COMP2121 COMP2121 Internet TechnologyInternet Technology
Richard HensonRichard Henson
University of WorcesterUniversity of Worcester
March 2011March 2011
Week 8 – Week 8 – Introduction to Introduction to
Server-ScriptingServer-Scripting Objectives of SessionObjectives of Session
Explain the limitations of client-Explain the limitations of client-scriptingscripting
Analyse a network infrastructure and Analyse a network infrastructure and server platform to assess possibilities server platform to assess possibilities for using server scriptingfor using server scripting
Implement server scripting across an Implement server scripting across an Intranet and through the Internet Intranet and through the Internet
Client-Server SystemsClient-Server Systems
Server end:Server end:
access control to the network and its resources controlled by logon service
access to resources depends on user rights – assessed by logon data
Client-end:Client-end:
user who wishes to access network resources
server
client
Requests and responsesRequests and responses
Client requests information
Server processes the request, sends a response back to the client
CLIENT SERVER
RESPONSE
Send RequestRead Results
Process RequestSend Back Results
ClientProgram
REQUEST
ServerProgram
Bandwidth and Client/Server Bandwidth and Client/Server processesprocesses
Messages transferred between client Messages transferred between client and server via networkand server via network
Bandwidth and Client/Server Bandwidth and Client/Server processesprocesses
Data transfer: the faster the better…Data transfer: the faster the better… most effective on LANs - nowadays 1000 most effective on LANs - nowadays 1000
Mbits/sec or moreMbits/sec or more between connected Internet computers bandwidth between connected Internet computers bandwidth
needs to be as high as possible - 2 Mbits/sec needs to be as high as possible - 2 Mbits/sec upwards upwards
Slow connections…Slow connections… data takes longer to get throughdata takes longer to get through so longer time to get a response backso longer time to get a response back server could even “time out”server could even “time out”
More about HTTP and Client-More about HTTP and Client-Server ComputingServer Computing
Client and server systems work right up to Client and server systems work right up to the application layerthe application layer
To allow client-server interaction on the web, To allow client-server interaction on the web, Tim Berners-Lee designed HTTP to integrate Tim Berners-Lee designed HTTP to integrate well with his basic web page formatting well with his basic web page formatting language - HTMLlanguage - HTML HTML language GET command instructs the HTML language GET command instructs the
client process to get data for the serverclient process to get data for the server HTML POST command sends client data either HTML POST command sends client data either
using an email protocol or using HTTPusing an email protocol or using HTTP
Web Dynamic Web Dynamic Client-Server ModelClient-Server Model
IIn a typical web-n a typical web-based client-server based client-server application:application:1.1. The HTML form The HTML form
displayed on a web displayed on a web browser at the client browser at the client end collects dataend collects data
2.2. Using HTTP the form Using HTTP the form data is sent to a web data is sent to a web serverserver
Web Dynamic Web Dynamic Client-Server ModelClient-Server Model
The web server The web server processes the data processes the data according to instructions according to instructions on a specified server on a specified server scriptscript
Using HTTP, the results Using HTTP, the results of processing generated of processing generated as specified by the script as specified by the script are sent back to the clientare sent back to the client
The web browser on the The web browser on the client machine displays client machine displays the results on a web page the results on a web page in a specified positionin a specified position
Web Dynamic Web Dynamic Client-Server modelClient-Server model
All this gets even All this gets even more complex more complex when a database, when a database, and database and database programming, are programming, are also involved at also involved at the server end…the server end…
Server-scripting and dynamic Server-scripting and dynamic pages on The Webpages on The Web
