Download The Internet Database Environment

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Lag wikipedia , lookup

Cross-site scripting wikipedia , lookup

Semantic Web wikipedia , lookup

Transcript
Chapter 10:
The Internet Database
Environment
Modern Database Management
7th Edition
Jeffrey A. Hoffer, Mary B. Prescott,
Fred R. McFadden
© 2005 by Prentice Hall
1
Objectives









Describe environment for Internet database
connectivity
Describe Internet-based business environment
Use and define Internet-related terminology
Explain purpose of client-side and server-side
extensions
Describe web services and their use for e-commerce
Explain shopping cart application code in ASP
Provide an overview of XML
Describe issues for Web-site management
Discuss Web security and privacy issues
Chapter 10
© 2005 by Prentice Hall
2
Figure 10-1: Database-enabled intranet-internet environment
Chapter 10
© 2005 by Prentice Hall
3
Business on the Internet

Electronic Business (e-business)




Development of integrated relationship with
customers and suppliers via the Internet
Business-to-Consumer (B2C) – retail
Business-to-Business (B2B) – interaction with
suppliers and vendors
Electronic Commerce (e-commerce)

Business transactions, including:




Chapter 10
Order processing/fulfillment
Customer relations
Electronic data interchange (EDI)
Bill payments
© 2005 by Prentice Hall
4
Web-Related Terms

World Wide Web (WWW)


Browser


Software that displays HTML documents and allows users
to access files and software related to HTML documents
Web Server


The total set of interlinked hypertext documents residing
on Web servers worldwide
Software that responds to requests from browsers and
transmits HTML documents to browsers
Web pages – HTML documents


Static Web pages – content established at development
time
Dynamic Web pages – content dynamically generated,
usually by obtaining data from database
Chapter 10
© 2005 by Prentice Hall
5
Communications Technology

IP Address



Hypertext Transfer Protocol (HTTP)



Four numbers that identify a node on the internet
e.g. 131.247.152.18
Communication protocol used to transfer pages from Web
server to browser
HTTPS is a more secure version
Uniform Resource Locator (URL)


Mnemonic Web address corresponding with IP address
Also includes folder location and html file name
Figure 10-2:
Typical URL
Chapter 10
© 2005 by Prentice Hall
6
Internet-Related Languages

Hypertext Markup Language (HTML)


Standard Generalized Markup Language (SGML)


Object-oriented programming language for applets
Scripting languages that enable interactivity in HTML documents
Cascading Style Sheets (CSS)


Standards and Web
conventions established
by
World Wide Web
Consortium (W3C)
JavaScript/VBScript


XML-compliant extension of HTML
Java


Markup language allowing customized tags
XHTML


Markup language standard
Extensible Markup Language (XML)


Markup language specifically for Web pages
Control appearance of Web elements in an HML document
XSL and XSLT
XMS style sheet and transformation to HTML
Chapter 10
© 2005 by Prentice Hall

7
World Wide Web Consortium (W3C)


An international consortium of companies
working to develop open standards that
foster the deployment of Web conventions
so that Web documents can be
consistently displayed on all platforms
See www.w3c.org
Chapter 10
© 2005 by Prentice Hall
8
Web Servers



Provide HTTP service
Passing plain text via TCP connection
Serve many clients at once


Therefore, multithreaded and multiprocessed
Load balancing approaches:

Domain Name Server (DNS) balancing


Software/hardware balancing


One DNS = multiple IP addresses
Request at one IP address is distributed to multiple
servers
Reverse proxy

Chapter 10
Intercept client request and cache response
© 2005 by Prentice Hall
9
Server-Side Extensions


Programs that interact directly with Web
servers to handle requests
e.g. database-request handling middleware
Figure 10-3: Web-to-database middleware
Chapter 10
© 2005 by Prentice Hall
10
Web Server Interfaces

Common Gateway Interface (CGI)




Application Program Interface (API)



Specify transfer of information between Web server and CGI
program
Performance not very good
Security risks
More efficient than CGI
Shared as dynamic link libraries (DLLs)
Java Servlets



Like applets, but stored at server
Cross-platform compatible
More efficient than CGI
Chapter 10
© 2005 by Prentice Hall
11
Client-Side Extensions


Add functionality to the browser
Plug-ins


ActiveX


Hardware/software modules that extend browser
capabilities by adding features (e.g. encryption,
animation, wireless access)
Microsoft COM/OLE components that allow data
manipulation inside the browser
Cookies

Block of data stored at client by Web server for
later use
Chapter 10
© 2005 by Prentice Hall
12
Web Services


Set of emerging XML-based standards that define protocols for
automatic communication between applications ever the Web.
Extends and supplants traditional EDI
Web Service Components:

Universal Description, Discovery, and Integration (UDDI)


Web Services Description Language (WSDL)


XML-based grammar for describing Web services and providing public
interfaces for these services
Simple Object Access Protocol (SOAP)


Technical specification for distributed registries of Web services and
businesses open to communication on these services
XML-based communication protocol for sending messages between
applications via the Internet
Challenges for Web Services


Lack of mature standards
Lack of security
Chapter 10
© 2005 by Prentice Hall
13
Chapter 10
© 2005 by Prentice Hall
14
Web-to-Database Tools

Active Server Pages (ASP)




Cold-Fusion




Microsoft server-side scripting language
Generates dynamic Web pages
Interfaces to databases in MS Windows-based Web servers
Uses special server-side markup language CFML
Modeled after HTML
Interfaces to databases
Embedded SQL



