Online Exam Monitoring With Password Resistant Protocol

Online Exam Monitoring With Password Resistant Protocol
ABSTRACT:
Password authentication systems, which are used as first level of defense, are not efficient
enough to withstand the dynamic techniques of attackers. An important usability goal for
authentication systems is to support users in selecting better passwords. We propose a new
Password Guessing Resistant Protocol (PGRP), derived upon revisiting prior proposals designed
to restrict such attacks. While PGRP limits the total number of login attempts from unknown
remote hosts to as low as a single attempt per username, legitimate users in most cases can make
several failed login attempts before being challenged with an ATT. The major goal of this work is
to reduce the guessing attacks as well as encouraging users to select more random, and difficult
passwords to guess. Well known security threats like brute force attacks and dictionary attacks
can be successfully abolished using this method.
Introduction:
Online uses have been rapidly increased in the real world. Difficulty involved in this,
how secure we are to protect our own privacy details such as password. Here we involve
developing a secure application to prevent our privacy information by using Password Guessing
Resistant Protocol (PGRP).
Online guessing attacks on password-based systems are inevitable and commonly

observed against web applications and logins. In a recent report, identified password guessing
attacks on websites is a top cyber security risk. As an example of password guessing attacks, one
experimental Linux honey pot setup as been reported to suffer on average 2,805 malicious login
attempts per computer per day. A legitimate user has rights to access computer and network
resources are compromised by identifying the user id/Password combination of legitimate user.
Password guessing attacks can be classified into two.
Brute Force Attack: A Brute Force attack is a type of password guessing attack and it
consist of trying every possible code, combination, or password until you find the correct one.
This type of attack may take long time to complete.
Dictionary Attack: A dictionary attack is another of password guessing attack which uses a
dictionary of common words to identify the users password.
We achieve this by developing an online exam monitoring system with PGRP. We
selected this concept since many hacking activities are done to extract the question paper posted
by the staff in the online. Here we restrict this attempt by restricting the number of attempts
made to attempt the password guess to login to the account.
Scope of the project:

In this project we use PGRP which involved in restricting the number of attempts made
by the botnet or machine. The user is allowed to enter user id and password only once in distrust
(unknown) machine. If the entered user id or password is wrong then intimation will be given. In
trust (known) machine if the user id/password is wrong then the user will be given three chances.
If the user fails to login on third chance then intimation will be given. Finally we restrict the
number of attempts on trusted machine and distrusted machine. Using PGRP we restricted the
Brute force and Dictionary attack.
Online exam monitoring with PGRP involved in restricting the attempt made to Password
guess attack made to staff login. Thus we can limit the hackers not to access the Question paper.
EXISTING SYSTEM:
The use of passwords is a major point of vulnerability in computer security, as passwords
are often easy to guess by automated programs running dictionary attacks. Passwords remain the
most widely used authentication method despite their well-known security weaknesses. User
authentication is clearly a practical problem. In the existing work an automated test that humans
can pass, but current computer programs can't pass: any program that has high success over a
captcha can be used to solve an unsolved Artificial Intelligence (AI) problem. Logic problems
have also been suggested as a basis for captcha and these present similar difficulties, as
generation seems to be difficult. All the agents could start operating at a specific time, trying to
login into accounts in a specific server using random passwords or using a dictionary attack. It is
difficult to deny such type of attack since bots may pass through this security level.
EXISTING TECHNIQUE:
CAPTCHA
DISADVANTAGES:
Attackers can try only limited number of guesses from a single machine before being
locked out, delayed, or challenged to answer Automated Turing Tests
Locking is generally temporary; the adversary can mount a DoS attack by making enough
failed login attempts to lock a particular account.
Literature survey:
How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation
Author Name: Elie Bursztein, Steven Bethard, Celine Fabry, John C. Mitchell, Dan Jurafsky
Paper Year: May 2010.
Description:
Captchas are designed to be easy for humans but hard for machines. However, most
recent research has focused only on making them hard for machines. In this paper, we present
what is to the best of our knowledge the first large scale evaluation of captchas from the human
perspective, with
the goal of assessing how much friction captchas present to the average user.
For the purpose of this study we have asked workers from Amazons Mechanical Turk
and an underground captcha breaking service to solve more than 318 000 captchas issued from
the 21 most popular captcha schemes (13 images schemes and 8 audio scheme). Analysis of the
resulting data reveals that captchas are often difficult for humans, with audio captchas being
particularly problematic. We also find some demographic trends indicating, for example, that
non-native speakers of English are slower in
General and less accurate on English-centric captcha schemes. Evidence from a weeks worth of
eBay captchas (14,000,000 samples) suggests that the solving accuracies found in our study are
close to real-world values, and that improving audio captchas should become a priority, as nearly
1% of all
captchas are delivered as audio rather than images. Finally our study also reveals that it is more
effective for an attacker to use Mechanical Turk to solve captchas than an underground service.
Password Protected Smart Card and Memory Stick Authentication Against

Off-line Dictionary Attacks
Author Name: Yongge Wang

Paper Year: March 3, 2012
Description:
We study the security requirements for remote authentication with password protected
smart card. In recent years, several protocols for password-based authenticated key exchange
have been proposed. These protocols are used for the protection of password based
authentication between a client and a remote server.
In this paper, we will focus on the password based authentication between a smartcard
owner and smart card via distrusted card reader. In a typical scenario, a smart card owner inserts
the smart card into distrusted card reader and input the password via the card reader in order for
the smart card to carry out the process of authentication with a remote server. In this case, we
want to guarantee that the card reader will not be able to impersonate the card owner in future
without the smart card itself. Furthermore, the smart card could be stolen. If this happens, we
want the assurance that an adversary could not use the smart card to impersonate the card owner
even though the sample space of passwords may be small enough to be enumerated by an offline adversary.
Understanding CAPTCHA-Solving Services in an Economic Context

Author Name: Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy,Geoffrey M.
Voelker and Stefan Savage
Paper Year: Aug. 2010.
Description:
Reverse Turing tests, or CAPTCHAs, have become an ubiquitous defense used to protect
open Web resources from being exploited at scale. An effective CAPTCHA resists existing
mechanistic software solving, yet can be solved with high probability by a human being. In
response, a robust solving ecosystem has emerged, reselling both automated solving technology
and real time human labor to bypass these protections. Thus,CAPTCHAs can increasingly be
understood and evaluated in purely economic terms; the market price of a solution vs the
monetizable value of the asset being protected. We examine the market-side of this question in
depth, analyzing the behavior and dynamics of CAPTCHA-solving service providers, their price
performance, and the underlying labor markets driving this economy.
CAPTCHA:Using Hard AI Problems For Security

Author Name: Luis von Ahn1, Manuel Blum1, Nicholas J. Hopper, and John Langford
Paper Year: May 2003.
Description:
We introduce captcha, an automated test that humans can pass, but current computer
programs can't pass: any program that has high success over a captcha can be used to solve an
unsolved Artificial Intelligence (AI) problem. We provide several novel constructions of
captchas. Since captchas have many applications in practical security, our approach introduces a
new class of hard problems that can be exploited for security purposes. Much like research in
cryptography has had a positive impact on algorithms for factoring and discrete log, we hope that
the use of hard AI problems for security purposes allows us to advance of Artificial Intelligence.
We introduce two families of AI problems that can be used to construct captchas and we show
that solutions to such problems can be used for communication. Captchas based on these AI
problem families, then, imply a win-win situation: either the problems remain unsolved and there
is a way to differentiate humans from computers, or the problems are solved and there is a way to
communicate covertly on some channels.
Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed
Passwords
Author Name: Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern
Paper Year:2010
Description:
In this paper we attempt to determine the effectiveness of using entropy, as defined in
NIST SP800-63, as a measurement of the security provided by various password creation
policies. This is accomplished by modeling the success rate of current password cracking
techniques against real user passwords. These data sets were collected from several different
websites, the largest one containing over 32 million passwords. This focus on actual attack
methodologies and real user passwords quite possibly makes this one of the largest studies on
password security to date. In addition we examine what these results mean for standard password
creation policies, such as minimum password length, and character set requirements.
Usability of CAPTCHAs Or usability issues in CAPTCHA design

Author Name: Jeff Yan, Ahmad Salah El Ahmad
Paper Year: July 2008
Description:
7
CAPTCHA is now almost a standard security technology, and has found widespread
application in commercial websites. Usability and robustness are two fundamental issues with
CAPTCHA, and they often interconnect with each other. This paper discusses usability issues
that should be considered and addressed in the design of CAPTCHAs. Some of these issues are
intuitive, but some others have subtle implications for robustness (or security). A simple but
novel framework for examining CAPTCHA usability is also proposed.
PROPOSED SYSTEM:
The proposal in the present paper, called Password Guessing Resistant Protocol (PGRP),
significantly improves the security-usability trade-off, and can be more generally deployed
beyond browser-based authentication. Our proposed system enforces ATTs after a few failed
login attempts are made from unknown machines. We define known machines as those from
which a successful login has occurred within a fixed period of time. These are identified by their
IP addresses saved on the login server as a white list, or cookies stored on client machines. PGRP
accommodates both graphical user interfaces and character-based interfaces, while the previous
protocols deal exclusively with the former, requiring the use of browser cookies. PGRP uses
either cookies or IP addresses, or both for tracking legitimate users. The proposed system
is
more restrictive against brute force and dictionary attacks while safely allowing a large number
of free failed attempts for legitimate users.
PROPOSED TECHNIQUE:
PASSWORD GUESSING RESISTANT PROTOCOL (PGRP)
ADVANTAGES:
It makes brute force and dictionary attacks ineffective even for adversaries with access to
large botnets.
It is suitable for organizations of both small and large number of user accounts.
Module:
Authentication:
Login
Forget Password
Admin
Staff
Upload the question paper
Candidate
New user registration
Exam registration
Online Exam and Result
Module description:
Authentication:
The process of identifying an individual usually based on a username and password. In
security systems, Authentication merely ensures that the individual is who he or she claims to be,
but says nothing about the access rights of the individual.
Login:
In Staff and Admin login we are going to check whether the system is trusted machine or
distrust machine. If the machine is trusted then the staff or admin is allowed with 3 attempts. If
the machine is distrusted machine then the staff is allowed with single attempt. In Candidate
login, candidate or the user may attempt many number of attempt. Process Involved is to
Check the login name and password
Then allows the authorized user to use these pages.
If the unauthorized user attempts to access staff login then restrict that user and give the
information.
Forget Password:
When the users forget their password then the user can access this forget password. It is
used to create a new password. To ensure that user accessing forget password is a legitimate user,
the user will be asked a question. These questions and their answers are created, while the user is
registering to the site. If the user enters the answer then the entered text will be matched with the
database. If the result is true, then the user will be allowed to enter the new password to access
the site. If the result is false, user will not be allowed to enter the new password to access the
site.
Admin:
In this module when the admin attempts to login we need to find whether the machine is
trusted or it is distrusted machine. It is found by IP address .If the IP address is used by the
10
machine to access the site frequently is stored then that machine is trusted machine. For that
particular machine the admin login is allowed to attempt up to three numbers of attempts. The
machine is considered distrusted machine if the admin login is made as new attempt then the user
will be given single chance to enter the user name or password to access the site.
After the admin logged in then the admin will have the access over the application to
control. In this application admin has the privilege to control the uploaded question paper. This
admin have the control for deleting the question paper too.
Staff:
In this module the staff will be hosting the question paper which is needed for the candidate
to write online exam. For this process the staff has to login first. To login, the staff needs to
provide authenticable user name and password within three attempts in a trusted system. In a
distrusted machine the staff has to enter the user name and password within single attempt. If the
attempts go more than given limit then intimation will be provided.
11
Candidate:
In this module the candidate are given access only to login and answer the exam. To login
into the candidate login, first the users have to register into application by giving their detail.
While login the candidate can attempt n number of login attempt to attend the exam.
12
Online Exam and Result:

