HTML

abdomendebonairSecurity

Nov 2, 2013 (3 years and 9 months ago)

96 views

Electronic Commerce

Lecture 7

Infrastructure for EC

E
-
business Plan and Design

e
-
Consumers/e
-
Customers

Technology Infrastructure

Client
-

Server Relationship

computer

computer

HTTPd

HTTPd

Browser

HTML

DOC

Client

Server

Connectionless

(connect) request

Response (disconnect)

e
-
Consumers

Internet

TCP/IP

Needs

currencies

smartcard

Web

Server

HTTP

Form

Input (CGI)

A Simple HTML Form

...

<body>

<form method=“post” action=“subdir/cgi.program”>

...

<input type=“submit” value=“Button”>

</form>

</body>

Button

Overloading the Server

computer

HTTPd

HTML

DOC

Server

computer

HTTPd

Browser

computer

HTTPd

Browser

computer

HTTPd

Browser

.......

Clients

Limitations of CGI


Server does all the work


Quick response depends entirely on speed
of the server (and indirectly by the network
traffic)


Not changing on screen directly (on the
client’s side), only a newly generated
‘frame’ to effect the changes expected


Cartoons/Animation Vs Video Games

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Clients

Servers

HTML Form Based:



Capture Client’s
Input



Send to Server using
CGI to request for
Action



Wait for Response



Responds to CGI
Request



simple mailto:



simple
processing



simple capture,
store and process



capture,
update, extract
and process

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Clients

HTML + embedded functions

e.g.,

<HTML><HEAD>

<TITLE>e
-
Concierge</TITLE><head>

<SCRIPT LANGUAGE="JavaScript"
SRC="SelectCountryJavaScript2.js">

</SCRIPT>

</head>

<BODY BGCOLOR="#1A8CF1">…

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Clients

HTML + embedded functions

e.g.,
SelectCountryJavaScript2.js contains

function DisplayCountry(form)

{…

WhatDidYouSelect?=form.SelectCountry.
selectedIndex

switch(WhatDidYouSelect?) {


case 0 : // no selection


bad client


alert("Failed to Select a Country…”);
return; break;


case 1 : // whatever first option is


alert ("Thank you for selecting Hong
Kong");


// do something here…

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Clients



Reduce response time, traffic on the net
and of course, load on the Web server



Use for validation

4O vs 40

Age

Server validates and
responnds with a new
form

Validate by JS and
request for re
-
enter

Re
-
focus

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Clients

I have never done anything in VBScript, so…

http://msdn.microsoft/workshop/languages/clinic/vbsvjs.asp

The Way Java is/will be

Your

Lovely

Java

Program

javac

Java Compiler

for any platform

Byte

Code

JVM

JVM

JVM

JVM

Windows

95

Solaris

MacOS

Ultrix

Java Virtual Machine (JVM)


Java program (.java) is compiled (by javac)
to
byte
-
codes

(.class) of the
JVM


No memory layout (at compile time)


Class references are translated on the fly
during execution or by table lookup if used
before during runtime


Interpreted or compiled

CGI Scripts Vs Java


Java runs locally on the Client; servers are
smiling and can party all night


Java handles input and output locally, not
across the net


No more cartoons; instant update of images


Provide individuality on one ‘single web
page’: e.g., an
UNDO

key

CGI Scripts Vs Java (cont’d)


Java provides ‘the power’ for one to bring the
Web to any level the designer desires


Unless all existing and upcoming Web browsers
are Java
-
enabled, CGI will remain as an
interactivity tool


Java is not appropriate as a search engine since the
applet runs locally but the database resides ...


Java is not appropriate for surveys...

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Clients



Provides interactivity on the client side



In Java

Client
-
Side

Programming


JavaScript


VBScript


Applets


Clients

<applet code="MoveText.class" width="400" height="20">


<PARAM NAME=WIDTH VALUE="300">


<PARAM NAME=HEIGHT VALUE="25">


<PARAM NAME=FontSize VALUE="14">


<PARAM NAME=Message VALUE=“What”>

</applet>

What is the <applet> tag?


Specifies the size of the viewable area for the
applet’s activity


Where to get the .class files? Either from the
given CODEBASE or from the default server that
serves the HTML file. A socket is opened for that
purpose


Get the class file(s). CODEBASE is prefixed to
the ‘filename’ or the document base (where the
HTML file is) is used.


The class file is ‘retrieved’ as a MIME type file
(application/octet
-
stream)


Server
-
Side

Programming


SSI;
PHP3


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Servers



Remember this?

request

<html>

…..

Hidden value:
192347800

…..

</html>


SSI

Program


Response

Server
-
Side

Programming


SSI;
PHP3


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Servers



Remember this?

request

<html>

…..

Hidden value:
192347800

…..

</html>


SSI

Program


Response

Server
-
Side

Programming


SSI/
PHP3


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Servers

<HTML>

…<BODY>

<?