SQL embedded in 3GL programs
Provides flexible interface
Improves performance and database security
Chapter 10
© 2005 by Prentice Hall
15
Figure 10-6: A
global.asa file
for an ASP
application
ASP applications include HTML extensions and additional scripting
(usually in VBScript, or in JavaScript)
ASP code embedded in <% %> tags are executed on the server,
instead of the client. This is how dynamic Web pages can be created
Chapter 10
© 2005 by Prentice Hall
16
Sample ASP Code
(from Figure 10-7 Box E and F)
<%
REM Get list of Finishes
strSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”
Set rsRes = con.Execute(strSQL)
%>
<TABLE>
<%
Code is within the <% %>
REM Display the list of finishes
tags are executed on the
While not rsRes.EOF
server, not the client…these
%>
<TR>
are interacting with the
<TD align=center valign=top>
database and creating
<%=rsRes(“Product Finish”>)%></TD>
dynamic Web content
<TD>
<FORM method=post action=“line.asp”>
<INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%>
<INPUT type=submit Value=GO!>
</TD>
</TR>
<%
rsRes.MoveNext
Wend
%>
</TABLE>
Chapter 10
© 2005 by Prentice Hall
17
Sample ASP Code
(from Figure 10-7 Box E and F) (cont.)
<%
REM Get list of Finishes
strSQL = “SELECT Product_Finish FROM PRODUCT_t
GROUP BY Product_Finish;”
Set rsRes = con.Execute(strSQL)
%>
These lines execute a query on the database server using a
middleware called Active Data Objects (ADO). The con
variable is a connection to the database, which was established
in the code of Box C. The rsRes variable contains the result
set of the query (the rows returned from the query)
Chapter 10
© 2005 by Prentice Hall
18
Sample ASP Code
(from Figure 10-7 Box E and F) (cont.)
<%
REM Display the list of finishes
While not rsRes.EOF
%>
<TR>
<TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD>
<TD>
<FORM method=post action=“line.asp”>
<INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%>
<INPUT type=submit Value=GO!>
</TD>
</TR>
<%
rsRes.MoveNext
These lines of code cause the ASP
Wend
%>
application to loop through the rows returned
</TABLE>
by the query until they reach the end
Chapter 10
© 2005 by Prentice Hall
19
Sample ASP Code
(from Figure 10-7 Box E and F) (cont.)
<%
REM Display the list of finishes
While not rsRes.EOF
%>
<TR>
<TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD>
<TD>
<FORM method=post action=“line.asp”>
<INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%>
<INPUT type=submit Value=GO!>
</TD>
</TR>
<%
rsRes.MoveNext
Wend
These lines of code retrieve the values
%>
of the specified field from the current
</TABLE>
row of the query result
Chapter 10
© 2005 by Prentice Hall
20
Sample ASP Code
(from Figure 10-7 Box E and F) (cont.)
<%
REM Display the list of finishes
While not rsRes.EOF
%>
<TR>
<TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD>
<TD>
<FORM method=post action=“line.asp”>
<INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%>
<INPUT type=submit Value=GO!>
</TD>
</TR>
<%
rsRes.MoveNext
Wend
The Web page is dynamically created, with one HTML table
%>
row for each record obtained from the query. Also, each Web
</TABLE>
table row includes a button that will link to another ASP page
Chapter 10
© 2005 by Prentice Hall
21
Embedded SQL
statement begins
with EXEC SQL
Precompiler
translates
embedded SQL
into host program
language
Compiler and
linker generate
executable code
Chapter 10
© 2005 by Prentice Hall
22
XML Overview


Becoming the standard for E-Commerce data
exchange
A markup language (like HTML)



Uses elements, tags, attributes
Includes document type declarations (DTDs), XML
schemas, comments, and entity references
Provides a template for definition of data set
across the Internet
Chapter 10
© 2005 by Prentice Hall
23
Sample XML Schema
Schema is a record
definition,
analogous to the
Create SQL
statement, and
therefore provides
metadata
Chapter 10
© 2005 by Prentice Hall
24
Sample XML Document Data
XML data involves elements and attributes
defined in the schema, and is analogous to
inserting a record into a database.
Chapter 10
© 2005 by Prentice Hall
25
Managing Website Data

Web Security Issues


Privacy Issues


Prevent unauthorized access and malicious
destruction
Protect users’ privacy rights
Internet Technology Rate-of-Change
Issues

Deal with rapid advances in technology
Chapter 10
© 2005 by Prentice Hall
26
Website Security

Planning for Web Security


Risk assessment: nature, likelihood, impact, and
motivation of security risks
Network Level Security




Web server and DB server on separate LAN from
other business systems
Minimize sharing of hard disks among network
servers
Regular monitoring of network and firewall logs
Install probe-monitor software
Chapter 10
© 2005 by Prentice Hall
27
Website Security (continued)

Operating System Level Security




Patch all known OS vulnerabilities
Install antivirus software with boot-time, file
download time, and e-mail reception time
virus detection
Monitor server logs for unauthorized activity
Disable unrequired services to reduce risk of
unauthorized access
Chapter 10
© 2005 by Prentice Hall
28
Web Security (continued)

Web Server Security


Restrict number of users on Web server
Restrict access (minimize number of open
ports)


Remove unneeded programs


http and https only, if possible
Restrict CGI scripts to one subdirectory
For Unix, only install minimum software for
Web server
Chapter 10
© 2005 by Prentice Hall
29
Website Security (continued)




Firewall – hardware/software security
component that limits external access to
company’s data
Proxy server – firewall component that
manages Internet traffic to and from a LAN
Router – intermediate device that transmits
message packets to correct destination over
most efficient pathway
Intrusion detection system (IDS) – system
that identifies attempt to hack or break into a
system
Chapter 10
© 2005 by Prentice Hall
30
Figure 10-11: Establishing Internet security
Routers to transmit
message packets to
correct destination
Chapter 10
Firewall to limit
external access to
data
© 2005 by Prentice Hall
IDS to monitor and
recognize security
breach attempts
31