Vous êtes sur la page 1sur 136

1.1.

Introduction
Ecommerce (e-commerce) or electronic commerce, a subset of E-business, is
the purchasing, selling, and exchanging of goods and services over computer
networks (such as the Internet) through which transactions or terms of sale
are performed electronically. Contrary to popular belief, ecommerce is not
just on the Web. In fact, ecommerce was alive and well in business to
business transactions before the Web back in the 70s via EDI (Electronic
Data Interchange) through VANs (Value-Added Networks). Ecommerce can
be broken into four main categories: B2B, B2C, C2B, and C2C.[1]

 B2B (Business-to-Business): Companies doing business with each other


such as manufacturers selling to distributors and wholesalers selling to
retailers. Pricing is based on quantity of order and is often negotiable. [1]

 B2C (Business-to-Consumer): Businesses selling to the general public


typically through catalogs utilizing shopping cart software. By dollar
volume, B2B takes the prize, however B2C is really what the average Joe
has in mind with regards to ecommerce as a whole. [1]

 C2B (Consumer-to-Business): A consumer posts his project with a set


budget online and within hours companies review the consumer's
requirements and bid on the project. The consumer reviews the bids and
selects the company that will complete the project. Elance empowers
consumers around the world by providing the meeting ground and platform
for such transactions. [1]

 C2C (Consumer-to-Consumer): There are many sites offering free


classifieds, auctions, and forums where individuals can buy and sell thanks
to online payment systems like PayPal where people can send and receive
money online with ease. eBay's auction service is a great example of where
person-to-person transactions take place every day since 1995. [1]
Companies using internal networks to offer their employees products and
services online--not necessarily online on the Web--are engaging in B2E
(Business-to-Employee) ecommerce. [1]

 G2G (Government-to-Government):, G2E (Government-to-Employee),


G2B (Government-to-Business), B2G (Business-to-Government), G2C
(Government-to-Citizen), C2G (Citizen-to-Government) are other forms of
ecommerce that involve transactions with the government--from

1
procurement to filing taxes to business registrations to renewing licenses.
There are other categories of ecommerce out there, but they tend to be
superfluous. [1]

1.2. Security of E-commerce


Security is a great concern in this kind of systems, even more than in the
case of consumer to company e-business because of the fear of losing trade
secrets, the sheer number of transactions, and the importance of those
transactions. [2]

The architecture discussed previously shows three places where security


could be compromised:

1.2.1. The Website Security

The security in the own sites is quite difficult to solve completely. The
reason is that the security model behind most commercial platforms is based
on ACLs (Access Control Lists) and this model is basically flawed. A better
idea would be to use a capabilities-based operating system in which software
running on top of it is constrained to do what it says it does, based on the
principle of the minimum privileges needed to do an intended operation. [2]
Some operating systems as Amoeba or Mungi are capability-based but they
are not very extended in the commercial world. [2]
The lack of systems like that one means that we need a very competent
system administrator that takes care of seeking and applying the latest
security patches to avoid buffer overflows and DoS (Denial of Service)
attacks [Neu00] and that makes sure that the system is doing all what is
supposed to do, but no more than this. [2]

1.2.2. Security in the Network

Our system cannot be called secure if the link between two of the sites in the
system can be compromised. We can imagine an eavesdropper getting into
the network and watching the flow of information as it travels over the
Internet, or evechanging that information with disastrous consequences.
Our proposal to address this concern is to use an implementation of the SSL
v3 (Secure Sockets Layer) like the one provided by the Open SSL project
(http://www.openssl.org). [2]

2
With SSL we can establish a secure communication between a client and a
server using public key cryptography. SSL stands between the TCP layer
and the applications layer allowing software systems to make it near
impossible for an outsider to get information from the transactions.[2]

1.2.3. Client Identification and CA’s

We can imagine a more disastrous situation that the one described in the
previous point. Whatif a stranger pretends to be a legitimate partner making
transactions on its behalf?. We need a method to assure that one node asking
us to do some transaction is really what it pretends to be. [2]
We will not reinvent the wheel here, we will relay in one or more nodes in
our system that will act as CAs (Certification Authority). These network of
machines will have a copy of the keys of every node in the system so when
some client node wants to begin a transaction, it will give the AC a copy of
it's public key so the AC can verify if he is what he says, then it sends the
result to the server node and lets it act accordingly. [2]

1.3. Problem Statement

How can appropriate security features, attributes, safeguards, and


countermeasures be “designed in” to an e-commerce system, implemented
and tested

1. 4. Key Research Questions


 What are the most effective security threats in e-commerce B2B
application?

 What are the contrameasure of security?

 How can we implement secure B2B application?

3
1.5. Aims and Objectives
The aim of project is to design and implement and test secure B2B
application.

To investigate security issues on B2B application, to design secure B2B


application, to implement secure B2B application and to test secure B2B
application.

1.6. Scope and Constraints


Scope of the project is limited to B2B application, mainly focused on
electronic issues.

4
2.1. Introduction

Electronic commerce is a revolution in business practices. If organizations


are going to take advantage of new Internet technologies, then they must
take a strategic perspective. That is, care must be taken to make a close link
between corporate strategy and electronic commerce strategy. [3]
Electronic commerce, in a broad sense, is the use of computer networks to
improve organizational performance. Increasing profitability, gaining market
share, improving customer service, and delivering products faster are some
of the organizational performance gains possible with electronic commerce.
Electronic commerce is more than ordering goods from an on-line catalog. It
involves all aspects of an organization's electronic interactions with its
stakeholders, the people who determine the future of the organization. Thus,
electronic commerce includes activities such as establishing a Web page to
support investor relations or communicating electronically with college
students who are potential employees. In brief, electronic commerce
involves the use of information technology to enhance communications and
transactions with all of an organization's stakeholders. Such stakeholders
include customers, suppliers, government regulators, financial institutions,
mangers, employees, and the public at large. [3]

2.2. B2B E-Commerce

The leading items in B2B EC are computing electronics, utilities, shipping


and warehousing, motor vehicles, petrochemicals, paper and office products,
food and agriculture. B2B EC is the electronic support of business
transactions between companies and covers a broad spectrum of applications
that enable an enterprise or business to form electronic relationships with
their distributors, resellers, suppliers, and other partners B2B EC does not
just comprise the transaction via the Internet, but also the exchange of
information before and the service after a transaction. From the purchasing
company’s point of view, B2B EC is a medium for facilitating procurement
management by reducing the purchase price and the cycle time According to
Schneider and Schnetkamp, Business-to-Business EC is expected to grow
explosively in the next years and to continue to be the major share of the
electronic commerce market. [4]
The development of B2B EC took place in three, partly overlapping, stages.
Stage one was the Electronic data interchange (EDI), which realized the

5
standardized, bilateral exchange of business information (e.g. orders and
requests for products) electronically. [4]
A necessary condition for realizing the exchange of data were expensive,
proprietary networks, called Value Added Networks (VAN). As a
consequence, just large companies were able to use this method. EDI made
faster processes possible and lowered the error rates due to former manual
processing. EDI has been used since the 1970s The problem of the highly
expensive Value Added Networks was solved through the worldwide
acceptance of the Internet. The Internet made Internet catalogues, which
were the second stage of the B2B EC’s development, possible. Companies
were able to present information on their products via the Internet. [4]
Prospective buyers had permanent access to actual data. Providing
information this way is a lot more cost-effective than using paper, telephone
and fax. Especially by using Internet catalogues, it was possible to handle
small and standardized transactions more efficiently. [4]
Supporting business transactions with Internet catalogues was given special
emphasis until 1999 the third and present stage of B2B EC (since 1999) are
electronic markets (e-markets). E-markets are “virtual rooms” in which
different participants are able to interact via the Internet. Several buyers,
sellers and service-providers have access to the e-markets. E-markets do not
just provide information like the Internet catalogues, but also support the
negotiation, the transaction and the services afterwards. [4]

2.3. Internet and B2B-marketing

The internet has changed communication radically in industrial marketing.


As the internet has become an important source of information among third-
party location information (e.g. convention and visitors bureau resources),
and personal and colleagues’ experiences, it has also become an important
channel for communicating with customers and developing relationships
because of the possibility of two-way interaction on the internet.[5]
Typically, internet marketing devices like e-marketing platforms are less
expensive compared to other marketing platforms and via web channels it is
often possible to reach customers that would be out of reach of physical
distribution channels. Due to this Sheth and Sharma (2005).[5]
state that reducing costs and enhancing reach are primary advantages of e-
marketing. However, B2B companies spend more on their online marketing
budgets than B2C companies. The reason for this is a less specialized
approach of B2B companies when planning e-marketing activities in

6
comparison with B2C companies. Hence more holistic online marketing
planning and prioritization methods are needed. (Bach Jensen 2006). [5]
E-marketing has changed the focus of marketing from a “supplier
perspective” to a “customer perspective” since through the web, companies
can better address the individual needs of their customers and build
customers‟ loyalty. Due to customer data collection possibilities companies
can also segment customers to financially and strategically viable groups,
which allows better targeting. The value of customer input to products, i.e.
co-creation in the web environment, is also emphasized. Moreover,
companies allowing co-creation have an advantage when compared to firms
that do not. (Sheth and Sharma 2005.).[5]
E-marketing has brought many advantages for companies but still there
remain obstacles to its effective use. Samiee (2008) highlights that while the
use of the internet no longer offers a competitive advantage, not having any
presence on the internet whatsoever increasingly leads to a competitive
disadvantage. Typical challenges that B2B companies using e-marketing
face are security issues and business conducting norms.[5]
As confidentiality of personal communications is extremely important in
business marketing the potential loss of proprietary data over the internet
remains a critical issue. Also conducting business via personal face-to-face
communication is the norm in the B2B environment. These issues may slow
down the deployment of the internet in B2B activities.[5]

2.4. The Role of B2B E-commerce Solution

With the recent business and technological developments occurring at such a


rapid pace, our understanding of the nature of B2B e-commerce and
electronic markets is likely to evolve from a number of different
perspectives. Among them we .re consider the new kinds of business models
that have been developed, and the manner in which the participating .firms
view these innovations. Some of the leading questions of our time are as
follows: What will be the successful business models for B2B e-commerce?
What are the most successful strategies for B2B e-markets and the .firms
that adopt them? How can industry operating B2B e-marketplaces be
leveraged in supply chain management? What theoretical perspectives will
help us to understand what is going on?[6]

 Ray Hackney: A number of business models have been described


within the e-commerce marketing literature, but there have been a few new
ones that are specific to B2B e-commerce. The first is what we may call the
7
virtual marketplace, a place for products used in a single enterprise. The next
business model, the virtual alliance, is slightly more complex. By sharing
business resources, this model permits the participating firms to operate
around a common system interface, which enables cross-referencing of key
data related to electronic procurement. Finally, the virtual community
business model expands upon the virtual alliance, by permitting multilateral
data sharing and participation.[6]
 Eric Clemons: B2B e-commerce has been in existence for a long
time – since the first implementation of inter organizational systems such as
electronic data interchange systems. In prior research in IOS, the move-to-
the-middle theory tells us that for many products, there is a need for
coordination (Clemons et al. 1993). This theory also helps us understand
various issues in today’s B2B e-commerce research. For example, for a pure
commodity product with a nearly infinite number of buyers and sellers, an
exchange is fine. But, for a product with a limited number of buyers, limited
number of sellers and highly variable demand, you would almost certainly
want explicit coordination. [6]
In this context, it is crucial to understand the role of B2B e-commerce in
terms of channel coordination, which coordinates the production schedule of
suppliers with the production schedule of one’s own factory. Some B2B
exchanges emphasize the need for liquidity. But liquidity alone cannot
ensure success in the arena of B2B ecommerce because inter.rm
coordination lies at the heart of inter organizational interactions. One of the
reasons that many B2B exchanges fail in today’s markets is that they do not
offer enough support for channel coordination between the buyers and
suppliers participating in B2B e-marketplaces.[6]

 Peter Weill: Shared infrastructure models and intermediaries are


examples of B2B exchanges where potentially high levels of value can be
created (Weill and Vitale 2001). One of the big issues with the shared
infrastructure model is how you manage information, what information
fields or information elements are shared across the competitors, and what
information fields are private (Weill and Broadbent 1998). One of the
reasons these shared infrastructure models are taking so long to implement is
because .firms are still in the midst of trying to understand how to manage
information. A related issue is that sharing infrastructures tends to reduce or
remove one of the strategic dimensions that companies can leverage.[6]

 Kevin Lynch: Another important aspect of the business models of


B2B e-commerce involves inter.rm collaboration Langley (2000). There are
8
two types of collaboration in B2B e-commerce. The fi.rst type is vertical
collaboration, in which fi.rms are effectively collaborating backwards and
forwards through the supply chain with either or both of their suppliers or
customers. Typically the return on investment (ROI) from vertical
collaboration has results from rapid communication. This involves better
information flow across the supply chain and less latency in communicating
changes through the supply chain. Vertical collaboration via B2B solutions
enables manufacturers to obtain demand information faster and with greater
accuracy.[6]
The second type of collaboration is horizontal collaboration where
companies are neither the suppliers nor the customers of each other; instead,
they are mainly competitors, but they are working on some basic problem in
the economy. In logistics, a good example of the problem that fi.rms are
sharing in the industry is asset repositioning. Asset repositioning causes a
hidden cost in the economy that no one party controls directly, but all parties
involved bear the cost. In the case of truck delivery, the time and distance
that a truck driver has to take to get to the next pick-up from the last delivery
destination is an asset repositioning cost. So, through horizontal
collaboration, we create the possibility for bringing together both the
demand and the supply, including the carriers and the shippers. This way, we
can optimize schedules and squeeze more inefficiency out of the process.
The key thing is to reveal this hidden cost – the asset repositioning cost –
and then use a network approach to attack that cost, to measure and reduce
it, and to share the savings across the network.[6]

2.5. Security Issues of B2B E-commerce

The rapid development of Internet has promoted electronic commerce


explosion. However, at the same time, the internet businesses have brought
large security issues such as mutual trust, intellectual property, and possible
attacks to the network. And with the development of electronic commerce,
these issues have obtained more and more attentions. [7]

Security threats may result from the following attacks: [8]


 From unauthorized reading of electronic messages, which may contain
Sensible personal or commercial data.
 From unauthorized modifications of data on its way to recipients.
 From erasing data or making information inaccessible for authorized
people.

9
 from simulating a trustworthy identity to communication partners with
intent to obtain by fraud private and confidential information.

2.5.1 Threats and Countermeasures

E-commerce B2B threats and countermeasures may include the following:


 Dynamic Code: Implementing the Common Gateway Interface (CGI)
allows input form the user to be sent to an external program or script,
processed there and the result given back to the user (see “The Open Web
Application Security Project, A Guide to Building Secure Web Applications
and Web Services” [OWASP-Guide]). CGI is one example for processing
dynamic information supplied by a user or a data store and giving the
dynamic output back. This kind of processing is now common practice for
web applications. CGI’s lack of session management and authorization
controls retarded the development of commercially useful web applications.
To avoid buffer overflows or resource leaks, one of the most common
security issues, web developers moved to interpreted scripting languages
first, and then to Sun’s J2EE web development platform or Microsoft’s
ASP.NET framework, depending on the used platform. [8]
 Mobile Code: Mobile code, respectively active contents, is
downloaded from a server to a client machine and processed there. It is a
threat on the client side whereas CGI scripts are processed on the server side
and enables attackers to damage a server. [8]
 Server Side Includes: Dynamic HTML pages may be created
invarious ways, e.g. by server side includes. A client does not send
executable code but commands identified by keywords like exec or include
to a server side. The server executes the commands and creates a modified
HTML page. Countermeasures against Misuse of Dynamically Created Web
Sites To bind the risks of dynamically created web sites and to prevent
common web attacks, such as replay, request forging, and man in the middle
attacks, it is recommendable to add authentication and session control to
client – server communication. [8]

 Cross Site Scripting: All dynamically created web sites are


vulnerable to malicious code attacks caused by non-proper validated user
input. All clients accessing such a manipulated site are affected by cross site
scripting because the malicious code is automatically executed if the
according script language, e.g. JavaScript, is activated. A malicious attacker
may use this to present new forms, fooling users to enter sensitive data.