Candidates who need to write the exam, first they need to register themselves in
application. After the registration the candidates can write the exam. If the candidates closed the
window where they are writing the exam the session will expire and they cannot continue the
exam. The candidates results will be displayed immediately as soon as they complete the exam.
Candidate
Login
Register for particular exam
Write the exam
View the Exam Result
Technique:
Password Guessing Resistant Protocol
The login protocol should make brute force and dictionary attacks ineffective even for
adversaries with access to large botnets (i.e., capable of launching the attack from many remote
hosts).The protocol should not have any significant impact on usability (user convenience). For
example: for legitimate users, any additional steps besides entering login credentials should be
minimal. Increasing the security of the protocol must have minimal effect in decreasing the login
usability.
13
Two processes involved in this:

1) If the login attempt is wrong for the system at first chance in trusted (known) system then the
user will be provided with two more chance (totally three chance). If the user attempts third time,
then user fails to login. Then intimation will be given.
2) If the login attempt is wrong for the system at first chance in distrusted (unknown) system
then the user will not be provided with another chance. Then intimation will be given.
Input and Output Design:

Login:
Input: Enter the login name and password
Output: If trusted user then allows accessing the corresponding page else intimation will be
given.
New login registration:
Input: Provide the name and their details
Output: Loaded into the database
New Exam:
Input: upload the question and details of the exam
Output: saved into database
Exam registration:
Input: select the exam name and provide the candidate details
Output: it will give the unique registration number
14
Online Exam:
Input: candidate can answer the corresponding questions
Output: check whether the answer is correct or not
Result:
Input: enter the registration number
Output: it show the result of the corresponding registration number
HARDWARE AND SOFTWARE REQUIREMENTS
SOFTWARE REQUIREMENTS:
Operating system
:- Windows7
Front End
:- Microsoft Visual Studio .Net 2010
Coding Language
:- C#
Backend
:- SQL Server 2005
HARDWARE REQUIREMENTS:
Processor
: Pentium Dual Core 2.00GHZ
Hard disk
: 40 GB
Mouse
: Logitech.
RAM
: 2GB(minimum)
Keyboard
: 110 keys enhanced.
15
System Design:
USE CASE DIAGRAM:
A use case diagram is a type of behavioral diagram created from a Use-case analysis.
The purpose of use case is to present overview of the functionality provided by the
system in terms of actors, their goals and any dependencies between those use cases
16
Login
Schedule Exam
Admin
Staff
Question paper
Candidate
Exam registration
Write the exam
Monitor the exam
View result
In this use case diagram, the staff login to the account, schedule the exam and upload the
question paper. The candidate register to the application and then login to the application then the
candidate can write the exam and view the result. The admin monitors the exam and can view the
result.
17
Class Diagram:
A class diagram in the UML is a type of static structure diagram that describes the
structure of a system by showing the systems classes, their attributes, and the relationships
between the classes.
Private visibility hides information from anything outside the class partition. Public
visibility allows all other classes to view the marked information.
Protected visibility allows child classes to access information they inherited from a parent
class.
Admin
name
Password
Staff
name
Password
Candidate
name
Password
Monitor exam()
View result()
New Exam()
Schedule()
registration()
exam()
Exam
Registration No
Exam time
New Exam
Exam Name
Question
Display Question()
save into database()
18
Result
Exam name
Registration No
Exam result()
In this class diagram, the staff login to the account, schedule the exam and upload the
result.
Object Diagram:
An object diagram in the Unified Modeling Language (UML) is a diagram that shows a
complete or partial view of the structure of a modeled system at a specific time.
An Object diagram focuses on some particular set of object instances and attributes, and
the links between the instances. A correlated set of object diagrams provides insight into how an
arbitrary view of a system is expected to evolve over time.
Object diagrams are more concrete than class diagrams, and are often used to provide
examples, or act as test cases for the class diagrams. Only those aspects of a model that are of
current interest need be shown on an object diagram.
Candidate
Staff
Upload
Name=staff
Password=***
Question paper
Name=Cand1
Password=***
Online exam
Admin
Monitor exam
View result
19
Answer paper
View result
In this object diagram, the staff login to the account, schedule the exam and upload the
result.
State Diagram:
A state diagram is a type of diagram used in computer science and related fields to
describe the behavior of systems. State diagrams require that the system described is composed
of a finite number of states; sometimes, this is indeed the case, while at other times this is a
reasonable abstraction. There are many forms of state diagrams, which differ slightly and have
different semantics.
Login
Staff
Upload
question
Exam
Question
Monitor the
exam
Display
result
Candidate
Exam
registration
Write the
exam
20
In this state diagram, the staff login to the account, schedule the exam and upload the
result.
Activity Diagram:
Activity diagram are a loosely defined diagram to show workflows of stepwise activities
and actions, with support for choice, iteration and concurrency. UML, activity diagrams can be
used to describe the business and operational step-by-step workflows of components in a system.
UML activity diagrams could potentially model the internal logic of a complex operation. In
many ways UML activity diagrams are the object-oriented equivalent of flow charts and data
flow diagrams(DFDs)from structural development.
The following Activity diagram shows how the optimization of work flows in this project
21
Login
Staff
Admin
Candidate
Insert question
Schedule exam
Exam details
Exam
registration
Conduct Exam
Online exam
Result
Logout
In this activity diagram, the staff login to the account, schedule the exam and upload the
22
result.
Sequence diagram:
A sequence diagram in UML is a kind of interaction diagram that shows how processes
operate with one another and in what order.
It is a construct of a message sequence chart. Sequence diagrams are sometimes called
Event-trace diagrams, event scenarios, and timing diagrams.
The below diagram shows the sequence flow shows how the optimization of work flows
in this project
Login
Admin
Staff
Candidate
Exam allotment
Registration
Online exam
Result
Schedule exam
Authenticate
Register
Write exam
Authenticate
View result
Authenticate
Maintanence
Exam maintanence
view result
In this sequence diagram, the staff login to the account, schedule the exam and upload the
23
result.
Collaboration Diagram:
A collaboration diagram show the objects and relationships involved in an interaction,

and the sequence of messages exchanged among the objects during the interaction.
The collaboration diagram can be a decomposition of a class, class diagram, or part of a
class diagram. It can be the decomposition of a use case, use case diagram, or part of a use case
diagram.
The collaboration diagram shows messages being sent between classes and object
(instances). A diagram is created for each system operation that relates to the current
development cycle (iteration).
24
1: Authenticate
Admin
5: Authenticate
Login
Staff
8: Maintanence
7: Authenticate
2: Schedule exam
Exam
allotment
3: Register
Candidat
e
Registrat
ion
9: view result
6: view result
4: Write exam
Online
exam
Result
In this collaboration diagram, the staff login to the account, schedule the exam and
upload the question paper. The candidate register to the application and then login to the
application then the candidate can write the exam and view the result. The admin monitors the
exam and can view the result.
Component Diagram:
Components are wired together by using an assembly connector to connect the
required interface of one component with the provided interface of another component. This
illustrates the service consumer - service provider relationship between the two components.
25
An assembly connector is a "connector between two components that defines that one
component provides the services that another component requires. An assembly connector is a
connector that is defined from a required interface or port to a provided interface or port."
When using a component diagram to show the internal structure of a component, the
provided and required interfaces of the encompassing component can delegate to the
corresponding interfaces of the contained components.
Login
Staff
Schedule
Admin
Candiada
te
Register.
Maintain
detail
Conduct
exam
Monitor
exam
Result
26
In this component diagram, the staff login to the account, schedule the exam and upload
the question paper. The candidate register to the application and then login to the application then
the candidate can write the exam and view the result. The admin monitors the exam and can view
the result.
Data Flow Diagram:

A data flow diagram (DFD) is a graphical representation of the flow of data through an
information system. It differs from the flowchart as it shows the data flow instead of the control
flow of the program. A data flow diagram can also be used for the visualization of data
processing. The DFD is designed to show how a system is divided into smaller portions and to
highlight the flow of data between those parts.
LEVEL 0:
0 Admin
User
Login
Monitor exam
27
D0 Database
Here admin logs in and monitors the examination conducting process. And he updates them in
the database. Admin can view the student activities and staff activities
LEVEL 1:
1 Staff
User
D1 Database
Login
Schedule exam
Upload question
The staff can login and upload new questions on variety of topics. The staff can schedule the
exam process and update them in the database.
Level 2:
User
2 Candidate
D2 Database
Register
Login
Write exam
View result
28
In level 2, the user can login and take the test and view the results. Registered users can login
directly whereas new users can register themselves before taking up the test.
All Level:
0 Admin
Login
Monitor exam
D0 Database
1 Staff
User
D1 Database
Login
Schedule exam
Upload question
2 Candidate
D2 Database
Register
Login
Write exam
View result
29
The all level diagram sums up the whole process happening from level 0 to level 2. It shows all
the activities of admin, staff and users.
E-R Diagram:
In software engineering, an entity-relationship model (ERM) is an abstract and
conceptual representation of data. Entity-relationship modeling is a database modeling method,
used to produce a type of conceptual schema or semantic data model of a system, often
a relational database, and its requirements in a top-down fashion. Diagrams created by this
process are called entity-relationship diagrams, ER diagrams, or ERDs.
30
Admin:
Candidate details
Admin
Staff Detail
Schedule
Maintain the Data
Question
Contact Exam
Display the Result
Registration
Result
The admin monitors the exam and see the activities of staff and candidates. Admin
maintains and updates the data of staff and candidates.
Candidate:
31
Register NO
Question
Exam Register
Candidate
Register NO
Online Exam
Result
Exam Result
The user can login and take the test and view the results. Registered users can login
directly whereas new users can register themselves before taking up the test.
Staff:
Time
Staff
Question
Answer
Exam Schedule Question and answer
Exam Name
Result
View the Result
The staff can login and upload new questions on variety of topics. The staff can schedule the
exam process and update them in the database.
System Architecture:
32
This system architecture will give explanation about the entire concept about project.
When a staff login into the application then schedule the exam. Scheduling the exam involved at
what time the exam to be processed for the student and upload the question paper. The staff can
also view the result of the students who attended the exam. In the admin section after the admin
logged in the admin only have the access to delete the uploaded Question paper. We allow
candidates only to register their details Login
and write the exam and view the result. After registration
process completed the candidate can login to the application then they can write their exam.
Then the user can view their result.
Staff
Schedule Exam
Admin
Candidate
Monitor the Online Exam
Upload Exam
Register the Exam
Write the Online Exam
Online Exam
Online Exam Result
DEVELOPMENT TOOLS
5.1. GENERAL
DATABASE
33
This chapter is about the software language and the tools used in the development of the project.
The platform used here is Dot Net. The Primary languages are C-Sharp. In this project AJAX is
chosen for implementation.
5.2 FEATURES OF .NET