The following apply to ALL types of The following apply to ALL types of scripting used on the web…scripting used on the web…scripts need to use real programming codescripts need to use real programming code
» note: HTML is a FORMATTING language, NOT note: HTML is a FORMATTING language, NOT a programming languagea programming language
both client and server ends have both client and server ends have programming code:programming code:» client end…embedded within a HTML pageclient end…embedded within a HTML page» server end… could be embedded or separateserver end… could be embedded or separate
Languages used for Languages used for Server ScriptingServer Scripting
Much has been tried since w3c launched HTML as an Much has been tried since w3c launched HTML as an interactive language in the early 1990s…interactive language in the early 1990s… use of an existing language in a completely separate file, use of an existing language in a completely separate file,
which is already compiled and ready to go:which is already compiled and ready to go:» the original approach: .cgithe original approach: .cgi» any language could in theory be usedany language could in theory be used» in practice “C” was usually favouredin practice “C” was usually favoured
use of an existing language embedded in a HTML fileuse of an existing language embedded in a HTML file» The Microsoft .asp approach, using embedded VB source codeThe Microsoft .asp approach, using embedded VB source code» The Sun .jsp approach, using embedded Java (Script) sourceThe Sun .jsp approach, using embedded Java (Script) source
Invention of new scripting languages that are “HTML-like” Invention of new scripting languages that are “HTML-like” and easily embed with HTMLand easily embed with HTML
» Cold Fusion .cfCold Fusion .cf» Preprocessor Hypertext processing .phpPreprocessor Hypertext processing .php
Microsoft’s first attempt Microsoft’s first attempt at server scripting…at server scripting…
In 1996, Microsoft introduced active server pages In 1996, Microsoft introduced active server pages (asp)(asp) hugely successful (VB very popular…)hugely successful (VB very popular…) soon became more popular than .cgisoon became more popular than .cgi
However, in spite of the great success of asp, big However, in spite of the great success of asp, big problems were emerging…problems were emerging… by 2000, hackers were attacking Microsoft servers and by 2000, hackers were attacking Microsoft servers and
finding many security holes in IISfinding many security holes in IIS» Microsoft only coped by offering hotfixesMicrosoft only coped by offering hotfixes
further problem: use of VB source codefurther problem: use of VB source code» if server not secure, code could be copied or compromisedif server not secure, code could be copied or compromised» Scripts could not be truly “object oriented”Scripts could not be truly “object oriented”
Alternative Scripting Lanuguages Alternative Scripting Lanuguages using the embedded approachusing the embedded approach
JSPJSP PHPPHP PERLPERL Cold FusionCold Fusion
JSPs (Java Script Pages) Produced by Sun Microsystems
extension of the JavaTM Servlet technology
According to Sun, Servlets:“fit seamlessly into a Web server framework
and can be used to extend the capabilities of a Web server with minimal overhead, maintenance, and support.”
» platform-independent» 100% pure Java» enhanced performance» separation of logic from display» ease of administration» extensibility into the enterprise
PERLPERL
Invented by Larry Wall in 1987Invented by Larry Wall in 1987 Became popular as a web programming Became popular as a web programming
language in the late 1990slanguage in the late 1990s Features of C but an interpreted Features of C but an interpreted
language (like Java)language (like Java) Not for programming novices…Not for programming novices…
Evolution into PHP Evolution into PHP (Hypertext Pre-processor)
Started as just a collection of Started as just a collection of “free” PERL PERL scripts in 1995scripts in 1995 became popular as a rival to the asp approach for became popular as a rival to the asp approach for
programming code embedded in HTMLprogramming code embedded in HTML then became very popular as Microsoft wrestled then became very popular as Microsoft wrestled
with asp -> asp.netwith asp -> asp.net Open source and integrates well with open Open source and integrates well with open
