Lecture8 - University of Worcester

jellytrickInternet and Web Development

Nov 10, 2013 (3 years and 7 months ago)

100 views

COMP2121

Internet Technology

Richard Henson

University of Worcester

March 2011

Week 8


Introduction to
Server
-
Scripting


Objectives of Session


Explain the limitations of client
-
scripting


Analyse a network infrastructure and
server platform to assess possibilities
for using server scripting


Implement server scripting across an
Intranet and through the Internet

Client
-
Server Systems


Server end:


access control to the network and
its resources controlled by logon
service


access to resources depends on
user rights


assessed by logon
data


Client
-
end:


user who wishes to access
network resources

server

client

Requests and responses

Client requests information

Server processes the request, sends a response back
to the client

CLIENT
SERVER
RESPONSE
Send Request
Read Results
Process Request
Send Back Results
Client
Program
REQUEST
Server
Program
Bandwidth and Client/Server
processes


Messages transferred between client
and server via network

Bandwidth and Client/Server
processes


Data transfer: the faster the better…


most effective on LANs
-

nowadays 1000
Mbits/sec or more


between connected Internet computers bandwidth
needs to be as high as possible
-

2 Mbits/sec
upwards


Slow connections…


data takes longer to get through


so longer time to get a response back


server could even “time out”

More about HTTP and Client
-
Server Computing


Client and server systems work right up to
the application layer


To allow client
-
server interaction on the web,
Tim Berners
-
Lee designed HTTP to integrate
well with his basic web page formatting
language
-

HTML


HTML language GET command instructs the
client process to get data for the server


HTML POST command sends client data either
using an email protocol or using HTTP

Web Dynamic

Client
-
Server Model


I
n a typical web
-
based client
-
server
application:

1.
The HTML form
displayed on a web
browser at the client
end collects data

2.
Using HTTP the form
data is sent to a web
server

Web Dynamic

Client
-
Server Model


The web server
processes the data
according to instructions
on a specified server
script



Using HTTP, the results
of processing generated
as specified by the script
are sent back to the client



The web browser on the
client machine displays
the results on a web page
in a specified position

Web Dynamic

Client
-
Server model


All this gets even
more complex
when a database,
and database
programming, are
also involved at
the server end…

Server
-
scripting and dynamic
pages on The Web


The following apply to ALL types of
scripting used on the web…


scripts need to use real programming code

»
note: HTML is a FORMATTING language, NOT
a programming language


both client and server ends have
programming code:

»
client end…embedded within a HTML page

»
server end… could be embedded or separate

Languages used for

Server Scripting


Much has been tried since w3c launched HTML as
an interactive language in the early 1990s…


use of an existing language in a completely separate file,
which is already compiled and ready to go:

»
the original approach: .cgi

»
any language could in theory be used

»
in practice “C” was usually favoured


use of an existing language embedded in a HTML file

»
The Microsoft .asp approach, using embedded VB source code

»
The Sun .jsp approach, using embedded Java (Script) source


Invention of new scripting languages that are “HTML
-
like”
and easily embed with HTML

»
Cold Fusion .cf

»
Preprocessor Hypertext processing .php

Microsoft’s first attempt

at server scripting…


In 1996, Microsoft introduced active server pages
(asp)


hugely successful (VB very popular…)


soon became more popular than .cgi


However, in spite of the great success of asp, big
problems were emerging…


by 2000, hackers were attacking Microsoft servers and
finding many security holes in IIS

»
Microsoft only coped by offering hotfixes


further problem: use of VB source code

»
if server not secure, code could be copied or compromised

»
Scripts could not be truly “object oriented”

Alternative Scripting Lanuguages
using the embedded approach


JSP


PHP


PERL


Cold Fusion

JSPs (Java Script Pages)


Produced by Sun Microsystems


extension of the
Java
TM

Servlet technology


According to Sun,

Servlets
:



fit seamlessly into a Web server framework
and can be used to extend the capabilities
of a Web server with minimal overhead,
maintenance, and support.


»
platform
-
independent

»
100% pure Java

»
enhanced performance

»
separation of logic from display

»
ease of administration

»
extensibility into the enterprise

PERL


Invented by Larry Wall in 1987


Became popular as a web
programming language in the late
1990s


Features of C but an interpreted
language (like Java)


Not for programming novices…

Evolution into PHP
(Hypertext
Pre
-
processor)


Started as just a collection of

free”
PERL
scripts in 1995


became popular as a rival to the asp approach for
programming code embedded in HTML


then became very popular as Microsoft wrestled
with asp
-
> asp.net


Open source and integrates well with open
source databases


e.g. MySQL

PHP scripts


Originally designed for Linux
-
based systems


executed on a type of web server called Apache


Can now run happily on IIS


now getting very popular with non
-
Linux platforms


Big improvements in performance with PHP v4


XML functionality with v5 (released 2005)


Can download the environment directly from the PHP
website:


http://uk2.php.net/downloads.php



XAMPP provides MySQL and Apache webserver
environment

Cold Fusion


Originally produced by Altair with its own
scripting language (CFML) for the Microsoft
platform


arguably easier to use than asp


Purchased by Macromedia in 2003
(Dreamweaver, Flash, Director, etc.)