Microsoft .NET is a set of Microsoft software technologies for rapidly building
and integrating XML Web services, Microsoft Windows-based applications, and Web solutions.
The .NET Framework is a language-neutral platform for writing programs that can easily and
securely interoperate. Theres no language barrier with .NET: there are numerous languages
available to the developer including Managed C++, C#, Visual Basic and Java Script. The .NET
framework provides the foundation for components to interact seamlessly, whether locally or
remotely on different platforms. It standardizes common data types and communications
protocols so that components created in different languages can easily interoperate.
.NET is also the collective name given to various software components built
upon the .NET platform. These will be both products (Visual Studio.NET and Windows.NET
Server, for instance) and services (like Passport, .NET My Services, and so on).
5.2.1
THE .NET FRAMEWORK

The .NET Framework has two main parts:
1. The Common Language Runtime (CLR).
2. A hierarchical set of class libraries.
The CLR is described as the execution engine of .NET. It provides the environment within
which programs run. The most important features are
34
Conversion from a low-level assembler-style language, called Intermediate

Language (IL), into code native to the platform being executed on.
Memory management, notably including garbage collection.
Checking and enforcing security restrictions on the running code.
Loading and executing programs, with version control and other such features.
The following features of the .NET framework are also worth description:
MANAGED CODE
The code that targets .NET, and which contains certain extra Information - metadata - to
describe itself. Whilst both managed and unmanaged code can run in the runtime, only managed
code contains the information that allows the CLR to guarantee, for instance, safe execution and
interoperability.
MANAGED DATA
With Managed Code comes Managed Data. CLR provides memory allocation
and Deal location facilities, and garbage collection. Some .NET languages use Managed Data by
default, such as C#, Visual Basic.NET and JScript.NET, whereas others, namely C++, do not.
Targeting CLR can, depending on the language youre using, impose certain constraints on the
features available. As with managed and unmanaged code, one can have both managed and
unmanaged data in .NET applications - data that doesnt get garbage collected but instead is
looked after by unmanaged code.
COMMON TYPE SYSTEM

The CLR uses something called the Common Type System (CTS) to strictly enforce
type-safety. This ensures that all classes are compatible with each other, by describing types in a
35
common way. CTS define how types work within the runtime, which enables types in one
language to interoperate with types in another language, including cross-language exception
handling. As well as ensuring that types are only used in appropriate ways, the runtime also
ensures that code doesnt attempt to access memory that hasnt been allocated to it.
COMMON LANGUAGE SPECIFICATION

The CLR provides built-in support for language interoperability. To ensure that you can
develop managed code that can be fully used by developers using any programming language, a
set of language features and rules for using them called the Common Language Specification
(CLS) has been defined. Components that follow these rules and expose only CLS features are
considered CLS-compliant.
THE CLASS LIBRARY
.NET provides a single-rooted hierarchy of classes, containing over 7000 types.
The root of the namespace is called System; this contains basic types like Byte, Double, Boolean,
and String, as well as Object. All objects derive from System. Object. As well as objects, there
are value types. Value types can be allocated on the stack, which can provide useful flexibility.
There are also efficient means of converting value types to object types if and when necessary.
The set of classes is pretty comprehensive, providing collections, file, screen, and
network I/O, threading, and so on, as well as XML and database connectivity.
The class library is subdivided into a number of sets (or namespaces), each
providing distinct areas of functionality, with dependencies between the namespaces kept to a
minimum.
LANGUAGES SUPPORTED BY .NET

The multi-language capability of the .NET Framework and Visual Studio .NET
enables developers to use their existing programming skills to build all types of applications and
36
XML Web services. The .NET framework supports new versions of Microsofts old favorites
Visual Basic and C++ (as VB.NET and Managed C++), but there are also a number of new
additions to the family.
Visual Basic .NET has been updated to include many new and improved language
features that make it a powerful object-oriented programming language. These features include
inheritance, interfaces, and overloading, among others. Visual Basic also now supports structured
exception handling, custom attributes and also supports multi-threading.
Visual Basic .NET is also CLS compliant, which means that any CLS-compliant
language can use the classes, objects, and components you create in Visual Basic .NET.
Managed Extensions for C++ and attributed programming are just some of the
enhancements made to the C++ language. Managed Extensions simplify the task of migrating
existing C++ applications to the new .NET Framework.
C# is Microsofts new language. Its a C-style language that is essentially C++
for Rapid Application Development. Unlike other languages, its specification is just the
grammar of the language. It has no standard library of its own, and instead has been designed
with the intention of using the .NET libraries as its own.
Microsoft Visual J# .NET provides the easiest transition for Java-language
developers into the world of XML Web Services and dramatically improves the interoperability
of Java-language programs with existing software written in a variety of other programming
languages.
Active State has created Visual Perl and Visual Python, which enable .NET-aware
applications to be built in either Perl or Python. Both products can be integrated into the Visual
Studio .NET environment. Visual Perl includes support for Active States Perl Dev Kit.
Other languages for which .NET compilers are available include
FORTRAN
COBOL
37
Eiffel
ASP.NET
Windows Forms
XML WEB SERVICES

Base Class Libraries
Common Language Runtime
Operating System
Fig 5.2.1 .Net Framework
FEATURES OF C#
1. C# is a simple, modern, object oriented language derived from C++ and Java.
2. It aims to combine the high productivity of Visual Basic and the raw power of C++.
3. It is a part of Microsoft Visual Studio7.0.
4. Visual studio supports Vb, VC++, C++, Vbscript, Jscript. All of these languages provide
access to the Microsoft .NET platform.
5. .NET includes a Common Execution engine and a rich class library.
6. Microsoft's JVM equiv. is Common language run time (CLR).
7. CLR accommodates more than one languages such as C#, VB.NET, Jscript, ASP.NET, C++.
8. Source code --->Intermediate Language code (IL) ---> (JIT Compiler) Native code.
9.The classes and data types are common to all of the .NET languages.
10. We may develop Console application, Windows application, and Web application using C#.
11. In C# Microsoft has taken care of C++ problems such as Memory management, pointers etc.
12.It supports garbage collection, automatic memory management and a lot.
38
MAIN FEATURES OF C#
SIMPLE
1. Pointers are missing in C#.
2. Unsafe operations such as direct memory manipulation are not allowed.
3. In C# there is no usage of "::" or "->" operators.
4. Since it`s on .NET, it inherits the features of automatic memory management and garbage
collection.
5. Varying ranges of the primitive types like Integer, Floats etc.
6. Integer values of 0 and 1 are no longer accepted as Boolean values. Boolean values are pure
true or false values in C# so no more errors of "="operator and "=="operator. "==" is used for
comparison operation and "=" is used for assignment operation.
MODERN
1.C# has been based according to the current trend and is very powerful and simple for building
interoperable, scalable, robust applications.
2. C# includes built in support to turn any component into a web service that can be invoked over
the Internet from any application running on any platform.
OBJECT ORIENTED
1. C# supports Data Encapsulation, inheritance, polymorphism, interfaces.
2. (int, float, double) are not objects in java but C# has introduces structures (structs) which
enable the primitive types to become objects
int i=1;
string a=i.Tostring(); //conversion (or) Boxing
39
TYPE SAFE
1. In C# we cannot perform unsafe casts like convert double to a Boolean.
2. Value types (primitive types) are initialized to zeros and reference types (objects and classes
are initialized to null by the compiler automatically.
3. Arrays are zero base indexed and are bound checked.
4. Overflow of types can be checked.
INTEROPERABILITY
1. C# includes native support for the COM and windows based applications.
2. Allowing restricted use of native pointers.
3. Users no longer have to explicitly implement the unknown and other COM interfaces, those
features are built in.
4. C# allows the users to use pointers as unsafe code blocks to manipulate your old code.
5. Components from VB NET and other managed code languages and directly be used in C#.
SCALABLE AND UPDATEABLE
1. .NET has introduced assemblies, which are self-describing by means of their manifest.
Manifest establishes the assembly identity, version, culture and digital signature etc. Assemblies
need not to be register anywhere.
2. To scale our application we delete the old files and updating them with new ones. No
registering of dynamic linking library.
3. Updating software components is an error prone task. Revisions made to the code can affect
the existing program C# support versioning in the language. Native support for interfaces and
method overriding enable complex frame works to be developed and evolved over time.
5.2.2 OBJECTIVES OF .NET

The .net framework is one of the tools provided by the .net platform. It provides an Environment
for building, deploying and running web services and other applications like Console
40
applications; Windows based applications, Web sites. It is a Common architecture for all .net
programming languages.
The Main Objectives of .NET Framework
1) Platform Independent
2) Language Independent
3) Language Interoperability
4) Security
5) Database Connectivity
6) Globalization of Application
1) Platform Independent: As dll or exe files are executable in any operating system
with the help of the CLR (common language runtime), hence .net is called as platform
independent.
CLR is platform dependent.
CLR for Windows is called CLR.
CLR for Linux is called Mono CLR.
CLR for light weight devices is called Compact CLR.
CLR is not available for DOS and Windows95.
2) Language Independent: As .net application logic can be developed in any .net framework
compatible languages, hence it is called as Language Independent.
It supports 11 languages and 1 specification
e.g.: C#.net
VB.net
J#.net
41
Cobol.net
PHP.net
PERL.net etc.....
Specification is ASP.net
It provides set of rules to be followed while integrating with the language.
3) Language Interoperability: The code written in one language should be used from
the application developed using other language.
4) Security: The .net applications attains high level of security.
5) Database Connectivity: A new Database connectivity model to connect Database.
6) Globalization of Application: Designing the applications for supporting multiple
languages and cultures.
5.2.3 COMPONETS OF .NET FRMEWORK
42
The .NET Framework is an integral Windows component that supports building and running the
next generation of applications and XML Web services. The .NET Framework is designed to
fulfill the following objectives:
To provide a consistent object-oriented programming environment whether object code is

stored and executed locally, executed locally but Internet-distributed, or executed
remotely.
To provide a code-execution environment that minimizes software deployment and

versioning conflicts.
To provide a code-execution environment that promotes safe execution of code, including

code created by an unknown or semi-trusted third party.
To provide a code-execution environment that eliminates the performance problems of