10
Unwanted advertising could be added to the site. Cookies can be read with
JavaScript on most browsers and thus most session ids, leading to hijacked
accounts. As a countermeasure all characters that have special meaning to
HTML has to be converted into HTML entities on server side. Only user
input known as safe should be accepted, e.g. requesting a document only a
valid file name should be accepted. [8]
 Caching Logging of user access data: may compromise user’s
privacy. Accessing a HTML site a user sends a lot of private and context
information to a web server side. An example is the result of a search
request. The search engine responds with a complete list of strikes.
Combining this information with the user’s IP address may enable providers
to create a personal profile. Insufficient protection of cached user data may
enable attackers to misuse foreign IP addresses. As a countermeasure clients
may use proxy servers to mask critical header data. [8]
 Auditing: Many industries are required by legal regulations to be
auditable and traceable. That means to record all activities that affect user
state or balances and to make it possible to determine when and where an
activity took place. Well-written applications should be able to easily track
or identify potential fraud or anomalies of protected audit and error logs. [8]
 Cookies: To enhance the stateless HTML protocol, servers are
enabled to store cookies on a user’s side. Cookies do not contain executable
code but information about users, domains, and session identifiers. They are
critical to both privacy and security. Setting cookies enables a server to
collect data about users and to create a personal profile. Especially setting
unnoticed cookies that are stored beyond session duration enables providers
to send undesired advertisement or to sell personal data to other commercial
dealers. Cookies enable attackers to infiltrate active contents that can be
misused, leading to hijacked accounts, processing of malicious code, session
replay attacks (see below), or unauthorized access to protected memory. As a
countermeasure non-persistent cookies should be used. When a session is
closed by logging off a user or idle expiring, it should be ensured that the
client side cookies are cleared as well as all server side session state
information, e.g. in order to prevent session replay attacks. [8]
 Session Replay Attacks: Session replay attacks are simple if the
attacker is in a position to record a session. The attacker will record the
session between the client and the server and replay the client's part
afterwards to successfully attack the server. This type of attack only works if
the authentication mechanism does not use random values to prevent this
attack. [8]

11
 Exploitation of Trust: Computers interconnected with networks often
have trust relationships with one another. If attackers can forge their identity,
appearing to be using the trusted computer, they may be able to gain
unauthorized access to other computers. [8]
 Web Spoofing: Caused by the absence of authentication an attacker
may masquerade a web server address and use it to present a manipulated
web site to potential victims. Often masquerade of URLs is done by minimal
changes of location identifiers. After spoofing the server address attackers
are able to manipulate the web browsers status indication too, e.g. to
simulate a SSL connection adding a faked icon to status band. [8]
 Phishing: These attacks are known as Phishing (password fishing).
Delivery via web site, email or instant message, the attack asks users to click
on a link to re-validate or reactivate their account. Attackers leverage the
trust of well-known enterprises or public services to gain valuable
information; usually details of accounts, or enough information to open
accounts, obtain loans, or buy goods through e-commerce sites. Phishing
attacks are one of the highest visibility problems for banking and ecommerce
sites. Banks, Internet service providers (ISPs), stores and other Phishing
targets are victimized as well as their (potential) customers.
To minimize the risk of Phishing providers should create a policy detailing
exactly what they will do and will not do, and they should publish it on their
web site. Because users are the primary attack target for Phishing attacks,
providers should train their users to be wary of Phishing attempts. To ease
validation of URLs a server should use hostnames and no IP addresses.
Attackers will often ask users to provide their credit card number, password
or PIN. Providers should tell their users that they will not ask them for
secrets and to notify them if someone has done this. Providers should add
authentication both to email clients and to client – server communication to
make email communication safer. [8]
 Packet Sniffer: A packet sniffer is a program that captures critical
data from information packets as they are transferred over the network. That
data may include user names, passwords, and other secret information being
transferred in clear text. Those captured data enable intruders to launch
widespread attacks on networks and systems.
To be protected against sniffer programs data should be transferred
encrypted. [8]
 Denial of Service: The goal of DoS attacks is not to gain
unauthorized access to systems and data but to prevent legitimate users of
services, e.g. customers of an Internet shop, for using them. DoS attacks may

12
appear in various forms. Attackers may flood a network with large volumes
of data or intentionally consume a lean or limited resource. They may
disrupt physical components of a network or manipulate transferred data.
Often so called bot networks are used to perform DoS attacks.
Countermeasures against DoS attacks depend on the form of the discovered
attack. As an example attacks are performed by flooding a target with SYN
(short for synchronization) requests using a forged IP address and without
completing the initial request. In this case the potential for DoS attacks can
be reduced by performing egress filtering on all outbound traffic looking for
forged source addresses. In general only authenticated and authorized users
should be allowed to take up significant CPU, disk space, and network
resources. [8]
 Bot Networks Bots (short for robots) are programs that are covertly
installed on a user’s computer in order to allow an unauthorized user to
control the computer remotely. Bots are designed to let an attacker create a
network of compromised computers known as a bot network, which can be
remotely controlled to collectively conduct malicious activities. [8]
 Malicious Code malicious code is a general term for programs that,
when executed, would cause undesired results on a system. The presence of
malicious code usually is overlooked until the damage is discovered.
Malicious code includes Trojan horses, viruses, and worms. [8]

 Other Damage Software: Also spyware that is intended to collect


secret data such as usernames, passwords, banking information, and credit
card details, and adware that is intended to collect personal data for profiling
and undesired advertising, often are overlooked until the damage is
discovered. [8]
Countermeasures against Malicious Code and other Damage Software:
To be protected against malicious code and other damage software it is
recommendable for organizations and their staff members as well as private
users to install firewalls, antivirus, and anti-spy software and to keep them
up-to-date.[8]
 SQL Injection: SQL injection refers to the insertion of SQL meta-
characters in user input, such that the attacker's queries are executed by the
back-end database. Typically, attackers will first determine if a site is
vulnerable to such an attack by sending in the single-quote (') character. The
results from an SQL injection attack on a vulnerable site may range from a
detailed error message, which discloses the back-end technology being used,
or allowing the attacker to access restricted areas of the site because he
13
manipulated the query to an always-true Boolean value, or it may even allow
the execution of operating system commands. SQL injection techniques
differ depending on the type of database being used. In its default
configuration, MS SQL server runs with Local System privileges and has the
'xp_cmdshell' extended procedure, which allows execution of operating
system commands. [9]
 Price Manipulation: This is a vulnerability that is almost
completely unique to online shopping carts and payment gateways. In the
most common occurrence of this vulnerability, the total payable price of the
purchased goods is stored in a hidden HTML field of a dynamically
generated web page. An attacker can use a web application proxy such as
Achilles to simply modify the amount that is payable, when this information
flows from the user's browser to the web server. Shown below is a snapshot
of just such a vulnerability that was discovered in one of the penetration
testing assignments of mine. [9]
 Buffer overflows: Buffer overflow vulnerabilities are not very
common in shopping cart or other web applications using Perl, PHP, ASP,
etc. However, sending in a large number of bytes to web applications that are
not geared to deal withthem can have unexpected consequences. In My one
of the penetration testing assignment, it was possible to disclose the path of
the PHP functions being used by sending in a very large value in the input
fields. [9]
 Remote command execution: The most devastating web
application vulnerabilities occur when the CGI
script allows an attacker to execute operating system commands due to
inadequate input validation. This is most common with the use of the
'system' call in Perl and PHP scripts. [9]
 Weak Authentication andAuthorization: Authentication
mechanisms that do not prohibit multiple failed logins can be
attacked using tools such as Brutus. Similarly, if the web site uses HTTP
Basic Authentication or does not pass session IDs over SSL (Secure Sockets
Layer), an attacker can sniff the traffic to discover user's authentication
and/or authorization credentials. [9]

14
Countermeasures include:
 Developer side

• Use proper input validation


• Proper sanitizing of input values
• Update web server with security patches.
• Keep your support lists private-it may leak the information about reported
vulnerability to outside user.
• Use secured programming techniques.

 User Side

• Use strong password


• Don’t click on suspected links.
• Install anti phishing toolbar to web browser
• Update machine with internet security software's. [9]

15
3.1. Methodology
The method is a one of the most and commonly used method in the
computer science field. Construct can be new theory, algorithm, model,
software, or a framework. And this is the methodology that addressed to be
used in this research.

The aim of constructive research is to solve practical problems while


producing an academically appreciated theoretical contribution. The
solutions, that is, constructs, can be processes, practices, tools or
organization charts. The research process involves the following:

(1) Selecting a practically relevant problem.

(2) Obtaining a comprehensive understanding of the study area.

(3) Designing one or more applicable solutions to the problem.

(4) Demonstrating the solution’s feasibility.

(5) Linking the results back to the theory and demonstrating their practical
contribution.

(6) Examining the general is ability of the results. The purpose of this
chapter is to introduce readers to the principles of the constructive research
approach.

3.2. Software Development Processes


A software development processes, also known as software development
lifecycle, is a structure imposed on the development of software product.
Similar terms include software lifecycle and software process. There are
several models for such processes, each describing approaches to a variety
of tasks or activities that take place during the process. Some people
consider a lifecycle model a more general term and a software development
process a more specific term. For example, there are many specific software
development processes that fit the spiral lifecycle model.

16
3.3. Software Development Activities
 Planning.
 Implementation, testing and documenting.
 Deployment and maintenance.

3.4. Iterative Processes


Software development process is most commonly built around iterative and
incremental approach. This model is used at this research as well and project
work is spilt in to iteration. Every iteration includes such phrases as
requirement, analysis, design, implementation and testing. The product is
incrementally enhanced with additional functionality in every iteraton.

Fig 3.1

17
4.1. Introduction
Design is the process of collecting ideas, and aesthetically arranging and
implementing them, guided by certain principles for a specific purpose. [10]
Web design is a similar process of creation, with the intention of presenting
the content on electronic web pages, which the end-user can access through
the Internet with the help of a web browser. [10]
Web is contain functional and non-functional requirements.

4.1.1. The Functional Requirements of the B2B Software as follow:


1- Browsing.
2- Login.
3- Selecting.
4- Carting.
5- Stock control.
6- Purchasing.
7- User management.
8- Processing payment transactions.

4.1.2. The Non-functional Requirements are:


1- Reliability.
2- Availability.
3- Security.
4- Accessibility.
5- Integrity.
6- Respond.
7- High usability or user friendly design.

4.2. Design of the Project

In this phase each components of the software will be defined as functional


component associated with its security issues to apply the suitable
countermeasure in the implementation phase.

4.2.1. Database Design

In this section, the basic structure of the tables composing the database for
the project are shown along with information about primary and foreign
keys.

18
4.2.1.1. ER Diagram:

 Website Database

19
 Virtual Bank

Current_amount

address
Issuing_date Customer_id
Exp_date
vc_id

VARTUAL CARD ACCOUNT


VALID
ATE

v_card_activation phone email

date
Report
Fetch
Ip_adder

R_id Customer_id

4.2.1.2. Database Schema:

This sub-section covers the database schemas for both website and virtual
bank.

 Website Database
abc_addresses:

(address_id int(11), customer_id int(11), company varchar(32), firstname


varchar(32), lastname varchar(32), address_1 varchar(128) , address_2
varchar(128), postcode varchar(10), city varchar(128), country_id int(11),
zone_id int(11)

20
abc_ant_messages

(Id varchar(60), Priority int(11), start_date (timestamp), end_date (timestamp),


viewed_date (timestamp), viewed int (11), title varchar(255), description(text),
html (longtext), url (text), language_code varchar(2), date_modified
(timestamp))

abc_banner_descriptio

(banner_id int(11), language_id int(11), name varchar(255), description


(longtext), meta (text), date_added (timestamp), date_modified (timestamp)).

abc_banner_stat

(row_id int(11), banner_id int(11), type int(11), time (timestamp), store_id


int(11), user_info (text)).

abc_banners

(banner_id int(11), status int(1), banner_type int(11), banner_group_name


varchar(255), start_date (timestamp), end_date (timestamp), blank tinyint(1),
target_url (text), sort_order int(11), date_added (timestamp), date_modified
(timestamp)).

abc_block_descriptions

(block_description_id int(10), custom_block_id int(10), language_id int(10), block_wrappe


block_framed tinyint(1), name varchar(255), title varchar(255), description varchar(2
(longtext), date_added (timestamp), date_modified (timestamp))

abc_block_layouts

(instance_id int(10), layout_id int(10), block_id int(10), custom_block_id int(10),

parent_instance_id int(10), position smallint(5), status smallint(1), date_added (timestamp),

date_modified (timestamp))

abc_block

21
(block_id int(10), parent_block_id int(10), template varchar(255), date_added
(timestamp),

date_modified (timestamp))

abc_blocks

(block_id int(10), block_txt_id varchar(255), controller varchar(255), date_added


(timestamp),

date_modified (timestamp))

abc_categories

(category_id int(11), parent_id int(11), sort_order int(3), Status int(1), date_added


(timestamp),

date_modified (timestamp))

abc_categories_to_stores

(category_id int(11), store_id int(11))

abc_category_descriptions

(category_id int(11), language_id int(11), Name varchar(255), meta_keywords


varchar(255), meta_description varchar(255), Description (text)).

abc_content_descriptions

(content_id int(10), language_id int(11), name varchar(255), title varchar(255),


description varchar(255), content (longtext), date_added (timestamp),
date_modified (timestamp)).

abc_contents

(content_id int(11), parent_content_id int(11), sort_order int(3), status int(1))

abc_contents_to_stores

(content_id int(11), store_id int(11))

22
abc_countries

(country_id int(11), iso_code_2 varchar(2), iso_code_3 varchar(3), address_format


(text), status int(1), sort_order int(3))

abc_country_descriptions

(country_id int(11), language_id int(11), name varchar(128))

abc_coupon_descriptions

(coupon_id int(11), language_id int(11), name varchar(128), description (text))

abc_coupons

(coupon_id int(11), code varchar(10), type char(1), discount decimal(15,4), logged


int(1), shipping int(1), total decimal(15,4), date_start (Date), date_end (Date),
uses_total int(11), uses_customer varchar(11), status int(1), date_added
(timestamp), date_modified (timestamp))

abc_coupons_products

(coupon_product_id int(11), coupon_id int(11), product_id int(11))

abc_currencies

(currency_id int(11), title varchar(32), code varchar(3), symbol_left varchar(12),


symbol_right varchar(12), decimal_place char(1), value decimal(15,8), status
int(1), date_modified (timestamp))

abc_custom_blocks

(custom_block_id int(10), block_id int(10), date_added (timestamp),


date_modified (timestamp))

abc_custom_lists

(Row-id int(11), custom_block_id int(10), data_type varchar(70), id int(10),


sort_order int(10), date_added (timestamp), date_modified (timestamp)).

