Beruflich Dokumente
Kultur Dokumente
WINDHOEK-NAMIBIA
STUDY MANUAL
INTERNET DEVELOPMENT
CODE: BIS - 3316
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
TABLE OF CONTENTS
CHAPTER
PAGE NUMBER
2. CGI scripts. 15
28
110
The Module has margin icons that show the student the objectives, activities,
in-text questions, feedback, further reading, key words and terms, stop and
reflex signs.
Chapter One focuses on HTML basic and writing your first HTML code. Do not
skip this chapter as it gives you an understanding of the basic code upon which
todays websites are built
Chapter Two teaches you how CGI is used in todays active server page design
Chapter Three focuses on web server management
Chapter Four focuses on Active Server Pages and dynamic web page
development
Chapter Five looks Java and Activex controls used in todays web applications
Chapter Six looks at E-commerce issues
Chapter Seven is about how to design an Intranet for an organization and the
benefits of running an organizational Intranet
Chapter Eight looks issues in todays web design environment and languages
involved
This module therefore works as a strong guide to Internet Development, and hence must be
used in collaboration with other recommended textbooks, not as the ONLY source of
information for this exciting subject.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
COURSE OVERVIEW
This tutorial seeks to educate the learner in the area of Internet Development in todays
world and how the internet has become a very important part in todays information
networks. We are in the midst of a swiftly moving river of technology and business innovations
that is transforming the global business landscape. An entirely new Internet business culture
is emerging with profound implications for the conduct of business. You can see this every day
by observing how business people work using high-speed Internet connections for e-mail and
information gathering, portable computers connected to wireless networks, cellular
telephones connected to the Internet, and hybrid handheld devices delivering phone,
Internet, and computing power to an increasingly mobile and global workforce. The more the
consumer needs change the faster the development of new languages used to make the web
pages more responsive and dynamic.
An examination is appropriately set to test you on this critical area of your study.
Demonstrate your ability to write HTML code to design a simple web page
Explain how Active Server Pages Work and their importance in todays dynamic web
development
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
Module Outcomes
Illustrate the key issues of web page design with regard to the balance of
dynamics, performance and aesthetics.
Explain the operation of the World Wide Web and related Internet
technologies
Demonstrate the ability to set up and manage a web server.
As you go through his module you will oftenly see the icons below and what they
mean and they emphasize on what you need to understand or look out for. These
may be objectives, activities, feedback e.t.c as listed in the table below. Take note of
them and know what they mean when you see them. They will assist you in making
your study easier and interesting and also in helping you master the keys concepts
and things to understand in this module.
Further reading
Stop & Reflect - student just have to think about a question, idea,
view, opinion (real life practical examples in Namibian context
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
Objectives
1. HTML
Chapter 1
- Understand HTML as the basis of web page
development
Activity
WWW, World Wide Web, is a system used to find and access different
Internet resources. It uses hypertext to cross-reference or link related
resources anywhere on the Internet.
HTML (Hypertext Markup Language) is the language used by the Web to
define and display its files. These files can contain text, or multimedia. HTML
files are ASCII text files that contain the text to be displayed and the markup
tags that tell how to display them. If you have traveled the Internet and
searched the Web, then you may be interested in creating and authoring
your own web page.
Software
The Internet software you will need for web authoring includes:
Web browser to view a web page, such as Netscape, Internet Explorer,
Mosaic, or even a text browser like Lynx.
Text editor to create the HTML file; such as Notepad or WordPad, etc.
FTP (File Transfer Protocol) program to upload a page. There are
several available for a Mac or a PC.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
Steps to Follow
Creating a page on the Web can be a simple or complex process. However,
the steps are always the same:
Decide what information will be on a page and how that information
will be arranged on the page.
Create the HTML file with the text and commands using any editor.
Test the page in various browsers and on various platforms.
Finally, upload the HTML file to the Web server.
What Will Be on a Page
There are three types of standards to keep in mind when composing a page.
They are:
Technical
Content
Visual
Technical Issues
Technical standards define what links a page should have and what HTML
tags every page should have. Example: Every departmental page should
have a link back to the University of Namibia
Content Issues
Content standards describe what items every page should contain. Example:
Every page should contain the authors name, E-mail address, and the date
of creation.
Visual Issues
Visual standards describe what every page should have for appearances.
Example: It describes the graphics, the format, the layout, and suggested
colors for the background.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
Structural tags:
These are at the beginning and end of an HTML file.
<HTML> </HTML> For an HTML document
<HEAD> </HEAD> For the head section
<TITLE> </TITLE> For the title of the bookmark
<BODY> </BODY> For the body section
Example: <TITLE> My Personal Page </TITLE>
Headings:
There are 6 levels of Headings. Level 1 is the largest font size.
<H1> </H1> Heading level 1
<H2> </H2> Heading level 2
<H3> </H3> Heading level 3
<H4> </H4> Heading level 4
<H5> </H5> Heading level 5
Example: <H2> This is My Personal Page </H2>
Formatting tags:
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
10
Hyperlinks are what the Web is all about. Before you create Hyperlinks, you
need to understand URLs. A URL (Uniform Resource Locator) is a Web
address. Just as you can have two forms of E-mail address, a long and a short
one, you can have two forms of a URL address.
Absolute URL - This is a complete address. Use this if the link refers to
a page or file on another server (computer).
Relative URL - This is a shortened address, without the server name.
Use this if the link is to a page or file on the same server (computer).
