comp2113 e-commerce richard henson university of worcester april 2008
TRANSCRIPT
COMP2113 COMP2113 E-CommerceE-Commerce
Richard HensonRichard Henson
University of WorcesterUniversity of Worcester
AprilApril 20082008
Week 7: Client-Server Week 7: Client-Server systems and E-commercesystems and E-commerce
Objectives:Objectives: Describe the client-server modelDescribe the client-server model Explain what a communications protocol is and Explain what a communications protocol is and
why comms protocols are so crucial for client-why comms protocols are so crucial for client-server networksserver networks
Understand the rationale for using server-end Understand the rationale for using server-end scripting, rather than having all the code on the scripting, rather than having all the code on the client machineclient machine
Produce a working server script running on an IIS Produce a working server script running on an IIS platformplatform
Why is an understanding of Why is an understanding of Networks important?Networks important?
Any E-commerce application works across at Any E-commerce application works across at least two different systems linked via the least two different systems linked via the InternetInternet
These systems must communicate 100% These systems must communicate 100% effectivelyeffectively must therefore use an entirely reliable set of must therefore use an entirely reliable set of
protocolsprotocols TCP/IP and Client-Server systems have been TCP/IP and Client-Server systems have been
around since the early days of the Internet and around since the early days of the Internet and have a proven reliability over many yearshave a proven reliability over many years
Network ProtocolsNetwork Protocols Data has to be reliably transferred between Data has to be reliably transferred between
Internet sitesInternet sites
An early model of network protocols was An early model of network protocols was created in the early days of the Unix operating created in the early days of the Unix operating systemsystem four software layers:four software layers:
» Physical Network access layerPhysical Network access layer
» Internet layer - IP protocolInternet layer - IP protocol
» Transport or Host-Host - TCP protocolTransport or Host-Host - TCP protocol
» Application layer - FTP and SMTPApplication layer - FTP and SMTP
THE OSI seven layer modelTHE OSI seven layer model
In 1978, several years after Unix, the network In 1978, several years after Unix, the network protocols model was expanded by ISO protocols model was expanded by ISO (International Standards Organisation)(International Standards Organisation)
separated all levels of abstraction from physical separated all levels of abstraction from physical network through to screen displaynetwork through to screen display
Produced SEVEN software layersProduced SEVEN software layers
remain to present day!remain to present day!
How a message is “sent”How a message is “sent”
Physical Physical LayerLayer
Data link Data link LayerLayer
Network Network LayerLayer
Transport Transport LayerLayer
SessionSessionLayerLayer
Presentation Presentation LayerLayer
Application Application LayerLayer
Physical Physical LayerLayer
Data link Data link LayerLayer
Network Network LayerLayer
Transport Transport LayerLayer
SessionSessionLayerLayer
Presentation Presentation LayerLayer
Application Application LayerLayer
TransmitTransmitStationStation
ReceiveReceiveStationStation
AH DATA
PH AH DATA
SH PH AH DATA
TH SH PH AH DATA
NH TH SH PH AH DATA
LH NH TH SH PH AH DATA LT
DATA AH
DATA AH PH
DATA AH PH SH
DATA AH PH SH TH
DATA AH PH SH TH NH
LT DATA AH PH SH TH NH LH
LinkLink
Web-based Client-Server
More about HTTP and Client-More about HTTP and Client-Server ComputingServer Computing
Client and server systems work right up to the Client and server systems work right up to the application layerapplication layer communication therefore needs to function accordingly…communication therefore needs to function accordingly…
Tim Berners-Lee invented HTTP to facilitate web-Tim Berners-Lee invented HTTP to facilitate web-based application layer communicationbased application layer communication
To allow client-server interaction, Tim designed To allow client-server interaction, Tim designed HTTP to integrate well with his basic web page HTTP to integrate well with his basic web page formatting language - HTMLformatting language - HTML HTML language GET command instructs the client process HTML language GET command instructs the client process
to get data for the serverto get data for the server HTML POST command sends client data either using an HTML POST command sends client data either using an
email protocol or using HTTPemail protocol or using HTTP