abc_customer_groups

23
(customer_group_id int(11), name varchar(32), tax_exempt tinyint(1))

abc_customer_notifications

(customer_id int(11), sendpoint varchar(255), protocol varchar(30), status int(1),


date_added (timestamp), date_modified (timestamp))

abc_customer_transactions

(customer_transaction_id int(11), customer_id int(11), order_id int(11),


created_by int(11), section smallint(1), credit (float), debit (float),
transaction_type varchar(255), comment (text), description (text), date_added
(timestamp), date_modified (timestamp) )

abc_customers

(customer_id int(11), store_id int(11), firstname varchar(32), lastname


varchar(32), loginname varchar(96), email varchar(96), telephone varchar(32),
fax varchar(32), sms varchar(32), salt varchar(8), password varchar(40), cart
(longtext), wishlist (longtext), newsletter int(1), address_id int(11), status int(1),
approved int(1), customer_group_id int(11), ip varchar(50), data (text),
date_added (timestamp), date_modified (timestamp), last_login (timestamp) )

abc_dataset_column_properties

(row_id int(11), dataset_column_id int(11), dataset_column_property_name


varchar(255), dataset_column_property_value varchar(255) )

abc_dataset_definition

(dataset_id int(11), dataset_column_id int(11), dataset_column_name varchar(255),


dataset_column_type varchar(100), dataset_column_sort_order int(11) )

abc_dataset_properties

(row_id int(11), dataset_id int(11), dataset_property_name varchar(255),


dataset_property_value varchar(255) )

abc_dataset_values

(dataset_column_id int(11), value_integer int(11), value_float (float),

24
value_varchar varchar(255), value_text (text), value_timestamp (timestamp),
value_boolean tinyint(1), value_sort_order int(11), row_id int(10) )

abc_datasets

(dataset_id int(11), dataset_name varchar(255), dataset_key varchar(255))

abc_download_attribute_values

(download_attribute_id int(11), attribute_id int(11), download_id int(11),


attribute_value_ids (text))

abc_download_descriptions

(download_id int(11), language_id int(11), name varchar(64))

abc_downloads

(download_id int(11), filename varchar(128), mask varchar(128),


max_downloads int(11), expire_days int(11), sort_order int(11), activate
varchar(64), activate_order_status_id int(11), shared int(1), status int(1),
date_added (timestamp), date_modified (timestamp))

abc_encryption_keys

(key_id int(3), key_name varchar(32), status int(1), comment (text))

abc_extension_dependencies

(extension_id int(11), extension_parent_id int(11))

abc_extensions

(extension_id int(11), type varchar(32), key varchar(32), category varchar(32),


status smallint(1), priority smallint(1), version varchar(32), license_key
varchar(32), date_installed (timestamp), date_added (timestamp), date_modified
(timestamp))

abc_field_descriptions

(field_id int(11), name varchar(255), description varchar(255), language_id

25
int(11), error_text varchar(255))

abc_field_values

(value_id int(11), field_id int(11), value (text), language_id int(11))

abc_fields

(field_id int(11), form_id int(11), field_name varchar(40), element_type char(1),


sort_order int(3), attributes varchar(255), settings (text), required char(1), status
smallint(1), regexp_pattern varchar(255))

abc_fields_group_descriptions

(group_id int(11), name varchar(255), description varchar(255), language_id


int(11))

abc_fields_groups

(field_id int(11), group_id int(11), sort_order int(3))

abc_form_descriptions

(form_id int(11), language_id int(11), description varchar(255))

abc_form_groups

(group_id int(11), group_name varchar(40), form_id int(11), sort_order int(3),


status smallint(1))

abc_forms

(form_id int(11), form_name varchar(40), controller varchar(100), success_page


varchar(100), status smallint(1))

abc_global_attributes

(attribute_id int(11), attribute_parent_id int(11), attribute_group_id int(11),


attribute_type_id int(11), element_type char(1), sort_order int(3), required
smallint(1), settings (text), status smallint(1), regexp_pattern varchar(255))

26
abc_global_attributes_description

(attribute_id int(11), language_id int(11), Name varchar(64), placeholder


varchar(255), error_text varchar(255))

abc_global_attributes_groups

(attribute_group_id int(11), sort_order int(3), status smallint(1))

abc_global_attributes_groups_descriptions

(attribute_group_id int(11), language_id int(11), name varchar(64))

abc_global_attributes_type_descriptions

(attribute_type_id int(11), language_id int(11), type_name varchar(64),


date_added (timestamp), date_modified (timestamp))

abc_global_attributes_types

(attribute_type_id int(11), type_key varchar(64), controller varchar(100),


sort_order int(3), status smallint(1))

abc_global_attributes_value_descriptions

(attribute_value_id int(11), attribute_id int(11), language_id int(11), Value (text))

abc_global_attributes_values

(attribute_value_id int(11), attribute_id int(11), sort_order int(3))

abc_language_definitions

(language_definition_id int(11), language_id int(11), Section tinyint(1), Block


varchar(160), language_key varchar(170), language_value (text), date_added
(timestamp), date_modified (timestamp))

abc_languages

(language_id int(11), Name varchar(32), Code varchar(5), Locale varchar(255),


Image varchar(255), Directory varchar(32), Filename varchar(64), sort_order

27
int(3), Status int(1))

abc_layouts

(layout_id int(10), template_id varchar(100), layout_name varchar(255),


layout_type smallint(1), date_added (timestamp), date_modified (timestamp))

abc_length_class_descriptions

(length_class_id int(11), language_id int(11), Title varchar(32), Unit varchar(4))

abc_length_classes

(length_class_id int(11), Value decimal(15,8))

abc_locations

(location_id int(11), Name varchar(32), description varchar(255), date_added


(timestamp), date_modified (timestamp))

abc_manufacturers

(manufacturer_id int(11), Name varchar(64), sort_order int(3))

abc_manufacturers_to_stores

(manufacturer_id int(11), store_id int(11))

abc_messages

(msg_id int(11), Title varchar(128), Message (text), Status char(1), Viewed


int(11), Repeated int(11), date_added (timestamp), date_modified (timestamp))

abc_online_customers

(customer_id int(11), IP varchar(50), url (text), Referrer (text) , date_added


(timestamp))

abc_order_data

(order_id int(11), type_id int(11), data (text), date_added (timestamp),

28
date_modified (timestamp))

abc_order_data_types

(type_id int(11), language_id int(11), Name varchar(64), date_added


(timestamp), date_modified (timestamp))

abc_order_downloads

(order_download_id int(11), order_id int(11), order_product_id int(11), Name


varchar(64), filename varchar(128), Mask varchar(128), download_id int(11),
Status int(1), remaining_count int(11), percentage int(11), expire_date
(Datetime), sort_order int(11), Activate varchar(64), activate_order_status_id
int(11), attributes_data (Longtext), date_added (Timestamp), date_modified
(Timestamp))

abc_order_downloads_history

(order_download_history_id int(11), order_download_id int(11), order_id int(11),


order_product_id int(11), Filename varchar(128), Mask varchar(128),
download_id int(11), download_percent int(11), Time (timestamp))

abc_order_history

(order_history_id int(11), order_id int(11), order_status_id int(5), Notify int(1),


comment (text), date_added (timestamp), date_modified (timestamp))

abc_order_options

(order_option_id int(11), order_id int(11), order_product_id int(11),


product_option_value_id int(11), name varchar(255), sku varchar(64), value
(Text), price decimal(15,4), prefix char(1), settings (Longtext))

abc_order_products

(order_product_id int(11), order_id int(11), product_id int(11), name


varchar(255), model varchar(24), Sku varchar(64), price decimal(15,4), total
decimal(15,4), Tax decimal(15,4), quantity int(4), subtract int(1))

abc_order_status_ids

29
(order_status_id int(11), status_text_id varchar(64))

abc_order_statuses

(order_status_id int(11), language_id int(11), name varchar(32))

abc_order_totals

(order_total_id int(10), order_id int(11), Title varchar(255), Text varchar(255),


Value decimal(15,4), sort_order int(3), Type varchar(255), Key varchar(128))

abc_orders

(order_id int(11), invoice_id int(11), invoice_prefix varchar(10), store_id int(11),


store_name varchar(64), store_url varchar(255), customer_id int(11),
customer_group_id int(11), firstname varchar(32), lastname varchar(32),
telephone varchar(32 fax varchar(32), email varchar(96), shipping_firstname
varchar(32), shipping_lastname varchar(32), shipping_company varchar(32),
shipping_address_1 varchar(128), shipping_address_2 varchar(128),
shipping_city varchar(128), shipping_postcode varchar(10), shipping_zone
varchar(128), shipping_zone_id int(11), shipping_country varchar(128),
shipping_country_id int(11), shipping_address_format (Text), shipping_method
varchar(128), shipping_method_key varchar(128), payment_firstname
varchar(32), payment_lastname varchar(32), payment_company varchar(32),
payment_address_1 varchar(128), payment_address_2 varchar(128),
payment_city varchar(128), payment_postcode varchar(10), payment_zone
varchar(128), payment_zone_id int(11), payment_country varchar(128),
payment_country_id int(11), payment_address_format (Text), payment_method
varchar(128), payment_method_key varchar(128), comment (Text), total
decimal(15,4), order_status_id int(11), language_id int(11), currency_id int(11),
currency varchar(3), value decimal(15,8), coupon_id int(11), date_added
(Timestamp), date_modified (Timestamp), IP varchar(50), payment_method_data
(Text))

abc_page_descriptions

(page_id int(10), language_id int(11), name varchar(255), title varchar(255),


seo_url varchar(100), keywords varchar(255), description varchar(255), content
(text), date_added (timestamp), date_modified (timestamp))

30
abc_pages

(page_id int(10), parent_page_id int(10), controller varchar(100), key_param


varchar(40), key_value varchar(40), date_added (timestamp), date_modified
(timestamp))

abc_pages_forms

(page_id int(10), form_id int(10))

abc_pages_layouts

(layout_id int(10), page_id int(10))

abc_product_descriptions

(product_id int(11), language_id int(11), Name varchar(255), meta_keywords


varchar(255), meta_description varchar(255), Description (longtext), Blurb
(text))

abc_product_discounts

(product_discount_id int(11), product_id int(11), customer_group_id int(11),


Quantity int(4), Priority int(5), Price decimal(15,4), date_start (date), date_end
(date), date_added (timestamp), date_modified (timestamp))

abc_product_filter_descriptions

(filter_id int(11), value varchar(255), language_id int(11))

abc_product_filter_ranges

(range_id int(11), feature_id int(11), filter_id int(11), from decimal(12,2), To


decimal(12,2), sort_order int(3))

abc_product_filter_ranges_descriptions

(range_id int(11), name varchar(255), language_id int(11))

abc_product_filters

(filter_id int(11), filter_type char(1), categories_hash (text), feature_id int(11),


31
sort_order int(3), Status smallint(1))

abc_product_option_descriptions

(product_option_id int(11), language_id int(11), product_id int(11), Name


varchar(255), option_placeholder varchar(255), error_text varchar(255))

abc_product_option_value_descriptions

(product_option_value_id int(11), language_id int(11), product_id int(11),


Name (Text), grouped_attribute_names (Text))

abc_product_option_values

(product_option_value_id int(11), product_option_id int(11), product_id int(11),


group_id int(11), sku varchar(255), quantity int(4), subtract int(1), price
decimal(15,4), prefix char(1), weight decimal(15,8), weight_type varchar(3),
attribute_value_id int(11), grouped_attribute_data (Text), sort_order int(3),
default smallint(6))

abc_product_options

(product_option_id int(11), attribute_id int(11), product_id int(11), group_id


int(11), sort_order int(3), status int(1), element_type char(1), required
smallint(1), regexp_pattern varchar(255), settings (text))

abc_product_specials

(product_special_id int(11), product_id int(11), customer_group_id int(11),


Priority int(5), Price decimal(15,4), date_start (date), date_end (date),
date_added (timestamp), date_modified (timestamp))

abc_product_tags

(product_id int(11), Tag varchar(32), language_id int(11))

abc_products

(product_id int(11), Model varchar(64), Sku varchar(64), location varchar(128),


quantity int(4), stock_status_id int(11), manufacturer_id int(11), shipping int(1),
ship_individually int(1), free_shipping int(1), shipping_price decimal(15,4),

32
Price decimal(15,4), tax_class_id int(11), date_available (date), Weight
decimal(5,2), weight_class_id int(11), Length decimal(5,2), Width Width
decimal(5,2), Height decimal(5,2), length_class_id int(11), Status int(1), Viewed
int(5), sort_order int(11), subtract int(1), minimum int(11), maximum int(11),
Cost decimal(15,4), call_to_order smallint(6), settings (longtext), date_added
(timestamp), date_modified (timestamp))

abc_products_featured

(product_id int(11))

abc_products_related

(product_id int(11), related_id int(11))

abc_products_to_categories

(product_id int(11), category_id int(11))

abc_products_to_downloads

(product_id int(11), download_id int(11))

abc_products_to_stores

(product_id int(11), store_id int(11))

abc_resource_descriptions

(resource_id int(10), language_id int(11), name varchar(255), title varchar(255),


description (text), resource_path varchar(255), resource_code (text), date_added
(timestamp), date_modified (timestamp))

abc_resource_library

(resource_id int(11), type_id int(11), date_added (timestamp), date_modified


(timestamp))

abc_resource_map

(resource_id int(11), object_name varchar(40), object_id int(11), default

33
tinyint(1), sort_order int(3), date_added (timestamp), date_modified (timestamp))

abc_resource_types

(type_id int(11), type_name varchar(40), default_directory varchar(255),


default_icon varchar(255), file_types varchar(40), access_type tinyint(1))

abc_reviews

(review_id int(11), product_id int(11), customer_id int(11), author varchar(64),


text (longtext), rating int(1), status int(1), date_added (timestamp),
date_modified (timestamp))

abc_settings

(setting_id int(11), store_id int(11), group varchar(32), Key varchar(64), value


(text), date_added (timestamp), date_modified (timestamp))

abc_stock_statuses

(stock_status_id int(11), language_id int(11), name varchar(32))

abc_store_descriptions

(store_id int(11), language_id int(11), description (longtext), title (longtext),


meta_description (longtext), meta_keywords (longtext))

abc_stores

(store_id int(11), name varchar(64), alias varchar(15), status int(1))

abc_task_details

(task_id int(11), created_by varchar(255), settings (longtext), date_added


(timestamp), date_modified (timestamp))

abc_task_steps

(step_id int(11), task_id int(11), sort_order int(11), status int(11), last_time_run


(timestamp), last_result int(11), max_execution_time int(11), controller
(longtext), date_added (timestamp), date_modified (timestamp))

34
abc_tasks

(task_id int(11), name varchar(255), starter int(11), status int(11), start_time


(datetime), last_time_run (timestamp), progress int(11), last_result int(11),
run_interval int(11), max_execution_time int(11), date_added (timestamp),
date_modified (timestamp))

abc_tax_class_descriptions

(tax_class_id int(11), language_id int(11), title varchar(128), description


varchar(255))

abc_tax_classes

(tax_class_id int(11), date_added (timestamp), date_modified (timestamp))

abc_tax_rate_descriptions

(tax_rate_id int(11), language_id int(11), description varchar(255))

abc_tax_rates

(tax_rate_id int(11), location_id int(11), zone_id int(11), tax_class_id int(11),


priority int(5), rate decimal(15,4), rate_prefix char(1), threshold_condition
char(2), threshold decimal(15,4), tax_exempt_groups (text), date_added
(timestamp), date_modified (timestamp))

abc_url_aliases

(url_alias_id int(11), Query varchar(255), Keyword varchar(255), language_id


int(11))

abc_user_groups

(user_group_id int(11), Name varchar(64), permission (longtext), date_added


(timestamp), date_modified (timestamp))

abc_user_notifications

(user_id int(11), store_id int(11), Section tinyint(1), sendpoint varchar(255),


Protocol varchar(30), Uri (text), date_added (timestamp), date_modified

35
(timestamp))

abc_users

(user_id int(11), user_group_id int(11), username varchar(20), Salt varchar(8),


password varchar(40), firstname varchar(32), Lastname varchar(32), Email
varchar(96), Status int(1), IP varchar(50), last_login (datetime), date_added
(timestamp), date_modified (timestamp))

abc_weight_class_descriptions

(weight_class_id int(11), language_id int(11), Title varchar(32), Unit varchar(4))

abc_weight_classes

(weight_class_id int(11), Value decimal(15,8))

abc_zone_descriptions

(zone_id int(11), language_id int(11), Name varchar(128))

abc_zones

(zone_id int(11), country_id int(11), Code varchar(32), Status int(1), sort_order


int(3))

abc_zones_to_locations

(zone_to_location_id int(11), country_id int(11), zone_id int(11), location_id


int(11), date_added (timestamp), date_modified (timestamp))
2.1.2.2. Virtual Bank Database

Account(vcc_id int(12),customer_ID int(4),Current_amount


int(12),customer_addr varchar(20),phone int(20),E_mail
varchar(25))

Vcard(vc_id int(12),Issuing_date Date,Exp_date


Date,V_card_activation int(1))

Report(r_id int(11),customer_id int(12),date,ip_adder varchar(15))

36
4.2.1.3. Data Dictionary

This sub-section cover the data dictionary for both website and virtual bank

4. 2.1.3.1. Website Database

abc_addresses
Column Type Null Default Comments
address_id int(11) No Primary
customer_id int(11) No Foreign
company varchar(32) No Company
firstname varchar(32) No First Name
lastname varchar(32) No Last name
address_1 varchar(128) No Delivery address
address_2 varchar(128) No Alternative Delivery address
postcode varchar(10) No Post code
city varchar(128) No City
country_id int(11) No 0 Country ID
zone_id int(11) No 0 Zone ID