Example Absolute URL: http://home.netscape.com/training/chapter1.html
Example Relative URL: chapter1.html
Type of Links:
There are two main types of hyperlinks we will cover in this class:
Link from the current document to beginning of another document.
Link Tags:
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
11
Start Netscape
Go to File and choose Open Page or Open File
Type in the complete address or click Choose File.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
12
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
13
Now that you have created and tested your HTML file, you are ready to
upload the file to your account on the web server. Put all your HTML files in
the same folder or directory on your PC or your MAC before uploading. It is
recommended that you name your personal home page: index.html.
Activity
Activity 1
- What is HTML?
- Why is HTML so important in todays world wide
web
- Design a simple webpage for your department or
faculty to display the department name and the
courses offered as well as the minimum
requirements in order to qualify to study for that
course
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
14
Feedback
Feedback Activity 1
- Hypertext Text Management Language
- HTML is the basis upon which every web page is
built. Web browsers interpret the HTML code in
order to display contents of a web page correctly
- HTML
- WWW
- links
Key Words/Terms
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
15
2. Understanding CGI
Chapter 2
- Define CGI
- Understand the importance and place of CGI in
dynamic webpage development
Objectives
16
Netscape browsers don't support VBScripts and ActiveX, so most of the sites
are not using them in the client-side. Other technologies like ASP or PHP can
be used instead of CGI. ASP and PHP are lot easier than CGI. But ASP can be
used only in a Windows-NT server and UNIX servers can't support them. PHP
needs much programming knowledge but it's a good alternate for CGI, which
is also beyond the scope. We can use Java applets, but speed would be a
problem with Java applets since they are also client-side and there are some
security concerns about Java applets. So, we prefer CGI scripts, though it's
not an easier one. We can look forward to some other technology, which can
do better than all of these technologies in the future.
One main reason why we prefer CGI is they are free and it's the ultimate
choice for UNIX and Apache web servers.
CGI is the supporting program to process the data entered in the form.
Server-side data-processing aspects of forms are not part of the HTML
standard. They are defined by the server's software. The CGI behind this
form creates an E-mail message by copying each form field's contents to a
separate line. It mails the information to the specified E-mail address.
Mailto:
Mailto forms allow the programmer to set up a form such that all data
collected from the form will be e-mailed to you or another e-mail address in
simple text format. The data is not processed at all. This is a simpler method
than the CGI format but can be more problematic because the user filling out
the form must have their browser correctly set up to send e-mail. Therefore it
is recommended that if your site is housed on an OU server you use the CGI
method, but if it is a site at another server it is easier to use the Mailto
method.
Initiating the HTML File
Click the Start button, trace to Programs option, then trace to
Accessories, and click on Notepad to open it. Once in the Notepad
program, enter the following commands to start an HTML document: Create
your HTML file so that it looks something like this. The HTML tags do not
have to be in uppercase. The spacing between commands is up to you.
However, the spacing within the brackets is important.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
17
<HTML>
<HEAD>
<TITLE> Web Form </TITLE>
</HEAD>
<BODY>
There will be a form here soon.
</BODY>
</HTML>
Now we need to save the file as an HTML file. To do this click on the File
menu and then choose Save As. Choose where you want to save the file. In
this class we will be saving to the Public folder for convenience. Then choose
a File Name to save it as. The name must end in .htm or .html. Next select
the down arrow next to the Save as Type. Choose All Files. Finally click on
the Save button.
Now we will see what our HTML file will look like in a web browser. First we'll
open Internet Explorer by clicking on the blue "E" on the Desktop, or under
Programs in the Start menu choose Internet Explorer.
Once in Internet Explorer open your file. Click on File in the top left corner,
then on Open, and then on Browse. Navigate to the Public file folder by
double clicking it or highlighting it and choose your file. Click Open. You will
see this:
"There will be a form here soon."
Throughout this class we will be making a series of changes to our HTML
document, saving that document, then looking at it in the browser to see if
those changes yielded the desired results. This is an important part of the
web design: learning how to make changes and saving those changes, then
checking to see what the new changes look like, then making more changes.
Composing the Form
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
18
We'll compose our form assuming it is for an O.U. web page, using the
generic CGI. The command <FORM> initiates a form section of a web pages
and </FORM> ends that section. To begin a form we must tell the browser to
send the information that a user enters into to a CGI script file and tell where
that file is. We do that with the ACTION attribute:
<FORM action="http://.students.ium.edu/htbin/genform.com">
Another attribute of the FORM tag is the METHOD, which is how the form
input will be sent to the gateway. The method can be either "get" or "post".
Post means to send the form entry results as a e-mail document. This is the
most common method. Get is usually used with search engines. However,
this is the method used by the OU CGI script. So the FORM command would
look like this:
<FORM action="http://students.ium.edu/htbin/genform.com"
method="get">
Next we must input the code to send the information from the form to the
appropriate e-mail address. This is done with:
<INPUT type="hidden" name="mailto" value="youremail@ium.edu">
The Type="hidden" attribute hides this from the user. The name="mailto"
attribute names this Input tag. The value="youremail@ium.edu" attribute tell
the CGI program where to send the information from the form. So now our
HTML Form commands should look like:
<BODY>
<FORM action="http://students.ium..edu/htbin/genform.com"
method="get">
<INPUT type="hidden" name="mailto" value="youremail@ium.edu">
</FORM>
</BODY>
Input Limitations
Text fields are limited to single lines. If you attempt to use multi-line
text fields, any time a user enters more than 255 characters, none
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
19
of them will be transcribed into the E-mail you receive. You can work
around this limitation by also including a standard mailto link.
