The Security Research On B/S Network Platform

With the revolution of information technology, the popularize of the price of computer hardware and sofeware and the request of the government for office automation, the electronic government system (e-government) has grown up greatly. The e-government not only improve the efficiency of the government operation, enhance the transparency of government service, realize the automation of government affairs but also raise the strength of supervision of public to government. The e-office system of the Department of Science and Technology of Ministry of Education is a typical e-government system. The system is developed by the Institute of Cyber Education Technology of Beijing University of Posts and Telecommunications. It is based on Browser/Server architecture, developed on the platform of J2EE. It has good ability of transplant and robust, rearch the demands of system. The e-office system can match the demands of customer on the function, but should be improved on the security of the system.Because the network environment is unsafe for the information on it, while the security of information on the e-office is very important, the security of system should be considered in particular.The paper narrates and analyzes how to set up a security e-office platform from five aspects. They include the theory of network security, the illustration of e-office, the analyze of e-office security demands, the setup of e-office platform by SSL/TLS providing security transmission, the design of user identity verification and file sharing security based on BJCA certificate. The first part is about the theory of network security technology, such as the basic of cryptography, commonly used crypt algorithm, PKI theory, X.509 certificate and the protocol of SSL(Security Socket Layer)/TLS(Transport Layer Security). The following is about the analyze of architecture and system security risk. Through the implement of SSL/TLS modules on the e-office, the security ability has been added on the platform. After analyze the system security modules and security...