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
BTRE
PRIMARY Yes No address_id 0 A No Primary
E
customer_i
A No
ac_addresses_i BTRE d Address
No No
dx E country_id A No IDs
zone_id A No

abc_ant_messages
Column Type Null Default Comments
Id varchar(60) No Primary
Priority int(11) No 0 Priority
start_date timestamp No 0000-00-00 00:00:00 Start Date

37
end_date timestamp Yes NULL End Date
viewed_date timestamp Yes NULL Viewed Date
viewed int(11) No 0 Viewed
title varchar(255) Yes NULL Title
description Text Yes NULL Description
html Longtext Yes NULL Static Pages
Uniform Resource
url Text Yes NULL
Locator
Language code(country
language_code varchar(2) No En
code)
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
id A No
BTRE
PRIMARY Yes No language_cod Primary
E 0 A No
e
daterange_id BTRE start_date A No Date
No No
x E end_date A Yes Limits

abc_banner_description
Column Type Null Default Comments
banner_id int(11) No Primary
language_id int(11) No Foreign
name varchar(255) No Translatable
description Longtext No Translatable
meta Text Yes NULL Translatable
date_added timestamp No 0000-00-00 00:00:00 Date added
date_modified timestamp No CURRENT_TIMESTAMP Date of modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE Yes No banner_id A No Primary

38
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
Y E language_i
10 A No
d

abc_banner_status
Column Type Null Default Comments
rowid int(11) No Primary
banner_id int(11) No Foreign
type int(11) No Type of Banner
time timestamp No CURRENT_TIMESTAMP Time
store_id int(11) No Foreign
user_info text Yes NULL User Information

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No rowid 40 A No Primary
E
banner_i
A No
d Banner
ac_banner_stat_i BTRE type A No status
No No
dx E
time A No IDs
store_id A No

abc_banners
Column Type Null Default Comments
banner_id int(11) No Primary
Current Status of
status int(1) No 0
Page Content
banner_type int(11) No 1 Banner Type
Banner Group
banner_group_name varchar(255) No
Name
start_date timestamp Yes NULL Initial Date
end_date timestamp Yes NULL Finishing Date

39
blank tinyint(1) No 0 Empty
target_url Text Yes NULL Desired address
sort_order int(11) No Sorting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No banner_id 10 A No Primary

abc_block_descriptions
Column Type Null Default Comments
block_description_id int(10) No Primary
custom_block_id int(10) No Foreign
language_id int(10) No Foreign
block_wrapper varchar(255) No 0 Block Wrapper
block_framed tinyint(1) Yes 1 Block Framed
name varchar(255) No Translatable
title varchar(255) No Translatable
description varchar(255) No Translatable
content longtext No Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniqu Packe Cardinali Collatio Nul Comme


Keyname Type Column
e d ty n l nt
block_description
A No
PRIMAR BTRE _id
Yes No Primary
Y E custom_block_id A No
language_id 11 A No

40
abc_block_layouts
Column Type Null Default Comments
instance_id int(10) No Primary
layout_id int(10) No 0 Foreign
block_id int(10) No 0 Foreign
custom_block_id int(10) No 0 Foreign
parent_instance_id int(10) No 0 Foreign
position smallint(5) No 0 Position
Current Status of Page
status smallint(1) No 0
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
BTRE
PRIMARY Yes No instance_id 199 A No Primary
E
instance_id A No
layout_id A No
block_id A No
ac_block_layouts BTRE
Yes No parent_instanc Foreign
_idx E A No
e_id
custom_block_
199 A No
id

abc_block
Column Type Null Default Comments
block_id int(10) No Primary
parent_block_id int(10) No 0 Foreign
template varchar(255) No Template
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

41
Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
block_id A No
PRIMAR BTRE
Yes No parent_block_i Primary
Y E 84 A No
d

abc_blocks
Column Type Null Default Comments
block_id int(10) No Primary
block_txt_id varchar(255) No Foreign
controller varchar(255) No Controller of Blocks
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No block_id 31 A No Primary

abc_categories
Column Type Null Default Comments
category_id int(11) No Primary
parent_id int(11) No 0 Foreign
sort_order int(3) No 0 Sorting
Current Status of Page
Status int(1) No 1
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
PRIMARY BTRE Yes No category_i 4 A No Primary

42
Uniqu Packe Cardinalit Collatio Nul Comme
Keyname Type Column
e d y n l nt
E d
category_i
A No
ac_categories_i BTRE d
No No Foreign
dx E parent_id A No
status A No

abc_categories_to_stores
Column Type Null Default Comments
category_id int(11) No Primary
store_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
category_i
PRIMAR BTRE A No
Yes No d Primary
Y E
store_id 4 A No

abc_category_descriptions
Column Type Null Default Comments
category_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(255) No Translatable
meta_keywords varchar(255) No Translatable
meta_description varchar(255) No Translatable
Description Text No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE category_id A No
Yes No Primary
Y E language_i 4 A No

43
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
d
BTRE Name of
name No No name A No
E Category

abc_content_descriptions
Column Type Null Default Comments
content_id int(10) No 0 Primary
language_id int(11) No Foreign
name varchar(255) No Translatable
title varchar(255) No Translatable
description varchar(255) No Translatable
content Longtext No Translatable
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
content_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 8 A No
d

abc_contents
Column Type Null Default Comments
content_id int(11) No Primary
parent_content_id int(11) No 0 Foreign
sort_order int(3) No 0 Sorting
status int(1) No 0 Current Status of Page Content

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t

44
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
content_id A No
PRIMAR BTRE
Yes No parent_content_ Primary
Y E 4 A No
id

abc_contents_to_stores
Column Type Null Default Comments
content_id int(11) No Primary
store_id int(11) No Foreign

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


content_id A No
PRIMARY BTREE Yes No Primary
store_id 0 A No

abc_countries
Column Type Null Default Comments
country_id int(11) No Primary
iso_code_2 varchar(2) No ISO Supported Char-set Standard 2
iso_code_3 varchar(3) No ISO Supported Char-set Standard 3
address_format Text No Standard American Address Format
status int(1) No 1 Current Status of Page Content
sort_order int(3) No 0 Sorting

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
BTRE country_i
PRIMARY Yes No 240 A No Primary
E d
iso_code_
240 A No
ac_countries_id BTRE 2
No No Foreign
x E iso_code_
240 A No
3

45
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
status 240 A No

abc_country_descriptions
Column Type Null Default Comments
country_id int(11) No Primary
language_id int(11) No Foreign
name varchar(128) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
country_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 240 A No
d

abc_coupon_descriptions
Column Type Null Default Comments
coupon_id int(11) No Primary
language_id int(11) No Foreign
name varchar(128) No Translatable
description Text No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
coupon_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 3 A No
d

abc_coupons
Column Type Null Default Comments

46
coupon_id int(11) No Primary
code varchar(10) No Coupons Key Code
type char(1) No Type
discount decimal(15,4) No Amount of Discount
Number that correspond
logged int(1) No
to Specific Log File
shipping int(1) No Shipping Number
total decimal(15,4) No Total of Money
date_start Date No 0000-00-00 Date of Start
date_end Date No 0000-00-00 Date of End
uses_total int(11) No Uses Total
uses_customer varchar(11) No Uses Customer
Current Status of Page
status int(1) No
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No coupon_id 3 A No Primary

abc_coupons_products
Column Type Null Default Comments
coupon_product_id int(11) No Primary
coupon_id int(11) No Foreign
product_id int(11) No Foreign

Indexes

Uniq Pack Cardinal Collati Nu Comm


Keyname Type Column
ue ed ity on ll ent
BTR coupon_produ
PRIMARY Yes No 1 A No Primary
EE ct_id
ac_coupons_produc BTR coupon_id A No
No No Foreign
ts_idx EE product_id A No

47
abc_currencies
Column Type Null Default Comments
currency_id int(11) No Primary
title varchar(32) No Title
code varchar(3) No Currencies Key Code
symbol_left varchar(12) No Symbol Left
symbol_right varchar(12) No Symbol Right
decimal_place char(1) No Decimal Place
value decimal(15,8) No Value of currencies
Current Status of Page
status int(1) No
Content
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE currency_i
Yes No 3 A No Primary
Y E d

abc_custom_blocks
Column Type Null Default Comments
custom_block_id int(10) No Primary
block_id int(10) No Foreign
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
custom_block_i
PRIMAR BTRE A No
Yes No d Primary
Y E
block_id 11 A No

48
abc_custom_lists
Column Type Null Default Comments
Row-id int(11) No Primary
custom_block_id int(10) No Foreign
data_type varchar(70) No Data Type
Id int(10) No ID
sort_order int(10) No 0 Sorting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
BTR
PRIMARY Yes No rowid 10 A No Primary
EE
ac_custom_block_id_l BTR custom_bloc
No No A No Foreign
ist_idx EE k_id

abc_customer_groups
Column Type Null Default Comments
customer_group_id int(11) No Primary
name varchar(32) No Customer Name
tax_exempt tinyint(1) No 0 Tax

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
PRIMAR BTRE customer_group_
Yes No 3 A No Primary
Y E id

abc_customer_notifications
Column Type Null Default Comments
customer_id int(11) No Primary

49
sendpoint varchar(255) No Send Point
protocol varchar(30) No Transmission Protocol
Current Status of Page
status int(1) No 0
Content
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
customer_i
A No
PRIMAR BTRE d
Yes No Primary
Y E sendpoint A No
Protocol 0 A No

abc_customer_transactions
Column Type Null Default Comments
customer_transaction_id int(11) No Primary
customer_id int(11) No 0 Foreign
order_id int(11) No 0 Foreign
user_id for
admin,
created_by int(11) No customer_id for
storefront
section
1 - admin, 0 –
section smallint(1) No 0
customer
Credit Card
credit float Yes 0
Balance
Debit Card
debit float Yes 0
Balance
text type of
transaction_type varchar(255) No
transaction
comment for
comment text Yes NULL
internal use
text for
description text Yes NULL
customer

50
Date of
date_added timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniq Pack Cardina Collat Nu Comm


Keyname Type Column
ue ed lity ion ll ent
BTR customer_transac Primar
PRIMARY Yes No 0 A No
EE tion_id y
ac_customer_transact BTR customer_id A No Foreig
No No
ions_idx EE order_id A No n

abc_customers
Column Type Null Default Comments
customer_id int(11) No Primary
store_id int(11) No 0 Foreign
firstname varchar(32) No First Name
lastname varchar(32) No Last Name
loginname varchar(96) No Login Name
email varchar(96) No E-mail
telephone varchar(32) No Telephone Number
Fax varchar(32) No Fax Number
Sms varchar(32) No Short Message
Main Text For Hash
Salt varchar(8) No
Encryption
password varchar(40) No Customer Password
cart longtext Yes NULL Type of Cart
wishlist longtext Yes NULL Desired List
Newsletter int(1) No 0 Public Review
address_id int(11) No 0 Foreign
Current Status of
Status int(1) No
Page Content
Approved Customer
Approved int(1) No 0
Account
customer_group_id int(11) No Foreign

51
Remote Customer IP
Ip varchar(50) No 0
Address
data Text Yes NULL Customer Data
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification
last_login timestamp Yes 0000-00-00 00:00:00 Date of last login

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
Primar
PRIMARY BTREE Yes No customer_id 0 A No
y
Custom
customers_loginn er
BTREE Yes No Loginname 0 A No
ame Login
Name
store_id A No
address_id A No
ac_customers_idx BTREE No No Foreign
customer_gro
A No
up_id
ac_customers_na FULLTE Firstname No
No No Foreign
me_idx XT Lastname No

abc_dataset_column_properties
Column Type Null Default Comments
Rowid int(11) No Primary
dataset_column_id int(11) No Foreign
Name of Column
dataset_column_property_name varchar(255) No
Property
Value of Column
dataset_column_property_value varchar(255) Yes NULL
Property

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
PRIMARY BTR Yes No Rowid 0 A No Primar

52
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
EE y
dataset_column_proper BTR dataset_colu
No No A No Foreign
ties_idx EE mn_id

abc_dataset_definition
Column Type Null Default Comments
dataset_id int(11) No Primary
dataset_column_id int(11) No Foreign
dataset_column_name varchar(255) No Column Name
dataset_column_type varchar(100) No Column Type
dataset_column_sort_order int(11) No 0 Column Sorting

Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
BTRE dataset_colum
PRIMARY Yes No 30 A No Primary
E n_id
dataset_definition BTRE
No No dataset_id A No Foreign
_idx E

abc_dataset_properties
Column Type Null Default Comments
Rowid int(11) No Primary
dataset_id int(11) No Foreign
dataset_property_name varchar(255) No Property Name
dataset_property_value varchar(255) Yes NULL Property Value

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
BTRE
PRIMARY Yes No rowid 5 A No Primary
E

53
Uniqu Packe Cardinalit Collatio Nul Comme
Keyname Type Column
e d y n l nt
dataset_property_i BTRE dataset_i
No No A No Foreign
dx E d

abc_dataset_values
Column Type Null Default Comments
dataset_column_id int(11) No Primary
value_integer int(11) Yes NULL Integer
value_float Float Yes NULL Float
value_varchar varchar(255) Yes NULL Varchar
value_text Text Yes NULL Text
value_timestamp timestamp No CURRENT_TIMESTAMP Timestamp
value_boolean tinyint(1) Yes NULL Boolean
value_sort_order int(11) No Sorting Value
row_id int(10) No 0 Foreign

Indexes

Uniqu Packe Cardinali Collatio Nul Comme


Keyname Type Column
e d ty n l nt
BTRE value_sort_or
PRIMARY Yes No 809 A No Primary
E der
value_integer A Yes
value_float A Yes
dataset_values_ BTRE
No No value_varchar A Yes Foreign
idx E
value_boolean A Yes
row_id A No

abc_datasets
Column Type Null Default Comments
dataset_id int(11) No Primary
dataset_name varchar(255) No Dataset Name
dataset_key varchar(255) Yes Key of Dataset

54
Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No dataset_id 6 A No Primary

abc_download_attribute_values
Column Type Null Default Comments
download_attribute_id int(11) No Primary
attribute_id int(11) No Foreign
download_id int(11) No Foreign
attribute_value_ids text Yes NULL Foreign

Indexes

Uniq Pack Cardin Collat Nu Comm


Keyname Type Column
ue ed ality ion ll ent
BTR download_attri Primar
PRIMARY Yes No 0 A No
EE bute_id y
ac_download_attribute_ BTR attribute_id A No Foreig
No No
values_idx EE download_id A No n

abc_download_descriptions
Column Type Null Default Comments
download_id int(11) No Primary
language_id int(11) No Foreign
name varchar(64) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
download_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 0 A No

55
abc_downloads
Column Type Null Default Comments
download_id int(11) No Primary
filename varchar(128) No Name of File
mask varchar(128) No Mask
Maximum
max_downloads int(11) Yes NULL
Downloads
expire_days int(11) Yes NULL Expire Day
sort_order int(11) No Sorting
activate varchar(64) No Activation
activate_order_status_id int(11) No 0 Foreign
Shared
shared int(1) No 0
Downloads
Current Status
status int(1) No 0
of Page Content
Date of
date_added timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
BTR
PRIMARY Yes No download_id 0 A No Primary
EE
activate_order_stat
ac_downloads BTR A No
No No us_id Foreign
_idx EE
Shared A No

abc_encryption_keys
Column Type Null Default Comments
key_id int(3) No Primary
key_name varchar(32) No Key Name
status int(1) No Current Status of Page Content
comment text No Comment