Every field is limited to a maximum length of 80 characters!
The total number of fields defaults to 20. If you want to change this,
you must include a hidden field specifying the number of fields your
form uses.
The names of the visible fields for data entry must be a lower case
letter "f" followed by two or three digits from 01 to 999, inclusive.
If you include fields numbered beyond 20, you must include a hidden
form-field named "maxlines" with value equal to the highest field
number used.
You must include a valid E-mail address in the hidden form-field named
"mailto"!
You may choose to provide an absolute URL in the hidden form-field
named "nexturl" and appropriate link text in the hidden form-field
named "nextname". If you do, they will be used to construct the return
link.
The visible fields can be text, radio-button, check-box, or pop-upselection. Value for these fields must be at most 80 characters.
The hidden form-field named "subject" is optional but strongly
recommended; it identifies the Web page where the E-mail originates.
If you do not use a particular field, or if the user leaves a field blank, a
blank line will be included at that place in the message.
You do not have to number the fields sequentially. You should organize
the form in a way that will be logical and convenient for the user and
number the fields so that the resulting e-mail will be easiest for the
recipient to use.
Activity 2
- Why is CGI important to Web Development?
- Why do web pages need to be dynamic in todays
world?
Activity
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
20
Input Text
To create a single line of text for the user to enter we use the Input
command, with the Type attribute equal to Text. For example:
<INPUT type="text">
That will create a box for text input. Using the IUM CGI we have to name the
input command appropriately:
<INPUT type="text" name="f01">
Then when the form is mailed to us we will get a line that say f01= whatever
they entered in that text box. If we wanted something in the text box for the
user to overwrite we would use the Value attribute. For example:
<INPUT type="text" name="f01" value="(###) ###-####">
(###) ###-####
The size of the text box can also be changed. To do this we use the Size
attribute. The default size is 20. Here are some options, but remember that
using IUMs CGI script we can not go above size=80.
<INPUT type="text" name="f01" value="(###) ###-####" size="14">
<INPUT type="text" name="f01" size="30">
Now that we've seen a few text line options, let's make some changes to our
HTML document and see what it looks like.
<FORM action="http://students.ium.edu/htbin/genform.com"
method="get">
<INPUT type="hidden" name="mailto" value="youremail@ium.edu">
What is your Name? <INPUT type="text" name="f01" size="20"> <BR>
What is your Phone Number? <INPUT type="text" name="f02"
value="(###) ###-####"> <BR>
Do you like my web page? <INPUT type="text" name="f03" size="10">
</FORM>
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
21
The new command above is <BR> for Break. It is like hitting the enter key.
The different text lines in our form will now be on separate lines.
Checkboxes
Checkboxes are an option on a form that allows users to select a line of text
in an on/off yes/no method. On screen they appear as a small box that either
has a check in it or does not. The command for a checkbox is as follows.
<INPUT type="checkbox" name="f11" value="checkbox a">
Checkboxes can be checked by default with the addition of the keyword
CHECKED in the INPUT tag. Here is an example.
<INPUT type="checkbox" CHECKED name="f12" value="checkbox b">
Now we put the two tags together and add some text afterward like this:
<INPUT type="checkbox" name="f11" value="checkbox a">This is a
checkbox.
<P>
<INPUT type="checkbox" CHECKED name="f12" value="checkbox b"> This
is a checkbox that is automatically checked.
Option Select Lists
These lists are drop-down windows in which a user selects a choice from a
list of options selected by the programmer. The code for an option select list
with three choices follows.
<SELECT type="text" name="f05" size=1>
<OPTION value="first">Your first choice
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
22
23
Location=Namibia Form
When using the OU CGI form, the Hidden type is needed by the CGI program
stating where to send the data from the form. For example,
<INPUT type="hidden" name="mailto" value="youremail@ium.edu">
Reset and Submit Buttons
The Reset button allows the user to clear the data they have entered in the
form and start fresh. These buttons are created with the INPUT command
and the TYPE and VALUE features. The INPUT starts the tag. The TYPE is
either Reset or Submit. The VALUE is the words that you want to appear in
the box. Standard reset and submit buttons are as follows.
<INPUT type="reset" value="clear fields">
<INPUT type="submit" value="submit">
clear fields
submit
The &NBSP command means non-breaking space and is just a way to space
your buttons better.
Mailto Forms
If you want to make a form on a web page that is not on an OU server and do
not have access to your servers CGI programs you can use the "mailto"
method. If available the CGI method is preferred as the user accessing your
page must have their mail preferences set up correctly for the mailto form
data to successfully reach you. However the mailto form does allow for more
freedom than the IUM generic CGI script.
The best advantage of the mailto form over the OU script is that the OU
script has length and character limitations and the mailto form allows text
areas, not just single lines for text. The mailto form is initiated with the
following command.
<FORM method="post" action=youremail@ium.edu enctype="text/plain"
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
24
Password
This feature allows the user to enter a password that does not appear on
screen but will be sent to you. The command for the password is similar to a
text line and can be edited the same way. Please enter your password.
<INPUT type="password" name="UserPass">
Textarea
This command allows you to generate a text box on your form for user input,
not just a line of wrapping text. The basic command for this is:
<TEXTAREA name="anyname">
</TEXTAREA>
We can edit this by adding more attributes within the tag. Columns and rows
can be described. Also text added between the starting and ending Textarea
tags appear within the text box. This text is formatted exactly as typed
including tabs, spacing and returns. Below is an example of this. Please add
any comments you may have about this form class here
<P>
<TEXTAREA name="Comments" rows="9" cols="44">
Constructive criticism carries more clout than negative does.
