In this case study, an ecommerce website is considered. In this website, when customers choose items of interest to purchase, they go to their shopping cart. When they are ready to proceed with their purchases, they click on Checkout button to pay for the items. At that point, the customer logs into the site to enable the site to retrieve their payment information.
(a) Let us assume that the shopping cart saves the associated items and prices on the server in a file. Specifically, for each customer a file is created. The website identifies the customers by their IP addresses.
Is this design vulnerable to a DoS attack? Explain why or why not. (2.5 marks)
(b) Now let us assume that the website stores a list of shopping cart items on the client side instead of server side. Every time that a user clicks on add-to-cart, the server sends all of the associated details such as item name, price, and quantity, combine them into a hidden HTML form field. Now, when the user clicks on Checkout, all of the past purchased items in the hidden form field are sent to the server through a Javascript magic. The server then joins them together into a list and presents the user with the corresponding total amount for payment.
- Is this design vulnerable to the DoS attack? Explain why or why not. (3 marks)
- Do you think this design is meeting the requirements of information security such as integrity? (2 marks)