56
Indexes

Uniq Packe Cardinali Collati Nu Comme


Keyname Type Column
ue d ty on ll nt
BTRE
PRIMARY Yes No key_id 0 A No Primary
E
encryption_keys_key_ BTRE key_na Key
Yes No 0 A No
name E me Name

abc_extension_dependencies
Column Type Null Default Comments
extension_id int(11) No Primary
extension_parent_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
extension_id A No
PRIMAR BTRE
Yes No extension_parent Primary
Y E 0 A No
_id

abc_extensions
Column Type Null Default Comments
extension_id int(11) No Primary
type varchar(32) No Type of Extensions
key varchar(32) No Extension Key
category varchar(32) No Extension Category
Current Status of Page
status smallint(1) No
Content
priority smallint(1) No 0 Extension Priority
version varchar(32) Yes NULL Extension Version
license_key varchar(32) Yes NULL License Key
date_installed Timestamp No 0000-00-00 00:00:00 Date of Installation
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

57
Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
BTRE extension_i
PRIMARY Yes No 51 A No Primary
E d
extension_ke BTRE
Yes No key 51 A No Foreign
y E

abc_field_descriptions
Column Type Null Default Comments
field_id int(11) No 0 Primary
name varchar(255) No Translatable
description varchar(255) No Translatable
language_id int(11) No Foreign
error_text varchar(255) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
field_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 4 A No
d
abc_field_values
Column Type Null Default Comments
value_id int(11) No Primary
field_id int(11) No 0 Foreign
value text No Translatable
language_id int(11) No Foreign

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No value_id 0 A No Primary

58
abc_fields
Column Type Null Default Comments
field_id int(11) No Primary
form_id int(11) No 0 Foreign
field_name varchar(40) No Name of Field
element_type char(1) No I Type of Element
sort_order int(3) No Sorting
attributes varchar(255) No Attributes
settings Text No Setting of Field
required char(1) No N Required of Fields
status smallint(1) No 0 Current Status of Page Content
regexp_pattern varchar(255) No Registration Parameter Pattern

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No field_id 4 A No Primary
field_id A No
field_id BTREE No No form_id A No Foreign
status A No

abc_fields_group_descriptions
Column Type Null Default Comments
group_id int(11) No 0 Primary
name varchar(255) No Translatable
description varchar(255) No Translatable
language_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
group_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 0 A No
d

59
abc_fields_groups
Column Type Null Default Comments
field_id int(11) No Primary
group_id int(11) No Foreign
sort_order int(3) No Sorting

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No field_id 0 A No Primary
field_id A No
field_id BTREE No No Foreign
group_id A No

abc_form_descriptions
Column Type Null Default Comments
form_id int(11) No 0 Primary
language_id int(11) No Foreign
description varchar(255) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
form_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 1 A No
d

abc_form_groups
Column Type Null Default Comments
group_id int(11) No Primary
group_name varchar(40) No Name of Group
form_id int(11) No 0 Foreign
sort_order int(3) No Sorting
status smallint(1) No 0 Current Status of Page Content

60
Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No group_id 0 A No Primary
group_id A No
group_id BTREE No No Foreign
form_id A No

abc_forms
Column Type Null Default Comments
form_id int(11) No Primary
form_name varchar(40) No Name of Form
controller varchar(100) No Controller of Forms
success_page varchar(100) No Static Page of Success
status smallint(1) No 0 Current Status of Page Content

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No form_id 1 A No Primary
E
form_nam BTRE form_nam Name of
Yes No 1 A No
e E e Form

abc_global_attributes
Column Type Null Default Comments
attribute_id int(11) No Primary
attribute_parent_id int(11) No 0 Foreign
attribute_group_id int(11) Yes NULL Foreign
attribute_type_id int(11) No Foreign
element_type char(1) No I Element Type
sort_order int(3) No 0 Sorting
required smallint(1) No 0 Required Global Attributes
settings Text No Settings of Global Attributes
status smallint(1) No 0 Current Status of Page Content

61
regexp_pattern varchar(255) Yes NULL Registration Parameter Pattern

Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
BTR
PRIMARY Yes No attribute_id 6 A No Primary
EE
attribute_paren
A No
t_id
ac_global_attribute BTR attribute_grou Ye
No No A Foreign
s_idx EE p_id s
attribute_type_
A No
id

abc_global_attributes_descriptions
Column Type Null Default Comments
attribute_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(64) No Translatable
placeholder varchar(255) Yes Translatable
error_text varchar(255) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
attribute_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 6 A No
d

abc_global_attributes_groups
Column Type Null Default Comments
attribute_group_id int(11) No Primary
sort_order int(3) No 0 Sorting
status smallint(1) No 0 Current Status of Page Content

62
Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
PRIMAR BTRE attribute_group_
Yes No 0 A No Primary
Y E id

abc_global_attributes_groups_descriptions
Column Type Null Default Comments
attribute_group_id int(11) No Primary
language_id int(11) No Foreign
name varchar(64) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
attribute_group_
PRIMAR BTRE A No
Yes No id Primary
Y E
language_id 0 A No

abc_global_attributes_type_descriptions
Table comments: utf8_general_ci

Column Type Null Default Comments


attribute_type_id int(11) No Primary
language_id int(11) No Foreign
type_name varchar(64) No Translatable
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE attribute_type_i
Yes No A No Primary
Y E d

63
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
language_id 2 A No

abc_global_attributes_types
Column Type Null Default Comments
attribute_type_id int(11) No Primary
type_key varchar(64) No Key
controller varchar(100) No Controller of Global Attributes Type
sort_order int(3) No 0 Sorting
status smallint(1) No 0 Current Status of Page Content

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE attribute_type_i
Yes No 2 A No Primary
Y E d

abc_global_attributes_value_descriptions
Column Type Null Default Comments
attribute_value_id int(11) No Primary
attribute_id int(11) No Foreign
language_id int(11) No Foreign
Value Text No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
attribute_value_
A No
PRIMAR BTRE id
Yes No Primary
Y E attribute_id A No
language_id 31 A No

64
abc_global_attributes_values
Column Type Null Default Comments
attribute_value_id int(11) No Primary
attribute_id int(11) No Foreign
sort_order int(3) No 0 Sorting

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
BTR attribute_val Primar
PRIMARY Yes No 30 A No
EE ue_id y
ac_global_attributes_va BTR
No No attribute_id A No Foreign
lues_idx EE

abc_language_definitions
Column Type Null Default Comments
language_definition_id int(11) No Primary
language_id int(11) No Foreign
Section tinyint(1) No 0 0-SF, 1-ADMIN
Block varchar(160) No Block
language_key varchar(170) No Key of Language
language_value Text No Translatable
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
language_definit
A No
ion_id
PRIMARY BTREE Yes No language_id A No Primar
y
Section A No
Block A No

65
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
language_key 4459 A No
ac_lang_definiti FULLTE
No No language_value No Foreign
on_idx XT

abc_languages
Column Type Null Default Comments
language_id int(11) No Primary
Name varchar(32) No Name
Code varchar(5) No Language Code
Locale varchar(255) No Location
Image varchar(255) No Image
Directory Where Language configuration
Directory varchar(32) No
Exist
Filename varchar(64) No File name
sort_order int(3) No 0 Sorting
Status int(1) No Current Status of page Content

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
BTRE language_i
PRIMARY Yes No 1 A No Primary
E d
language_i
ac_languages_i BTRE A No
Yes No d Foreign
dx E
Code 1 A No
BTRE
Name No No Name A No Name
E

abc_layouts
Column Type Null Default Comments
layout_id int(10) No Primary
template_id varchar(100) No Foreign
layout_name varchar(255) No Name of Layout

66
layout_type smallint(1) No 0 Type of Layout
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No layout_id 9 A No Primary

abc_length_class_descriptions
Column Type Null Default Comments
length_class_id int(11) No Primary
language_id int(11) No Foreign
Title varchar(32) No Translatable
Unit varchar(4) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
length_class_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 3 A No

abc_length_classes
Column Type Null Default Comments
length_class_id int(11) No Primary
Value decimal(15,8) No Value of length class

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE length_class_i
Yes No 3 A No Primary
Y E d

67
abc_locations
Column Type Null Default Comments
location_id int(11) No Primary
Name varchar(32) No Name of Location
description varchar(255) No Description of Location
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE location_i
Yes No 1 A No Primary
Y E d

abc_manufacturers
Column Type Null Default Comments
manufacturer_id int(11) No Primary
Name varchar(64) No Name of Manufacturer
sort_order int(3) No Sorting

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE manufacturer_i
Yes No 0 A No Primary
Y E d

abc_manufacturers_to_stores
Column Type Null Default Comments
manufacturer_id int(11) No Primary
store_id int(11) No Foreign

68
Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
manufacturer_i
PRIMAR BTRE A No
Yes No d Primary
Y E
store_id 0 A No

abc_messages
Column Type Null Default Comments
msg_id int(11) No Primary
Title varchar(128) No Title of Message
Message Text No Message
Status char(1) No Current Status
Viewed int(11) No 0 Viewed Message
Repeated int(11) No 0 Repeated Message
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No msg_id 0 A No Primary

abc_online_customers
Column Type Null Default Comments
customer_id int(11) No Primary
Online Remote Customer IP
Ip varchar(50) No
Address
url text No Uniform Resource Locator
Referrer text No Redirected Address
date_added timestamp No 0000-00-00 00:00:00 Date of Addition

69
Indexes

Uniq Packe Cardinali Collati Nul Comme


Keyname Type Column
ue d ty on l nt
BTRE
PRIMARY Yes No ip 1 A No Primary
E
ac_online_customers BTRE date_add
No No A No Foreign
_idx E ed

abc_order_data
Column Type Null Default Comments
order_id int(11) No Primary
type_id int(11) No Foreign
Data Text Yes NULL Current Date
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


order_id A No
PRIMARY BTREE Yes No Primary
type_id 0 A No

abc_order_data_types
Column Type Null Default Comments
type_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(64) No Translatable
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment

70
Keyname Type Unique Packed Column Cardinality Collation Null Comment
PRIMARY BTREE Yes No type_id 2 A No Primary

abc_order_downloads
Column Type Null Default Comments
order_download_id int(11) No Primary
order_id int(11) No Foreign
order_product_id int(11) No Foreign
Name varchar(64) No Name of Order
Filename varchar(128) No File Name
Mask varchar(128) No Layered Data
download_id int(11) No Foreign
Status int(1) No 0 Current Status
Remaining
remaining_count int(11) Yes NULL
Account
Percentage of
percentage int(11) Yes 0
Download
expire_date Datetime Yes NULL Expire Date
sort_order int(11) No Sorting
Activate varchar(64) No Activation
activate_order_status_id int(11) No 0 Foreign
Attributes of
attributes_data Longtext Yes NULL
Data
Date of
date_added Timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified Timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
BTR order_download_i Primar
PRIMARY Yes No 0 A No
EE d y
order_id A No
ac_order_downloa BTR
No No order_product_id A No Foreign
ds_idx EE
download_id A No

71
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
Status A No
activate_order_sta
A No
tus_id

abc_order_downloads_history
Column Type Null Default Comments
order_download_history_id int(11) No Primary
order_download_id int(11) No Foreign
order_id int(11) No Foreign
order_product_id int(11) No Foreign
Filename varchar(128) No File Name
Mask varchar(128) No Mask
download_id int(11) No Foreign
Percentage
download_percent int(11) Yes 0 of
Download
Time of
Time timestamp No CURRENT_TIMESTAMP
Download

Indexes

Typ Uniq Pack Cardin Collat N Com


Keyname Column
e ue ed ality ion ull ment
order_download_h
A No
istory_id
BTR order_download_i
PRIMARY Yes No A No Primar
EE d y
order_id A No
order_product_id 1 A No
ac_order_downloads_ BTR Foreig
No No download_id A No
history_idx EE n

abc_order_history
Column Type Null Default Comments

72
order_history_id int(11) No Primary
order_id int(11) No Foreign
order_status_id int(5) No Foreign
Notify int(1) No 0 Notification
comment Text No Comment
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniq Packe Cardinali Collati Nu Comme


Keyname Type Column
ue d ty on ll nt
BTRE order_history
PRIMARY Yes No 0 A No Primary
E _id
order_id A No
ac_order_history BTRE order_status_
No No A No Foreign
_idx E id
Notify A No

abc_order_options
Column Type Null Default Comments
order_option_id int(11) No Primary
order_id int(11) No Foreign
order_product_id int(11) No Foreign
product_option_value_id int(11) No 0 Foreign
name varchar(255) No Name of Order
sku varchar(64) No Sku*****
value Text No Value of Order
price decimal(15,4) No 0.0000 Price of Order
prefix char(1) No Prefix
settings Longtext Yes NULL Settings

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
PRIMARY BTR Yes No order_option_id 0 A No Primary

73
Uniq Pack Cardina Collati Nu Comm
Keyname Type Column
ue ed lity on ll ent
EE
order_id A No
ac_order_option BTR order_product_id A No
No No Foreign
s_idx EE product_option_va
A No
lue_id

abc_order_products
Column Type Null Default Comments
order_product_id int(11) No Primary
order_id int(11) No Foreign
product_id int(11) No Foreign
name varchar(255) No Name of Product
model varchar(24) No Model Of Product
Sku varchar(64) No Sku
price decimal(15,4) No 0.0000 Price of Product
total decimal(15,4) No 0.0000 Total of Price
Tax decimal(15,4) No 0.0000 Tax
quantity int(4) No 0 Quantity of Products
subtract int(1) No 0 Subtract

Indexes

Uniq Packe Cardinal Collati Nu Comme


Keyname Type Column
ue d ity on ll nt
BTRE order_product
PRIMARY Yes No 0 A No Primary
E _id
ac_order_products BTRE order_id A No
No No Foreign
_idx E product_id A No

abc_order_status_ids
Column Type Null Default Comments
order_status_id int(11) No Primary
status_text_id varchar(64) No Foreign

74
Indexes

Uniq Packe Cardinal Collati Nu Comme


Keyname Type Column
ue d ity on ll nt
order_status
A No
BTRE _id
PRIMARY Yes No Primary
E status_text_i
13 A No
d
ac_order_status_ids BTRE status_text_i
Yes No 13 A No Foreign
_idx E d

abc_order_statuses
Column Type Null Default Comments
order_status_id int(11) No Primary
language_id int(11) No Foreign
name varchar(32) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
order_status_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 13 A No

abc_order_totals
Column Type Null Default Comments
order_total_id int(10) No Primary
order_id int(11) No Foreign
Title varchar(255) No Title of Order
Text varchar(255) No Text
Value decimal(15,4) No 0.0000 Value of Order
sort_order int(3) No Sorting
Type varchar(255) No Type of Order
Key varchar(128) No Key

75
Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
BTRE order_total
PRIMARY Yes No 0 A No Primary
E _id
idx_orders_total_orde BTRE
No No order_id A No Foreign
rs_id E

abc_orders
Column Type Null Default Comments
order_id int(11) No Primary
invoice_id int(11) No 0 Foreign
invoice_prefix varchar(10) No Prefix
store_id int(11) No 0 Foreign
store_name varchar(64) No Store Name
Server
store_url varchar(255) No Address of
store
customer_id int(11) No 0 Foreign
customer_group_id int(11) No 0 Foreign
Customer
Firstname varchar(32) No
First Name
Customer
Lastname varchar(32) No
Last Name
Telephone
Telephone varchar(32) No
Number
Fax varchar(32) No Fax Number
Email varchar(96) No E-mail
Shipping First
shipping_firstname varchar(32) No
Name
Shipping Last
shipping_lastname varchar(32) No
Name
Shipping
shipping_company varchar(32) No
Company
First Shipping
shipping_address_1 varchar(128) No
Address
shipping_address_2 varchar(128) No Second

76
Shipping
Address
City of
shipping_city varchar(128) No
Shipping
Shipping Post
shipping_postcode varchar(10) No
Code
Shipping
shipping_zone varchar(128) No
Zone
shipping_zone_id int(11) No Foreign
Country of
shipping_country varchar(128) No
Shipping
shipping_country_id int(11) No Foreign
Shipping
shipping_address_format Text No Address
Format
Shipping
shipping_method varchar(128) No
Method
Key of
shipping_method_key varchar(128) No Shipping
Method
First Name of
payment_firstname varchar(32) No
Payment
Last Name of
payment_lastname varchar(32) No
Payment
Payment
payment_company varchar(32) No
Company
First Payment
payment_address_1 varchar(128) No
Address
Second
payment_address_2 varchar(128) No Payment
Address
payment_city varchar(128) No Payment City
Payment Post
payment_postcode varchar(10) No
Code
Payment
payment_zone varchar(128) No
Zone
payment_zone_id int(11) No Foreign
Payment
payment_country varchar(128) No
Country
payment_country_id int(11) No Foreign