Dreamweaver has good support for Cold Fusion
scripting


Now also available for the Java environment


Macromedia itself now part of Adobe

ASP becomes ASP.NET


Microsoft’s new approach to server scripting for the
new millennium…


building on asp principles


new system that used “intermediate language”, rather than
source code on the server


much more difficult to hack


Problem was… they had to scrap the .asp
environment, and adopt a new architecture…


known as the .net framework


as many developers were accustomed to .asp this took
awhile to catch on!


many people still confuse asp and asp.net…

Evolution of .net framework
(2001)


Version 1.1


intermediate language


run
-
time environment for scripts

»
compiled code can’t easily be hacked


Programming Code can be separated from HTML;

»
as with cgi…

»
but without degradation in performance


Web controls introduced by drag
-
and
-
drop for
ease of development


XML can replace HTML code…

Evolution of .net framework
(2005)


Version 2.0


more and better controls


some Integration with Active Directory


Visual Web Developer 2005 introduced

»
based on Visual Studio


user friendly development environment

»
easy use of master pages and CSS

»
simulated web server for ease of testing

Evolution of .net framework
(2008, 2010)


Version 3.5


further enhancement to controls


greater integration with Active Directory


Visual Web Developer 2008 provided more
controls, more wizards, and better
formatting tools


Version 4.0


as above. Generally regarded as easier to
use than VWD 2008

PHPs & asp.net today


PHPs attractive for serious programmers who
dislike the Microsoft approach…


integration of cut
-
and
-
paste code still needs an
environment like Dreamweaver


Industry view (post
-
millenium)


Unix
-
based Servers running PHPs considered to
be more secure against hackers than Windows
2000/IIS running asp


asp.net running on Windows 2003/IIS v6/7 later
accepted as being a very stable platform


Both widely in use today…

Platforms for Development


Dreamweaver excellent for asp, .net.
php & ColdFusion until Creative Studio


From CS1 onwards (2005ish):


no support for .net development


solid support for php & Cold Fusion


Visual Web Developer 2005, 2008,
2010


gradually took away Dreamweaver
customers using asp.net

When to use Server Scripting (1)


Whenever programming logic is
required that needs to be shared via
Internet browsers!


Good for security


if web server properly configured…


And accountability


clients can be forced to log on

When to use Server Scripting (2)


When client end lacks storage & processing
power


fits well with the thin client model for web &
network computing


very popular for massively multiplayer games


Client just sends the requests and asks the
questions


server does the processing and provides the web
pages with answers/responses to requests

When to use Server Scripting (3)


Whenever centralised data storage &
processing is needed to support
activities of a website


essential for security of sensitive data


waste of space and resources to store &
process databases locally

(4) Securing of Sensitive Data
between Client and Server


Extended Internet infrastructure designed
around the webserver model


organisation can get an authentication certificate
(SSL certificate), and make it available through
their webserver

»
client can view server certificate


Client can access sensitive data at server end by
authenticating themselves (log in)


data encrypted and sent using https protocol

Platforms for developing a website
running server
-
scripts


Computer capable of supporting Windows
XP/2003/Vista/7 or an equivalent Unix
-
based
operating system


TCP/IP protocol stack running on server


Web Server software such as:


Internet Information Server


Apache


Broadband connection to the Internet


Typical Infrastructure for putting
Server Scripting online


Make sure the internal “client
-
server”
computer network is secure


EITHER use the firewall/proxy server as a
router to separate the internal (local) network
from the External (i.e. Internet) network


OR, if OSI level 3
-
4 protocol conversion
needed, use a gateway


converts data into appropriate protocol and diverts
it between the Internet and the local network


can be used to link networks running different
protocols

Putting the

Secured network on
-
line


A digital connection with plenty of
bandwidth is needed between the
router/gateway and a computer
connected to the Internet



Regular monitoring of the network is
essential to ensure that unauthorised
users are not trying to gain access

Web Hosting and ISPs
(Internet Service Providers)


Only the largest corporate enterprises
are likely to be part of the Internet


Most businesses need to find a partner
who will provide a link between the
connection medium and the Internet
that meets their needs


Many Internet service providers available


The problem is usually “which to choose”,
rather than finding a partner…

Web Hosting


Two possibilities:


ISP provides hosting and web space,
organisation manages website


ISP provides hosting AND manages website


ISP will also provide:


the all important IP address that will allow a
presence on the Internet


the domain name that will allow other
Internet users to find the website

Criteria for choosing a

web host (apart from cost!)


Amount of web space?


Bandwidth availability?


Hardware & OS?


Uploading techniques?


Protocols supported?


URL available?


type of server scripts supported?


Site management tools?


Databases supported?

Exercise for Next Week


Search Google for web hosts


How many available?


How could you choose?


Use the following URL to compare web
hosts and their offerings:


http://www.hostindex.com/voteresults.shtm