scripted or interpreted environments.
To make the developer experience consistent across widely varying types of applications,
such as Windows-based applications and Web-based applications.
To build all communication on industry standards to ensure that code based on the .NET
Framework can integrate with any other code.
The .NET Framework has two main components: the common language runtime and the .NET
Framework class library. The common language runtime is the foundation of the .NET
Framework. You can think of the runtime as an agent that manages code at execution time,
providing core services such as memory management, thread management, and remoting, while
also enforcing strict type safety and other forms of code accuracy that promote security and
robustness. In fact, the concept of code management is a fundamental principle of the runtime.
Code that targets the runtime is known as managed code, while code that does not target the
runtime is known as unmanaged code. The class library, the other main component of the .NET
Framework, is a comprehensive, object-oriented collection of reusable types that you can use to
develop applications ranging from traditional command-line or graphical user interface (GUI)
applications to applications based on the latest innovations provided by ASP.NET, such as Web
Forms and XML Web services.
43
The .NET Framework can be hosted by unmanaged components that load the common language
runtime into their processes and initiate the execution of managed code, thereby creating a
software environment that can exploit both managed and unmanaged features. The .NET
Framework not only provides several runtime hosts, but also supports the development of thirdparty runtime hosts.
For example, ASP.NET hosts the runtime to provide a scalable, server-side environment for
managed code. ASP.NET works directly with the runtime to enable ASP.NET applications and
XML Web services, both of which are discussed later in this topic.
Internet Explorer is an example of an unmanaged application that hosts the runtime (in the form
of a MIME type extension). Using Internet Explorer to host the runtime enables you to embed
managed components or Windows Forms controls in HTML documents. Hosting the runtime in
this way makes managed mobile code (similar to Microsoft ActiveX controls) possible, but
with significant improvements that only managed code can offer, such as semi-trusted execution
and isolated file storage.
The following illustration shows the relationship of the common language runtime and the class
library to your applications and to the overall system. The illustration also shows how managed
code operates within a larger architecture.
.NET Framework in context
44
The following sections describe the main components and features of the .NET Framework in
greater detail.
1. COMMON LANGUAGE RUNTIME
The common language runtime manages memory, thread execution, code execution, code safety
verification, compilation, and other system services. These features are intrinsic to the managed
code that runs on the common language runtime.With regards to security, managed components
are awarded varying degrees of trust, depending on a number of factors that include their origin
(such as the Internet, enterprise network, or local computer). This means that a managed
component might or might not be able to perform file-access operations, registry-access
operations, or other sensitive functions, even if it is being used in the same active application.The
runtime enforces code access security. For example, users can trust that an executable embedded
in a Web page can play an animation on screen or sing a song, but cannot access their personal
data, file system, or network. The security features of the runtime thus enable legitimate Internetdeployed software to be exceptionally feature rich.
The runtime also enforces code robustness by implementing a strict type-and-code-verification
infrastructure called the common type system (CTS). The CTS ensures that all managed code is
45
self-describing. The various Microsoft and third-party language compilers generate managed
code that conforms to the CTS. This means that managed code can consume other managed
types and instances, while strictly enforcing type fidelity and type safety.
In addition, the managed environment of the runtime eliminates many common software issues.
For example, the runtime automatically handles object layout and manages references to objects,
releasing them when they are no longer being used. This automatic memory management
resolves the two most common application errors, memory leaks and invalid memory references.
The runtime also accelerates developer productivity. For example, programmers can write
applications in their development language of choice, yet take full advantage of the runtime, the
class library, and components written in other languages by other developers. Any compiler
vendor who chooses to target the runtime can do so. Language compilers that target the .NET
Framework make the features of the .NET Framework available to existing code written in that
language, greatly easing the migration process for existing applications.
While the runtime is designed for the software of the future, it also supports software of today
and yesterday. Interoperability between managed and unmanaged code enables developers to
continue to use necessary COM components and DLLs.
The runtime is designed to enhance performance. Although the common language runtime
provides many standard runtime services, managed code is never interpreted. A feature called
just-in-time (JIT) compiling enables all managed code to run in the native machine language of
the system on which it is executing. Meanwhile, the memory manager removes the possibilities
of fragmented memory and increases memory locality-of-reference to further increase
performance.
Finally, the runtime can be hosted by high-performance, server-side applications, such as
Microsoft SQL Server and Internet Information Services (IIS). This infrastructure enables
you to use managed code to write your business logic, while still enjoying the superior
performance of the industry's best enterprise servers that support runtime hosting.
46
2. BASE CLASS LIBRARY.
The .NET Framework class library is a collection of reusable types that tightly integrate with the
common language runtime. The class library is object oriented, providing types from which your
own managed code can derive functionality. This not only makes the .NET Framework types
easy to use, but also reduces the time associated with learning new features of the .NET
Framework. In addition, third-party components can integrate seamlessly with classes in the
.NET Framework.
For example, the .NET Framework collection classes implement a set of interfaces that you can
use to develop your own collection classes. Your collection classes will blend seamlessly with
the classes in the .NET Framework.
As you would expect from an object-oriented class library, the .NET Framework types enable
you to accomplish a range of common programming tasks, including tasks such as string
management, data collection, database connectivity, and file access. In addition to these common
tasks, the class library includes types that support a variety of specialized development scenarios.
For example, you can use the .NET Framework to develop the following types of applications
and services:
Console applications.
Windows GUI applications (Windows Forms).
ASP.NET applications.
XML Web services.
Windows services.
For example, the Windows Forms classes are a comprehensive set of reusable types that vastly
simplify Windows GUI development. If you write an ASP.NET Web Form application, you can
use the Web Forms classes.
47
5.3 FEATURES OF THE COMMON LANGUAGE RUNTIME
Common Language Runtime is a heart of the .net framework. It actually manages the code
during Execution. The Code that runs under the CLR is called Managed Code. The code that
is
executed
under
.net
runtime
gets
benefits
like
cross language inheritance,
cross language exception handling, enhanced Security, Versioning and development support, a
simplified model for component interaction, debugging and Profiling services.
CLR Managed Code Execution Process
The
Process of
Compiling
and
executing
managed
code
is
given
below
When you compile a program written in any of language that target CLR, the compiler
translate it into Microsoft Intermediate Language (MSIL) or IntermediateLanguage (IL).
It
does
not
depend
on Language and
always
get
translated
to
IL,
This
ensures language Interoperability.

In addition to translating the code into IL, Compiler also produces metadata about the
program during the process of compilation. Metadata contains the description ofthe
program such as Classes and interfaces, the dependencies etc.
The IL and the metadata are linked in an assembly.
The Compiler creates .EXE or .Dll File.
When you execute the .exe or .dll file, the code and all the other relevant information
from the base class library is sent to the class Loader, who loads the code in memory.
Before code gets executed, The Just-in-Time (JIT) compiler translates the code from IL to
native code (machine code). CLR supplies a JIT compiler for each supports CPU
architecture. During the process of compilation, the JIT compiler compiles only the code
that is required during execution instead of compiling the complete IL code.
48
During JIT Compilation, the code is also checked for type safety. Type Safety ensures
that object are accessed in a compatible way. Type Safety also ensures that objects are
isolated from each other and are therefore safe from any malicious corruption.
After Converted to native code, converted code is sent to .net runtime manager.
The .net runtime manager executed the code, while executed the code, a security check is
performed to ensure that the code has the appropriate permission for accessing the
available resources.
Features provided by CLR

Some of the features provided by the CLR are as follows:
Automatic
memory
management:
The
CLR
provides
the
Garbage
Collection feature for managing the life time of object. This relives a programmer from
memory management task.
Standard Type System: - The CLR Implement a formal Specification called the
Common Type System (CTS). CTS is important part of rules that ensures that objects
written in different language can interact with each other.
Language interoperability: - It is the ability of an application to interact with another
application written in a different programming language. Language interoperability helps
maximum code reuse. The CLR provides support for language interoperability by
specifying and enforcing CTS and by providing metadata.
Platform Independence: - The Compiler compiles code language, which is CPUindependent. This means that the code can be executed from any platform that supports
the .Net CLR.
Security Management: - In .net platform, Security is achieved through the code
access Security (CAS) model. In the model, CLR enforces the restriction an managed
code through the object called permissions. The CLR allows the code to perform only
that task for which it has permissions. In other words, the CAS model specifies what the
code can access instead of specifies who can access resources.
49
Type Safety: - This feature ensures that object is always accessed in compatible ways.
Therefore the CLR will prohibit a code from assign a 10-byte value to an object that
occupies 8 bytes.
Benefits of CLR
Followings are some of benefits of the CLR
Performance improvement
The ability to easily use components developed in other languages.
Extensible types provided by library.
New Language features such as inheritance, interfaces etc.
Complete Object-Oriented design.
Very Strong Type Safety.
A good blend of Visual Basic simplicity and c++ power.
Syntax and keywords similar to c and c++.
Use of delegates rather than function pointers for increased type safety and security.
5.4 AJAX AN OVERVIEW

In the world of Web programming, AJAX stands for Asynchronous JavaScript And XML,
which is a technique for developing more efficient interactive Web applications. AJAX enables
complex interactive Web site elements to remain loaded while switching between pages, so that
they do not have to be served up separately each time a visitor navigates to another site page.
This Personal Learning Resource gives a brief overview of AJAX, discusses its advantages and
50
disadvantages, and also lists numerous other resources for additional training on this
development method.
AJAX (Asynchronous JavaScript And XML) Key Components

AJAX itself is not considered to be a unique technology, but a Web development method
incorporating features from several different technologies and languages. AJAX uses a
communication technology (typically SOAP and XML) to send and receive an asynchronous
request/response to the server, and then leverages presentation technologies (JavaScript, DOM,
HTML, and CSS) to process the response. The AJAX method implements the following
technologies to ease the process of producing consistent and interactive Web pages:
1. XHTML (HTML) and CSS, for marking up and styling information.
2. The DOM accessed
with
client-side
scripting
language,
especially ECMAScript implementations like JavaScript and JScript, to dynamically

display and interact with the information presented.
3. The XMLHttpRequest object to exchange data asynchronously with the Web server. In
some AJAX frameworks and in certain situations, an iFrame object is used instead of the
XMLHttpRequest object to exchange data with the Web server.
4. XML is commonly used as the format for transferring data back from the server, although
any format will work, including preformatted HTML, plain text, JSON and even EBML.
Using Ajax technologies in Web applications provides many challenges for developers interested
in adhering to WAI accessibility guidelines. Developers need to provide fallback options for
users on other platforms or browsers, as most methods of AJAX implementation rely on features
only present in desktop graphical browsers.
51
5.4.1 EVOLUTION OF AJAX

In his blog, A Brief History of AJAX, Aaron Swartz talks about the evolution of AJAX. Various
vendors contributed to this effort. The tipping point came when Google used it for Google Maps
and Gmail and when Jesse James Garrett coined the term AJAX.AJAX completely changed the
browsing experience. Now vendors like Sun and TIBCO are jumping in with tools to build
AJAX style applications. I just did a search on Google on AJAX applications, and got about 1.87
million hits. Also stumbled upon a link to the Top-10 AJAX applications posted in Sep, 2005.
5.4.2 BENEFITS OF AJAX

Ajax is new very promising technology, which has become extremely popular these days. Here
are the benefits of using Ajax:
Ajax can be used for creating rich, web-based applications that look and works like a
desktop application
Ajax is easy to learn. Ajax is based on JavaScript and existing technologies like XML,
CSS, DHTML. etc. So, its very easy to learn Ajax
52
Ajax can be used to develop web applications that can update the page data continuously
without refreshing the whole page
What is Ajax?
Asynchronous JavaScript and XML or Ajax for short is new web development technique used
for the development of most interactive website. Ajax helps you in making your web application
more interactive by retrieving small amount of data from web server and then showing it on your
application. You can do all these things without refreshing your page.
Usually in all the web applications, the user enters the data into the form and then clicks on the
submit button to submit the request to the server. Server processes the request and returns the
view in new page ( by reloading the whole page). This process is inefficient, time consuming,
and a little frustrating for you user if the only the small amount of data exchange is required. For
example in an user registration form, this can be frustrating thing for the user, as whole page is
reloaded only to check the availability of the user name. Ajax will help in making your
application more interactive. With the help of Ajax you can tune your application to check the
availability of the user name without refreshing the whole page.
Understanding the technology behind Ajax
Ajax is not a single technology, but it is a combination of many technologies. These technologies
are supported by modern web browsers. Following are techniques used in the Ajax applications.
JavaScript:
JavaScript is used to make a request to the web server. Once the response is returned by
the webserver, more JavaScript can be used to update the current page. DHTML and CSS
is used to show the output to the user. JavaScript is used very heavily to provide teh
dynamic behavior to the application.
Asynchronous Call to the Server:

Most of the Ajax application used the XMLHttpRequest object to send the request to the
web server. These calls are Asynchronous and there is no need to wait for the response to
53
come back. User can do the normal work without any problem.
XML:
XML may be used to receive the data returned from the web server. JavaScript can be
used to process the XML data returned from the web server easily.
How Ajax Works?