source databasessource databases e.g. MySQLe.g. MySQL
PHP scripts Originally designed for Linux-based systems
executed on a type of web server called Apache Can now run happily on IIS
now getting very popular with non-Linux platforms Big improvements in performance with PHP v4 XML functionality with v5 (released 2005) Can download the environment directly from the PHP
website: http://uk2.php.net/downloads.php XAMPP provides MySQL and Apache webserver
environment
Cold Fusion Originally produced by Altair with its own
scripting language (CFML) for the Microsoft platformarguably easier to use than asp
Purchased by Macromedia in 2003 (Dreamweaver, Flash, Director, etc.)Dreamweaver has good support for Cold Fusion
scripting Now also available for the Java environment Macromedia itself now part of Adobe
ASP becomes ASP.NETASP becomes ASP.NET
Microsoft’s new approach to server scripting for the Microsoft’s new approach to server scripting for the new millennium…new millennium… building on asp principlesbuilding on asp principles new system that used “intermediate language”, rather than new system that used “intermediate language”, rather than
source code on the serversource code on the server much more difficult to hackmuch more difficult to hack
Problem was… they had to scrap the .asp Problem was… they had to scrap the .asp environment, and adopt a new architecture…environment, and adopt a new architecture… known as the .net frameworkknown as the .net framework as many developers were accustomed to .asp this took as many developers were accustomed to .asp this took
awhile to catch on!awhile to catch on! many people still confuse asp and asp.net…many people still confuse asp and asp.net…
Evolution of .net framework Evolution of .net framework (2001)(2001)
Version 1.1Version 1.1 intermediate languageintermediate language run-time environment for scriptsrun-time environment for scripts
» compiled code can’t easily be hackedcompiled code can’t easily be hacked Programming Code can be separated from HTML; Programming Code can be separated from HTML;
» as with cgi…as with cgi…» but without degradation in performancebut without degradation in performance
Web controls introduced by drag-and-drop for Web controls introduced by drag-and-drop for ease of developmentease of development
XML can replace HTML code…XML can replace HTML code…
Evolution of .net framework Evolution of .net framework (2005)(2005)
Version 2.0Version 2.0more and better controlsmore and better controlssome Integration with Active Directorysome Integration with Active DirectoryVisual Web Developer 2005 introducedVisual Web Developer 2005 introduced
» based on Visual Studiobased on Visual Studio user friendly development environmentuser friendly development environment
» easy use of master pages and CSSeasy use of master pages and CSS» simulated web server for ease of testingsimulated web server for ease of testing
Evolution of .net framework Evolution of .net framework (2008, 2010)(2008, 2010)
Version 3.5Version 3.5further enhancement to controlsfurther enhancement to controlsgreater integration with Active Directorygreater integration with Active DirectoryVisual Web Developer 2008 provided more Visual Web Developer 2008 provided more
controls, more wizards, and better controls, more wizards, and better formatting toolsformatting tools
Version 4.0Version 4.0as above. Generally regarded as easier to as above. Generally regarded as easier to
use than VWD 2008use than VWD 2008
PHPs & asp.net today PHPs attractive for serious programmers who
dislike the Microsoft approach… integration of cut-and-paste code still needs an
environment like Dreamweaver Industry view (post-millenium)
Unix-based Servers running PHPs considered to be more secure against hackers than Windows 2000/IIS running asp
asp.net running on Windows 2003/IIS v6/7 later accepted as being a very stable platform
Both widely in use today…
Platforms for Development Dreamweaver excellent for asp, .net.
php & ColdFusion until Creative Studio From CS1 onwards (2005ish):
no support for .net developmentsolid support for php & Cold Fusion
Visual Web Developer 2005, 2008, 2010gradually took away Dreamweaver
customers using asp.net
When to use Server Scripting (1)
Whenever programming logic is Whenever programming logic is required that needs to be shared via required that needs to be shared via Internet browsers!Internet browsers!
