COMP2113 E-Commerce Richard Henson University of Worcester April 2008.

COMP2113 COMP2113 E-CommerceE-Commerce

Richard HensonRichard Henson

University of WorcesterUniversity of Worcester

AprilApril 20082008

Week 7: Client-Server Week 7: Client-Server systems and E-commercesystems and E-commerce

Objectives:Objectives: Describe the client-server modelDescribe the client-server model Explain what a communications protocol is and Explain what a communications protocol is and

why comms protocols are so crucial for client-why comms protocols are so crucial for client-server networksserver networks

Understand the rationale for using server-end Understand the rationale for using server-end scripting, rather than having all the code on the scripting, rather than having all the code on the client machineclient machine

Produce a working server script running on an IIS Produce a working server script running on an IIS platformplatform

Why is an understanding of Why is an understanding of Networks important?Networks important?

Any E-commerce application works across at Any E-commerce application works across at least two different systems linked via the least two different systems linked via the InternetInternet

These systems must communicate 100% These systems must communicate 100% effectivelyeffectively must therefore use an entirely reliable set of must therefore use an entirely reliable set of

protocolsprotocols TCP/IP and Client-Server systems have been TCP/IP and Client-Server systems have been

around since the early days of the Internet and around since the early days of the Internet and have a proven reliability over many yearshave a proven reliability over many years

Network ProtocolsNetwork Protocols Data has to be reliably transferred between Data has to be reliably transferred between

Internet sitesInternet sites

An early model of network protocols was An early model of network protocols was created in the early days of the Unix operating created in the early days of the Unix operating systemsystem four software layers:four software layers:

» Physical Network access layerPhysical Network access layer

» Internet layer - IP protocolInternet layer - IP protocol

» Transport or Host-Host - TCP protocolTransport or Host-Host - TCP protocol

» Application layer - FTP and SMTPApplication layer - FTP and SMTP

THE OSI seven layer modelTHE OSI seven layer model

In 1978, several years after Unix, the network In 1978, several years after Unix, the network protocols model was expanded by ISO protocols model was expanded by ISO (International Standards Organisation)(International Standards Organisation)

separated all levels of abstraction from physical separated all levels of abstraction from physical network through to screen displaynetwork through to screen display

Produced SEVEN software layersProduced SEVEN software layers

remain to present day!remain to present day!

How a message is “sent”How a message is “sent”

Physical Physical LayerLayer

Data link Data link LayerLayer

Network Network LayerLayer

Transport Transport LayerLayer

SessionSessionLayerLayer

Presentation Presentation LayerLayer

Application Application LayerLayer

Physical Physical LayerLayer

Data link Data link LayerLayer

Network Network LayerLayer

Transport Transport LayerLayer

SessionSessionLayerLayer

Presentation Presentation LayerLayer

Application Application LayerLayer

TransmitTransmitStationStation

ReceiveReceiveStationStation

AH DATA

PH AH DATA

SH PH AH DATA

TH SH PH AH DATA

NH TH SH PH AH DATA

LH NH TH SH PH AH DATA LT

DATA AH

DATA AH PH

DATA AH PH SH

DATA AH PH SH TH

DATA AH PH SH TH NH

LT DATA AH PH SH TH NH LH

LinkLink

Web-based Client-Server

More about HTTP and Client-More about HTTP and Client-Server ComputingServer Computing

Client and server systems work right up to the Client and server systems work right up to the application layerapplication layer communication therefore needs to function accordingly…communication therefore needs to function accordingly…

Tim Berners-Lee invented HTTP to facilitate web-Tim Berners-Lee invented HTTP to facilitate web-based application layer communicationbased application layer communication

To allow client-server interaction, Tim designed To allow client-server interaction, Tim designed HTTP to integrate well with his basic web page HTTP to integrate well with his basic web page formatting language - HTMLformatting language - HTML HTML language GET command instructs the client process HTML language GET command instructs the client process

to get data for the serverto get data for the server HTML POST command sends client data either using an HTML POST command sends client data either using an

email protocol or using HTTPemail protocol or using HTTP

Web Dynamic Web Dynamic Client-Server ModelClient-Server Model

Server-Side ProcessingServer-Side Processing

In a typical web-based client-server application:In a typical web-based client-server application: The HTML form displayed on a web browser at the client end The HTML form displayed on a web browser at the client end

collects datacollects data Using HTTP the data is sent to a web serverUsing HTTP the data is sent to a web server The web server processes the data according to instructions The web server processes the data according to instructions

on a specified server scripton a specified server script Using HTTP, the results of processing generated as specified Using HTTP, the results of processing generated as specified

by the script are sent back to the clientby the script are sent back to the client The web browser on the client machine displays the results The web browser on the client machine displays the results

on a web page in a specified positionon a web page in a specified position

This gets even more complex when a database, and This gets even more complex when a database, and database programming, are also involved at the database programming, are also involved at the server end…server end…