When user first visits the page, the Ajax engine is initialized and loaded. From that point of time
user interacts with Ajax engine to interact with the web server. The Ajax engine operates
asynchronously while sending the request to the server and receiving the response from server.
Ajax life cycle within the web browser can be divided into following stages:
User Visit to the page: User visits the URL by typing URL in browser or clicking a link
from some other page.
Initialization of Ajax engine:

When the page is initially loaded, the Ajax engine is also initialized. The Ajax engine can
also be set to continuously refresh the page content without refreshing the whole page.
Event Processing Loop:

* Browser event may instruct the Ajax engine to send request to server and receive the
response data
* Server response - Ajax engine receives the response from the server. Then it calls the
JavaScript call back functions
* Browser (View) update - JavaScript request call back functions is used to update the
browser. DHTML and css is used to update the browser display.
54
5.5 MAIN FEATURES OF XML:
XML files are text files, which can be managed by any text editor.
XML is very simple, because it has less than 10 syntax rules.
XML is extensible, because it only specifies the structural rules of tags. No specification
on tags them self.
Because of these features, XML offers following advantages as described by en.wikipedia.org:
XML provides a basic syntax that can be used to share information between different
kinds of computers, different applications, and different organizations. XML data is
stored in plain text format. This software- and hardware-independent way of storing data
allows different incompatible systems to share data without needing to pass them through
many layers of conversion. This also makes it easier to expand or upgrade to new
operating systems, new applications, or new browsers, without losing any data.
With XML, your data can be available to all kinds of "reading machines" (Handheld
computers, voice machines, news feeds, etc), and make it more available for blind people,
or people with other disabilities.
XML provides a gateway for communication between applications, even applications on

wildly different systems. As long as applications can share data (through HTTP, file
sharing, or another mechanism), and have an XML parser, they can share structured
information that is easily processed. Databases can trade tables, business applications can
trade updates, and document systems can share information.
It supports Unicode, allowing almost any information in any written human language to
be communicated.
It can represent common computer science data structures: records, lists and trees.
Its self-documenting format describes structure and field names as well as specific
values.
55
The strict syntax and parsing requirements make the necessary parsing algorithms
extremely simple, efficient, and consistent.
Content-based XML markup enhances searchability, making it possible for agents and
search engines to categorize data instead of wasting processing power on context-based
full-text searches.
XML is heavily used as a format for document storage and processing, both online and
offline.
It is based on international standards.
It can be updated incrementally.
It allows validation using schema languages such as XSD and Schematron, which makes
effective unit-testing, firewalls, acceptance testing, contractual specification and software
construction easier.
The hierarchical structure is suitable for most (but not all) types of documents.
It is platform-independent, thus relatively immune to changes in technology.
Forward and backward compatibility are relatively easy to maintain despite changes in
DTD or Schema.
Its predecessor, SGML, has been in use since 1986, so there is extensive experience and
software available.
5.6 FEATURES OF SQL SERVER

Microsoft SQL Server 2005
The following is a list of the new features provided in SQL Server 2005:
User-defined functions
56
Indexed views
Distributed partitioned views
INSTEAD OF and AFTER triggers
New data types
Cascading RI constraints
Multiple SQL Server instances
XML support
Log shipping
The rest of this section takes a closer look at each of these new features and provides a
reference to subsequent chapters where more information about the new feature can be found.
SQL-SERVER database consist of six type of objects,
They are,
1. TABLE
2. QUERY
3. FORM
4. REPORT
5. MACRO
TABLE:
A database is a collection of data about a specific topic.
57
VIEWS OF TABLE:
We can work with a table in two types,
1. Design View
2. Datasheet View
DESIGN VIEW
To build or modify the structure of a table we work in the table design view. We can
specify what kind of data will be hold.
DATASHEET VIEW
To add, edit or analyses the data itself we work in tables datasheet view mode.
QUERY:
A query is a question that has to be asked the data. Access gathers data that answers the
question from one or more table. The data that make up the answer is either dynaset (if you edit
it) or a snapshot(it cannot be edited).Each time we run query, we get latest information in the
dynaset.Access either displays the dynaset or snapshot for us to view or perform an action on it
,such as deleting or updating.
SQL Server 2005 Introduction
58
SQL Server 2000 will be soon reaching its five-year mark, which in terms of software life-cycle
translates into fairly advanced maturity. While this is still far from retirement age, the name of its
successor, SQL Server 2005, suggests that it might be time for you to start looking into what the
new generation has to offer. The release of SQL Server 2005, originally introduced as Yukon, has
already been postponed, but its current Beta 2 implementation (with several incremental
Community Technical Previews expected before Beta 3 becomes available early next year)
brings promise of a timely RTM stage (planned for summer next year). In this series of articles,
we will look into functional highlights of the new incarnation of the Microsoft database
management system, focusing on those that are likely to remain unchanged in the final product.
Improvements to the database engine, the details of which are not published by Microsoft, and
the corresponding changes to the main infrastructure components are reflected by a substantial
number of new features as well as enhancements to existing ones. The most relevant ones can be
grouped into several categories, such as high availability and scalability, security, data
management, administration and maintenance, and development.
The demand for high availability is becoming increasingly common and is no longer limited to
major corporate and governmental clients. This results not only from a growing level of customer
expectations, but also from the new political climate associated with more stringent legislative
and regulatory requirements, in which disaster recovery and business continuity are more
relevant then ever. However, businesses are also, at the same time, extremely interested in
keeping their costs to a minimum. Microsoft tries to address these expectations by implementing
scalability enhancements, which ensure that SQL Server can perform equally well in
environments of any size, and by the introduction of several versions of SQL Server 2005
(geared towards more specialized needs) such as:
SQL Server Standard Edition - offering the most diverse set of features and intended for
the majority of clients.
SQL Server 2005 Express Edition - serving as the replacement for Microsoft Data Engine
(MSDE) and available for download from t. Like its predecessor, it was designed with
developers in mind, however, unlike the previous version, it also includes a Web based
management interface.
59
SQL Server 2005 Mobile Edition - as a successor to SQL Server 2000 Windows CE
Edition, it is intended for Windows mobile-based devices, such as Tablet PCs, Pocket
PCs, and Smart phones
Among the most significant changes introduced in the areas of high availability and scalability in
SQL Server 2005 are the following:
Database mirroring - allows running hot-standby system closely synchronized with the
primary source. This provides an extension of log shipping functionality, which existed in
SQL Server 2000, with a number of additional enhancements, such as low-latency,
automatic failover and fallback, and two-way synchronization.
Online restore - provides the ability to restore data without taking a database offline,
which was the case in earlier versions of SQL Server. Users are only prevented from
accessing data that is being restored.
failover clustering - even though this is not a new feature, its SQL Server 2005
implementation offers significant improvements, such as eight-node clustering (in
combination with Windows 2003 Server Enterprise Edition) and support for failover of
Notification Services, Analysis Services, and a number of SQL Server Agent related tasks
(such as replication or job management and processing).
Online indexing - indexes can now be created, dropped, and rebuilt (performed typically
in order to eliminate index fragmentation) at the same time that the underlying table data
is being queried or modified. In SQL Server 2000, rebuilding a non-clustered index
places a shared lock on the underlying table, which restricts operations on it to SELECT
statements. When rebuilding a clustered index, SQL Server 2000 places an exclusive lock
on the table, preventing access to it altogether until the operation is completed.
Support for both 32- and 64-bit Windows 2003 Server platforms, including both Intel and
AMD (Option with Direct Connect Architecture) processors.
60
Table partitioning - provides the ability to partition tables across file groups in a database,
which optimizes operation on large tables.
Database snapshot and snapshot isolation - snapshots generate a read-only view of the
underlying database, which can be used, for example, to quickly recover data after
unintentional or erroneous change. Note that a snapshot is different from a copy, since it
occupies only the space required to contain changes applied to the database after it has
been created, greatly limiting storage requirements. Snapshot isolation provides parallel
access to the last committed row in a database, which can be used to eliminate blocking
issues when dealing with users operating simultaneously on the same data set.
replication - its SQL Server 2000 implementation has been enriched by the introduction
of a new peer-to-peer topology, the ability to replicate via HTTP and HTTPS (to
accommodate secure communication over the Internet), and cross-platform replication
from Oracle databases.
SQL Service Broker - provides functionality of asynchronous message routing and

