publically disclosed are
known as zero-day attacks. Once the vulnerability is publicly known, it is no longer
considered to be a zero-day.
Security vulnerabilities are exploitable up until the time that the patch has been applied.
This is a highly attractive window of opportunity for adversaries. In the time between a
patch becoming available and being applied, both the number and quality of exploits will
increase. For those agencies that are unable to patch quickly (usually for support of
legacy applications), known vulnerabilities remain exploitable.
Malicious Java applications
Malicious Java applets are presented as trustworthy or legitimate. Adversaries may try
to use targeted emails, known as spear phishing, to deliver a malicious website link or
email attachment that is relevant or interesting to the user. This type of social
engineering can entice a user to unknowingly permit the malicious application to run
with high privileges.
Malicious Java applets will request permission from the user with a pop-up dialogue
box. If the user trusts that the applet is safe and accepts the certificate, the malicious
applet can run in privileged mode. Once running with privilege, an adversary can access
parts of the system that were previously protected by the sandbox, such as files and
network connections.
E Commerce
Page 12 of 22
Assignment #1
Code 5576
By default, Java applets running in the browser that request privileged mode will
request permission with a pop-up dialogue box. This setting can be changed in the
Java security control panel. Changing this setting to be more permissive will leave
computers at greater risk, and should not be done.
If the user declines the certificate, a Java applet can still run in sandbox mode. A
sandboxed application can still gather information that may be useful to the
adversary, but will not have as much freedom to cause harm as a privileged
application.
Java applications are run inside the JVM, and not the native operating system. Most
application whitelisting implementations cannot control Java applications. Generally, the
JVM is allowed to run, but there is no discrete control of Java applications that are run
by the JVM, even those that are known to be good.
E Commerce
Page 13 of 22
Assignment #1
Code 5576
Q.4(a) Discuss some of the interactive web technologies that enable the interactive
functions of internet, which is essential for E-Commerce websites.
INTERACTIVE WEB TECHNOLOGIES
In computer science, interactive refers to software which accepts and responds to input
from humans. Initially the only way to interact with the web servers was to click on the
hyperlinks to surf between the documents. On the other hand, e-commerce needs much
more than this. For example, buying online an item from website like E-bay requires to
input personal data and the item required. Now, E-bay has to store some of the
personal information after processing, for future use. Then it has to process the order to
ensure delivery of correct item(s). Moreover, the displayed information has to be
updated in case of any change in prices, stock and / or specifications. To carry out all
these tasks, E-bay requires some application(s) / software(s) that can access the
dynamic data stored on external resources. These applications / software enabled the
web servers to be more interactive client / server medium.
Web page authors can integrate Java Script coding to create interactive web pages.
Sliders, date pickers, drag and dropping are just some of the many enhancements that
can be provided. There are variety of technologies that create various kinds of
interactivities, some of them are given below:
Interactive Forms
Java
1. INTERACTIVE FORMS
An interactive form is a data-gathering window containing multiple questions that
interactively change based on user input. In other words, a user's response to one
question may cause one or more additional questions to be added to the window.
Forms are HTML (Hyper Text Markup Language) features that allow embedding
document features like buttons, check-boxes, selection lists, text-entry fields and
radio boxes that gather information from the users for a server application. Forms
can be used for almost every type of web transaction including surveys, data entry,
database queries, placing and tracking orders etc.
HTML defines tags for creating interface elements that can be placed within a form,
to interact with a user. There are three types of interface elements:
E Commerce
Page 14 of 22
Assignment #1
Code 5576
Select Fields provide to create a dropdown list, from which a user can choose
one or more item.
Open Standard some form of CGI has been implemented on virtually every
type of web server
Process isolation these applications run in separate processes, therefore bugridden applications cannot crash the web server or access the servers private
internal state
Disadvantages of CGI
Transient CGI programs are only active in the server while they are executing
a single request from a single client
3. JAVA
JavaScript is the programming language that runs in the browser, which is used to
build advanced user interactive Web sites and applications.
Java is a programming language and computing platform first released by Sun
Microsystems in 1995. Java is a software platform that is owned and supported by
Oracle. The Java platform consists of the Java Virtual Machine (JVM), which is installed
E Commerce
Page 15 of 22
Assignment #1
Code 5576
on the host computer, and user applications that are written using the Java
programming language.
The JVM is powerful, flexible and easily deployed to a wide range of devices. The JVM
software runs like any other program on the host. The JVM provides a bridge between
Java applications and the host computer.
Java can be used to create complete applications that may run on a single computer or
be distributed among servers and clients in a network.
Java applications are used widely to perform necessary business functions. Like most
available software, there have been security vulnerabilities found in Java. Combined
with its popularity, Java is particularly attractive to cyber adversaries seeking
unauthorized access into corporate networks.
E Commerce
Page 16 of 22
Assignment #1
Code 5576
Q.4(b) The commercial viability of e-mail model has been questioned in its current
implementation and in the current state-of-the-art market and many malls have
even gone out of business. Discuss possible reasons leading to the downfall of
the e-mall model.
