download
TRANSCRIPT
Web DatabasesWeb Databases
CS263 Lecture 13
2
The Internet environmentThe Internet environment
Following Fig. Shows the basic environment needed to set up both Intranet and Internet database-enabled connectivity
Network that connects client workstations, Web server, and database server follows TCP (Transmission Control Protocol)/IP (Internet Protocol) protocols. Both protocols are required for Internet transmission to occur
Firewalls are used to limit external access to the data and limit movement of the data outside the boundaries
A proxy server controls the passage of messages or files through to the network. It can improve a site’s performance by caching frequently requested pages
Database-enabled intranet-Internet environment
Communications technologyCommunications technology IP Address - 4 numbers that identify a node on the Internet, e.g. 131.247.152.18.
Each is mapped to a unique domain name that has more meaning and is easier to remember (such as www.surrey.ac.uk). Domain name servers maintain an index of IP addresses and their matching domain names
Hypertext Transfer Protocol (HTTP) – is a communication protocol used to transfer pages from Web server to browser. HTTPS is a more secure version
Uniform Resource Locator (URL)- is a mnemonic Web address corresponding with IP address of Web server. It also includes folder location and html file name
5
Communications technologyCommunications technology
Static Web pages – Web pages whose content is established at the time they are written. The same information is displayed whenever the page is accessed
Dynamic Web pages – Web pages that display the data requested or input by the client station. Generally require that a database be attached to the page by an ODBC connection
6
Server-side extensionsServer-side extensions
Basic Web servers only understand HTML So we need programs that interact directly with Web servers to
handle requests, e.g. database-request handling middleware (such as Coldfusion or ASP)
Initially (following Fig.), a request for information is submitted from a browser via the Web to a Web server
The SQL query will be included in the script, but cannot be directly interpreted by the Web server
The middleware identifies the query and prepares it to be passed to the DBMS
Result set returned is then converted by middleware so that it will display correctly on browser
Web-to-database middleware
8
Web server interfacesWeb server interfaces
Dynamic Web pages determine some of their content at the time a client browser requests a page, so communication is needed between the Web server and the client or the database
Two common Web server interfaces are: Common Gateway Interface (CGI) which specifies the
transfer of information between a Web server and a CGI program. May be written in many languages
CGI scripts are stored on the Web server and must be executed each time a user makes a request that uses a CGI script (slow if many users)
9
Web server interfacesWeb server interfaces
Java servlets are an alternative to CGI Allow a client program to upload additional program code
to a server, where it executes Since they are small and cross-platform compatible, ideal
for small Internet applications accessible from a browser Persistent – once started they remain in memory and can
fulfill multiple requests (CGI closes after it runs) – so more efficient
Web serversWeb servers Provide HTTP service, Serve many clients at once,
accomplished using multithreading and multiprocessing Popular websites receive more hits than can be managed by a
single server, therefore load balancing approaches are needed. Some use Domain Name Server (DNS) balancing, where
multiple copies of the site are placed on separate servers, i.e. one DNS = multiple IP addresses. Does not guarantee load on servers will be balanced
Software and hardware balancing – distributes requests more evenly. Request at one IP address is distributed to multiple servers. Resources can be allocated dynamically
Reverse proxying intercepts client request and caches response
Web-to-database toolsWeb-to-database tools Active Server Pages (ASP) consist of text files containing text,
HTML and scripting language commands (JavaScript, VBScript)
Because these files are executed on the server, programmer need not be concerned about client platform
Interface to databases in MS Windows-based Web servers
A global.asa file for an ASP application
ASP applications include HTML extensions and additional scripting (usually in VBScript, or in JavaScript)
ASP code embedded in <% %> tags are executed on the server, instead of the client. This is how dynamic Web pages can be created
Sample ASP CodeSample ASP Code <%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>
<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>
<TR><TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD><TD>
<FORM method=post action=“line.asp”><INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%><INPUT type=submit Value=GO!>
</TD></TR>
<%rsRes.MoveNext
Wend%></TABLE>
Sample ASP CodeSample ASP Code <%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>
<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>
<TR><TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD><TD>
<FORM method=post action=“line.asp”><INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%><INPUT type=submit Value=GO!>
</TD></TR>
<%rsRes.MoveNext
Wend%></TABLE>