guaranteed delivery, intended primarily for scenarios involving complex, simultaneous,
distributed, and interdependent data processing tasks (common in e-commerce
applications). In essence, this is a message queuing mechanism native to SQL Server
2005, which can be configured and managed using extensions to the T-SQL data
manipulation language.
fast recovery - allows connections to a database when bringing it on-line as soon as its
transaction log has been rolled forward (in previous versions of SQL Server, connections
were permitted only after incomplete transactions had been rolled back).
With the surging wave of virus threats and the rising rate of vulnerabilities, database
administrators (as well as computer professionals in other fields) have been devoting more and
more of their time and attention to the area of security. This process has been further accelerated
by increasing the number of regulatory requirements (such as Sarbanes-Oxley Act or Health
Insurance Portability and Accountability Act) enforced in various sectors of the market dealing
with large quantities of data. Microsoft's commitment in this area has greatly improved since the
61
announcement of the Secure Computing Initiative and resulted in the following security-related
changes in SQL Server 2005:
"secure by default" settings,
enforceable SQL Server-based login strong password policies,
native data encryption, protected with passwords or certificates,
Authorization enhancements.
In the area of data management, changes are also significant, encompassing new extraction,
transform, and load (ETL) features as well as analytical and data mining processing
enhancements:
SQL Server Integration Services - is a revamped implementation of SQL Server 2000based Data Transformation Services (for more information on DTS in SQL Server 2000,
refer to our series of articles), with performance, usability, and manageability
improvements. In its new form, SQL Server Integration Services contains Business
Intelligence Workbench and SQL Server Workbench utilities, which further simplify
extracting data from various sources and distilling it for use in data-warehousing and
analytical applications.
Analysis Services - offering better performance of OLAP and data mining processing.
built-in support for both relational and XML-structured data - available through the
addition of the XML data type, allowing storing XML fragments and documents in SQL
Server databases (for more information on XML in SQL Server 2000, you can refer to
our series of articles on the Database Journal Web site). It is also worth mentioning that
SQL Server 2005 has new VARCHAR (MAX) data type - along with NVARCHAR
(MAX) and VARBINARY (MAX) - with the ability to store up to 2GB of data,
supplementing TEXT, NTEXT, and IMAGE data types.
62
A number of administrative and maintenance tasks have been eliminated or simplified, by either
automating them or introducing new\improved management utilities. Functionality in this area
has also been extended through reporting and notification services (although note that
corresponding products are available on SQL Server 2000 platform):
self-tuning capabilities have been enhanced,
SQL Server Management Studio - replacing a number of SQL Server 2000 management
utilities, including SQL Server Enterprise Manager, SQL Query Analyzer (replaced by
SQL Server Management Studio Query Editor - with extra features such as statement
auto-completion or results presented in XML form), SQL Server Analysis Services,
Reporting Services, and Notification Services, as well as providing management for SQL
Server Mobile Edition databases.
Reporting Services - enhanced from its recently released, SQL Server 2000-based
version, offers the ability to create, manage, and view reports. Integrating it with SQL
Server 2005 eliminates the need for such external tools as Crystal Reports (or similar
third party products).
Notification Services - provides the ability to generate and send custom subscriptionbased notifications, (triggered by data changes or according to a pre-determined
schedule), via a variety of messaging mechanisms, such as e-mail, phone, or instant
messenger.
Last, but definitely not least, there are significant enhancements in the area of development, such
as the following:
more powerful programming model,
Close integration with Visual Studio 2005, Web Services, and Common Language
Runtime (reflected by the dependency on Microsoft .NET Framework 2.0) - provides the
ability to use .NET-based stored procedures, functions, and triggers. This way, it is
possible to perform SQL development with .NET programming languages, taking
63
advantage of functionality present in the .NET framework. At the same time, this helps
consolidate application and database development tasks, making Transact-SQL, and
.NET programming languages interchangeable
1. Database mirroring
Database mirroring is a new high-availability feature in SQL Server 2005. It's similar to server
clustering in that failover is achieved by the use of a stand-by server; the difference is that the
failover is at the database level rather than the server level. The primary database continuously
sends transaction logs to the backup database on a separate SQL Server instance. A third SQL
Server instance is then used as a witness database to monitor the interaction between the primary
and the mirror databases.
2. Database snapshots
A database snapshot is essentially an instant read-only copy of a database, and it is a great
candidate for any type of reporting solution for your company. In addition to being a great
reporting tool, you can revert control from your primary database to your snapshot database in
the event of an error. The only data loss would be from the point of creation of the database
snapshot to the event of failure.
3. CLR integration
With SQL Server 2005, you now have the ability to create custom .NET objects with the
database engine. For example, stored procedures, triggers, and functions can now be created
using familiar .NET languages such as VB and C#. Exposing this functionality gives you tools
that you never had access to before such as regular expressions.
4. Service Broker
This feature gives you the ability to create asynchronous, message-based applications in the
database entirely through TSQL. The database engine guarantees message delivery, message
order consistency, and handles message grouping. In addition, Service Broker gives you the
ability to send messages between different SQL Server instances. Server Broker is also used in
several other features in SQL Server 2005. For example, you can define Event Nonfictions in the
database to send a message to a Queue in the database when someone attempts to alter a table
structure, of if there is a string of login failures.
64
5. DDL triggers
In previous articles, I outlined how you can use data definition language (DDL) triggers in SQL
Server 2005 to implement custom database and server auditing solutions for Sarbanes-Oxley
compliance. DDL triggers are defined at the server or database level and fire when DDL
statements occur. This gives you the ability to audit when new tables, stored procedures, or
logins are created.
6. Ranking functions
SQL Server 2005 provides you with the ability to rank result sets returned from the database
engine. This allows you to customize the manner in which result sets are returned, such as
creating customized paging functions for Web site data.
7. Row versioning-based isolation levels
This new database engine feature improves database read concurrency by reducing the amount of
locks being used in your database. There are two versions of this feature (both of which must be
enabled at the database level:
Read Committed Isolation Using Row Versioning is used at the individual statement
level, and guarantees that the data is consistent for the duration of the statement.
Snapshot Isolation is used at the transaction level, and guarantees that the data is
consistent for the duration of the transaction.
The database engine is able to guarantee the consistency through row versions stored in the temp
db database. When a statement or transaction is issued with their respective isolation levels, read
operations accessing the same data that is being involved in a transaction will read from the
previous version of the data that is stored in temp db. Using these techniques in the appropriate
situations can significantly decrease your database locking issues.
8. XML integration
SQL Server 2005 introduces the new XML data-type. You can store full XML documents in this
new data-type, and you can place validations on the well-formed documents in the database.
65
Additional enhancements include the ability to query the XML documents and create indexes on
the XML data-type.
9. TRY...CATCH
In a previous article, I outlined how you can use the new TRY...CATCH constructs in SQL
Server 2005 to catch and handle deadlocks when they occur in the database. This long-awaited
feature simplifies error handling in the database.
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class SNewExam : System.Web.UI.Page
{
BAL bl = new BAL();
static int qno = 1;
static int tnq = 1;
string Ename;
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
qno = 1;
}
}
66
protected void btnPatSubmit_Click(object sender, EventArgs e)

{
Ename = txt_ExamName.Text.ToString();
bl.CreateExamTable(Ename);
bl.CreateResultTable(Ename);
Panel2.Visible = true;
lblQueNo.Text = qno.ToString();
btnPatSubmit.Enabled = false;
}
#region Submit Questions
protected void btnSubmit_Click(object sender, EventArgs e)

{
try
{
tnq = Convert.ToInt32(txt_NoOfQuestion.Text);
bl.InsertToExamTable(Ename, qno, txt_Question.Text, txt_Option1.Text, txt_Option2.Text,
txtOption3.Text, txt_Option4.Text, txt_Answer.Text);
if (tnq == qno)
{
Panel2.Visible = false;
lbtnLaunchexam.Visible = true;
}
else
{
qno++;
lblQueNo.Text = qno.ToString();
txt_Question.Text = string.Empty;
txt_Option1.Text = string.Empty;
txtOption3.Text = string.Empty;
txt_Answer.Text = string.Empty;
}
}
catch (Exception)
{
67
throw;
}
}
#endregion
}
BAL.cs
public bool CreateExamTable(string Ename)
{
try
{
dl.CreateExamTable(Ename);
return true;
}
catch(Exception)
{
return false;
}
}
public bool InsertToExamTable(string Ename, int qno, string Ques, string Opt1, string Opt2,
string Opt3, string Opt4, string Ans)
{
try
{
dl.InsertToExamTable(Ename, qno, Ques, Opt1, Opt2, Opt3, Opt4, Ans);
return true;
}
catch (Exception)
{
return false;
}
}
public bool CreateResultTable(string Ename)
{
68
try
{
dl.CreateResultTable(Ename);
return true;
}
catch (Exception)
{
return false;
}
}
DAL.cs
#region Create Exam Que table
public bool CreateExamTable(string Ename)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("create table " + Ename + "(qno int,ques
varchar(1000),opt1 varchar(200),opt2 varchar(200),opt3 varchar(200),opt4 varchar(200),ans
varchar(200))", con);
cmd.ExecuteNonQuery();
return true;
}
catch (Exception)
{
return false;
}
finally
{
con.Close();
con.Dispose();
}
}
69
#endregion
#region Insert into exam table

public bool InsertToExamTable(string Ename, int qno, string Ques, string Opt1, string Opt2,
string Opt3, string Opt4, string Ans)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("insert into " + Ename + " values(" + qno + ",'" +
Ques + "','" + Opt1 + "','" + Opt2 + "','" + Opt3 + "','" + Opt4 + "','" + Ans + "')", con);
return true;
}
catch (Exception)
{
return false;
}
finally
{
con.Close();
con.Dispose();
}
}
#endregion
#region Create Result table
public bool CreateResultTable(string Ename)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("create table r" + Ename + "(RNO INT
IDENTITY(1,1),REGNO BIGINT REFERENCES CLOGIN(REGNO),CNAME VARCHAR(20),PERCENTAGE
INT,RESULT VARCHAR(20),TERMINATE VARCHAR(50))", con);
70
return true;
}
catch (Exception)
{
return false;
}
finally
{
con.Close();
con.Dispose();
}
}
#endregion
Candidate registration:
Code:
using System;
using System.Linq;
using System.Web;
public partial class CNRegister : System.Web.UI.Page
{
BAL bl = new BAL();
{
71
}
protected void btnSubmit_Click(object sender, EventArgs e)
{
bool status=bl.register(txt_LoginName.Text, txt_RegisterNO.Text,
txt_CandidateName.Text, txt_Password.Text, txt_ConPassword.Text, txt_MobNo.Text,
txt_City.Text, txt_Major.Text, txt_Depart.Text);
if (status == true)
{
Lblsuccess.text= "registered successfully";
}
}
}
BAL.cs
using System;
using System.Linq;
using System.Web;
public class BAL
{
DAL dl = new DAL();
public bool register(string LoginName, string RegisterNo, string CandidateName, string
Password, string ConPassword, string MobileNo, string City, string Major, string Department)
{
try
{
72
dl.register(LoginName, RegisterNo, CandidateName, Password, ConPassword,

MobileNo, City, Major, Department);
return true;
}
catch
{
return false;
}
}
}
DAL.cs:
using System;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
public class DAL
{
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["NS02Con"].ConnectionString);
public bool register(string LoginName, string RegisterNo, string CandidateName, string
Password, string ConPassword, string MobileNo, string City, string Major, string Department)
{
try
{
73
con.Open();
SqlCommand cmd = new SqlCommand("sp_Registration", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@LoginName", LoginName);
cmd.Parameters.AddWithValue("@RegisterNo",RegisterNo);
cmd.Parameters.AddWithValue("@CandidateName",CandidateName);
cmd.Parameters.AddWithValue("@Password",Password);
cmd.Parameters.AddWithValue("@ConPassword", ConPassword);
cmd.Parameters.AddWithValue("@MobileNo",MobileNo);
cmd.Parameters.AddWithValue("@City", City);
cmd.Parameters.AddWithValue("@Major",Major);
cmd.Parameters.AddWithValue("@Department",Department);
return true;
}
catch (Exception)
{
return false;
}
finally
{
con.Close();
con.Dispose();
}
}
}
Code:
using System;
74
using System.Linq;
using System.Web;
using System.Data;
public partial class CRegistration : System.Web.UI.Page
{
BAL bl = new BAL();
string Ename;
{
if (Session["name"]== "Candidate")
{
Response.Redirect("CLogin.aspx");
}
else
{
lblUserName.Text = Session["name"].ToString();
if (!IsPostBack)
{
DataSet ds = new DataSet();
int NoOfExam;
ds = bl.viewexamList();
ddlChooseExam.DataSource = ds;
ddlChooseExam.DataTextField = "Ename";
ddlChooseExam.DataValueField = "ScheduleId";
ddlChooseExam.DataBind();
NoOfExam = ds.Tables[0].Rows.Count;
lblNoOfExam.Text = Convert.ToString(NoOfExam);
}
75
}
protected void btnGetdetails_Click(object sender, EventArgs e)
{
Ename = ddlChooseExam.SelectedItem.Text.ToString();
List<DataFetch> df = bl.viewExamDetail(Ename);
lblExamName.Text = df[0].E_Name;
lblNoQuestion.Text = df[0].Tnq.ToString();
lblDuration.Text = df[0].Tnq.ToString() + "mins";
}
protected void btnRegisterExam_Click(object sender, EventArgs e)

