Saturday, July 3, 2010

Business Auditing feature in WCS

IBM websphere commerce uses : WebSphere Commerce uses the industry standard Triple DES (data encryption standard)

This ensures that a third party using network-sniffing programs cannot snoop on the network when a user submits a password.
Passwords are never decrypted during the authentication process, as is the common security practice.
All user passwords are one-way hashed using the SHA-1 hashing scheme and encrypted using a 128-bit key based on the merchant key.

Business Auditing:

Business auditing is the capturing of the business logic and objects during a WebSphere Commerce operation.A report on business auditing is available in the Administration Console.

WebSphere Commerce business auditing records the information about the execution of business logic, such as the command, request, response, command context, and other information. For example, if a Customer Service Representative overrides a price for a particular ordered item within an order, this needs to be captured, and is useful to resolve any discrepancies between the price quoted to the customer and the customer's bill.

If an error occurs while executing any business logic, WebSphere Commerce attempts to execute the business logic, and this attempt is recorded to indicate that the request failed.

To use the business auditing feature, you must first enable it using Configuration Manager. By default, when you install WebSphere Commerce, the business auditing feature is already enabled. The WebSphere Commerce system captures the execution of specific business logic based on some default configuration. You can further customize which commands you want captured during a business audit (that is, enable existing or add new commands) by configuring the BusinessAuditDataCapture.xml file. The data captured by WebSphere Commerce system is stored in the BUSAUDIT table.

customization: BusinessAuditDataCapture.xml
enabling: For servers it is enabled using the configuration manager

Adding custom commands:
<AuditCommand eventType="MBR" command="com.custom.commands.CustomActivityControllerCmd" audit="true"/>
<AuditCommand eventType="MBR" command="com.custom.commands.CustomOrderSearchControllerCmd" audit="true"/>


  1. I dont specifically understand how it is 128 bit encryption when it is generated using a 64 bit merchant key. For a successful 128 bit encryption each bit in the key needs to be completely independent and cannot be replicated from a key of lower value.

  2. Great thoughts you got there, believe I may possibly try just some of it throughout my daily life.

    Management Audit