Introduction to Server-scriptingIntroduction to Server-scripting

Today – principles of scripting only; Today – principles of scripting only; apply to ALL types of scripting…apply to ALL types of scripting…Scripts need to use real programming codeScripts need to use real programming code

» note: HTML is a FORMATTING language, NOT note: HTML is a FORMATTING language, NOT a programming languagea programming language

Both client and server ends have Both client and server ends have programming code usually embedded programming code usually embedded within a HTML pagewithin a HTML page

Languages used for Languages used for Server ScriptingServer Scripting

Much has been tried since HTML became interactive Much has been tried since HTML became interactive in the early 1990s:in the early 1990s: Can use an existing language in a completely separate file, Can use an existing language in a completely separate file,

which is already compiled and ready to go:which is already compiled and ready to go:» the original approach: .cgithe original approach: .cgi» any language could in theory be usedany language could in theory be used» in practice “C” was usually favouredin practice “C” was usually favoured

Can use an existing language embedded in a HTML fileCan use an existing language embedded in a HTML file» The Microsoft .asp approach, using embedded VB source codeThe Microsoft .asp approach, using embedded VB source code» The Sun .jsp approach, using embedded Java (Script) sourceThe Sun .jsp approach, using embedded Java (Script) source

Can invent a new scripting language that is “HTML-like” and Can invent a new scripting language that is “HTML-like” and easily embeds with HTMLeasily embeds with HTML

» Cold Fusion .cfCold Fusion .cf» Preprocessor Hypertext processing .phpPreprocessor Hypertext processing .php

Microsoft’s first attempt Microsoft’s first attempt at server scripting…at server scripting…

In 1996, Microsoft introduced active server pages In 1996, Microsoft introduced active server pages (asp)(asp) hugely successfulhugely successful soon became more popular than cgisoon became more popular than cgi

However, in spite of the great success of asp…However, in spite of the great success of asp… by 2000, hackers were attacking Microsoft servers and by 2000, hackers were attacking Microsoft servers and

finding many security holes in IISfinding many security holes in IIS Microsoft coped by offering hotfixesMicrosoft coped by offering hotfixes further problem: used VB source codefurther problem: used VB source code if server not secure, code could be copied or compromisedif server not secure, code could be copied or compromised not “object oriented”not “object oriented”

ASP becomes ASP.NETASP becomes ASP.NET

Microsoft’s new approach to server scripting, Microsoft’s new approach to server scripting, building on asp principlesbuilding on asp principles new system that used “intermediate language”, new system that used “intermediate language”,

rather than source code on the serverrather than source code on the servermuch more difficult to hackmuch more difficult to hack

Problem was… they had to scrap the .asp Problem was… they had to scrap the .asp environment, and adopt a new architecture…environment, and adopt a new architecture…known as the .net frameworkknown as the .net framework As many developers were accustomed to .asp this As many developers were accustomed to .asp this

took awhile to catch on!took awhile to catch on!

Alternative to ASP.NET? PHP (Hypertext Pre-processor) Originally designed for Linux-based systems

executed on a type of web server called Apache

Integrate well with a Linux database and a free-to-download SQL-supporting product called MySQL

Can now run happily on IISnow getting very popular with non-Linux platforms

Can download the environment directly from the PHP website:http://uk2.php.net/downloads.php

PHPs (continued) “free” Only for serious programmers Cut-and-paste code still needs an

environment like Dreamweaver Popular with those who dislike Microsoft! Unix-based Servers running PHPs

considered to be more secure against hackers than Windows 2000/IIS running aspbut asp.net on Windows 2003/IIS v6 is another

matter…

Alternative to ASP.NET? Cold Fusion

Originally produced by Altair with its own scripting language (CFML) for the Microsoft platformarguably easier to use than asp

Purchased by Macromedia in 2003 (Dreamweaver, Flash, Director, etc.)Dreamweaver has good support for Cold Fusion

scripting Now also available for the Java environment Macromedia itself now part of Adobe