{
try
{
string CandName = Session["CandUserName"].ToString();
bool RegStatus = bl.CheckCandExamRegistration(Ename, CandName);
if (RegStatus)
{
lblAlreadyReg.Visible = true;
}
else
{
bl.insertCanExamRegister(Ename, CandName);
lblRegMess.Visible = true;
}
}
catch (Exception)
{
throw;
}
76
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)

{
}
}
using
using
using
using
using
using
using
System;
System.Collections.Generic;
System.Linq;
System.Web;
System.Web.UI;
System.Web.UI.WebControls;
System.Diagnostics;
public partial class CTest : System.Web.UI.Page

{
CTestBal bl = new CTestBal();
{
// to clear value when we press back button
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.UtcNow.AddHours(-1));
Response.Cache.SetNoStore();
if (Session["name"] == "Candidate")
{
}
else
{
}
if (!IsPostBack)
{
ddlExam.DataSource= bl.viewExamName();
ddlExam.DataTextField = "Ename";
ddlExam.DataValueField = "Ename";
ddlExam.DataBind();
}
}
protected void btnEnter_Click(object sender, EventArgs e)
77
string reg = txt_RegisterNO.Text;

Session["reg"] = reg;
string logname = Session["name"].ToString();
string ename = ddlExam.SelectedItem.Text.ToString();
Session["ename"] = ename.ToString();
bool registerNoCheck=bl.registerNoInsertCheck(reg,logname,ename);
if (registerNoCheck)
{
lblRegStatus.Visible = true;
lblRegStatus.Text = "All the best";
btnEnter.Enabled = false;
}
else
{
lblRegStatus.Visible = true;
lblRegStatus.Text = "Please register for the exam first";
}
}
protected void btnOk_Click(object sender, EventArgs e)
{
if ((CheckBox1.Checked == true) && (CheckBox2.Checked == true) &&
(CheckBox3.Checked == true))
{
string curBrows;
HttpBrowserCapabilities browser=new HttpBrowserCapabilities();
browser = Request.Browser;
curBrows = browser.Browser;
if (curBrows == "IE")
{
int count = 0;
string[] allprocess=new string[100];
Process[] prs = Process.GetProcesses();
int ie = 0, other = 0;
foreach (Process procs in prs)
{
try
{
count++;
allprocess[count] = procs.ProcessName;
switch (allprocess[count])
{
case "ssmsee":
procs.Kill();
break;
case "IEXPLORE":
ie++;
break;
case "WINWORD":
78
//word
procs.Kill();
break;
case "MSACCESS":
//access
procs.Kill();
break;
case "notepad":
procs.Kill();
//text
break;
case "EXCEL":
//excel
procs.Kill();
break;
case "POWERPNT":
//ppt
procs.Kill();
break;
case "firefox":
procs.Kill();
break;
case "AcroRd32":
//pdf
procs.Kill();
break;
case "opera":
//opera
procs.Kill();
break;
default:
other++;
break;
}
}
catch
{
}
}
if (ie > 1)
{
lblIntExp.Text = "Close the other Internet Explorer except running this application";
}
else
{
Session["other"] = other.ToString();
Response.Redirect("Exam.aspx");
}
}
else
{
lblIntExp.Text = "You have to set default browser as Internet Explorer";
}
}
79
else
{
lblCheckboxStatus.Text = "check whether all the check box are clicked";
}
}
BAL
using
using
using
using
using
System;
System.Linq;
System.Web;
System.Data;
/// <summary>
/// Summary description for CTestBal
/// </summary>
public class CTestBal
{
CTestDal dl = new CTestDal();
public DataSet viewExamName()
{
return dl.viewExamName();
}
public bool registerNoInsertCheck(string reg, string logname, string ename)

{
return dl.registerNoInsertCheck(reg, logname, ename);
}
}
DAL
using System;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
/// <summary>
/// Summary description for CTestDal
/// </summary>
public class CTestDal
{
80
SqlConnection con =new

public DataSet viewExamName()
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("sp_SelectExamList", con);
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
da.Fill(ds);
return ds;
}
catch (Exception)
{
throw;
}
finally
{
con.Close();
}
}
public bool registerNoInsertCheck(string reg,string logname,string ename)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("select regno from [r" + ename + "] where
regno= '" + reg + "'", con);
SqlDataReader dr;
dr = cmd.ExecuteReader();
if (dr.HasRows)
{ //regno exist in the table
return true;
}
else
{
//regno does not exist so insert
//SqlCommand cmd1 = new SqlCommand("insert into [r" + ename + "]
(LoginName,RegNo) values('" + logname + "' , '" + reg + "') ",con);
//cmd1.ExecuteNonQuery();
return false;
}
}
catch (Exception)
{
throw;
}
finally
{
con.Close();
81
}
}
}
Code:
using System;
using System.Linq;
using System.Web;
using System.Data;
public partial class CRegistration : System.Web.UI.Page
{
BAL bl = new BAL();
string Ename;
{
if (Session["name"]== "Candidate")
{
}
else
{
if (!IsPostBack)
{
int NoOfExam;
ds = bl.viewexamList();
ddlChooseExam.DataSource = ds;
ddlChooseExam.DataTextField = "Ename";
ddlChooseExam.DataValueField = "ScheduleId";
82
ddlChooseExam.DataBind();
NoOfExam = ds.Tables[0].Rows.Count;
lblNoOfExam.Text = Convert.ToString(NoOfExam);
}
}
protected void btnGetdetails_Click(object sender, EventArgs e)
{
List<DataFetch> df = bl.viewExamDetail(Ename);
lblExamName.Text = df[0].E_Name;
lblNoQuestion.Text = df[0].Tnq.ToString();
lblDuration.Text = df[0].Tnq.ToString() + "mins";
}
protected void btnRegisterExam_Click(object sender, EventArgs e)

{
try
{
string CandName = Session["CandUserName"].ToString();
bool RegStatus = bl.CheckCandExamRegistration(Ename, CandName);
if (RegStatus)
{
lblAlreadyReg.Visible = true;
}
else
{
bl.insertCanExamRegister(Ename, CandName);
lblRegMess.Visible = true;
83
}
}
catch (Exception)
{
throw;
}
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)

{
}
}
using
using
using
using
using
using
using
System;
System.Linq;
System.Web;
System.Web.UI;
System.Diagnostics;
public partial class Exam : System.Web.UI.Page

{
static string sename;
static string RegNo;
static int i;
static string qans;
static string sans;
static int tca;
static int tnq;
static int count;
int MaxTPQ = 60;
static int OTemp;
ExamBAL bl = new ExamBAL();
{
//end
84
if (!IsPostBack)
{
lblSession.Text = Session["name"].ToString();
count = MaxTPQ;
sename = Session["ename"].ToString();
RegNo = Session["reg"].ToString();
tnq = bl.scheduleDetails(sename);
lblNoOfQuestion.Text = tnq.ToString();
lblMaximumTime.Text = tnq.ToString() + "Mins";
i = 1;
tca = 0;
read(sename,i);
}
public void read(string ename,int qno)
{
string Ques, Op1, Op2, Op3, Op4, Ans;
var t1 = bl.ExamQuestion(ename, qno);
Ques = t1.Item1;
Op1 = t1.Item2;
Op2 = t1.Item3;
Op3 = t1.Item4;
Op4 = t1.Item5;
Ans = t1.Item6;
lblQno.Text = i.ToString() + "." + Ques;
if (tnq == i)
{
lblRemQuestion.Text = "No more";
}
else
{
lblRemQuestion.Text = (tnq - i).ToString();
}
RadioButton1.Text = Op1;
qans = Ans;
}
public void check()
{
if (RadioButton1.Checked == true)
{
sans = RadioButton1.Text;
}
else if (RadioButton2.Checked == true)
{
}
{
}
85

{
}
else
{
sans = "NA";
}
if (sans == qans)
{
tca++;
}
RadioButton1.Checked
}
=
=
=
=
false;
false;
false;
false;
protected void btnNext_Click(object sender, EventArgs e)

{
count = MaxTPQ;
lblElapsedTime.Text = count.ToString();
check();
i++;
if (i <= tnq)
{
read(sename,i);
}
else
{
Timer1.Enabled = false;
lblCorrectAnswer.Text = "Exam Completed Successfully";
Timer1.Dispose();
result1();
}
System.Timers.Timer t = new System.Timers.Timer();
t.Start();
}
protected void Timer1_Tick(object sender, EventArgs e)
{
--count;
lblElapsedTime.Text = count.ToString();
if ((count % 3) == 0)
{
int count1 = 0;
string[] allprocess = new string[100];
86
Process[] prs = Process.GetProcesses();

int word = 0, text = 0, pdf = 0, ppt = 0, access = 0, ie = 0, ff = 0, opera = 0, excel = 0,
other = 0, sql = 0, otherpre = 0; int chrome=0;
otherpre = Convert.ToInt32(Session["other"].ToString());
foreach (Process proces in prs)
{
try
{
count1++;
allprocess[count1]=proces.ProcessName;
switch(allprocess[count1])
{
case "ssmsee":
sql++;
proces.Kill();
Terminate("SQLSERVER");
break;
case "IEXPLORE":
ie++;
if(ie>1)
Terminate("INTERNET EXPLORE");
break;
case "WINWORD":
word++;
proces.Kill();
Terminate("MS Word");
break;
case "MSACCESS":
access++;
proces.Kill();
Terminate("MS Access");
break;
case "notepad":
proces.Kill();
text++;
Terminate("Notepad");
break;
case "EXCEL":
excel++;
proces.Kill();
Terminate("Excel");
break;
case "POWERPNT":
ppt++;
proces.Kill();
Terminate("MS Powerpoint");
break;
case "firefox":
ff++;
proces.Kill();
Terminate("FireFox");
break;
case "AcroRd32":
pdf++;
proces.Kill();
Terminate("Acrobat Reader");
break;
case "opera":
87
opera++;
proces.Kill();
Terminate("Opera");
break;
case "chrome":
chrome++;
proces.Kill();
Terminate("Chrome");
break;
default:
other++;
break;
}
}
catch(Exception)
{
throw;
}
if(OTemp!=0)
{
if (other > OTemp)
Terminate("Other Application");
OTemp=other;
}
}
if(count==0)
{
check();
i++;
if(i<=tnq)
{
read(sename,i);
}
else
{
Timer1.Enabled=false;
Panel1.Visible=false;
lblCorrectAnswer.Text=tca.ToString();
result1();
}
count=MaxTPQ;
}
public void Terminate(string AppName)
{
bl.Terminate(AppName, sename, RegNo);
Session["Status"] = " You have been Terminated from the Exam ";
Response.Redirect("CPage.aspx");
return;
}
public void result1()
{
88
int per;
string result=string.Empty;
per = (tca * 100) / tnq;
if (per >= 50)
{
result = "Pass";
}
else
{
result = "Fail";
}
bl.StoreResult(sename, per, result, RegNo);
}
protected void btnOk_Click(object sender, EventArgs e)
{
Response.Redirect("CPage.aspx");
}
BAL
using
using
using
using
System;
System.Linq;
System.Web;
/// <summary>
/// Summary description for ExamBAL
/// </summary>
public class ExamBAL
{
ExamDAL dl = new ExamDAL();
public ExamBAL()
{
//
// TODO: Add constructor logic here
//
}
public int scheduleDetails(string ename)
{
try
{
return dl.ScheduleDetails(ename);
}
catch
{
throw;
}
}
public Tuple<string, string, string, string, string, string> ExamQuestion(string ename, int qno)
{
try
89
return dl.ExamQuestion(ename, qno);