Web Dynamic Web Dynamic Client-Server ModelClient-Server Model
Server-Side ProcessingServer-Side Processing
In a typical web-based client-server application:In a typical web-based client-server application: The HTML form displayed on a web browser at the client end The HTML form displayed on a web browser at the client end
collects datacollects data Using HTTP the data is sent to a web serverUsing HTTP the data is sent to a web server The web server processes the data according to instructions The web server processes the data according to instructions
on a specified server scripton a specified server script Using HTTP, the results of processing generated as specified Using HTTP, the results of processing generated as specified
by the script are sent back to the clientby the script are sent back to the client The web browser on the client machine displays the results The web browser on the client machine displays the results
on a web page in a specified positionon a web page in a specified position
This gets even more complex when a database, and This gets even more complex when a database, and database programming, are also involved at the database programming, are also involved at the server end…server end…
Introduction to Server-scriptingIntroduction to Server-scripting
Today – principles of scripting only; Today – principles of scripting only; apply to ALL types of scripting…apply to ALL types of scripting…Scripts need to use real programming codeScripts need to use real programming code
» note: HTML is a FORMATTING language, NOT note: HTML is a FORMATTING language, NOT a programming languagea programming language
Both client and server ends have Both client and server ends have programming code usually embedded programming code usually embedded within a HTML pagewithin a HTML page
Languages used for Languages used for Server ScriptingServer Scripting
Much has been tried since HTML became interactive Much has been tried since HTML became interactive in the early 1990s:in the early 1990s: Can use an existing language in a completely separate file, Can use an existing language in a completely separate file,
which is already compiled and ready to go:which is already compiled and ready to go:» the original approach: .cgithe original approach: .cgi» any language could in theory be usedany language could in theory be used» in practice “C” was usually favouredin practice “C” was usually favoured
Can use an existing language embedded in a HTML fileCan use an existing language embedded in a HTML file» The Microsoft .asp approach, using embedded VB source codeThe Microsoft .asp approach, using embedded VB source code» The Sun .jsp approach, using embedded Java (Script) sourceThe Sun .jsp approach, using embedded Java (Script) source
Can invent a new scripting language that is “HTML-like” and Can invent a new scripting language that is “HTML-like” and easily embeds with HTMLeasily embeds with HTML
» Cold Fusion .cfCold Fusion .cf» Preprocessor Hypertext processing .phpPreprocessor Hypertext processing .php
Microsoft’s first attempt Microsoft’s first attempt at server scripting…at server scripting…
In 1996, Microsoft introduced active server pages In 1996, Microsoft introduced active server pages (asp)(asp) hugely successfulhugely successful soon became more popular than cgisoon became more popular than cgi
However, in spite of the great success of asp…However, in spite of the great success of asp… by 2000, hackers were attacking Microsoft servers and by 2000, hackers were attacking Microsoft servers and
finding many security holes in IISfinding many security holes in IIS Microsoft coped by offering hotfixesMicrosoft coped by offering hotfixes further problem: used VB source codefurther problem: used VB source code if server not secure, code could be copied or compromisedif server not secure, code could be copied or compromised not “object oriented”not “object oriented”
ASP becomes ASP.NETASP becomes ASP.NET
Microsoft’s new approach to server scripting, Microsoft’s new approach to server scripting, building on asp principlesbuilding on asp principles new system that used “intermediate language”, new system that used “intermediate language”,
rather than source code on the serverrather than source code on the servermuch more difficult to hackmuch more difficult to hack
Problem was… they had to scrap the .asp Problem was… they had to scrap the .asp environment, and adopt a new architecture…environment, and adopt a new architecture…known as the .net frameworkknown as the .net framework As many developers were accustomed to .asp this As many developers were accustomed to .asp this
took awhile to catch on!took awhile to catch on!
