350 rub
Journal Highly available systems №4 for 2016 г.
Article in number:
Information security of electronic trading platforms. Part 2. Software features
Authors:
V.P. Akimov - Dr. Sc. (Phys.-Math.), Professor, MGIMO University (Moscow) E-mail: V_Akimov55@mail.ru A.Yu. Danilenko - Ph. D. (Phys.-Math.), Head of Laboratory, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: danilenko@isa.ru M.A. Pashkin - Research Scientist, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: pashkin@isa.ru E.V. Pashkina - Research Scientist, Institute for Systems Analysis of FRC CSC RAS (Moscow) E-mail: pashkina@isa.ru
Abstract:
The present work continues a series of articles under the title «Information security of electronic trading platforms». Electronic trading platform is a kind of automated information systems (AIS), designed to automate the process of organizing electronic trading, from the point of view of a normal user ETP - is an Internet site on which operations are conducted, called the bids, and the online resource brings together in one informational and trade environment for sellers and buyers of various goods and services, and provides participants with a number of trading and services that increase the efficiency of their business. From the point of view of the classification of information and telecommunication systems of all ETP should be regarded as a classic high-availability system with a number of essential features, in particular, the need for interaction with the official site, the use of the register of unfair suppliers, a variety of algorithms, etc. The availability of services provided by trading platforms available to all software and hardware complex, including server hardware and software, communication channels, customer jobs. Typical ETP is based on the three-tier architecture: client workstation, server system, the database, while on the client workstation, as a rule, a standard Internet browser. Data exchange between the north and ETP client workstation usually occurs on open communication channels, for added protection of transmitted information can be used encryption using SSL/TLS protocol. Server ACT typical ETP is implemented in the form of one of the popular web-servers (Microsoft Internet Information Server, Apache, etc.) with additional modules that implement the application logic. Typically, these modules are written in a language PHP. PHP in this case is performed in the interpreter environment Web server process. The second most popular language for the Java application logic is in conjunction with its Tomkat web-server, but Java, as a rule, plays in the speed of the new software application logic that is very critical in the field of e-commerce. The demand of the various organizations on the development of the ETP will increase with time, which, in particular, is associated with a regular change in the regulatory framework: the three core Procurement Law adopted in the past seven years, not counting the bylaws and documents in related areas. Thus is formed the requirement to put the development of open source software for the ETP «on stream» with mandatory condition for the possibility of expansion of the functional area without a complete rewrite of the code, and without prejudice to the basic functionality, including the high availability of all its services.
Pages: 12-19
References