Code is within the <% %> tags are executed on the server, not the client…these are interacting with the database and creating dynamic Web content
Sample ASP CodeSample ASP Code <%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>
<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>
<TR><TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD><TD>
<FORM method=post action=“line.asp”><INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%><INPUT type=submit Value=GO!>
</TD></TR>
<%rsRes.MoveNext
Wend%></TABLE>
These lines are executing a query on the database server using a middleware called Active Data Objects (ADO). The concon variable is a connection to the database, which was established in the code of Box C. The rsResrsRes variable contains the result set of the query (the rows returned from the query)
Sample ASP CodeSample ASP Code <%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>
<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>
<TR><TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD><TD>
<FORM method=post action=“line.asp”><INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%><INPUT type=submit Value=GO!>
</TD></TR>
<%rsRes.MoveNext
Wend%></TABLE>
These lines of code cause the ASP application to loop through the rows returned by the query until they reach the end
Sample ASP CodeSample ASP Code <%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>
<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>
<TR><TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD><TD>
<FORM method=post action=“line.asp”><INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%><INPUT type=submit Value=GO!>
</TD></TR>
<%rsRes.MoveNext
Wend%></TABLE>
These lines of code are retrieving the values of the specified field from the current row of the query result
Sample ASP CodeSample ASP Code
<%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>
<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>
<TR><TD align=center valign=top>
<%=rsRes(“Product Finish”>)%></TD><TD>
<FORM method=post action=“line.asp”><INPUT type=Hidden name=line
value=“<%=rsRes(“Product_Finish”))%><INPUT type=submit Value=GO!>
</TD></TR>
<%rsRes.MoveNext
Wend%></TABLE>
The Web page is being dynamically created, with one HTML table row for each record obtained from the query. Also, each Web table row includes a button that will link to another ASP page
19
Web-to-database toolsWeb-to-database tools
ColdFusion uses special server-side markup language CFML (modelled after HTML)
When a client browser requests a *.cfm page page from the Web server, it is passed to the ColdFusion application server, where the script is executed, the result formatted in HTML and returned to the Web server, which returns the result to the client where it is displayed
20
Web-to-database toolsWeb-to-database tools
Embedded SQL is another alternative Previously we have looked at the interactive (direct) form
of SQL, where one command is entered and executed at a time
SQL can be embedded in 3GL programs (Cobol, C etc.) SQL commands placed at appropriate locations in the
programs Provides easier more flexible interface than standard SQL
21
Web-to-database toolsWeb-to-database tools
Can improve performance compared to interactive variant as using interactive SQL requires that each query be converted to machine code each time the query is processed
Improves database security, as additional GRANT and REVOKE permissions can be invoked in the embedded code
Need a separate pre-compiler for each host language used Following Fig. Shows processing an embedded SQL
program
Processing an embedded SQL program
Embedded SQL statement begins with EXEC SQL
Precompiler translates embedded SQL into host program language
Compiler and linker generate executable code
Managing website dataManaging website data
Web Security Issues - prevent unauthorized access and malicious destruction
Privacy Issues - protect users’ privacy rights Internet Technology Rate-of-Change Issues - deal with
rapid advances in technology
Website securityWebsite security
Network Level Security– Web server and DB server on separate LAN from other
business systems– Minimize sharing of hard disks among network servers– Regular monitoring of network and firewall logs– Install probe-monitor software
Website security Website security
Operating System Level Security– Patch all known OS vulnerabilities– Install anti-virus software with boot-time, file
download time, and email reception time virus detection
– Monitor server logs for unauthorized activity– Disable unrequired services to reduce risk of
unauthorized access
Web security Web security
Web Server Security– Restrict number of users on Web server– Restrict access (minimize number of open ports)
http and https only, if possible– Remove unneeded programs
Restrict CGI scripts to one subdirectory– For Unix, only install minimum software for Web
server
Website security Website security
FirewallFirewall – hardware/software security component that limits external access to company’s data
Proxy serverProxy server – firewall component that manages Internet traffic to and from a LAN
RouterRouter – intermediate device that transmits message packets to correct destination over most efficient pathway
Intrusion detection system (IDS)Intrusion detection system (IDS) – system that identifies attempt to hack or break into a system
Establishing Internet security
Firewall to limit external access to data
Routers to transmit message packets to correct destination
IDS to monitor and recognize security breach attempts