Database-Driven Web Sites - School of Information

hurtpotatocreekSecurity

Nov 5, 2013 (3 years and 9 months ago)

77 views

Database
-
Driven

Websites

Nate Byrnes

Agenda


Definitions


Why Use a Web Database


Designing a Database


Understanding Web Database Technology


Comparing the Tools


Databases with Web Capabilities


HTML Editors with DB Capabilities


Web DB Application Servers


Programming Web Database Solutions


Security


Show and Tell


IA


Do/Don’t(s)


Conclusion

Definitions


Table


Collection of RECORDS (rows) &
FIELDS (columns) that hold data to
define an entity


Database (DB):


collection of information organized into
interrelated tables of data and
specifications of data objects


Database
-
driven Web site:


Web site that uses a database to search,
browse, collect, manipulate and display
information


Flat File:


data files that contain records with no
structured relationships


Structured Query Language (SQL):


is an industry
-
standard language used
for manipulation of data in a relational
database


SELECT, INSERT, JOIN, UPDATE.


SELECT * FROM Employees

ORDER BY LastName


Entity


A single object about which data can be
stored


the "subject" of a table







Index


a database feature used for locating
data quickly within a table.


Example: Last Name


Schema:


collection of meta
-
data that describes
the relations in a database.


Layout/blueprint outlining the way data
is organized into tables

http://databases.about.com/od/administration/a/glossary.htm

ID
LastName
First Name
Rank
SSN
DOB
976234
Johnson
Jeremy
2LT
324342344
12-Mar-81
976235
Bird
Larry
GS09
233534343
30-Dec-58
976236
Helms
Michelle
SGT
786373798
19-Feb-84
976237
Gold
Jonny
SPC
233636777
18-Jun-77
976238
Young
Sara
PFC
457839291
22-Sep-86
976239
Johansen
Hans
MAJ
343099894
1-Jul-66
976240
White
Barry
CPT
333225555
27-Oct-75
Records
Fields
Employee
Employee

Department

Class

Belon
gs to

Take
s

M

M

M

1

Entity
-
Relationship Diagram

Why a DB Driven Website?

1.
The Web is a great medium for
delivering information.

2.
Databases are the perfect medium for
managing information.


Flexibility


Data consistency


Ease of maintenance


Browser independence

http://www.archetype
-
it.com/english/view.asp?AutoId=29&

Ashenfelter, J. P. (1998).
Choosing a database for your website
. New York:


Wiley. Retrieved October 22, 2007, from NetLibrary database:


http://www.netlibrary.com.ezproxy.lib.utexas.edu/urlapi.asp?action=summary&v=1&bookid=26152

OLD

Differences

Static vs Dynamic

MODERN


Examples


Directories


Libraries


Surveys


Content management


Portals


Internal databases


Online Catalogs


Shopping Cart

& E
-
Commerce
Systems


User Logins


Transaction and Online
Ordering Systems


Email Mailing List
Newsletters


Form Information
Aggregation



http://www.techsoup.org/learningcenter/databases/page4799.cfm

www.butterflydatabase.com

DBA/WebMaster Combo =







DataMaster?


web developer


fluent HTML


graphic design


scripting languages


network protocols


database construction and maintenance


do not need to be an expert


understand enough


facilitate communication and management of web
database projects.


Web Application + DB


= Dynamic Page

DB

Web
Application

Server

Web

Template



DB




Dynamic


Web


Page

+

=

(Row/Record)

Ways to Use DBs on the Web


dynamic publishing


Information on the web pages changes automatically


Stock price changes


As buyers add new products…


information transactions


Moving discrete chunks of information between a client and a
business


Forms, etc.


data storage and analysis


Static/changed rarely


Resource for analysis or historical purposes


Completed orders


Accounts paid


Closing stock prices


Images in a media archive


Address books

Ashenfelter, J. P. (1998).
Choosing a database for your website
. New York:


Wiley. Retrieved October 22, 2007, from NetLibrary database:


http://www.netlibrary.com.ezproxy.lib.utexas.edu/urlapi.asp?action=summary&v=1&bookid=26152

Web DB Application Servers


server
-
based processing of
databases


web server


handles most:


data processing


application logic


delivers results


to the web browser client


in HTML
-
formatted web pages


work is accomplished by


programmatic means


whether by using a higher
-
level
scripting language or by
programming in traditional computer
languages.


common features of server
-
side
Web tools


Proprietary tag
-
based format.


Integrate with existing HTML web
page elements.


special prefix


delimits the custom tags from
standard HTML tags.


Tags replaced w results


Specific file extensions. The web
page files have a specific filename
extension that marks them for
special processing by the server.
(CFM; ASPX…)


common features of server
-
side
Web tools (cont’d)


Traditional programming structures.



designed for developing applications,


same logic used in traditional
programming is implemented
in the server
-
side language


Examples loops; if/then/else
and goto structures.