Tabs and returns work within TEXTAREAS.
</TEXTAREA>
Constructive criticism carries
more clout
than negative does.
Tabs and
returns work within TEXTAREAS.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
25
Submit Image
Earlier we learned how to create a submit button on the form. We also saw
how to edit the text within that submit button. Now we will learn how to use
an image instead of a button to send the form. Note, you can only make a
Submit button, not a Reset image button.
<INPUT type="image" src="submit.gif">
SUBMIT
Saving
Every time changes have been made to your simple text documents they
should have been saved. The method to save as an HTML file has been
discussed earlier. To save you would go to the File menu and choose Save or
Save As. Make sure that the file extension (ending) is .htm or .html
26
<FRAME SRC="pageone.html">
<FRAME SRC="pagetwo.html">
</FRAMESET>
</HTML>
In this FRAMESET tag we tell the browser to split the window vertically with
the attribute COLS. There will be two pages shown. The first one taking up
25% of the screen, and the second one taking up the remainder of the
screen. To split the window horizontally, use the ROWS attribute.
<FRAMESET ROWS="75%,*">
<FRAME SRC="pageone.html">
<FRAME SCR="pagetwo.html">
</FRAMESET>
We also need to tell the browser the names (URLs) of the web pages to go
into the separate windows. The FRAME command tells the browser the
location of the page to be viewed in a particular frame. The first page source
will be displayed on the left column or the top row and the remaining pages
will follow.
Frames can be used as a navigational tool for the users to browse through
our pages. To do this we need to create several web pages. One page to hold
the navigational links on the left, one as the default page and a couple to
practice navigating. First, to generate the page that tells how to set up the
frames, enter the following. Save this file as "Frame.html".
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
27
<HTML>
<HEAD>
<TITLE>Start Frames </TITLE>
</HEAD>
<FRAMESET COLS="20%,*">
<FRAME SRC="Contents.html">
<FRAME SRC="Default.html" name="main">
</FRAMESET>
</HTML>
This will create the main page that will hold our other pages in its frames.
Naming the second, or right hand window frame "main" will allow us to
switch this frame for others depending on which link our users click on. Now
we need to create a page that will be held in the larger right window as the
default before the user selects which page to view. Enter the following text.
Save this file as "Default.html".
<HTML>
<HEAD>
<TITLE> My Default Page </TITLE>
</HEAD>
<BODY bgcolor="white">
<FONT size=6 color="blue">
<CENTER>
This is my main page.
<P> From here you will be able to navigate to my different sites by choosing
my links on the left.
</CENTER>
</BODY>
</HTML>
Now we need to create the Contents page. This page will be seen in the first
or left hand window. Enter the following into Notepad and save as
"Contents.html".
<HTML>
<HEAD>
<TITLE> My Contents Page </TITLE>
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
28
</HEAD>
<BODY BGCOLOR="yellow">
<B> Pick An Animal </B>
<P><A HREF="dog.html" TARGET=main>DOG</A>
<P><A HREF="cat.html" TARGET=main>CAT</A>
<P><A HREF="bird.html" TARGET=main>BIRD</A>
<P>
</BODY>
</HTML>
Within each anchor tag notice the "TARGET=main" addition. This tells the
browser to put the page signified by the link address into the Frame named
"Main". You may choose any name you wish, but it must match. Please copy
them and the images with the same names, to wherever your html file is
located. Once all this is done, you should get the following
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
29
Feedback
Feedback Activity 2
- "Common Gateway Interface, is a specification, which allows web
users to run programs from their computer. CGI programs usually take
input passed to it from a form on a web page, process the information,
and then formats the results as a HTML document. The result is a web
page that is generated dynamically. The common choice for writing
and processing CGI is Perl, or "Practical Extraction and Reporting
Language".
- Dynamic WebPages collect data from the user and give response to
the user by interacting with Databases which contain information.
- CGI
- Server Side Scripting
Key Words/Terms
"Common Gateway Interface, is a specification, which allows web users to run programs from their
computer. CGI programs usually take input passed to it from a form on a web page, process the
information, and then formats the results as a HTML document. The result is a web page that is
generated dynamically. The common choice for writing and processing CGI is Perl, or "Practical
Extraction and Reporting Language".
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
30
Chapter 3
- Understand the use and importance of web servers in managing and
running websites
- Familiarise with different common web servers on the internet
Objectives
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
31
The left pane represents the various websites, FTP sites, and SMTP virtual
servers. When an item in the left pane is selected, the contents are displayed
in pane on the right hand side.
In the above screenshot, there is one website (called "Default Web Site"),
one FTP site (called "Default FTP Site"), and one SMTP virtual server (called
"Default SMTP Virtual Server").
You can right click on an item to display it's properties. For example, you can
right click on "Default Web Site" to display (and configure) the properties of
that website.
Purpose of a Web Server?
If you maintain your own web site you need to install a web server on your
own development machine. That way you can configure your development
environment to be closer to your live environment. Also, if you intend to use
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
32
Further
Reading
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
33
Your local website behaves more like the live one. For example, you
can configure directory security, test your custom error pages etc
before commiting them to the production environment.
Allows you to standardize your coding. For example, you can use rootrelative paths for your image references and hyperlinks (i.e.
"/directory/image.gif"). In other words, your paths can represent the
website structure, rather than the directory structure of your computer.
Knowledge. The knowledge you gain from using your own web server
will help you understand how it works in the live environment. This will
most certainly help you when you need to communicate with your
hosting provider - you'll be able to use terminology that makes it easier
for them to understand your request/issue.