$today = getdate();


arsort($today);


for($value = reset($today); $value; $value
= next($today))


{



print(key($today));



print(" is ");



print($value);



print("<BR>
\
n");


}

?>

</BODY>

Server
-
Side

Programming


SSI/
PHP3


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Servers

<html>…

if(isset($zip)){


if(ereg("^([0
-
9]{5})(
-
[0
-
9]{4})?$", $zip))


{print("$zip is a valid ZIP code.<BR>
\
n");}


else


{print("<font color=red size=+1>$zip</font> is
<B>not</B> a valid ZIP code.<BR>Try Again
Please<br>
\
n");}


}

print("<FORM ACTION=
\
"php03.php3
\
">
\
n");

print("<INPUT TYPE=
\
"text
\
" NAME=
\
"zip
\
">
\
n");

print("<INPUT TYPE=
\
"Submit
\
" VALUE=
\
"Submit
Zip
\
">
\
n");

print("</FORM>
\
n");


Server
-
Side

Programming


SSI/PHP3


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Servers

<dir>

<applet code="MoveText.class" width="400"
height="20">


<PARAM NAME=WIDTH VALUE="300">


<PARAM NAME=HEIGHT VALUE="25">


<PARAM NAME=FontSize VALUE="14">

<!
--
#include virtual="/cgi
-
bin/cgiwrap?user=dse6770&script=inserttime.pl"
--
>

</applet>

</dir>

Server
-
Side

Programming


SSI/PHP3


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Servers

<HTML>

<HEAD><TITLE>Hello</TITLE></HEAD>

<BODY>

<H1>

<%

if (request.getParameter("name") == null) {


out.println("Hello World");

}

else {


out.println("Hello, " +
request.getParameter("name"));

}

%>

</H1>

</BODY></HTML>

SSInclude Servlets (SSIS)

<servlet


name=SERVLET_NAME


code=SERVLET.CLASS


codebase=PATH_TO_YOUR_SERVLET_CLASS


INIT_PARAM1=VALUE1


INIT_PARAM2=VALUE2


INIT_PARAM3=VALUE3…

>


<param name=PARAM1 value=PARAM_VALUE1


param name=PARAM2 value=PARAM_VALUE2…


>


</servlet>

SSI with Servlets


Include embedding of Servlets in HTML
documents


Named Servlets will be invoked in the
Server side (if they are not loaded)


Servlets process the SSInclude requests and
format necessary information to send along
the HTML at the point of invocation.

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets

Client
-
Side

Programming


JavaScript


VBScript


Applets


Servers



Server
-
side programs



Written in Java



http://java.sun.com/products/servlet/

Web Server

JVM

CGI
Program

CGI
Program

CGI life cycle

Java Servlet life cycle

JavaServer HTTP request flow

Why Use servlets Over CGI


Replacement of CGI


Servlets are written in Java


platform independent (write once run
everywhere)


Hardware independent (WinNT to Unix) without
compiling or changing anything.


Less resources intensive: CGI takes more
memory and time

Servlets over CGI


Persistent: They are loaded once, multiple
threads of the same servlet will handle
multiple client requests.


Fast: Servlets run must faster than CGI
scripts written in interpreted
languages(Perl).


More powerful database connectivity:
JDBC to connect to different Databases.


Extensible: since written in Java, brings all
benefits of Java (robust, Object Oriented…)

Servlets & Applets


Servlets can be thought of as applets since
they are loaded and run on a web server,
like applets are loaded and run on a Web
client.


Servlets don’t have a graphical interface but
they extend the functionality of the server
like applets extend the browser
environment.

Web Technology

Web

Server

Web

Client

Internet

Http
:
H
yper
T
ext
T
ransport
P
rotocol

Requests

Responses

Web
-
based Enterprise Computing


Client
-
server computing


ODBC
-

& JDBC
-

compliant


DBMS


Static vs Dynamic HTML
pages


Java


COM


CORBA


Drumbeaat 2000


X/Open


Informix, Sybase, Oracle


CGI programs (Unix shell
scripts, C and/or Perl
programs)


HTTP


Applets vs Servlets


API


ASP vs JSP


Lotus Domino, Netscape
Enterprise, IIS, …


SQL


ColdFusion/CFML


XML

Server
-
Side

Programming


SSI


ASP/JSP


CFML


Servlets




Client
-
Side

Programming


JavaScript


VBScript


Applets





Clients

Servers

e
-
Consumers

Internet

TCP/IP

Needs

currencies

smartcard

Web

Server

HTTP

Form

Input (CGI)

Corporate DB’s

Web Security

(based on article by Rubin & Geer, Jr., 9/1999 IEEE Computer)


Web server configuration (Apache)


Misconfigure


Configuration files in server root directory


Access to document tree


Username/Password information


Permissions


Web Server should be run as a genuine user (as
‘www’), but not as nobody.