Good for securityGood for securityif web server properly configured…if web server properly configured…
And accountabilityAnd accountabilityclients can be forced to log onclients can be forced to log on
When to use Server Scripting (2)When to use Server Scripting (2)
When client end lacks storage & processing When client end lacks storage & processing powerpower fits well with the thin client model for web & fits well with the thin client model for web &
network computingnetwork computing very popular for massively multiplayer gamesvery popular for massively multiplayer games
Client just sends the requests and asks the Client just sends the requests and asks the questionsquestions server does the processing and provides the web server does the processing and provides the web
pages with answers/responses to requestspages with answers/responses to requests
When to use Server Scripting (3)When to use Server Scripting (3)
Whenever centralised data storage & Whenever centralised data storage & processing is needed to support processing is needed to support activities of a websiteactivities of a websiteessential for security of sensitive dataessential for security of sensitive datawaste of space and resources to store & waste of space and resources to store &
process databases locallyprocess databases locally
(4) Securing of Sensitive Data (4) Securing of Sensitive Data between Client and Serverbetween Client and Server
Extended Internet infrastructure designed Extended Internet infrastructure designed around the webserver modelaround the webserver model organisation can get an authentication certificate organisation can get an authentication certificate
(SSL certificate), and make it available through (SSL certificate), and make it available through their webservertheir webserver
» client can view server certificateclient can view server certificate
Client can access sensitive data at server end by Client can access sensitive data at server end by authenticating themselves (log in)authenticating themselves (log in)
data encrypted and sent using https protocoldata encrypted and sent using https protocol
Platforms for developing a website Platforms for developing a website running server-scriptsrunning server-scripts
Computer capable of supporting Windows Computer capable of supporting Windows XP/2003/Vista/7 or an equivalent Unix-based XP/2003/Vista/7 or an equivalent Unix-based operating systemoperating system
TCP/IP protocol stack running on serverTCP/IP protocol stack running on server Web Server software such as:Web Server software such as:
Internet Information ServerInternet Information Server ApacheApache
Broadband connection to the InternetBroadband connection to the Internet
Typical Infrastructure for putting Typical Infrastructure for putting Server Scripting online Server Scripting online
Make sure the internal “client-server” Make sure the internal “client-server” computer network is securecomputer network is secure
EITHER use the firewall/proxy server as a EITHER use the firewall/proxy server as a router to separate the internal (local) network router to separate the internal (local) network from the External (i.e. Internet) network from the External (i.e. Internet) network
OR, if OSI level 3-4 protocol conversion OR, if OSI level 3-4 protocol conversion needed, use a gatewayneeded, use a gateway converts data into appropriate protocol and diverts converts data into appropriate protocol and diverts
it between the Internet and the local networkit between the Internet and the local network can be used to link networks running different can be used to link networks running different
protocolsprotocols
Putting the Putting the Secured network on-lineSecured network on-line
A digital connection with plenty of A digital connection with plenty of bandwidth is needed between the bandwidth is needed between the router/gateway and a computer router/gateway and a computer connected to the Internetconnected to the Internet
Regular monitoring of the network is Regular monitoring of the network is essential to ensure that unauthorised essential to ensure that unauthorised users are not trying to gain accessusers are not trying to gain access
Web Hosting and ISPs Web Hosting and ISPs (Internet Service Providers)(Internet Service Providers)
Only the largest corporate enterprises Only the largest corporate enterprises are likely to be part of the Internetare likely to be part of the Internet
Most businesses need to find a partner Most businesses need to find a partner who will provide a link between the who will provide a link between the connection medium and the Internet connection medium and the Internet that meets their needsthat meets their needsMany Internet service providers availableMany Internet service providers availableThe problem is usually “which to choose”, The problem is usually “which to choose”,
rather than finding a partner…rather than finding a partner…
Web HostingWeb Hosting Two possibilities:Two possibilities:
ISP provides hosting and web space, ISP provides hosting and web space, organisation manages websiteorganisation manages website
ISP provides hosting AND manages websiteISP provides hosting AND manages website ISP will also provide:ISP will also provide:
the all important IP address that will allow a the all important IP address that will allow a presence on the Internetpresence on the Internet
the domain name that will allow other the domain name that will allow other Internet users to find the websiteInternet users to find the website
Criteria for choosing a Criteria for choosing a web host (apart from cost!)web host (apart from cost!)
Amount of web space?Amount of web space? Bandwidth availability?Bandwidth availability? Hardware & OS?Hardware & OS? Uploading techniques?Uploading techniques? Protocols supported?Protocols supported? URL available?URL available? type of server scripts supported?type of server scripts supported? Site management tools?Site management tools? Databases supported?Databases supported?
Exercise for Next WeekExercise for Next Week
Search Google for web hostsSearch Google for web hosts How many available?How many available? How could you choose?How could you choose?
Use the following URL to compare web Use the following URL to compare web hosts and their offerings:hosts and their offerings: http://www.hostindex.com/voteresults.shtmhttp://www.hostindex.com/voteresults.shtm