34
you can simply double click on the HTML file, and this will launch it in their
web browser. And from that point on, they can view their web page/website
as it was intended to be viewed.
Here are some examples of what the URL could look like when viewing a web
page without a web server:
file:///C:/Documents%20and%20Settings/Homer%20Simpson/My
%20Documents/index.html
file:///C:/Inetpub/wwwroot/index.html
These examples are using the file protocol in order to display the files.
Viewing HTML Files with a Web Server
One problem with the above method is that, you're not viewing the website
using the HTTP protocol (you're using the file protocol instead).
Now, this isn't normally a problem if you're only using client side languages
such as HTML, CSS, and client-side JavaScript. But it is a problem if you're
trying to use a server-side language such as PHP, ColdFusion etc. Also, even
if you're not using a server-side language, it could still cause you problems
with developing a website that behaves exactly how it should on the web.
When you view a web page via a web server, the URL begins with "http://".
Also, the URL will consist of either an IP address or a domain name/host
name.
Here are some examples of what the URL could look like when viewing a web
page via a web server:
http://127.0.0.1
http://localhost
http://www.bible.com
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
35
http://dev.ucb.com
When you first set up a web server, you can usually navigate to your default
web site using http://localhost or http://127.0.0.1. When you add more
websites, you'll need to create your own URLs for them (via a DNS server or
Hosts file), then assign that URL to your websites via your web server.
There are many advantages to using a web server within your development
environment. Of course, in a production hosting environment, a web server is
essential. And, depending on your website, a web server could indeed be
essential in your development environment.
In practice, you could have many copies of your website for different
purposes (such as testing, training, prototypes etc), but let's just call it
"development environment" for now.
Here are some advantages of using a web server within your development
environment:
Your local website behaves more like the live one. For example, you
can configure directory security, test your custom error pages etc
before committing them to the production environment.
Allows you to standardize your coding. For example, you can use rootrelative paths for your image references and hyperlinks (i.e.
"/directory/image.gif"). In other words, your paths can represent the
website structure, rather than the directory structure of your computer.
Knowledge. The knowledge you gain from using your own web server
will help you understand how it works in the live environment. This will
most certainly help you when you need to communicate with your
hosting provider - you'll be able to use terminology that makes it easier
for them to understand your request/issue.
36
When someone learns how to code HTML, chances are, one of the first things
they learn to do is how to view their (newly created) HTML file. They will
learn that you can simply double click on the HTML file, and this will launch it
in their web browser. And from that point on, they can view their web
page/website as it was intended to be viewed.
Here are some examples of what the URL could look like when viewing a web
page without a web server:
file:///C:/Documents%20and%20Settings/Homer%20Simpson/My
%20Documents/index.html
file:///C:/Inetpub/wwwroot/index.html
These examples are using the file protocol in order to display the files.
Web Servers Features
There's a common set of features that you'll find on most web servers.
Because web servers are built specifically to host websites, their features are
typically focused around setting up and maintaining a website's hosting
environment.
Most web servers have features that allow you to do the following:
Create one or more websites. (set up the website in the web server, so
that the website can be viewed via HTTP)
Configure log file settings, including where the log files are saved, what
data to include on the log files etc. (Log files can be used to analyse
traffic etc)
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
37
Create an FTP site. An FTP site allows users to transfer files to and from
the site.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
38
Activity 3
- What is the purpose of a web server?
Activity
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
39
40
Feedback
Feedback Activity 3
- A web server is a piece of software that enables a website to be
viewed using HTTP. HTTP (HyperText Transfer Protocol) is the key
protocol for the transfer of data on the web. You know when you're
using HTTP because the website URL begins with "http://" (for
example, "http://www.bible.com").
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
41
Multiple Websites
A web server can (and usually does) contain more than one website. In fact,
many hosting companies host hundreds, or even thousands of websites on a
single web server. Each website is usually assigned a unique IP address
which distinguishes it from other websites on the same machine. This IP
address is also what the DNS server uses to resolve the domain name.
It is also possible to configure multiple websites without using different IP
addresses using host headers and/or different ports. This can be useful in a
development environment and is quite easy to do.
Page Not Found
If the requested page isn't found, the web server sends the appropriate error
code/message back to the client.
You can create user friendly error messages, then configure your web server
to display that page instead of the usual error page. This can add a nice
touch to your website. How many times have you (or even worse, your
visitors) encountered a plain white page with some cryptic error message on
it. It's very easy to create custom error pages, then configure your web
server to use them.
Default Documents
If you've ever created a website, you may have found that if you have an
"index" file (index.html for example), you don't need to specify the name of
the file. For example, the following URLs both load the same page:
1. http://www.linux.com/html/tutorial
2. http://www.linux.com/html/tutorial/index.cfm
In this example, "index.cfm" is the default document. You can configure your
web server so that any file name can be the default document. For example,
you could configure your web server to use "index.cfm" in the event no
filename has been specified, or if you use PHP, "index.php". You could even
specify different default documents for different directories if you like.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
42
SSL Certificates
You can apply SSL certificates against a website via the web server. First you
need to generate the certificate either by yourself (i.e. using a certificate
generator), or by a Certificate Authority (CA). Then, once it has been
generated, you apply it to your website via your web server. Applying an SSL
certificate to a website is a straight forward task.
Once you've applied an SSL certificate against a website, you can navigate it
using HTTPS (as opposed to HTTP). HTTPS encrypts any data that is
transferred over the internet. This reduces the possibility of some malicious
person being able to read your users' sensitive information.