Simplified access to server
applications and files.


Traditional applications


interact with files and
directories on the server, as
well as other applications or
function libraries.


Server
-
side web database tools


typically make it easier to use
files on the server, process
email, and call external
programs residing on the
server.


State management for web
sessions.


Web is that it is a stateless system


no foolproof way to track
users/data across multiple
pages


Web applications
-

sessions.


Easier cookie & state tracking


development of full
-
fledged web
applications

Examples: ASP; Cold Fusion; C#; Java



Comparison




Databases with ‘Web
Capabilities’
Web Programs with ‘Database Capabilities’
Complexity
Fairly Simple
Complex
Cost
Inexpensive / Free
More Costly: Requires additional Software (Oracle;
SQL Server…)
Learning-Curve
Little to None (use same
product)
Increased - Requires different programming
capabilities (VB; ASP...)
Compatibility
Inherent
More Complex: Require technologies to connect
different databases (ODBC, SQL...)
Programs
Combo Prog
: MS Access
Web Design Prog:
Frontpage; ASP; etc
&

DB Prog:
Oracle; SQL; etc
Scalability
Less
More
Things to Consider if You Have Pre-Existing DB
Building a database application

1.
GOAL


Define the goal and
purpose of the

2.
INCLUSIONS


What to include

3.
HOW


How it will work

4.
PRESENT


Present to users & explain

5.
REFINE


Use feedback to refine

6.
REPEAT


Steps 4

5 until you reach
agreement.

7.
FINALIZE


Design
-
documents


time lines/milestones


sign off



Westman, S. R. (2006, January 1).
Creating Database
-
Backed Library Web Pages :


Using Open Source Tools
. ALA Editions. Retrieved October 22, 2007, from


Univ of Texas Libraries: Library Catalog database:


http://catalog.lib.utexas.edu.ezproxy.lib.utexas.edu/search/


X?SEARCH=web+database&searchscope=25&m=z&m=g&m=k&m=p&l=eng&Da=&Db=&p=&SORT=D

Development Procedures


Establishing a Process

1. Who gets what tasks.

2. Build applications one step
at a time.

3. Test and
debug as you go

4. Review code periodically,
assuring code is following
programming standards

5. Version Control

6. Test the application fully


Implementing Standards


Quality Assurance


Documentation


Debugging


Westman, S. R. (2006, January 1).
Creating Database
-
Backed Library Web Pages :


Using Open Source Tools
. ALA Editions. Retrieved October 22, 2007, from


Univ of Texas Libraries: Library Catalog database:


http://catalog.lib.utexas.edu.ezproxy.lib.utexas.edu/search/


X?SEARCH=web+database&searchscope=25&m=z&m=g&m=k&m=p&l=eng&Da=&Db=&p=&SORT=D

Program DB Solutions

Why program?


Limitations of Proprietary
Web Database Applications
Servers


flexibility for development
purposes, but have
limitations.


proprietary algorithms and
techniques


cannot be tweaked to
improve performance,
stability, security, or
scalability.


Limited to certain
computing environments


Web database applications
developed from scratch


Can be modified to
improve performance,
stability, security, or
scalability


Customized for existing
computing
-
environment


CGI programming and
Java can conceivably run
on any web server on any
platform


Control


No compromising (like with
prepackaged solutions)


i.e. High
-
End Business
Systems


Fidelity.com

Program DB Solutions

Why NOT to program?


Time


Cost


Complexity


Short Web
-
Technology Life
-
cycle


If it’s not broke, don’t fix it

Threats and challenges related

to security in Web Services


Maintaining security while routing between multiple
Web Services


Confidentiality, Integrity, Authentication, Non
-
repudiation


Unauthorized access


Authentication, Authorization


Parameter manipulation/Malicious input


Availability, Integrity


Network eavesdropping and message replay


Confidentiality, Integrity, Authentication, Non
-
repudiation


Denial of Service


Availability


Bypassing of firewalls


Confidentiality, Integrity, Authentication


Show and Tell


My Webspace





My Zoho


IA
-

Do’s & Don’ts


Do Liberally
-
Estimate The Work Involved.


Making A Website Is Easy


Linking To A Database = More Complex


DB Skills
-

Prerequisite


Learning Curve Is Steep


Be Good At HTML


Be Willing To Put In A Lot Of Time


If Not, Hire A Professional


Do Use Appropriate Technologies.


Access vs. SQL


Do Understand The Implications Of A
Database
-
driven Site.


Increased Load On Your Webserver


Server
-
side include


Do Look Out For Packaged Solutions That
Do What You Want.


Cheaper


Ie:Shopping Carts


Before You Buy


Meets Needs


Scalable


Ensure You Have Skill
-
set Necessary



Do Invest In Proper Data Analysis Prior
Poorly Created Sites:


Difficult To Work With And Maintain


Poor Performance


Data Inconsistencies


Inflexibility


Do Check The Qualifications Designer


Graphic/Web Skills ≠ Database Skills


Ensure Solid Previous Experience


Technologies Involved


Development


Don't Be The Guinea Pig


Common Government Problem


Don't Forget Murphy's Law!


