PHP and MySQL Web Development - P63: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | 282 Chapter 13 E-commerce Security Issues A good guideline for writing your security policy is that it s like writing a set of functional requirements for software. The policy shouldn t talk about specific implementations or solutions but instead about the goals and security requirements in your environment. It shouldn t need to be updated very often. You should keep a separate document that sets out guidelines for how the requirements of the security policy are met in a particular can have different guidelines for different parts of your organization. This is more along the lines of a design document or a procedure manual that documents what is actually done in order to ensure the level of security that you require. Authentication Principles Authentication attempts to prove that somebody is actually who she claims to be. There are many possible ways to provide authentication but as with many security measures the more secure methods are more troublesome to use. Authentication techniques include passwords digital signatures biometric measures such as fingerprint scans and measures involving hardware such as smart cards. Only two are in common use on the Web passwords and digital signatures. Biometric measures and most hardware solutions involve special input devices and would limit authorized users to specific machines with these attached. This might be acceptable or even desirable for access to an organization s internal systems but takes away much of the advantage of making a system available over the Web. Passwords are simple to implement simple to use and require no special input provide some level of authentication but might be not be appropriate on their own for high security systems. A password is a simple and the system know your password. If a visitor claims to be you and knows your password the system has reason to believe he is you. As long as nobody else knows or can guess the password this is secure. Passwords .