To navigate a website using HTTPS, you simply replace the HTTP with HTTPS
at the start of the URL in your browsers' location bar
("https://www.bible.com")
Web Servers - Examples
Apache HTTP Server
Apache HTTP Server (also referred to as simply "Apache") has, at the time of
writing, been the most popular web server on the web since 1996. Apache is
developed and maintained by the Apache Software Foundation, which
consists of a decentralized team of developers. The software is produced
under the Apache licence, which makes it free and open source.
Apache is available for a range of operating systems, including Unix, Linux,
Novell Netware, Windows, Mac OS X, Solaris, and FreeBSD.
Apache HTTP Server website: http://httpd.apache.org
Microsoft Internet Information Services (IIS)
IIS is, at the time of writing, the second most popular web server on the web.
It is however, gaining market share, and if the current trend continues, it
won't be long before it overtakes Apache.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
43
- Web Server
- Web Browser
- HTTP
Key Words/Terms
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
44
Chapter 4
- Understand Active Server Pages and why they are important to
Dynamic Web Page implementation
Objectives
Active Server Pages (ASPs) are Web pages that contain server-side scripts in
addition to the usual mixture of text and HTML (Hypertext Markup Language)
tags. Server-side scripts are special commands you put in Web pages that
are processed before the pages are sent from your Personal Web Server to
the Web browser of someone who's visiting your Web site. . When you type a
URL in the Address box or click a link on a Web page, you're asking a Web
server on a computer somewhere to send a file to the Web browser
(sometimes called a "client") on your computer. If that file is a normal HTML
file, it looks exactly the same when your Web browser receives it as it did
before the Web server sent it. After receiving the file, your Web browser
displays its contents as a combination of text, images, and sounds.
In the case of an Active Server Page, the process is similar, except there's an
extra processing step that takes place just before the Web server sends the
file. Before the Web server sends the Active Server Page to the Web browser,
it runs all server-side scripts contained in the page. Some of these scripts
display the current date, time, and other information. Others process
information the user has just typed into a form, such as a page in the Web
site's guestbook.
To distinguish them from normal HTML pages, Active Server Pages are given
the ".asp" extension.
What Can You Do with Active Server Pages?
There are many things you can do with Active Server Pages.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
45
You can display date, time, and other information in different ways.
You can make a survey form and ask people who visit your site to fill it
out, send emails, save the information to a file, etc
46
at the point where you want it to appear. When you view the page in your
browser, you should see something like this:
Thu, Jan 23, 1997
Note: Even though "=date" is a short script, it's actually made up of two
parts. The "date" part tells the server, "Get me the date." The equal sign (=)
tells the server to display the date in the Web page. If you typed just:
<% date %>
the server would get the current date from your system, but that's all. It
wouldn't display it. There are times when it makes sense to use an ASP
function without the equal sign.
Time
To display the current time by itself, type:
<% =time %>
where you want it to appear. When you view the page, you should see
something like this:
4:19:46 PM
Now (Date and Time)
To display the current date and time, type:
<% =now %>
where you want them to appear. When you view the page, you should see
something like this:
1/23/97 4:19:46 PM
Changing the Way Date and Time are Displayed
You can also use Active Server Pages (ASP) functions to customize the way
the current date and time are displayed on your Web page. To do this, use
the now function together with the following formatting functions.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
47
where you want it to appear. When you view the page in your browser, you'll
see a 1 if the current month is January, 2 if it's February, and so on.
To display the name of the current month, type:
<% =monthname(month(now)) %>
where you want it to appear. When you view the page, you'll see a number
between 1 and 31.
Year
To display the current year, type:
<% =year(now) %>
When you viewed the page, you would see something like this:
23/1/1997
You can change this so only the last two digits of the year are displayed, like
this:
23/1/97
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
48
where you want it to appear. When you view the page in Internet Explorer,
you'll see a 1 if today is Sunday, 2 if it's Monday, and so on.
To display the day of the week by name, type:
<% =weekdayname(weekday(now)) %>
where you want it to appear. The hour function is based on a 24-hour clock.
When you view the page, you'll see a number between 0 and 23.
To display just the minutes part of the current time, type:
<% =minute(now) %>
where you want it to appear. When you view the page, you'll see a number
between 0 and 59.
To display just the seconds part of the current time, type:
<% =second(now) %>
where you want it to appear. When you view the page, you'll see a number
between 0 and 59.
Example
Try typing this into a Web page:
The time is <% =time %>. That means it's <% =minute(now) %>
minutes past <% =hour(now) %> o'clock.
When you view the page in Internet Explorer, you should see something like
this:
The time is 1:36:05 PM. That means it's 36 minutes past 13 o'clock.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
49
Remember, the hour function is based on a 24-hour clock. Later we'll see
how to convert from the 24-hour clock to a 12-hour clock.
Timevalue
You probably won't ever use the timevalue function. It takes the different
ways you can write the time, such as "2:24PM" and "14:24," and returns
them in this format: "2:24:00 PM." This can be useful if you're using a
function that needs to be given the time in that exact format.
Example
Earlier in this section we saw how you can use the hour, minute, and second
functions to break up the time into hours, minutes, and seconds. With the
timevalue function, you can put them back together. Type this into a Web
page:
When it's 23 minutes and 5 seconds past 4 o'clock in the afternoon,
that means it's <% =timevalue("16:23:05") %>.
This is the same as <% =timevalue("4:23:05PM") %>
or <% =timevalue("16:23:05PM") %>.