If Something Can Go Wrong, It Will


Backups


Test, Test, Test


Ensure Error
-
handling


Get it done PROPERLY, the FIRST
-
TIME!!!

References


Ashenfelter, J. P. (1998).
Choosing a database for your website
. New York:


Wiley. Retrieved October 22, 2007, from NetLibrary database:


http://www.netlibrary.com.ezproxy.lib.utexas.edu/urlapi.asp?action=summary&v=1&bookid=26152


Chapple, M. (n.d.). Database Glossary. In About: Databases. Retrieved October


21, 2007, from http://databases.about.com/od/administration/a/glossary.htm


Colley, A. (2006, January 31). Sunbeam polishes its e
-
image. The Austrailian: IT


Broadsheet Edition, p. 2. Retrieved October 21, 2007, from LexisNexis


database: http://www.lexisnexis.com.ezproxy.lib.utexas.edu/us/lnacademic/


search/homesubmitForm.do


Gianni, A. (2002, April 8). Database
-
Driven Web Sites. In Techsoup Learning


Center: Databases . Retrieved October 21, 2007, from


http://www.techsoup.org/learningcenter/databases/page4799.cfm


Westman, S. R. (2006, January 1). Creating Database
-
Backed Library Web Pages :


Using Open Source Tools. ALA Editions. Retrieved October 22, 2007, from


Univ of Texas Libraries: Library Catalog database:


http://catalog.lib.utexas.edu.ezproxy.lib.utexas.edu/search/


X?SEARCH=web+database&searchscope=25&m=z&m=g&m=k&m=p&l=eng&Da=&Db=&p=&SORT=D


Yuill, V. (2002). Databases: not just for big boys. In Archetype
-
IT: Articles.


Retrieved October 20, 2007, from Archetype IT Ltd Web site:


http://www.archetype
-
it.com/english/view.asp?AutoId=29&


Yuill, V. (2002). Decoding database lingo. In Archetype
-
IT: Articles. Retrieved


October 20, 2007, from Archetype IT Ltd Web site:


http://www.archetype
-
it.com/english/view.asp?AutoId=31&


Decoding database lingo



by Veronica Yuill




Yuill, V. (2002). The Dos and Don'ts of database
-
driven websites. In


Architype
-
IT: Articles. Retrieved October 20, 2007, from Archetype IT


Ltd Web site: http://www.archetype
-
it.com/english/view.asp?AutoId=30&

Yuill, V. (2002). 5 essential tools you'll need for your database
-
driven site.


In Architype
-
IT: Articles. Retrieved October 20, 2007, from Archetype IT


Ltd Web site: http://www.archetype
-
it.com/english/view.asp?AutoId=32&




Questions…

Understanding Web Database
Technology


The Web Side


Web Clients


Web Servers


The Database Side


Database Queries: What Is SQL?


Database Servers


Putting It All Together: Web Application
Architecture

Comparing the Tools


Purpose: What Is It Designed to Do?


Extensions to Existing Database
Tools


HTML Editors with Database
Capabilities


Web Database Application Servers


Programmatic Web Database
Tools


Technology: How Are the Features
Implemented?


Ease of Learning


Ease of Use


Robustness


Scalability


Compatibility


Security


Extensibility


Performance


Reusability/Modularity


Support: What Do I Need to
Implement Those Features?


Portability


Cost


ISP Support


Evaluation: How does it work in the
real
-
world?


Security


Sensitive Information


Public Search
-
ability


High
-
Assurance


Confidentiality


Integrity


Availability


Authentication


Authorization


Non
-
Repudiation


IA Focus?


Website architecture

is an approach to the
design and planning of websites which, like
architecture

itself involves technical, aesthetic
and functional criteria.


the user and on user requirements


particular attention


web content


business plan


Usability


interaction design


information architecture


web design

Maintaining security while routing

between multiple Web Services


Traditional security techniques, such as SSL, are designed to
protect communication between two points, i.e. security context 1


Traditional security techniques can not handle end
-
to
-
end
security, i.e. security context 2


Traditional security techniques work at the session layer while
SOAP works at the application layer


A SOAP message has to be decrypted at the intermediary,
thereby threatening confidentiality, integrity and authentication
which all are related to authorization and non
-
repudiation


Holgersson, J., & Söderström, E. (September 2005).
Web Service Security



Vulnerabilities and Threats in the Context of WS
-
Security

[Data file].


Retrieved October 23, 2007, from University of Skoevde, Sweden Web site:


http://siit2005.dreamhosters.com/presentations/S3
-
Stds
-
Impl/


0509
-
SIIT
-
S3
-
J.Holgersson.pdf