}
catch (Exception)
{
throw;
}
}
public void Terminate(string AppName, string sename, string RegNo)
{
try
{
dl.Terminate(AppName, sename, RegNo);
}
catch
{
throw;
}
}
public void StoreResult(string ename, int per, string result, string regno)
{
try
{
dl.StoreResult(ename, per, result, regno);
}
catch
{
throw;
}
}
DAL
using
using
using
using
using
using
using
System;
System.Linq;
System.Web;
System.Data;
System.Data.SqlClient;
System.Configuration;
/// <summary>
/// Summary description for ExamDAL
/// </summary>
public class ExamDAL
{
90
SqlConnection con = new

public ExamDAL()
{
//
// TODO: Add constructor logic here
//
}
public int ScheduleDetails(string ename)
{
try
{
int tnq;
con.Open();
SqlCommand cmd = new SqlCommand("schedulelist", con);
cmd.Parameters.AddWithValue("@ename", ename);
SqlDataReader dr = cmd.ExecuteReader();
dr.Read();
tnq = Convert.ToInt32(dr["tnq"].ToString());
return tnq;
}
catch (Exception)
{
throw;
}
finally
{
con.Close();
}
}
public Tuple<string,string,string,string,string,string> ExamQuestion(string ename,int qno)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("select * from [" + ename + "] where qno = " +
qno + "", con);
SqlDataReader dr = cmd.ExecuteReader();
dr.Read();
string eques = dr["ques"].ToString();
string eopt1 = dr["opt1"].ToString();
string eans = dr["ans"].ToString();
var t1 = new Tuple<string, string, string, string, string, string>(eques, eopt1, eopt2,
eopt3, eopt4, eans);
return t1;
}
catch (Exception)
{
throw;
91
}
finally
{
con.Close();
}
}
public void Terminate(string AppName,string sename,string RegNo)
{
con.Open();
SqlCommand cmd = new SqlCommand("update [r" + sename + "] set
percentage=0,result='Terminate',Terminate='" + AppName + "' where RegNo=" + RegNo + "",
con);
con.Close();
}
public void StoreResult(string ename,int per,string result,string regno)
{
con.Open();
SqlCommand cmd = new SqlCommand("update [r" + ename + "] set percentage=" + per +
", result='" + result + "' where RegNo= '" + regno + "'", con);
con.Close();
}
}
using
using
using
using
using
using
System;
System.Linq;
System.Web;
System.Web.UI;
public partial class CPage : System.Web.UI.Page

{
{
Label3.Text = Session["name"].ToString();
if (Session["status"] == null)
{
Session["status"] = "Exam completed";
Label2.Text = Session["status"].ToString();
92
}
else
{
Session["status"] = "Exam Completed";
Label2.Text = Session["status"].ToString();
}
}
protected void btnDelete_Click(object sender, EventArgs e)

{
string delExamname = ddlExam.SelectedItem.Text.ToString();
bool status=bal.deleteExam(delExamname);
if (status)
{
Label3.Visible = true;
Label3.Text = "selected exam has been deleted";
}
else
{
Label3.Visible = true;
Label3.Text = "selected exam has not been deleted";
}
}
BAL
public bool deleteExam(string ename)
{
try
{
return dl.deleteExam(ename);
}
catch
{
return false;
}
}
DAL
public bool deleteExam(string ename)
{
try
{
con.Open();
SqlCommand cmd = new SqlCommand("sp_deleteexam", con);
cmd.Parameters.AddWithValue("@ename", ename);
return true;
}
catch (Exception)
{
93
return false;
}
finally
{
con.Close();
}
}
Database table design:

Exam Question table:
Result table:
94
Candidate new registration:
White list table

95
Black list table
SNAPSHOTS
Staff New exam:
96
The above page displays the UserInterface for creating the exam table which
contains the name of the table for storing the questions and the total number of
questions in the table.
97
In this module the staff will be uploading the question paper. Before uploading the
question paper staff will be setting the question pattern.
98
Candidate:
The above page displays the User Interface for candidate login to the application
by providing username and password. If the candidate is new then they need to
register for the application to access.
99
In this user interface the candidate will be allowed to register with his basic
details.
100
Candidate Exam registration:
101
In this module candidate will register for the application first. Then the candidate will be allowed
to see the exam details and the candidate can register for the exam.
102
Online Exam
103
104
EXAM FINISHED SUCCESSFULLY
105
106
107
Staff view Result
108
109
110
Admin Update Exam
111
Admin Deleting Exam
112
Admin View Result
113
Staff Attempts Wrong Password:
114
Staff Account Blocked
115
Future Enhancement:
Secure data store:

In this module the staff will be storing the question paper. Here the data to be stored is
stored by encrypting the given question and retrieved by decrypting the question and answer at
that time of writing the exam.
Staff
Upload question
Student write exam
Decrypt
Encrypt
Store in database
Secure Login:
The security question will be asked even after the login is success. This is to avoid even
the password attempt is success .We can block the hacker even if he knows the password.
After the login
Stay in login page
Security question
If answer matches
Proceed to other process
116
Given Input and expected output:

Secure data store:
Given Input: Staff store exam in encrypted.
Expected output: view the exam after decrypted.
Secure Login:
Given Input: Ask security question and get answer for that question.
Expected output: Enter the answer and to another process.
Advantages:
It makes brute force and dictionary attacks ineffective even for adversaries with access
to large botnets.
Both Human and machine cannot have access to the account if they are not authorized.
Security is enhanced, due to limiting of the login attempts.
Hackers cannot hack the question paper since to access the question paper the hacker need to
login first.
Application:
Banking sector:
We can apply our technique to secure our account from the unauthorized access even if
someone tries to hack up the account it can be prevented.
117
E-Mail
Nowadays hacking up of user email-id is increased dramatically we can prevent it by
applying our technique to secure the authentication process.
Government sector
Most of the government organization websites contains highly secured data which should
be prevented from unauthorized access thus we can apply our technique and secure it.
Conclusion:
Password guessing attacks have been prolonging in this world. To put an end to this we
do this project by using PGRP.PGRP will restrict the number of attempt made by a botnet or a
machine and allowing the legitimate user to have a full secured access over their account. PGRP
appears suitable for organizations of both small and large number of user accounts. PGRP will
also restrict Brute force attack and Dictionary attack, so it enhances a securable use of their
account.
References:
E. Bursztein, S. Bethard, J.C. Mitchell, D. Jurafsky, and C.Fabry,

How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation, Proc. IEEE
Symp. Security and Privacy, May 2010.
118
Password Protected Smart Card and Memory Stick Authentication Against

Dictionary Attacks Yongge Wan, March 3, 2012
Usability of CAPTCHAs Or usability issues in CAPTCHA design
Jeff Yan, Ahmad Salah El Ahmad July 2008
Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern 2010
CAPTCHA: Using Hard AI Problems For Security

Luis von Ahn1, Manuel Blum1, Nicholas J. Hopper, and John Langford May 2003.
Understanding CAPTCHA-Solving Services in an Economic Context

Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy,Geoffrey M.Voelker and
Stefan Savage Aug. 2010.
119

Online Exam Monitoring With Password Resistant Protocol

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Online Exam Monitoring With Password Resistant Protocol

Hochgeladen von

Copyright:

Verfügbare Formate

Online Exam Monitoring With Password Resistant Protocol

Online guessing attacks on password-based systems are inevitable and commonly

Scope of the project:

Password Protected Smart Card and Memory Stick Authentication Against

Author Name: Yongge Wang

Understanding CAPTCHA-Solving Services in an Economic Context

CAPTCHA:Using Hard AI Problems For Security

Usability of CAPTCHAs Or usability issues in CAPTCHA design

Upload the question paper

New user registration

Online Exam and Result

Online Exam and Result:

Register for particular exam

Write the exam

View the Exam Result

Two processes involved in this:

Input and Output Design:

:- Microsoft Visual Studio .Net 2010

:- SQL Server 2005

: Pentium Dual Core 2.00GHZ

: 110 keys enhanced.

Write the exam

Monitor the exam

save into database()

A collaboration diagram show the objects and relationships involved in an interaction,

Data Flow Diagram:

Maintain the Data

Display the Result

Exam Schedule Question and answer

View the Result

Monitor the Online Exam

Register the Exam

Write the Online Exam

Online Exam Result

5.2 FEATURES OF .NET

THE .NET FRAMEWORK

Conversion from a low-level assembler-style language, called Intermediate

COMMON TYPE SYSTEM

COMMON LANGUAGE SPECIFICATION

LANGUAGES SUPPORTED BY .NET

Other languages for which .NET compilers are available include

XML WEB SERVICES

5.2.2 OBJECTIVES OF .NET

It supports 11 languages and 1 specification

5.2.3 COMPONETS OF .NET FRMEWORK

To provide a consistent object-oriented programming environment whether object code is

To provide a code-execution environment that minimizes software deployment and

To provide a code-execution environment that promotes safe execution of code, including

To provide a code-execution environment that eliminates the performance problems of

1. COMMON LANGUAGE RUNTIME

2. BASE CLASS LIBRARY.

Windows GUI applications (Windows Forms).

XML Web services.

5.3 FEATURES OF THE COMMON LANGUAGE RUNTIME

cross language inheritance,

ensures language Interoperability.

Features provided by CLR

New Language features such as inheritance, interfaces etc.

Complete Object-Oriented design.

Very Strong Type Safety.

A good blend of Visual Basic simplicity and c++ power.

Syntax and keywords similar to c and c++.

5.4 AJAX AN OVERVIEW

AJAX (Asynchronous JavaScript And XML) Key Components