Hardware/Software Requirements to Hardware/Software Requirements to develop a website running develop a website running

server-scriptsserver-scripts Computer capable of supporting Windows Computer capable of supporting Windows

2000/XP/2003 or equivalent operating system2000/XP/2003 or equivalent operating system TCP/IP protocol stack running on serverTCP/IP protocol stack running on server Web Server software such as:Web Server software such as:

Internet Information ServerInternet Information Server ApacheApache

Broadband connection to the InternetBroadband connection to the Internet

Basic Infrastructure required to Basic Infrastructure required to put a server-system “on-line”put a server-system “on-line”

Typical networking server software:Typical networking server software:Windows NT/2000/2003Windows NT/2000/2003Unix (many types; Linux increasing Unix (many types; Linux increasing

popularity)popularity) A Firewall to keep the server secureA Firewall to keep the server secure

security is a BIG issue in e-commerce security is a BIG issue in e-commerce

More typical Infrastructure to go More typical Infrastructure to go online (existing local network)online (existing local network)

Make sure the internal “client-server” computer Make sure the internal “client-server” computer network is securenetwork is secure

EITHER Use the firewall computer as a router to EITHER Use the firewall computer as a router to separate the internal (local) network from the separate the internal (local) network from the External (i.e. Internet) network External (i.e. Internet) network diverts data between the Internet and the local networkdiverts data between the Internet and the local network will only work if the network will need to be running an will only work if the network will need to be running an

appropriate protocolappropriate protocol

OR, if necessary, use a gatewayOR, if necessary, use a gateway» converts data into appropriate protocol and diverts it between converts data into appropriate protocol and diverts it between

the Internet and the local networkthe Internet and the local network» Can be used to link networks running different protocolsCan be used to link networks running different protocols

Firewall & Security mattersFirewall & Security matters Servers MUST ALL be correctly Servers MUST ALL be correctly

configuredconfigured The Firewall or Proxy Server will them The Firewall or Proxy Server will them

make sure that:make sure that: internal users do not access unauthorised internal users do not access unauthorised

sitessites unauthorised remote Internet users do not unauthorised remote Internet users do not

access the local networkaccess the local network

Putting the Secured network Putting the Secured network on-lineon-line

A digital connection is needed between the A digital connection is needed between the router/gateway and a computer connected to the router/gateway and a computer connected to the InternetInternet

PROVIDED THAT THE NETWORK IS SECURE, PROVIDED THAT THE NETWORK IS SECURE, there is no need to worry about payment systems…there is no need to worry about payment systems…

secure (VPN) Internet connections can be made to credit secure (VPN) Internet connections can be made to credit card authorisation and payment sites using “Merchant card authorisation and payment sites using “Merchant Server” softwareServer” software

Regular monitoring of the network is essential to Regular monitoring of the network is essential to ensure that unauthorised users are not trying to ensure that unauthorised users are not trying to gain accessgain access

Client-Server web applications & Server Scripts

Systems developed to run client-server web applications usually require:1. processing of the scripts to be done by the

server, on the server

2. a server-end database to provide and store data

3. logical connections between server-scripts, client-end input forms and server-end database

4. clearly defined locations for both client and server scripts

Writing Server Scripts

The code is embedded directly into the body of the web page

Needs to be a command to inform the browser that non-HTML code is about to be used:

With .asp, and .aspx: the command to start the script is <% to end the script… %>

The code can only be executed on an operating system that supports a web servere.g. XP Professional/Internet Information Server

Server Scripts and “Localhost” No matter which No matter which server-scripting technology is is

used…used… asp (active server pages).aspx (.net framework).jsp (java server pages).cf (Cold Fusion) .php.php (hypertext preprocessor) (hypertext preprocessor)

The code can be tested locally on a webserver The code can be tested locally on a webserver using the URL using the URL http://localhost/scriptnamehttp://localhost/scriptname at at the browser windowthe browser window

Using Dreamweaver for Using Dreamweaver for Client-Server DevelopmentClient-Server Development

Localhost therefore makes it possible, for development purposes, to have “local site” (development) and “remote site” (testing on server) both on the same machine

Dreamweaver makes this even easier by:allowing easy local site and remote site

management including up & downloading running the server scripts directly without having

to use localhost to check each timecreating server scripts in a number of different

formats (asp, asp.net, php, etc…)

Development of .NET framework for Server Scripting

Microsoft moved away from their previous commitment to applications running source VB code with the help of an interpreter program within IIS