77
Format of
payment_address_format Text No Payment
Address
Method of
payment_method varchar(128) No
Payment
Key of
payment_method_key varchar(128) No Payment
Method
Comment Text No Comment
Total of
Total decimal(15,4) No 0.0000
Payment
order_status_id int(11) No 0 Foreign
language_id int(11) No Foreign
currency_id int(11) No Foreign
Currency varchar(3) No Currency
Value decimal(15,8) No Value
coupon_id int(11) No Foreign
Date of
date_added Timestamp No 0000-00-00 00:00:00
Addition
Date of
date_modified Timestamp No CURRENT_TIMESTAMP
Modification
Ip varchar(50) No IP Address
Data of
payment_method_data Text No Payment
Method

Indexes

Uniqu Packe Cardinali Collatio Nul Comme


Keyname Type Column
e d ty n l nt
order_id A No
BTRE
PRIMARY Yes No customer_id A No Primary
E
order_status_id 0 A No
invoice_id A No
store_id A No
ac_orders_i BTRE customer_group_
No No A No Foreign
dx E id
shipping_zone_id A No
shipping_country A No

78
Uniqu Packe Cardinali Collatio Nul Comme
Keyname Type Column
e d ty n l nt
_id
payment_zone_id A No
payment_country
A No
_id
language_id A No
currency_id A No
coupon_id A No

abc_page_descriptions
Column Type Null Default Comments
page_id int(10) No 0 Primary
language_id int(11) No Foreign
Name varchar(255) No Translatable
Title varchar(255) No Translatable
seo_url varchar(100) No Seo-Server Address*
Keywords varchar(255) No Translatable
description varchar(255) No Translatable
Content text Yes NULL Translatable
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
page_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 8 A No
d

abc_pages
Column Type Null Default Comments
page_id int(10) No Primary
parent_page_id int(10) No 0 Foreign

79
Controller varchar(100) No Controller
key_param varchar(40) No Key Parameter
key_value varchar(40) No Key Value
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No page_id 8 A No Primary
E
page_id A No
controller A No
ac_pages_id BTRE
Yes No key_para Foreign
x E A No
m
key_value 8 A No

abc_pages_forms
Column Type Null Default Comments
page_id int(10) No Primary
form_id int(10) No Foreign

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


form_id A No
PRIMARY BTREE Yes No Primary
page_id 0 A No

abc_pages_layouts
Column Type Null Default Comments
layout_id int(10) No Primary
page_id int(10) No Foreign

80
Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


layout_id A No
PRIMARY BTREE Yes No Primary
page_id 8 A No

abc_product_descriptions
Column Type Null Default Comments
product_id int(11) No Primary
language_id int(11) No Foreign
Name varchar(255) No Translatable
meta_keywords varchar(255) No Translatable
meta_description varchar(255) No Translatable
Description Longtext No Translatable
Blurb Text No Translatable

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
product_
A No
BTR id
PRIMARY Yes No Primary
EE language
0 A No
_id
BTR
Name No No name A No Name
EE
product_
ac_product_descriptions_n BTR A No
No No id Foreign
ame_idx EE
name A No

abc_product_discounts
Column Type Null Default Comments
product_discount_id int(11) No Primary
product_id int(11) No Foreign
customer_group_id int(11) No Foreign
Quantity int(4) No 0 Quantity of

81
Product
Priority int(5) No 1 Priority
Price decimal(15,4) No 0.0000 Price
date_start Date No 0000-00-00 Start Date
date_end Date No 0000-00-00 End Date
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
BTR product_discou
PRIMARY Yes No 0 A No Primary
EE nt_id
product_id A No
ac_product_discoun BTR
No No customer_grou Foreign
ts_idx EE A No
p_id

abc_product_filter_descriptions
Column Type Null Default Comments
filter_id int(11) No Primary
Value varchar(255) No Translatable
language_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
filter_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 0 A No
d

abc_product_filter_ranges
Column Type Null Default Comments
range_id int(11) No Primary

82
feature_id int(11) Yes NULL Foreign
filter_id int(11) No Foreign
From decimal(12,2) No 0.00 From Location
To decimal(12,2) No 0.00 To Location*
sort_order int(3) No 0 Sorting

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No range_id 0 A No Primay
from A No
From BTREE No No Source
to A No
filter_id BTREE No No filter_id A No Foreign
feature_id BTREE No No feature_id A Yes Foreign

abc_product_filter_ranges_descriptions
Column Type Null Default Comments
range_id int(11) No Primary
Name varchar(255) No Translatable
language_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
range_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 0 A No
d

abc_product_filters
Column Type Null Default Comments
filter_id int(11) No Primary
filter_type char(1) No Type of Filter
categories_hash text No Categories
feature_id int(11) Yes NULL Foreign

83
sort_order int(3) No 0 Sorting
Status smallint(1) No 0 Current Status

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No filter_id 0 A No Primary
feature_id BTREE No No feature_id A Yes Foreign

abc_product_option_descriptions
Column Type Null Default Comments
product_option_id int(11) No Primary
language_id int(11) No Foreign
product_id int(11) No Foreign
Name varchar(255) No Translatable
option_placeholder varchar(255) Yes Translatable
error_text varchar(255) No Translatable

Indexes

Uniq Pack Cardina Collat Nu Comm


Keyname Type Column
ue ed lity ion ll ent
product_opti
BTR A No Primar
PRIMARY Yes No on_id
EE y
language_id 0 A No
ac_product_option_descri BTR Foreig
No No product_id A No
ptions_idx EE n

abc_product_option_value_descriptions
Column Type Null Default Comments
product_option_value_id int(11) No Primary
language_id int(11) No Foreign
product_id int(11) No Foreign
Name Text Yes NULL Translatable
grouped_attribute_names Text Yes NULL Grouping of Attribute Names

84
Indexes

Typ Uni Pac Cardin Colla N Com


Keyname Column
e que ked ality tion ull ment
product_option N
A
BTR _value_id o Primar
PRIMARY Yes No
EE N y
language_id 0 A
o
ac_product_option_value_ BTR N Foreig
No No product_id A
descriptions_idx EE o n

abc_product_option_values
Column Type Null Default Comments
product_option_value_id int(11) No Primary
product_option_id int(11) No Foreign
product_id int(11) No Foreign
group_id int(11) No 0 Foreign
Sku varchar(255) Yes NULL Sku****
Quantity int(4) No 0 Quantity of Product
Subtract int(1) No 0 Subtract
Price decimal(15,4) No Price of Product
Prefix char(1) No Prefix
Weight decimal(15,8) No Weight of Product
weight_type varchar(3) No Type of Weight
attribute_value_id int(11) Yes NULL Foreign
grouped_attribute_data Text Yes NULL Group of Attribute Data
sort_order int(3) No Sorting
Default smallint(6) Yes 0 Default

Indexes

Uniq Pack Cardin Collat Nu Comm


Keyname Type Column
ue ed ality ion ll ent
BTR product_option_v Primar
PRIMARY Yes No 0 A No
EE alue_id y
ac_product_option_v BTR product_option_i Foreig
No No A No
alues_idx EE d n

85
Uniq Pack Cardin Collat Nu Comm
Keyname Type Column
ue ed ality ion ll ent
product_id A No
group_id A No
attribute_value_i Ye
A
d s

abc_product_options
Column Type Null Default Comments
product_option_id int(11) No Primary
attribute_id int(11) No Foreign
product_id int(11) No Foreign
group_id int(11) No 0 Foreign
sort_order int(3) No 0 Sorting
Status int(1) No 1 Current Status
element_type char(1) No I Type of Element
Required smallint(1) No 0 Required Element
regexp_pattern varchar(255) No Pattern***
Settings Text Yes NULL Setting of Options

Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
BTR product_optio
PRIMARY Yes No 0 A No Primary
EE n_id
attribute_id A No
ac_product_option BTR
No No product_id A No Foreign
s_idx EE
group_id A No

abc_product_specials
Column Type Null Default Comments
product_special_id int(11) No Primary
product_id int(11) No Foreign
customer_group_id int(11) No Foreign

86
Priority int(5) No 1 Priority
Price of Special
Price decimal(15,4) No 0.0000
Product
date_start Date No 0000-00-00 Start Date
date_end Date No 0000-00-00 End Date
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
BTR product_specia
PRIMARY Yes No 8 A No Primary
EE l_id
product_id A No
ac_product_special BTR
No No customer_grou Foreign
s_idx EE A No
p_id

abc_product_tags
Column Type Null Default Comments
product_id int(11) No Primary
Tag varchar(32) No Translatable
language_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
product_id A No
PRIMAR BTRE tag A No
Yes No Primary
Y E language_i
0 A No
d

abc_products
Column Type Null Default Comments

87
product_id int(11) No Primary
Model varchar(64) No Model of Product
Sku varchar(64) No Sku****
Location varchar(128) No Location of Product
Quantity int(4) No 0 Quantity of Product
stock_status_id int(11) No Foreign
manufacturer_id int(11) No Foreign
Shipping int(1) No 1 Product Shipping
ship_individually int(1) No 0 Shipping Individually
free_shipping int(1) No 0 Free Shipping
shipping_price decimal(15,4) No 0.0000 Price of Shipping
Price decimal(15,4) No 0.0000 Price of Product
tax_class_id int(11) No Foreign
date_available Date No Available Date
Weight decimal(5,2) No 0.00 Weight of Product
weight_class_id int(11) No 0 Foreign
Length decimal(5,2) No 0.00 Length of Product
Width decimal(5,2) No 0.00 Width of Product
Height decimal(5,2) No 0.00 Height of Product
length_class_id int(11) No 0 Foreign
Status int(1) No 0 Current Status
Viewed int(5) No 0 Viewed
sort_order int(11) No 0 Sorting
Subtract int(1) No 1 Subtract
Minimum int(11) No 1 Minimum Quantity*
Maximum int(11) No 0 Maximum Quantity
Cost decimal(15,4) No 0.0000 Cost
call_to_order smallint(6) No 0 Call to Ordering
settings Longtext Yes NULL Setting of Order
date_added Timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified Timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniq Packe Cardinal Collati Nu Comme


Keyname Type Column
ue d ity on ll nt

88
Uniq Packe Cardinal Collati Nu Comme
Keyname Type Column
ue d ity on ll nt
BTRE
PRIMARY Yes No product_id 0 A No Primary
E
stock_status_
A No
id
manufacturer
A No
BTRE _id
ac_products_idx No No Foreign
E weight_class
A No
_id
length_class_
A No
id
product_id A No
ac_products_status BTRE status A No
No No Foreign
_idx E date_availabl
A No
e

abc_products_featured
Column Type Null Default Comments
product_id int(11) No 0 Primary

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No product_id 8 A No Primary

abc_products_related
Column Type Null Default Comments
product_id int(11) No Primary
related_id int(11) No Foreign

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


product_id A No
PRIMARY BTREE Yes No Primary
related_id 0 A No

89
abc_products_to_categories
Column Type Null Default Comments
product_id int(11) No Primary
category_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
product_id A No
PRIMAR BTRE
Yes No category_i Primary
Y E 0 A No
d

abc_products_to_downloads
Column Type Null Default Comments
product_id int(11) No Primary
download_id int(11) No Foreign

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
product_id A No
PRIMAR BTRE
Yes No download_i Primary
Y E 0 A No
d

abc_products_to_stores
Column Type Null Default Comments
product_id int(11) No Primary
store_id int(11) No 0 Foreign

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No product_id A No Primary

90
Keyname Type Unique Packed Column Cardinality Collation Null Comment
store_id 0 A No

abc_resource_descriptions
Column Type Null Default Comments
resource_id int(10) No 0 Primary
language_id int(11) No Foreign
Name varchar(255) Yes Translatable
Title varchar(255) Yes Translatable
description text Yes NULL Translatable
resource_path varchar(255) Yes NULL Path of Resource
resource_code text Yes NULL Code of Resource
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
resource
A No
BTR _id Primar
PRIMARY Yes No
EE language y
99 A No
_id
resource
A No
ac_resource_descriptions_ BTR _id
No No Foreign
name_idx EE Ye
Name A
s
resource
A No
ac_resource_descriptions_t BTR _id
No No Foreign
itle_idx EE Ye
Title A
s

abc_resource_library
Column Type Null Default Comments
resource_id int(11) No Primary
type_id int(11) No Foreign

91
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinali Collatio Nul Comme


Keyname Type Column
e d ty n l nt
BTRE resource_
PRIMARY Yes No 98 A No Primary
E id
resource_
ac_resource_library BTRE A No
No No id Foreign
_idx E
type_id A No

abc_resource_map
Column Type Null Default Comments
resource_id int(11) No Primary
object_name varchar(40) No Name of Object
object_id int(11) No Foreign
Default tinyint(1) No 0 0-no, 1-Yes
sort_order int(3) No 0 Sorting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniq Pack Cardinal Collati Nu Comme


Keyname Type Column
ue ed ity on ll nt
resource_
A No
id
BTR
PRIMARY Yes No object_na Primary
EE A No
me
object_id 11 A No
resource_
A No
ac_resource_map_sorti BTR id
No No Foreign
ng_idx EE sort_orde
A No
r

92
abc_resource_types
Column Type Null Default Comments
type_id int(11) No Primary
type_name varchar(40) No Name of Resource Type
default_directory varchar(255) No Default Directory of Resource Type
default_icon varchar(255) Yes NULL Default Icon Resource Type
file_types varchar(40) No Types of File
access_type tinyint(1) No 0 0-Public, 1-Secured

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No type_id 6 A No Primary
type_id A No
group_id BTREE No No Foreign
type_name A No

abc_reviews
Column Type Null Default Comments
review_id int(11) No Primary
product_id int(11) No Foreign
customer_id int(11) No Foreign
author varchar(64) No Author of Reviews
text longtext No Text of Reviews
rating int(1) No Rating of Reviews
status int(1) No 0 Current Status
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
BTRE
PRIMARY Yes No review_id 0 A No Primary
E
ac_reviews_id BTRE No No product_id A No Foreign

93
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
x E customer_i
A No
d

abc_settings
Column Type Null Default Comments
setting_id int(11) No Primary
store_id int(11) No 0 Foreign
group varchar(32) No Group of Setting
Key varchar(64) No Key of Setting
value text No Value of Setting
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Comme


Keyname Type Column
e d y n l nt
setting_i
A No
d
PRIMARY BTREE Yes No store_id A No Primary
Group A No
Key 214 A No
ac_settings_i FULLTEX
No No Value 1 No Foreign
dx T

abc_stock_statuses
Column Type Null Default Comments
stock_status_id int(11) No Primary
language_id int(11) No Foreign
name varchar(32) No Translatable

94
Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
stock_status_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 3 A No

abc_store_descriptions
Column Type Null Default Comments
store_id int(11) No Primary
language_id int(11) No Foreign
description Longtext No Translatable
Title Longtext No Translatable
meta_description Longtext No Translatable
meta_keywords Longtext No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
store_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 0 A No
d

abc_stores
Column Type Null Default Comments
store_id int(11) No Primary
name varchar(64) No Name of Store
alias varchar(15) No Alias of Store
status int(1) No Current Status

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No store_id 1 A No Primary

95
abc_task_details
Column Type Null Default Comments
task_id int(11) No Primary
created_by varchar(255) Yes Creator of Task
settings longtext Yes NULL Setting of Task
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No task_id 0 A No Primary

abc_task_steps
Column Type Null Default Comments
step_id int(11) No Primary
task_id int(11) No Foreign
sort_order int(11) Yes 0 Sorting
0 - disabled, 1 -
ready, 2 - running,
status int(11) Yes 0 3 - failed, 4 -
scheduled, 5 –
completed
Last Time of
last_time_run timestamp No 0000-00-00 00:00:00
Running
1 - success, 0 –
last_result int(11) No 0
failed
Maximum
max_execution_time int(11) Yes 0
Execution Time
controller varchar(255) Yes Controller of Task
settings longtext Yes NULL Setting of Task
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

