Nowadays web-based solutions are becoming increasingly popular due to their simplicity and platform independence, which is not limited to the Internet but private, local networks as well. Applications relying on novel web technologies and mixed programming environments require more attention than their traditional offline counterparts when security issues are considered.
Development of a web-based financial systems requires the extensive knowledge of the underlying technologies, including but not limited to the widespread discovery and identification of security risks and vulnerabilities. Risk analysis and careful implementation, which may also mean the evaluation and selection of different, more reliable methods, is also part of the overall development process. Besides security considerations usability, user friendliness and transparent functionality are also key factors during the course of planning. Web-based solutions necessitate the inclusion of a load balancing mechanism through the use of caching and effective execution of business operations on the different levels of the software.
In my thesis the planning and functional overview of the required modules of a general purpose financial software system is outlined, where all of the aforementioned aspects are taken into account. The four largest modules are the secure and customizable user account manager, the access restriction module, the template and document handling system and the mailbox, e-mail and SMS messenger module.
The planned system contains a full-fledged logging service in order to aid the discovery of attacks and vulnerabilities. Platform independence were not only considered in the case of clients but the server software as well. The system was implemented using the well-known PHP language, which has a widespread industrial application. The data access layer, which supports MySQL and MSSQL server technologies, provides an effective, query level independence from the underlying SQL server.
Certain modules of the system demanded various, auxiliary technological research and implementation as well. The messenger module uses its own SMTP client to send MIME formatted e-mails. In addition, the uploaded DOCX template files are converted to PDF format using a .NET WCF service and an automatic printing script is also completed.