Top Banner
IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen
31

IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

Mar 28, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

IS 4420Database Fundamentals

Chapter 10: The Internet Database

Environment

Leon Chen

Page 2: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

2

Overview Environment for Internet database

connectivity Internet-based business environment Client-side and server-side extensions Web services and their use for e-

commerce Explain ASP code Provide an overview of XML Describe issues for Web-site management Discuss Web security and privacy issues

Page 3: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

3Database-enabled intranet-internet environment

Page 4: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

4

Business on the Internet Electronic Business (e-business)

Development of integrated relationship with customers and suppliers via the Internet

Business-to-Consumer (B2C) – retail Business-to-Business (B2B) – interaction with

suppliers and vendors Consumer-to-Consumer (C2C) – For example: eBay

Electronic Commerce (e-commerce) Business transactions, including:

• Order processing/fulfillment• Customer relations• Electronic data interchange (EDI)• Bill payments

Page 5: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

5

Web-Related Terms World Wide Web (WWW)

The total set of interlinked hypertext documents residing on Web servers worldwide

Browser Software that displays HTML documents and allows users to

access files and software related to HTML documents Web Server

Software that responds to requests from browsers and transmits HTML documents to browsers

Web pages – HTML documents Static Web pages – content established at development time Dynamic Web pages – content dynamically generated, usually

by obtaining data from database

Page 6: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

6

Communications Technology

IP Address Four numbers that identify a node on the internet e.g. 131.247.152.18

Hypertext Transfer Protocol (HTTP) Communication protocol used to transfer pages from Web server to browser HTTPS is a more secure version

Uniform Resource Locator (URL) Web address corresponding with IP address Also includes folder location and html file name

Page 7: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

7

Internet-Related Languages Hypertext Markup Language (HTML)

Markup language specifically for Web pages Standard Generalized Markup Language (SGML)

Markup language standard Extensible Markup Language (XML)

Markup language allowing customized tags XHTML

XML-compliant extension of HTML Java

Object-oriented programming language for applets JavaScript/VBScript

Scripting languages that enable interactivity in HTML documents Cascading Style Sheets (CSS)

Control appearance of Web elements in an HML document XSL and XSLT

XMS style sheet and transformation to HTML

Standards and Web conventions established

byWorld Wide Web World Wide Web

Consortium (W3C)Consortium (W3C)

Page 8: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

8

World Wide Web Consortium (W3C)

An international consortium of companies working to develop open standards that foster the deployment of Web conventions so that Web documents can be consistently displayed on all platforms

See www.w3c.org

Page 9: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

9

Web Servers Provide HTTP service Passing plain text via TCP connection Serve many clients at once

Therefore, multithreaded and multiprocessed Load balancing approaches:

Domain Name Server (DNS) balancing• One DNS = multiple IP addresses

Software/hardware balancing• Request at one IP address is distributed to multiple

servers Reverse proxy

• Intercept client request and cache response

Page 10: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

10

Server-Side Extensions Programs that interact directly with Web

servers to handle requests e.g. database-request handling middleware

Web-to-database middleware

Page 11: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

11

Web Server Interfaces Common Gateway Interface (CGI)

Specify transfer of information between Web server and CGI program

Performance not very good Security risks

Application Program Interface (API) More efficient than CGI Shared as dynamic link libraries (DLLs)

Java Servlets Like applets, but stored at server Cross-platform compatible More efficient than CGI

Page 12: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

12

Client-Side Extensions Add functionality to the browser Plug-ins

Hardware/software modules that extend browser capabilities by adding features (e.g. encryption, animation, wireless access)

ActiveX Microsoft COM/OLE components that allow

data manipulation inside the browser Cookies

Block of data stored at client by Web server for later use

Page 13: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

13

Web Services Set of emerging XML-based standards that define protocols for automatic

communication between applications over the Web. Extends and supplants traditional EDI

Web Service Components: Universal Description, Discovery, and Integration (UDDI)

• Technical specification for distributed registries of Web services and businesses open to communication on these services

Web Services Description Language (WSDL)• XML-based grammar for describing Web services and providing public

interfaces for these services Simple Object Access Protocol (SOAP)

• XML-based communication protocol for sending messages between applications via the Internet

Challenges for Web Services Lack of mature standards Lack of security

Page 14: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

14

Page 15: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

15

Web-to-Database Tools Active Server Pages (ASP)

Microsoft server-side scripting language Generates dynamic Web pages Interfaces to databases in MS Windows-based Web servers

Cold-Fusion Uses special server-side markup language CFML Modeled after HTML Interfaces to databases

Embedded SQL SQL embedded in 3GL programs Provides flexible interface Improves performance and database security

Page 16: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

16

ASP

ASP applications include HTML extensions and additional scripting (usually in VBScript, or in JavaScript)

ASP code embedded in <% %> tags are executed on the server, instead of the client. This is how dynamic Web pages can be created

Page 17: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

17

Sample ASP Code<%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>

<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>

<TR><TD align=center valign=top>

<%=rsRes(“Product Finish”>)%></TD><TD>

<FORM method=post action=“line.asp”><INPUT type=Hidden name=line

value=“<%=rsRes(“Product_Finish”))%>

<INPUT type=submit Value=GO!></TD>

</TR><%

rsRes.MoveNextWend

%></TABLE>

Page 18: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

18

Sample ASP Code (from Figure 10-7 Box E and F) (cont.)