96
Indexes

Uniqu Packe Colum Cardinalit Collatio Nul Commen


Keyname Type
e d n y n l t
BTRE
PRIMARY Yes No step_id 0 A No Primary
E
task_steps_id BTRE
No No task_id A No Foreign
x E

abc_tasks
Column Type Null Default Comments
task_id int(11) No Primary
name varchar(255) No Name of Task
0 - storefront, 1 -
starter int(11) Yes NULL
admin side, 2 – any
0 - disabled, 1 -
ready, 2 - running,
status int(11) Yes 0 3 - failed, 4 -
scheduled, 5 –
completed
start_time datetime Yes NULL Start Time
last_time_run timestamp No 0000-00-00 00:00:00 Last Time of Run
percentage of
progress int(11) No 0
progress
1 - success, 0 –
last_result int(11) No 0
failed
interval in seconds
run_interval int(11) No 0 since last run, 0 -
without interval
Maximum
max_execution_time int(11) Yes 0
Execution Time
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniqu Packe Colum Cardinalit Collatio Nul Commen


Keyname Type
e d n y n l t

97
Uniqu Packe Colum Cardinalit Collatio Nul Commen
Keyname Type
e d n y n l t
BTRE
PRIMARY Yes No task_id 0 A No Primary
E
task_name_id BTRE
Yes No name 0 A No Foreign
x E

abc_tax_class_descriptions
Column Type Null Default Comments
tax_class_id int(11) No Primary
language_id int(11) No Foreign
title varchar(128) No Translatable
description varchar(255) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
tax_class_i
A No
PRIMAR BTRE d
Yes No Primary
Y E language_i
1 A No
d

abc_tax_classes
Column Type Null Default Comments
tax_class_id int(11) No Primary
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE tax_class_i
Yes No 1 A No Primary
Y E d

98
abc_tax_rate_descriptions
Column Type Null Default Comments
tax_rate_id int(11) No Primary
language_id int(11) No Foreign
description varchar(255) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
tax_rate_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 1 A No
d

abc_tax_rates
Column Type Null Default Comments
tax_rate_id int(11) No Primary
location_id int(11) No 0 Foreign
zone_id int(11) Yes 0 Foreign
tax_class_id int(11) No Foreign
Priority int(5) No 1 Priority
Rate decimal(15,4) No 0.0000 Rate of Tax
rate_prefix char(1) No % Rate of Prefix
Condition of
threshold_condition char(2) No
Threshold
threshold decimal(15,4) No 0.0000 Threshold
tax_exempt_groups Text Yes NULL Tax Exempt Group
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
Date of
date_modified timestamp No CURRENT_TIMESTAMP
Modification

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMARY BTRE Yes No tax_rate_id 1 A No Primary

99
Uniqu Packe Cardinalit Collatio Nul Commen
Keyname Type Column
e d y n l t
E
location_id A No
ac_tax_rates_i BTRE zone_id A Yes
No No Foreign
dx E tax_class_i
A No
d

abc_url_aliases
Column Type Null Default Comments
url_alias_id int(11) No Primary
Query varchar(255) No Request
Keyword varchar(255) No Translatable
language_id int(11) No 1 Foreign

Indexes

Uniqu Packe Cardinali Collatio Nul Comme


Keyname Type Column
e d ty n l nt
BTRE url_alias_i
PRIMARY Yes No 4 A No Primary
E d
Keyword A No
ac_url_aliases_id BTRE
Yes No language_ Foreign
x E 4 A No
id
Query A No
ac_url_aliases_id BTRE
Yes No language_ Foreign
x2 E 4 A No
id

abc_user_groups
Column Type Null Default Comments
user_group_id int(11) No Primary
Name varchar(64) No Name of User Group
permission longtext No Permission
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

100
Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE user_group_i
Yes No 2 A No Primary
Y E d

abc_user_notifications
Column Type Null Default Comments
user_id int(11) No Primary
store_id int(11) No Foreign
Section tinyint(1) No 1 - admin, 0 – storefront
sendpoint varchar(255) No Send Point of User
Protocol varchar(30) No Transmission Protocol
Uri text No Uri****
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


user_id A No
store_id A No
PRIMARY BTREE Yes No section A No Primary
sendpoint A No
protocol 0 A No

abc_users
Column Type Null Default Comments
user_id int(11) No Primary
user_group_id int(11) No Foreign
username varchar(20) No User Name
Salt varchar(8) No Salt
password varchar(40) No User Password
firstname varchar(32) No User First Name

101
Lastname varchar(32) No User Last Name
Email varchar(96) No E-mail
Status int(1) No Current Status
Ip varchar(50) No IP Address*
last_login datetime No 0000-00-00 00:00:00 User Last Login
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Keyname Type Unique Packed Column Cardinality Collation Null Comment


PRIMARY BTREE Yes No user_id 1 A No Primary

abc_weight_class_descriptions
Column Type Null Default Comments
weight_class_id int(11) No Primary
language_id int(11) No Foreign
Title varchar(32) No Translatable
Unit varchar(4) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
weight_class_i
PRIMAR BTRE A No
Yes No d Primary
Y E
language_id 4 A No

abc_weight_classes
Column Type Null Default Comments
weight_class_id int(11) No Primary
Value decimal(15,8) No 0.00000000 Value of Weight

102
Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMAR BTRE weight_class_i
Yes No 4 A No Primary
Y E d

abc_zone_descriptions
Column Type Null Default Comments
zone_id int(11) No Primary
language_id int(11) No Forreign
Name varchar(128) No Translatable

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
zone_id A No
PRIMAR BTRE
Yes No language_i Primary
Y E 3934 A No
d

abc_zones
Column Type Null Default Comments
zone_id int(11) No Primary
country_id int(11) No Foreign
Code varchar(32) No Zone Code
Status int(1) No 1 Current Status
sort_order int(3) No 0 Sorting

Indexes

Uniqu Packe Cardinalit Collatio Nul Commen


Keyname Type Column
e d y n l t
PRIMARY zone_id A No
BTRE
l Yes No country_i Primary
E 3934 A No
h d

103
abc_zones_to_locations
Column Type Null Default Comments
zone_to_location_id int(11) No Primary
country_id int(11) No Foreign
zone_id int(11) No 0 Foreign
location_id int(11) No Foreign
date_added timestamp No 0000-00-00 00:00:00 Date of Addition
date_modified timestamp No CURRENT_TIMESTAMP Date of Modification

Indexes

Uniq Pack Cardina Collati Nu Comm


Keyname Type Column
ue ed lity on ll ent
BTR zone_to_locati
PRIMARY Yes No 65 A No Primary
EE on_id
country_id A No
ac_zones_to_locatio BTR
No No zone_id A No Foreign
ns_idx EE
location_id A No

2.1.3.2. Virtual Bank Database

Accounts

Field Type Null Default Comments


vcc_id int(12) No Virtual Credit Card ID (Index)
customer_ID int(4) No Customer ID (Primary)
Current_amount int(12) No Current Amount
customer_addr char(20) No Customer Address
phone int(20) No Phone Number
E_mail varchar(25) No E_mail
vcard

Field Type Null Default Comments


vc_id int(12) No Virtual Card ID (Primary)
Issuing_date Date No Issuing Date

104
Exp_date Date No Expire Date
V_card_activation int(1) No 0 Virtual Card Activation

4.2.2. User Interface Design

Before implementing the actual design of the project, a few user interface
designs were constructed to visualize the user interaction with the system as
they browse for Products, create a shopping cart and purchase Products.

4. 2.3. Implementation Technologies

The objective of this project is to develop a secure B2B application when the
user types in the URL website in the address field of the browser, a Web
Server is contacted to get the requested information.

4.2.4. Software and Tools:

 Web Server

Running ubuntu 16.10 as an operating system, with apache 7.0.

 DB Server

MySQL 5.7.17 for the website, and MySQL (windows 7) 5.0.51B for bank
db-server, this server connects only to the IMA DB sever.

4.2.5. Security Policy

4.2.5.1. Introduction

In business, a security policy is a document that states in writing how a


company plans to protect the company's physical and information
technology (IT) assets. A security policy is often considered to be a "living
document", meaning that the document is never finished, but is continuously
updated as technology and employee requirements change. A company's
security policy may include an acceptable use policy, a description of how
the company plans to educate its employees about protecting the company's
assets, an explanation of how security measurements will be carried out and

105
enforced, and a procedure for evaluating the effectiveness of the security
policy to ensure that necessary corrections will be made.
This Security Policy shall be reviewed at the time of any change in the
IT environment or once every year, whichever is earlier. The review shall be
carried out for assessing the following:
1-Impact on the risk profile due to, but not limited to, the changes in the
deployed technology, network security architecture, regulatory and /or legal
requirements.

2-The effectiveness of the security controls specified in the policy.

As a result of the review, the existing policy may be updated or modified.

 Scope

This policy applies to the use of information, electronic and computing


devices, and network resources to conduct IMA business or interacts with
internal networks and business systems, whether owned or leased by IMA,
the employee, customer, or a third party. All employees, contractors, and
other parties at IMA and its subsidiaries are responsible for exercising good
judgment regarding appropriate use of information, electronic devices, and
network resources in accordance with IMA policies and standards, and local
laws and regulation. Exceptions to this policy are documented.

This policy applies to employees, contractors at IMA, including all


personnel affiliated with third parties. This policy applies to all equipment
that is owned or leased by IMA.

4.2.5.2. Physical Security Recommendations


Physical security is the protection of personnel, hardware, software,
networks and data from physical actions and events that could cause serious
loss or damage to an enterprise, agency or institution. This includes
protection from fire, flood, natural disasters, burglary, theft, vandalism and
terrorism.

106
4.2.5.3. Consider the following list of guidelines when you develop a
security policy for your site:
 Restrict access to the systems that are configured with Trusted
Extensions. The most secure locations are generally interior rooms that
are not on the ground floor.
 Monitor and document access to systems that are configured with
Trusted Extensions.
 Secure computer equipment to large objects such as tables and desks to
prevent theft. When equipment is secured to a wooden object, increase
the strength of the object by adding metal plates.
 Consider removable storage media for sensitive information. Lock up all
removable media when the media are not in use.
 Store system backups and archives in a secure location that is separate
from the location of the systems.
 Restrict physical access to the backup and archival media in the same
manner as you restrict access to the systems.
 Install a high-temperature alarm in the computer facility to indicate
when the temperature is outside the range of the manufacturer's
specifications. A suggested range is 10°C to 32°C (50°F to 90°F).
 Install a water alarm in the computer facility to indicate water on the
floor, in the subfloor cavity, and in the ceiling.
 Install a smoke alarm to indicate fire, and install a fire-suppression
system.
 Install a humidity alarm to indicate too much or too little humidity.
 Consider TEMPEST shielding if machines do not have it. TEMPEST
shielding might be appropriate for facility walls, floors, and ceilings.
 Allow only certified technicians to open and close TEMPEST equipment
to ensure its ability to shield electromagnetic radiation.

107
 Check for physical gaps that allow entrance to the facility or to the
rooms that contain computer equipment. Look for openings under raised
floors, in suspended ceilings, in roof ventilation equipment, and in
adjoining walls between original and secondary additions.
 Prohibit eating, drinking, and smoking in computer facilities or near
computer equipment. Establish areas where these activities can occur
without threat to the computer equipment.
 Protect architectural drawings and diagrams of the computer facility.
 Restrict the use of building diagrams, floor maps, and photographs of the
computer facility.
4.2.5.4. Usage Policy

Is a document stipulating constraints and practices that a user must agree to


for access to a corporate network or the Internet.

Many businesses facilities require that employees, customer or third party to


sign an acceptable use policy before being granted a network ID

The information provided to the B2B e commerce application during


application process is protected in transit by using a network protocol called
Secure Sockets Layer (SSL). SSL is the industry standard technology for
secure online transactions. A simple way to know your transmission is
protected is by referencing the URL. If it starts with https:// you can be
assured that it is using SSL. Transactions are processed only from secure
browsers. These browsers encrypt the information sent using SSL, which
scrambles the data to make it extremely difficult for anyone who intercepts
the information to read it. B2B application has associated with an e-banking
system for the goal of protecting customer’s personal and financial
information. Transmissions from this e-banking system also are encrypted
and sent via dedicated leased private circuits. In addition, the computers
housing the data are protected by physical security measures, including more
than one level of locked access.
All information provided during the application process or payment process
including (company name, address, public email, phone number and e-bank
account number), is not shared, sold or rented to any outside parties.

108
-Safeguarding Information

To minimize the risk of loss and/or additional expenses that could occur
from compromised account information, B2B application will not retain any
of the following information electronically:
 E-bank account number.
 Associated private information of the company.
 Protection of information is important to B2B, and as a result, payment
via email is not accepted.
 B2B protects against unauthorized disclosures by limiting access only to
those of account holders who need the information to do their jobs.

- Access Control Policy (Based on Users Roles).

Access control is a security technique that can be used to regulate who or


what can view or use resources in a computing environment.

There are two main types of access control: physical and logical. Physical
access control limits access to campuses, buildings, rooms and physical IT
assets. Logical access limits connections to computer networks, system files
and data.

The four main categories of access control are:

 Mandatory access control


 Discretionary access control
 Role-based access control
 Rule-based access control

Access control systems perform authorization identification, authentication,


access approval, and accountability of entities through login credentials
including passwords, personal identification numbers (PINs), biometric
scans, and physical or electronic keys.

4.2.5.5. Password Policy

Set of rules designed to enhance computer security by encouraging users to


employ strong passwords and use them properly.

109
Password policy is offend part of an organization official regulation and may
be thought as part of security awareness training, the following policies are
applied for each component of the application based on users roles.

-Administrative Passwords

Administrative passwords are subject to stringent composition, frequent


change, and limited access. This includes passwords for routers, switches,
WAN links, firewalls, servers, Internet connections, administrative-level
network operating system accounts, and any other IT resource.

Passwords for administrative resources must meet the following criteria:

 Passwords must not be shared


 Passwords should not be written down
 Passwords will expire every 40 days

- User as Customer and Third Party

 Usernames and passwords must not be shared by users


 All users will have an alphanumeric password of at least 8 characters,
and single special character.
 All accounts will be assigned a password of a minimum of 8 characters,
At least one character should be in upper case.

- User as Client

 Passwords must meet the following criteria:


 Password may not contain all or part of the user's account name.
 Password is at least six characters long.
 Password contains characters from three of the following four
categories:
o English uppercase characters (A...Z)
o English lowercase characters (a...z)
o Base 10 digits (0...9)

No alphanumeric (exclamation point [!], dollar sign [$], pound sign [#],
percent sign [%], etc.)

110
4.2.5.6. Database Security Policy

The key to any successful database security policy is to know why you're
protecting each database, which databases to protect, and how to best secure
data against all types of threats keeping various compliance regulations such
as SOX, HIPAA, PCI DSS, GLBA and European Union directives in mind.
In recent research, Forrester recommends that enterprises build a
comprehensive database security strategy on the following three pillars:

 Build a strong foundation with authentication, authorization, access


control, discovery and classification, and patch management.
 Take preventative measures with data masking, encryption and change
management.
 Establish database intrusion detection with auditing, monitoring and
vulnerability assessment.

-The server hosting the database must comply with the Client Computing
Security Standard (CCSS) and Critical Server Security Standard (CSSS). All
servers that host databases, database services, or database applications and
that have been deemed “critical” based on the criteria in the Critical Server
Security Standard (CSSS) must comply with this standard.
-This standard applies to all servers that have been deemed “critical” based
on the following criteria:
 It contains or serves Restricted Data, as defined in the Data Governance
& Classification Policy.
 Loss of service carries a significant financial liability, including grants
and/or contracts.
 Loss of service results in a significant negative impact(s) for the unit or
for the reputation of the B2B application.
-Network and Firewalls Special considerations are required when
configuring network and host based firewalls to protect database servers,
which go beyond the requirements specified in the Critical Server Security
Standard (CSSS).

-Restricted Data Sometimes Restricted Data must be stored in database


servers for use in search or other functions.

111
-Auditing and Monitoring Database servers that meet the requirements of
this standard or contain Restricted Data and as a result administrators are
responsible for knowing what data is locate on their servers.