Alternative to ASP.NET? PHP (Hypertext Pre-processor) Originally designed for Linux-based systems
executed on a type of web server called Apache
Integrate well with a Linux database and a free-to-download SQL-supporting product called MySQL
Can now run happily on IISnow getting very popular with non-Linux platforms
Can download the environment directly from the PHP website:http://uk2.php.net/downloads.php
PHPs (continued) “free” Only for serious programmers Cut-and-paste code still needs an
environment like Dreamweaver Popular with those who dislike Microsoft! Unix-based Servers running PHPs
considered to be more secure against hackers than Windows 2000/IIS running aspbut asp.net on Windows 2003/IIS v6 is another
matter…
Alternative to ASP.NET? Cold Fusion
Originally produced by Altair with its own scripting language (CFML) for the Microsoft platformarguably easier to use than asp
Purchased by Macromedia in 2003 (Dreamweaver, Flash, Director, etc.)Dreamweaver has good support for Cold Fusion
scripting Now also available for the Java environment Macromedia itself now part of Adobe
Hardware/Software Requirements to Hardware/Software Requirements to develop a website running develop a website running
server-scriptsserver-scripts Computer capable of supporting Windows Computer capable of supporting Windows
2000/XP/2003 or equivalent operating system2000/XP/2003 or equivalent operating system TCP/IP protocol stack running on serverTCP/IP protocol stack running on server Web Server software such as:Web Server software such as:
Internet Information ServerInternet Information Server ApacheApache
Broadband connection to the InternetBroadband connection to the Internet
Basic Infrastructure required to Basic Infrastructure required to put a server-system “on-line”put a server-system “on-line”
Typical networking server software:Typical networking server software:Windows NT/2000/2003Windows NT/2000/2003Unix (many types; Linux increasing Unix (many types; Linux increasing
popularity)popularity) A Firewall to keep the server secureA Firewall to keep the server secure
security is a BIG issue in e-commerce security is a BIG issue in e-commerce
More typical Infrastructure to go More typical Infrastructure to go online (existing local network)online (existing local network)
Make sure the internal “client-server” computer Make sure the internal “client-server” computer network is securenetwork is secure
EITHER Use the firewall computer as a router to EITHER Use the firewall computer as a router to separate the internal (local) network from the separate the internal (local) network from the External (i.e. Internet) network External (i.e. Internet) network diverts data between the Internet and the local networkdiverts data between the Internet and the local network will only work if the network will need to be running an will only work if the network will need to be running an
appropriate protocolappropriate protocol
OR, if necessary, use a gatewayOR, if necessary, use a gateway» converts data into appropriate protocol and diverts it between converts data into appropriate protocol and diverts it between
the Internet and the local networkthe Internet and the local network» Can be used to link networks running different protocolsCan be used to link networks running different protocols
Firewall & Security mattersFirewall & Security matters Servers MUST ALL be correctly Servers MUST ALL be correctly
configuredconfigured The Firewall or Proxy Server will them The Firewall or Proxy Server will them
make sure that:make sure that: internal users do not access unauthorised internal users do not access unauthorised
sitessites unauthorised remote Internet users do not unauthorised remote Internet users do not
access the local networkaccess the local network
Putting the Secured network Putting the Secured network on-lineon-line
A digital connection is needed between the A digital connection is needed between the router/gateway and a computer connected to the router/gateway and a computer connected to the InternetInternet
PROVIDED THAT THE NETWORK IS SECURE, PROVIDED THAT THE NETWORK IS SECURE, there is no need to worry about payment systems…there is no need to worry about payment systems…
secure (VPN) Internet connections can be made to credit secure (VPN) Internet connections can be made to credit card authorisation and payment sites using “Merchant card authorisation and payment sites using “Merchant Server” softwareServer” software
Regular monitoring of the network is essential to Regular monitoring of the network is essential to ensure that unauthorised users are not trying to ensure that unauthorised users are not trying to gain accessgain access
Client-Server web applications & Server Scripts
Systems developed to run client-server web applications usually require:1. processing of the scripts to be done by the
server, on the server
2. a server-end database to provide and store data
3. logical connections between server-scripts, client-end input forms and server-end database
4. clearly defined locations for both client and server scripts
Writing Server Scripts
The code is embedded directly into the body of the web page
Needs to be a command to inform the browser that non-HTML code is about to be used:
With .asp, and .aspx: the command to start the script is <% to end the script… %>
The code can only be executed on an operating system that supports a web servere.g. XP Professional/Internet Information Server
Server Scripts and “Localhost” No matter which No matter which server-scripting technology is is
used…used… asp (active server pages).aspx (.net framework).jsp (java server pages).cf (Cold Fusion) .php.php (hypertext preprocessor) (hypertext preprocessor)
The code can be tested locally on a webserver The code can be tested locally on a webserver using the URL using the URL http://localhost/scriptnamehttp://localhost/scriptname at at the browser windowthe browser window
Using Dreamweaver for Using Dreamweaver for Client-Server DevelopmentClient-Server Development
Localhost therefore makes it possible, for development purposes, to have “local site” (development) and “remote site” (testing on server) both on the same machine
Dreamweaver makes this even easier by:allowing easy local site and remote site
management including up & downloading running the server scripts directly without having
to use localhost to check each timecreating server scripts in a number of different
formats (asp, asp.net, php, etc…)
Development of .NET framework for Server Scripting
Microsoft moved away from their previous commitment to applications running source VB code with the help of an interpreter program within IIS
Evolved VB into a more object oriented language called VB.NET
Principles of ActiveX controls provided a basis for new type of .net server-side controls
Similarities between ASP and ASP.NET scripts
Despite their fundamental differences, each type of script runs on the same platform….IIS
The .net framework:does not attempt to process existing .asp
files and IIS still runs them through an interpreter
works with IIS to use the same folder -c:/inetpub/wwwroot - as the default root folder
Differences between ASP and ASP.NET scripts
All asp code held as VB source code between <% and %>
Asp.net code:uses xml-type tagscan be written using a variety of programming languages is compiled, not interpreted is full object-oriented and can easily be used as “controls” to
respond to on-screen “events”
Running controls with ASP.NET
Microsoft developed an “intermediate language” (IL)could be readily converted into machine
code but the code not easily hacked Source code for .net can be written in
any language that can be translated into ILVB.NET builds on existing practiceC# has proved to be most popular
.net and Dreamweaver.net and Dreamweaver You may be thinking…You may be thinking…
““I can’t program in “C”!I can’t program in “C”! DON’T BE SCARED!DON’T BE SCARED!