<%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM

PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>

These lines execute a query on the database server using a middleware called Active Data Objects (ADO). The con variable is a connection to the database, which was established in the code of Box C. The rsRes variable contains the result set of the query (the rows returned from the query)

Page 19: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

19

Sample ASP Code (from Figure 10-7 Box E and F) (cont.)

<%REM Display the list of finishesWhile not rsRes.EOF%>

<TR><TD align=center valign=top>

<%=rsRes(“Product Finish”>)%></TD><TD>

<FORM method=post action=“line.asp”><INPUT type=Hidden name=line

value=“<%=rsRes(“Product_Finish”))%>

<INPUT type=submit Value=GO!></TD>

</TR><%

rsRes.MoveNextWend

%></TABLE>

These lines of code cause the ASP application to loop through the rows returned by the query until they reach the end

Page 20: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

20

Sample ASP Code (from Figure 10-7 Box E and F) (cont.)

<%REM Display the list of finishesWhile not rsRes.EOF%>

<TR><TD align=center valign=top>

<%=rsRes(“Product Finish”>)%></TD><TD>

<FORM method=post action=“line.asp”><INPUT type=Hidden name=line

value=“<%=rsRes(“Product_Finish”))%>

<INPUT type=submit Value=GO!></TD>

</TR><%

rsRes.MoveNextWend

%></TABLE>

These lines of code retrieve the values of the specified field from the current row of the query result

Page 21: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

21

Sample ASP Code (from Figure 10-7 Box E and F) (cont.)

<%REM Display the list of finishesWhile not rsRes.EOF%>

<TR><TD align=center valign=top>

<%=rsRes(“Product Finish”>)%></TD><TD>

<FORM method=post action=“line.asp”><INPUT type=Hidden name=line

value=“<%=rsRes(“Product_Finish”))%>

<INPUT type=submit Value=GO!></TD>

</TR><%

rsRes.MoveNextWend

%></TABLE>

The Web page is dynamically created, with one HTML table row for each record obtained from the query. Also, each Web table row includes a button that will link to another ASP page

Page 22: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

22

Embedded SQL statement begins with EXEC SQL

Precompiler translates embedded SQL into host program language

Compiler and linker generate executable code

Page 23: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

23

XML Overview Becoming the standard for E-Commerce

data exchange A markup language (like HTML)

Uses elements, tags, attributes Includes document type declarations (DTDs),

XML schemas, comments, and entity references

Provides a template for definition of data set across the Internet

But not how to present data

Page 24: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

24

XML Schema is a record definition, analogous to the Create SQL statement, and therefore provides metadata

Page 25: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

25

Sample XML Document Data

XML data involves elements and attributes defined in the schema, and is analogous to inserting a record into a database.

Page 26: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

26

Managing Website Data Web Security Issues

Prevent unauthorized access and malicious destruction

Privacy Issues Protect users’ privacy rights

Internet Technology Rate-of-Change Issues Deal with rapid advances in technology

Page 27: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

27

Website Security

Planning for Web Security Risk assessment: nature, likelihood, impact,

and motivation of security risks Network Level Security

Web server and DB server on separate LAN from other business systems

Minimize sharing of hard disks among network servers

Regular monitoring of network and firewall logs

Install probe-monitor software

Page 28: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

28

Website Security (continued)

Operating System Level Security Patch all known OS vulnerabilities Install antivirus software with boot-time,

file download time, and e-mail reception time virus detection

Monitor server logs for unauthorized activity

Disable unrequired services to reduce risk of unauthorized access

Page 29: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

29

Web Security (continued)

Web Server Security Restrict number of users on Web server Restrict access (minimize number of

open ports)• http and https only, if possible

Remove unneeded programs• Restrict CGI scripts to one subdirectory

For Unix, only install minimum software for Web server

Page 30: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

30

Website Security (continued)

Firewall – hardware/software security component that limits external access to company’s data

Proxy server – firewall component that manages Internet traffic to and from a LAN

Router – intermediate device that transmits message packets to correct destination over most efficient pathway

Intrusion detection system (IDS) – system that identifies attempt to hack or break into a system

Page 31: IS 4420 Database Fundamentals Chapter 10: The Internet Database Environment Leon Chen.

31Establishing Internet security

Firewall to limit external access to data

Routers to transmit message packets to correct destination

IDS to monitor and recognize security breach attempts