HTTP


Not a protocol for transferring hypertext


But a protocol for transmitting information
for making hypertext jumps easy


A stateless protocol


Transaction oriented : TCP connection is
established for each transaction and
terminated at the end of the transaction

HTTP Key Terms


Cache : stores cacheable responses to
reduce same future references


Proxy : an intermediary program that acts
on behalf of other clients


Tunnel : an intermediary program that acts
as a blind relay between two connections


Connection : A transport layer virtual
circuit between two programs

TCP Layers

Application

Transport

host
-
to
-
host

Network

Access

Physical

Internet

Application

Presentation

Session

Transport

Data Link

Physical

Network

Basic Concepts



A Network



A Node
-

could be a printer; a Host refers
commonly to a functional computer



Address
-

assignment could be different;
e.g., AppleTalk addresses are chosen
randomly at startup by each host



Network Layers


For example,
host
-
to
-
network, internet, transport and application

layers

in
a model; ISO OSI has seven layers, namely,
physical, data link, network,
transport, session, presentation, and application.

Basic Concepts


IP
-
based network : Internet


Each computer has a unique IP address


But each computer performs many functions


Need different sessions, each session is assigned a
logical ‘address’ or port number


There are 65,535 ports


Port 80 is usually for the Web Server


Check out /etc/services file in UNIX

Internet Address Class

Reserved for future use

0 Network

1 0 Network

1 1 0 Network

1 1 1 0 Multicast Group

1 1 1 1 0

Binding Virtual IP Addresses

Source IP

Address

Destination

IP Address

Address resolution

Hardware

Address

137.45.192.8

0A:07:4B:12:BE:3C

MIME


M
ultipurpose

I
nternet

M
ail

E
xtensions


Open standard for sending information in
various forms through Internet email


Supports almost a hundred predefined types
of content


Content types are classified as
a type

and
a
subtype

MIME


RFC 1521/1522


Five header fields


MIME
-
version


Content
-
type


Content
-
transfer
-
encoding


Content
-
id


Content
-
description

MIME Content Type


Type/Subtype


Text/Plain


Multipart/Mixed:Parallel:Alternative/Digest


Message/rfc822:Partial:External
-
body


Image/jpeg:gif


Video/mpeg


Audio/Basic


Application/Postscript:octet
-
stream

MIME Transfer Encodings


7 bit


8 bit


binary


quoted
-
printable : mostly ASCII text


base64 : mapping 6
-
bit blocks of input to
8
-
bit blocks of output, all of which are
printable ASCII characters


x
-
token : A named non
-
standard encoding

e
-
Consumers

Internet

TCP/IP

Needs

currencies

smartcard

Web

Server

HTTP

Form

Input (CGI)

Corporate DB’s

Extract Client’s Input

(CGI)

Server
-
Side Program

1.
Connect/Open

2.
Extract/Update
by SQL

3.
Format

A Sample Servlet

import java.io.*;

import java.sql.*;

import javax.servlet.*;

import javax.servlet.http.*;


public class DBPhoneLookup extends
HttpServlet {



public void doGet(HttpServletRequest req,
HttpServletResponse res) throws
ServletException, IOException {


Connection con = null;


Statement stmt = null;


ResultSet rs = null;


res.setContentType("text/html");


PrintWriter out = res.getWriter();

try {


// Load (and therefore register) the
Oracle Driver


Class.forName("oracle.jdbc.driver.Oracl
eDriver");




// Get a Connection to the database


con = DriverManager.getConnection(


"jdbc:oracle:thin:dbhost:1528:ORCL",
"user", "passwd");




// Create a Statement object


stmt = con.createStatement();




// Execute an SQL query, get a
ResultSet


rs = stmt.executeQuery("SELECT
NAME, PHONE FROM
EMPLOYEES");


// Display the result set as a list


out.println("<HTML><HEAD><TITLE>Phonebook</TITLE></HEAD>");


out.println("<BODY>");


out.println("<UL>");


while(rs.next()) {


out.println("<LI>" + rs.getString("name") + " " + rs.getString("phone")); }


out.println("</UL>");


out.println("</BODY></HTML>"); }


catch(ClassNotFoundException e) {


out.println("Couldn't load database driver: " + e.getMessage());


}


catch(SQLException e) {


out.println("SQLException caught: " + e.getMessage());


}


finally {


// Always close the database connection.


try { if (con != null) con.close(); }


catch (SQLException ignored) { }


}


}

}


Internet

TCP/IP

Web

Server

HTTP

Form

Input (CGI)

Division DB’s

e
-
Consumers

Internet

TCP/IP

Web

Server

Division DB’s

e
-
Consumers

Web

Server

CRM

XYZ

Security??

About the Class


About Myself


Syllabus


LEARN & SHARE


Don’t Bring to Class, Please


ego


Administration of Class


Get to know you and get to know me


Course Outline


What is Electronic Commerce (EC)?


Now and Then


Driving Forces


What is
?


Why EC?


In the Eyes of Consumers


In the Eyes of Businesses


In the Eyes of Governments

Outline


How to EC?


Models


Organization Infrastructure


Information & Internet Technology


Social and Ethnical Considerations


Legally Speaking


Governments


Future


Where is IT Heading?


What Others Are Saying?