Make sure you type "16:23:05PM" and not "16:23:05 PM." The "05" and the
"PM." should be run together, not separated by a space. When you view the
page in Internet Explorer, you should see:
When it's 23 minutes and 5 seconds past 4 o'clock in the afternoon, that
means it's 4:23:05 PM. This is the same as 4:23:05 PM or 4:23:05 PM.
Displaying Text
len
The len function tells you how many characters are in a word or sequence of
words. (The name "len" is an abbreviation of "length.") All characters are
counted, including the space character. For example, to find the length of the
sentence "The cat is on the mat," type this into a Web page:
There are <% =len("The cat is on the mat.") %> characters in
"The cat is on the mat."
When you view the page in Internet Explorer, you should see this:
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
50
This line takes the last six letters of the word "pineapples," which make up
the word "apples." Then it takes the first five letters of the word "apples,"
which make up the word "apple."
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
51
When you view this page in Internet Explorer, you should see this:
apples apple
Then try typing this into a Web page:
<% =left("pineapples", 9) %> <% =right(left("pineapples", 9), 5) %>
This line takes the first nine letters of the word "pineapples," which make up
the word "pineapple." Then it takes the last five letters of the word
"pineapple," which make up the word "apple."
When you view this page, you should see this:
pineapple apple
Cool Things You Can Do with Date, Time, and Text
Here are some examples of interesting things you can do with date, time,
and text functions.
Link of the Day
What if you wanted to have a link that pointed to a different page every day
of the week? Here's how you can do that. First, choose the pages (HTML files)
on your Web site that you want your link to point to. Name them
"Sunday.htm," "Monday.htm," and so on. (If you don't have seven different
HTML files, you can copy some of the files or make aliases on your Macintosh
to them. The important thing is that there has to be one file or alias for every
day of the week.)
To make the link, type
<a href= <% =weekdayname(weekday(now)) %>.htm>Link of the Day</a>
where you want it to appear. When you click this link in Internet Explorer, it
will take you to today's page.
Another Way to Display Today's Date
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
52
Now when you view the page, you should see something like this:
23/1/97
Another Way to Display the Time
In an earlier example, we wrote a server-side script to display the current
time in words, such as: "The time is 36 minutes and 5 seconds past 13
o'clock." This script used the ASP hour function, which returns just the hour
part of the current time, based on a 24-hour clock.
In this example, we'll see how to change 24-hour clock times such as "13
o'clock" to 12-hour clock times ("1 o'clock PM"). To do this, we'll need to
make the server-side script that uses the hour function a little more
complicated. Instead of
<% =hour(now) %> o'clock
we'll need to write a script that looks at the hour and does one of the
following:
If the hour is between 1 and 11, the script doesn't change it, but it
displays "AM" after "o'clock."
If the hour is between 13 and 23, the script subtracts 12 (to make it a
number between 1 and 11) and displays "PM" after "o'clock."
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
53
The script is shown below. It isn't written quite the way a programmer would
write it, but it works, and it's fairly easy to understand, since it follows the
items in the bulleted list above exactly.
The hour is
<% if hour(now) = 0 then %>
midnight.
<% end if
if hour(now) = 12 then %>
noon.
<% end if
if (hour(now) >= 1) and (hour(now) <= 11) then %>
<% =hour(now) %> o'clock AM.
<% end if
if (hour(now) >= 13) and (hour(now) <= 23) then %>
<% =hour(now) - 12 %> o'clock PM.
<% end if %>
If you type (or better yet, cut-and-paste) this script in a Web page, when you
view the page, you should see something like this:
The hour is 4 o'clock PM.
Stop/Reflect
- In a Namibian Context, identify any type of organisations that will need
to make use of dynamic webpages?
- Identify organisation which will need to have fairly static webpages on
their web sites.
Stop/Reflect
54
The default scripting language used for writing ASP is VBScript, although you can use other scripting
languages like JScript (Microsoft's version of JavaScript).
ASP pages have the extension .asp instead of .htm, when a page with the extension .asp is requested
by a browser the web server knows to interpret any ASP contained within the web page before
sending the HTML produced to the browser. This way all the ASP is run on the web server and no ASP
will ever be passed to the web browser.
Any web pages containing ASP cannot be run by just simply opening the page in a web browser. The
page must be requested through a web server that supports ASP, this is why ASP stands for Active
Server Pages, no server, no active pages.
As ASP was first introduced by Microsoft on it's web server, Internet Information Services (IIS), that
runs on all versions of Windows from NT4, including Windows 7, Vista, XP Pro, and Windows Server
OS's like Windows 2000, 2003, 2008, it is this web server that ASP pages usually run best on.
For those of you running Windows and wish to play around with ASP on your own system you will need
to install Microsoft's Internet Information Services (IIS). Lucky IIS or its micro version Personal Web
Server (PWS) comes free with Windows.
For Windows users you can find Internet Information Services (IIS) or Personal Web Server (PWS) in
the following places:
Windows NT4/95 - You can get hold of IIS by downloading the NT4 Option Pack from Microsoft
(don't be fooled by the name as it also runs on Windows 95).
Windows ME - IIS and PWS are not supported on this operating system.
Windows XP Home Edition - IIS and PWS are not supported on this operating system.
55
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
56
8. Once the 'Internet Information Services' console is open you will see any IIS web services you have
running on your machine including the SMTP server and FTP server, if you chose to install them with
IIS.
9. To add a new virtual directory right click on 'Default Web Site' and select 'New', followed by 'Virtual
Directory', from the drop down list.