Evolved VB into a more object oriented language called VB.NET

Principles of ActiveX controls provided a basis for new type of .net server-side controls

Similarities between ASP and ASP.NET scripts

Despite their fundamental differences, each type of script runs on the same platform….IIS

The .net framework:does not attempt to process existing .asp

files and IIS still runs them through an interpreter

works with IIS to use the same folder -c:/inetpub/wwwroot - as the default root folder

Differences between ASP and ASP.NET scripts

All asp code held as VB source code between <% and %>

Asp.net code:uses xml-type tagscan be written using a variety of programming languages is compiled, not interpreted is full object-oriented and can easily be used as “controls” to

respond to on-screen “events”

Running controls with ASP.NET

Microsoft developed an “intermediate language” (IL)could be readily converted into machine

code but the code not easily hacked Source code for .net can be written in

any language that can be translated into ILVB.NET builds on existing practiceC# has proved to be most popular

.net and Dreamweaver.net and Dreamweaver You may be thinking…You may be thinking…

““I can’t program in “C”!I can’t program in “C”! DON’T BE SCARED!DON’T BE SCARED!

the syntax of object-oriented C is similar to Javathe syntax of object-oriented C is similar to Java Dreamweaver MX provides a range of controls already Dreamweaver MX provides a range of controls already

written in C#written in C# Dreamweaver Extensions enable other controls to be addedDreamweaver Extensions enable other controls to be added

Not a good idea to produce code completely blindly…Not a good idea to produce code completely blindly… however, because of the similarities between Java and C so however, because of the similarities between Java and C so

you shouldn’t be working completely in the dark!you shouldn’t be working completely in the dark! The next few slides will look at the .net environment, The next few slides will look at the .net environment,

and how to set it up so at least you’ll understand and how to set it up so at least you’ll understand something about the file structure that is generated something about the file structure that is generated by Dreamweaver for running .aspx controlsby Dreamweaver for running .aspx controls

Components of the .net frameworkComponents of the .net framework .net applications can’t execute without the .net .net applications can’t execute without the .net

common language infrastructure (CLI)common language infrastructure (CLI) common Language run-time (CLR) for executing controlscommon Language run-time (CLR) for executing controls

““Managed execution” frameworkManaged execution” framework runs Intel x86 IL coderuns Intel x86 IL code development language doesn’t matterdevelopment language doesn’t matter

To support all this, each .net web application needs To support all this, each .net web application needs to have its own subfolder from the root (wwwroot)to have its own subfolder from the root (wwwroot) This folder must contain…This folder must contain…

» a /bin folder for “assemblies” & executablesa /bin folder for “assemblies” & executables» a web.config filea web.config file

(store of configuration info) (store of configuration info) e.g. a path to the set of class librariese.g. a path to the set of class libraries v2 also supports the following folders:v2 also supports the following folders:

» app_data, app_code, app_browsers, app_themes, app_data, app_code, app_browsers, app_themes, app_localresources, app_globalresources, app_webreferences app_localresources, app_globalresources, app_webreferences

How the .net environment How the .net environment manages an applicationmanages an application

““Assemblies” from .aspx files added to /binAssemblies” from .aspx files added to /bin Execution of assemblies completely reliant on Execution of assemblies completely reliant on

CLR servicesCLR services CLR is just a set of Win32 DLLs created by compiling CLR is just a set of Win32 DLLs created by compiling

the assembly componentsthe assembly components» written in IL (generalised Intel assembly language)written in IL (generalised Intel assembly language)

makes sure script execution is “controlled” and kept makes sure script execution is “controlled” and kept within boundarieswithin boundaries

» an earlier version of IIS used to “leak” memory until the an earlier version of IIS used to “leak” memory until the system needed rebootingsystem needed rebooting

usually loaded implicitly when a .net application is runusually loaded implicitly when a .net application is run

Loading AssembliesLoading Assemblies

AppDomain provides a security AppDomain provides a security boundary for each applicationboundary for each application

Code (.exe, or .dll) then loaded into Code (.exe, or .dll) then loaded into process spaceperfoprocess spaceperfoJIT compilation ensures “flat out JIT compilation ensures “flat out

performance”performance”cf Wallace & Grommit – latter lays out the cf Wallace & Grommit – latter lays out the

track as the train is about to pass along ittrack as the train is about to pass along it

And now for the practical….And now for the practical….

Thanks for listeningThanks for listening