E-MALL (ELECTRONIC MALL)
An electronic mall, also known as a cybermall or e-mall, is a collection of individual
shops under one Internet address. The basic idea of an electronic mall is the same as
that of a regular shopping mallto provide a one-stop shopping place that offers many
products and services. Representative cybermalls are Downtown Anywhere
(da.awa.com),
Hand Crafters
Mall (rocksworld.com),
Americas Choice
Mall
E Commerce
Page 17 of 22
Assignment #1
Code 5576
Order fulfillment - E-tailers face a difficult problem of shipping very small quantities
to a large number of buyers. This can be expensive, especially when returned items
need to be handled.
Viability of online e-tailers - Most of the purely online e-tailers (excluding service
industries) were unable to survive and folded in 20002002. Companies had
problems Section 9.2 Business-To-Consumer Applications 279with customer
acquisition, order fulfillment, and forecasting demand. Online competition, especially
in commodity-type products such as CDs, toys, books, or groceries, became very
fierce, due to the ease of entry to the marketplace.
Incorrect revenue models - Many dot-com companies were selling at or below cost
with the objective of attracting many customers as well as advertisers to their sites.
The idea was to generate enough revenue from advertising. This model did not
work. Too many dot-com companies were competing on too few advertising dollars,
which went mainly to a small number of well-known sites such as AOL and Yahoo!.
E Commerce
Page 18 of 22
Assignment #1
Code 5576
Q.5 What are the pitfalls of the pure-play mode of B2C e-commerce? Discuss how
B2C e-commerce strategy can be repositioned to combine the strength of both
physical and virtual business channels in the click and mortar mode of
operations.
PURE-PLAY MODE OF B2C E-COMMERCE
In e-business terms, a pure play is an organization that originated and does business
purely through the Internet; they have no physical store (brick and mortar) where
customers can shop. Examples of large pure play companies include Amazon.com (in
its initial business when it was only involved in retail products) and Netflix.com (in
content). With a much lower barrier to entry, the Internet affords smaller companies the
ability to compete with much larger brands due to typically lower overhead and
marketing costs.
Security concerns,
After-sales support,
Pure plays usually dont have the advantage of established brand names, customer
bases and inventory system; they have to start from ground zero, and must devote their
resources and time to building a brand name and customer base.
Pure plays are occasionally beset with costly email viruses, and must be evervigilant
against spammers. Security and technical problems sometimes have to be dealt with;
E Commerce
Page 19 of 22
Assignment #1
Code 5576
they must retrain for the Internet sales format, must learn how to use an email dialogue
with customers, starting slowly and, because customer trust of the pure play retailer is
often lacking, they must gradually build the customers trust.
Some retailers consider the Internet technology to be too expensive, too difficult to use,
of little value, or intrusive. Many consumers believe that ads and cookies invade their
privacy. Many consumers hesitate to shop from a pure play retailer because they
cannot try or feel an item before purchasing nor, in the case of clothing, try it on. Many
find it inconvenient to return purchased goods if they are not satisfactory and large
percentage are not comfortable using a credit card online and disclosing their personal
information. Customer service is often lacking, as well as proper delivery of goods.
Marketing
Pure-play companies have to invest more money, time and effort in marketing than
a hybrid businesses. Businesses that have a physical presence, particularly on a
national or international scale, are already known to potential customers, whereas
Internet business have to advertise their presence more aggressively. According to
CRM magazine, the average Pure-play company spends $82 dollars to acquire a
new customer, whereas a traditional retailer spends $12 dollars.
Perception
Business that combine a presence on the street with online retailing may inspire
more customer confidence than those that only operate online, according to the
Internet Marketing Center. Customers believe that a business is less likely to vanish
overnight if it has a customer presence, the website explains. However, online
businesses that have built up an excellent reputation for customer service and
E Commerce
Page 20 of 22
Assignment #1
Code 5576
respond to telephone calls and emails quickly and professionally also inspire
customer confidence.
E Commerce
Page 21 of 22
Assignment #1
Code 5576
REFERENCES
http://en.wikipedia.org/wiki/Pure_play
http://www.programmingsimplified.com/java-source-codes
http://searchsoa.techtarget.com/definition/Java
http://krebsonsecurity.com/tag/java/
http://www.zdnet.com/article/how-big-a-security-risk-is-java-can-you-really-quitusing-it/
http://en.wikipedia.org/wiki/Web_2.0#Technologies
http://seclab.cs.ucdavis.edu/projects/testing/papers/cgi.html
http://www.w3.org/Security/Faq/wwwsf4.html
http://www.slideshare.net/abidi512/e-commerce-12919436
http://blog.digitalstruct.com/2007/08/02/e-commerce-framework-part-2/
http://happening.pk/meetup/e-commerce-and-its-role-in-fostering-economicdevelopment-in-pakistan/
E Commerce
Page 22 of 22