the syntax of object-oriented C is similar to Javathe syntax of object-oriented C is similar to Java Dreamweaver MX provides a range of controls already Dreamweaver MX provides a range of controls already
written in C#written in C# Dreamweaver Extensions enable other controls to be addedDreamweaver Extensions enable other controls to be added
Not a good idea to produce code completely blindly…Not a good idea to produce code completely blindly… however, because of the similarities between Java and C so however, because of the similarities between Java and C so
you shouldn’t be working completely in the dark!you shouldn’t be working completely in the dark! The next few slides will look at the .net environment, The next few slides will look at the .net environment,
and how to set it up so at least you’ll understand and how to set it up so at least you’ll understand something about the file structure that is generated something about the file structure that is generated by Dreamweaver for running .aspx controlsby Dreamweaver for running .aspx controls
Components of the .net frameworkComponents of the .net framework .net applications can’t execute without the .net .net applications can’t execute without the .net
common language infrastructure (CLI)common language infrastructure (CLI) common Language run-time (CLR) for executing controlscommon Language run-time (CLR) for executing controls
““Managed execution” frameworkManaged execution” framework runs Intel x86 IL coderuns Intel x86 IL code development language doesn’t matterdevelopment language doesn’t matter
To support all this, each .net web application needs To support all this, each .net web application needs to have its own subfolder from the root (wwwroot)to have its own subfolder from the root (wwwroot) This folder must contain…This folder must contain…
» a /bin folder for “assemblies” & executablesa /bin folder for “assemblies” & executables» a web.config filea web.config file
(store of configuration info) (store of configuration info) e.g. a path to the set of class librariese.g. a path to the set of class libraries v2 also supports the following folders:v2 also supports the following folders:
» app_data, app_code, app_browsers, app_themes, app_data, app_code, app_browsers, app_themes, app_localresources, app_globalresources, app_webreferences app_localresources, app_globalresources, app_webreferences
How the .net environment How the .net environment manages an applicationmanages an application
““Assemblies” from .aspx files added to /binAssemblies” from .aspx files added to /bin Execution of assemblies completely reliant on Execution of assemblies completely reliant on
CLR servicesCLR services CLR is just a set of Win32 DLLs created by compiling CLR is just a set of Win32 DLLs created by compiling
the assembly componentsthe assembly components» written in IL (generalised Intel assembly language)written in IL (generalised Intel assembly language)
makes sure script execution is “controlled” and kept makes sure script execution is “controlled” and kept within boundarieswithin boundaries
» an earlier version of IIS used to “leak” memory until the an earlier version of IIS used to “leak” memory until the system needed rebootingsystem needed rebooting
usually loaded implicitly when a .net application is runusually loaded implicitly when a .net application is run
Loading AssembliesLoading Assemblies
AppDomain provides a security AppDomain provides a security boundary for each applicationboundary for each application
Code (.exe, or .dll) then loaded into Code (.exe, or .dll) then loaded into process spaceperfoprocess spaceperfoJIT compilation ensures “flat out JIT compilation ensures “flat out
performance”performance”cf Wallace & Grommit – latter lays out the cf Wallace & Grommit – latter lays out the
track as the train is about to pass along ittrack as the train is about to pass along it
And now for the practical….And now for the practical….
Thanks for listeningThanks for listening