112
5.1. Test-bed Design
The test execution environment configured for testing on this project,
consists of specific hardware (Router, server and external cloud server),
software (apache, mysql, mod-security, and open-SSL), Operating system
(ubuntu Linux), network configuration (NAT, firewall, and port forwarding),
the product under test, other system software and application software.

5.2. Network Environment


The network for this project consists of three servers and a gateway router
connected to the Internet these components as follow:

5.3. DB Servers
5.3.1. MySQL Database
In this project, MySQL is used as the backend database, due to:

1. MySQL is open source database system.


2. It is fast, reliable and easy to use.
3. Compatibility
4. Additional security components ( privileges )

5.3.2. Database Servers Consistent of :


• Integrated DB server with web server
• Virtual bank DB server

5.4. Web Server


Ubuntu was selected as a web server because it surpasses windows server in
various features as follow:[11]

Table 5.1

Ubuntu Windows
Open source Closed source
Does not support executable files (.exe), mostly Support executable files (.exe), susceptible
it is virus free OS for virus threats.
Can also work as server Does not support server.
Supports multiple desktop environment Does not supports multiple desktop
environment

113
Has its own software manager Does not has its own software manager
Higher security Less security

5.5. Apache Server


Apache server 2.4 has been used to run the website instead of IIS because of

 IIS only runs on Windows while Apache is a cross platform


application.[12]
 The Windows OS is prone to security risks.[12]

5.6. Gateway Router


Sony Ericsson special purpose Home Router (limited security features
included)

5.6.1. Network Topology

Figure 5.1

5.7. Website Implementation


Any user can register and view available products, only registered member
can purchase products regardless of quantity, Contact Us page is available to
contact Admin for queries.

There are three types of users available: Visitor, User and Admin.
114
 Visitor can view available products.
 User can view and purchase products.
 An Admin has some extra privilege including all privilege of visitor and
user.
Admin can add products, edit product information and add/remove product.
Admin can add user, edit user information and can remove user. Admin can
ship order to user based on order placed by sending confirmation mail.

5.8. Web Pages Details


 Home Page
 Contact Us Page
 Preview Page
 About Us Page
 Register Page
 Customer Login Page
 Admin Login page
 Admin Page
 Success URL
 Failed URL
 Products Page
 User Track

5.9. Project Detail

Browser WEB-server Website

DB

V-bank
DB
DB

Figure 5.2

115
5.10. Implementing Security Design
5.10.1. Network Security Configurations

 IP-NAT configuration
 Firewall
 DOS detection

5.10.2. Servers

These are the configurations that was applied on the servers to implement
security for this application.

5.10.3. Information Leakage


In default Apache configuration have much sensitive information
disclosures, which can be used to prepare for an attack. It’s one of the most
critical tasks for an administrator to understand and secure them. As per
report by Cenzic, 16% of vulnerability is found in Info leakage. We require
some tool to examine HTTP Headers for verification.

5.10.4. Remove Server Version Banner


This will help to prevent exposing what web server version that running.
Exposing version means helping hacker to speedy the reconnaissance
process. The default configuration will expose Apache Version and OS type
as shown below.

Figure 5.3

5.10.4.1. Implementation
The below configuration should be add to httpd.conf or apache2.conf within
the server

116
Server Tokens Prod
Server Signature Off

Server Signature will remove the version information from the page
generated like 403, 404, 502, etc. by apache web server. Server Tokens will
change Header to production only, i.e. Apache

5.10.4.2. Verification
After changing the default configuration, the response header should not
content information about the server.

Figure 5.4

Figure 5.5

5.11. Disable Directory Browser Listing


Disable directory listing in a browser so the visitor doesn’t see what all file
and folders under root or subdirectory. The default settings.

5.11.1. Implementation
The following options should be added to httpd.conf or apache2.conf as
shown below

<Directory /opt/apache/htdocs>
Options None

117
Order allow, deny
Allow from all
</Directory>

5.11.2. Verification
Browser should not disclose any directory content and the following error
massage should appear and also custom error massage can be configured as
shown in figure (5.6).

Figure 5.6

5.12. E-tag
It allows remote attackers to obtain sensitive information like inode number,
multipart MIME boundary, and child process through e-tag header. To
prevent this vulnerability.

5.12.1. Implementation
The following option should be added to httpd.conf file or apache2.conf

FileETag None
5.12.2. Verification
The response header from the server should not content e-tag option as
shown in figure (5.7)

118
Figure 5.7

5.13. Authorization
5.13.1. Run Apache from Non-privileged Account
Default apache configuration is to run as nobody or daemon. a separate non-
privileged user for Apache should be configured. The purpose is to protect
other services running in case of any security hole.

5.13. 2. Implementation
The figure shows the commands used to create users with system privileges

#groupadd apache
# useradd –G apache apache

Change apache installation directory ownership to newly created non-


privileged user

# chown –R apache: apache /opt/apache

User apache
Group apache
5.13. 3. Verification
Figure (5.8) shows the privileges assigned for the new user

# ps –ef |grep http

119
Figure 5.8

5.14. Protect Binary and Configuration Directory Permission


By default, permission for binary and configuration is 755 that mean any
user on a server can view the configuration.

5.14.1. Implementation
The following command will limits the user permissions on the specified
directories
# chmod –R 750 bin conf
5.14.2. Verification:
As shown in figure (5.9) both bin/ and conf/ directories have only read
permission.

Figure 5.9

5.15. System Settings Protection


In a default installation, users can override apache configuration using
.htaccess file. to stop users changing apache server settings, this options was
configured (AllowOverride None) as shown below. This was done at the
root level.

5.15.1. Implementation
<Directory />
Options -Indexes
AllowOverride None
</Directory>

120
5.16. HTTP Request Methods
HTTP 1.1 protocol support many request methods which may not be
required and some of them are having potential risk. Typically just GET,
HEAD, POST request methods are needed in a web application, which can
be configured in the respective Directory directive. Default apache
configuration support OPTIONS, GET, HEAD, POST, PUT, DELETE,
TRACE, CONNECT method in HTTP 1.1 protocol.

5.16.1.Implementation
To the HTTP methods the following options was added .htaccess in the
website directory
<LimitExcept GET POST HEAD>
deny from all
</LimitExcept>
5.17. Web Application Security
Apache web server misconfiguration or not hardened properly can exploit
web application.

5.17. 1. Disable Trace HTTP Request


By default Trace method is enabled in Apache web server. Having this
enabled can allow Cross Site Tracing attack and potentially giving an option
to a hacker to steal cookie information.

First the server was tested against TRACE re request using telnet with
listening port, The following show the TRACE request for the server

#telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TRACE / HTTP/1.1 Host: test
HTTP/1.1 200 OK
Date: Sat, 31 Aug 2013 02:13:24 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: message/http 20
TRACE / HTTP/1.1
Host: test 0
Connection closed by foreign host.
121
#

In above TRACE request it has responded the query.

5.17.2. Implementation
In order to avoid the risk of the trace request the following option was
disabled in httpd.conf file

TraceEnable off

5.17. 3. Verification
The server was tested after implementing the previous option and the
TRACE request as shown below

#telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
TRACE / HTTP/1.1 Host: test
HTTP/1.1 405 Method Not Allowed
Date: Sat, 31 Aug 2013 02:18:27 GMT
Server: Apache Allow:
Content-Length: 223
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head> <title>405 Method Not Allowed</title>
</head><body> <h1>Method Not Allowed</h1>
<p>The requested method TRACE is not allowed for
the URL /.</p> </body></html>
Connection closed by foreign host.
#

In above TRACE request it has blocked the request with HTTP 405 ethod
Not Allowed, this web server doesn’t allow TRACE request and help in
blocking Cross Site Tracing attack.

122
5.18. Set Cookie with Http Only and Secure Flag
To mitigate most of the common Cross Site Scripting attack using HttpOnly
and Secure flag in a cookie. Without having HttpOnly and Secure, it is
possible to steal or manipulate web application session and cookies.

5.18.1. Implementation
In order to implement Http Only and Secure flag the following options was
added to in httpd.conf file this option requires mod_header to be enabled on
the server.

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

5.18.2. Verification
As shown in figure (5.10) Set-Cookie is flagged with Http Only and Secure.

Figure 5.10

5.19. Clickjacking Attack


Clickjacking is well-known web application vulnerabilities.

5.19.1. Implementation
the following option will mitigate this type of attack , and should be
configured in httpd.conf or apache2.conf file as follow

Header always append X-Frame-Options SAMEORIGIN

123
5.19.2. Verification
The HTTP response headers X-Frame-Options was set to SAMEORGIN as
shown in figure (5.11) .

Figure 5.11

5.20. Server Side Include


Server Side Include (SSI) has a risk of increasing the load on the server.
Disabling SSI by adding Includes in Options directive. SSI attack allows the
exploitation of a web application by injecting scripts in HTML pages or
executing codes remotely.

5.20.1. Implementation

To disable server side include the following options was configured in


httpd.conf file

<Directory /opt/apache/htdocs>
Options –Indexes -Includes
Order allow,deny
Allow from all
</Directory>

5.21. X-XSS Protection


Cross Site Scripting (XSS) protection can be bypassed in many browsers.
And requires an option which can help the server to avoid it.

124
5.21.1. Implementation
The following header option was added to httpd.conf to avoid X-XSS

Header set X-XSS-Protection “1; mode=block”

5.21.2. Verification
The HTTP response header shows XSS Protection is enabled and a mode is
blocked as in figure (5.12).

Figure 5.12

5.22. Disable HTTP 1.0 Protocol


The older version of HTTP has security weakness related to session
hijacking. And should be disabled using mod-rewrite module.

5.22.1. Implementation
The following options was configured in ,htaccess file within the directory
to force using HTTP/1.1

125
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]

5.23. Timeout value configuration


By default Apache time-out value is 300 seconds, which can be a victim of
Slow Loris attack and DoS.

5.23.1. Implementation:
In order to shorten the server delay time the following command was added
to apache2.conf file

Timeout 60
5.24. SSL
Having SSL is an additional layer of. However, default SSL configuration
leads to certain vulnerabilities

5.24.1. Implementation
The following command used to generate self-signed certificate

openssl req -x509 -nodes -days 365 -newkey rsa:2048


-keyout localhost.key -out localhost.crt

The following command used to generate new CSR and private key

openssl req -out localhost.csr -new -newkey


rsa:2048 -nodes -keyout localhost.key

The following command used to Add Personal Cert, Signer Cert and Key
file in httpd-ssl.conf file under below directive

SSLCertificateFile # Personal Certificate


SSLCertificateKeyFile # Key File
SSLCACertificateFile # Signer Cert file

126
5.24.2. Verification
In order to check the validity configuration of the certificate, sslscan
command should be used with the specified host address as shown in
figure(5.13)

sslscan localhost | grep –i key

Figure 5.13

As shown in figure (12) SSL key is 2048 bit, which is stronger.

5.25. SSL Version


Older versions of SSL protocol have some vulnerabilities, though newer
version is used in this project.

5.25.1. Implementation
SSLProtocol directive was configured in httpd-ssl.conf to accept only TLS
1.0+ as shown below

SSLProtocol –ALL +TLSv1 +TLSv1.1 +TLSv1.2

5.25.2. Verification
The following command used to check the allowed version of SSL protocol

sslscan –no-failed localhost

5.26. Mod Security


Mod Security is an open-source Web Application Firewall, which can be
used with Apache. Was used as an additional security layer for the server, it
has multiple rules that deals with various type of threats, the Core Rules use
the following techniques:
127
 HTTP Protection – detecting violations of the HTTP protocol and a
locally defined usage policy
 Real-time Blacklist Lookups – utilizes 3rd Party IP Reputation
 Web-based Malware Detection – identifies malicious web content by
check against the Google Safe Browsing API.
 HTTP Denial of Service Protections – defense against HTTP Flooding
and Slow HTTP DoS Attacks.
 Common Web Attacks Protection – detecting common web
application security attack
 Automation Detection – Detecting bots, crawlers, scanners and another
surface malicious activity
 Integration with AV Scanning for File Uploads – detects malicious
files uploaded through the web application.
 Tracking Sensitive Data – Tracks Credit Card usage and blocks
leakages.
 Trojan Protection – Detecting access to Trojans horses.
 Identification of Application Defects – alerts on application
misconfigurations.
 Error Detection and Hiding – Disguising error messages sent by the
server.

128
6.1. Introduction

this chapter covers the security test and result of the application it contains
all the major parts as follow (network security test, Operating system
security test, servers security test, and client side security test), the test
conducted for this application follows the standard penetration testing
technique, Tools used for testing Nmap, Nikto, Hping(DoS).

6.2. Network security test

This section shows testing results for Network core device (Router). As
shown in figure (6.1) the initial Nmap scan for the router shows only two
open ports HTTP and Custom port for WPS control

Figure 6.1

129
Figure 6.2

As shown in figure (6.2) the final scan result for router provide miner
information about the router OS and its version along with apache version.

6.3. Servers Security Test


This section shows testing results for the main server and its application

Figure 6.3

130
As shown in figure (6.3) Nikto tool provide non useful information about the
server, taking in mind that the response came from port 443 which is HTTPS
the secure socket protocol.

Figure 6.4

As shown in figure (6.4) port 80 is closed so the server only accept request
on port 443

131
Figure 6.5

As shown in figure (6.5) SQL injection is handled correctly using PDO


prepare statement

6.4. Client Side security Test

This section shows the client browser request and response

Figure 6.6

132
As shown in figure (6.6) clickjacking and XSS vulnerabilities are handled via
apache header module

133
7.1. Conclusion
B2B application security is vital in e-commerce. Hesitation or scepticism in
transaction security over the Internet is a crucial issue needs to be taken care
seriously. In the aim of constructing secure B2B application one has to be
aware of the new security threats and vulnerabilities, security defense
technologies in order to achieve higher security rate, the key for implemtnting
security is to follow a Well-defiend security policy and apply the
implementation plan.

7.2. Limitations

Although the research has reached its aims, there were some limitations..

 Hardware availability.

7.3. Recommendations
The following recommendations are offered for related research in the E-
commerce application security.

 Network devices preferred to be Enterprise specialized equipments, in


addition to Network-based firewalls
 IDS/IPS software recommended to be installed on every server that
involved in the transaction
 Certificate authority recommended rather than self-signed certificate to
provide mode security based on user public and private keys.
 Web server recommended to be as a separate machine to increase its
performance and resource sharing also this might provide better control.

134
References
1. www.digitsmith.com/ecommerce-definition.html

2. David Basanta Gutiérrez, Lourdes Tajes Martínez Computer Science


Department, University of Oviedo

3. George M. Zinkhan, Richard T. Watson - University of Georgia,Pierre


Berthon - Bentley College and Leyland F. Pitt – Simon Fraser University,"
Electronic Commerce: The Strategic Perspective ", Zurich, Switzerland,
2008

4. Birger Gröblinghoff," B2B E-Commerce: The Future of Business


Transactions & Relationships ".

5. Tuula Lehtimäki, M.Sc. (Bus. Adm.), M.Sc. (Tech.) Jari Salo, Dr. (Bus.
Adm.) Heidi Hiltula, M.Sc. (Bus. Adm.)and Mikko Lankinen, student,"
Harnessing web 2.0 for business to business marketing - Literature review
and an empirical perspective from Finland ",Oulu University Press,2009.

6. QIZHI DAI AND ROBERT J. KAUFFMAN," B2B E-Commerce


Revisited: Leading Perspectives on the Key Issues and Research
Directions",Department of Information and Decision Sciences at the Carlson
School of Management, University of Minnesota, 2002.

7. Wu Yanyan," Research on e-commerce Security based on Risk


Management
Perspective", School of Computer and Information Engineering Harbin
University of Commerce, Harbin, China, 2014

8. information-technology promotion agency, Japan “Study on Security


Countermeasures on Commercial Sites"

9. Hitesh Malviya," Common Security Vulnerabilities in Online Payment


Systems", India, 2012

10. https://www.treefrog.ca

11. http://www.techulator.com/experts/3039-Fundamental-differences-
between-Ubuntu-and-Windows.aspx
135
12. http://www.differencebetween.net/technology/difference-between-iis-
and-apache/

136