7. Next you will see the 'Virtual Directory Creation Wizard' from the first screen click the 'next' button.
9. You will then be asked to type in an 'Alias' by which you will access the virtual directory from your
web browser (this is the name you will type into your web browser after 'localhost' to view any web
pages you place in the directory).
10. Next you will see a 'Browse...' button, click on this to select the directory your web site pages are
in on your computer, after which click on the 'next' button to continue.
11. On the final part of the wizard you will see a series of boxes, if you are not worried about security
then select them all, if you are and want to run ASP scripts then check the first two, followed by the
'next' button.
12. Once the virtual directory is created you can view the web pages in the folder by typing
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
57
'http://localhost/aliasName' (where 'aliasName' is, place the alias you called the virtual directory) into
the address bar of your web browser (you can substitute 'localhost' for the name of your computer if
you wish).
If you are reading this page then I shall assume that you are new to Classic ASP and want to create
your first dynamic ASP web page. Before we can begin please make sure you have installed IIS
(Internet Information Services) on your system as you need one of these web servers to be able to
view a page containing ASP (just opening the page in your web browser by double-clicking on the
page will NOT work).
For those that do not wish to mess around attempting to install IIS (Internet Information Services) on
their own computer there are many hosting companies. Right, now we have got that out the way we
can begin creating your first ASP page. In this module we are going to display the classic 'Hello World'
text in an web page as well as the time on the web server.
As ASP is going to be displayed as part of a web page we first need to create an HTML web page, open
up your favourite text editor and type the following.
<html>
<head>
<title>My First ASP Page</title>
</head>
<body bgcolor="white" text="black">
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
58
Next we can begin writing some ASP. Any ASP needs to be placed in between the tags, <% ........
%>, to indicate server-side script. In this next part we will start the server side script tag and create
a variable to hold the text 'Hello World'.
<%
'Dimension variables
Dim strMessage
Notice I haven't given the variable 'strMessage' a data type, this is because VBScript only has variant
as a data type.
Now we have created a variable were going to give it the value 'Hello World'.
Once the variable has a value we can now display the contents of the variable in the HTML by using
the ASP 'Response.Write' method to place the contents of the variable into the HTTP stream.
Next we shall use the 'Response.Write' method to write a line break into the HTML to create a new line
before displaying the server time.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
59
Again using the 'Response.Write' method and the VBScript function 'Time()' we shall now display the
server time on the HTML page and close the serer side script tag as we have finished using ASP in this
part of the web page.
'Write the server time on the web page using the VBScript Time() function
Response.Write ("The time on the server is: " & Time())
'Close the server script
%>
Finally we need to finish the HTML web page by closing the body tag and the HTML tag.
</body>
</html>
Next, call the file, 'my_first_asp_page.asp' (don't forget the '.asp' extension) and save the file to a
directory accessible through your web server (this will usually be, 'c:\inetpub\wwwroot', on IIS or PWS
with a default install).
To display the page open your web browser and type 'http://my_computer/my_first_asp_page.asp',
where 'my_computer' is replace this with the name of your computer.
And that's about it, you have now created your first dynamic ASP web page!
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
60
You now need to create 3 fields for the database and select their data types.
Field 1 needs to be called 'ID_no' and have the data type of 'AutoNumber'. Also set this field as the
primary key.
Field 2 needs to be called 'Name' and have the data type of text.
Field 3 needs to be called 'Comments' and also has the data type of text, but this time you need to
change the default field size of 50 to 100 characters under the 'General' tab in the 'Field Properties'
box at the bottom of the screen.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
61
Once all the field's have been created and the data types and primary key set, save the table as
'tblComments'.
Now the table has been created you need to enter some test data into the table. You can do this by
double-clicking on the new table (tblComments) in the main dialog box. From here you can enter
some test data. I would recommend entering at least 3 pieces of test data.
<html>
<head>
<title>My First ASP Page</title>
</head>
<body bgcolor="white" text="black">
Next we can begin writing the ASP to connect to the database. First we need to create the variables
that we are going to use in the script.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
62
<%
'Dimension variables
Dim adoCon
'Holds the Database Connection Object
Dim rsGuestbook 'Holds the recordset for the records in the database
Dim strSQL
'Holds the SQL query to query the database
Next we need to create a database connection object on the server using the ADO Database
connection object.
Now we need to open a connection to the database. There are a couple of ways of doing this either by
using a system DSN or a DSN-less connection. First I am going to show you how to make a DSN-less
connection as this is faster and simpler to set up than a DSN connection.
To create a DSN-less connection to an Access database we need tell the connection object we created
above to open the database by telling the connection object to use the 'Microsoft Access Driver' to
open the database 'guestbook.mdb'.
You'll notice the ASP method 'Server.MapPath' in font of the name of the database. This is used as we
need to get the physical path to the database. Server.MapPath returns the physical path to the script,
e.g. 'c:\website\', as long as the database is in the same folder as the script it now has the physical
path to the database and the database name.
If on the other hand you want to use a slower DSN connection to the database then you will need to
replace the line above with the one below.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
63
Next create an ADO recordset object which will hold the records from the database.
To query a database we need to use SQL (Structured Query Language). In the next line we initialise
the variable 'strSQL' with an SQL query to read in the fields 'Name' and 'Comments' form the
'tblComments' table.
'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblComments.Name, tblComments.Comments FROM tblComments;"
Now we can open the recordset and run the SQL query on the database returning the results of the
query to the recordset.
Using a 'Do While' loop we can loop through the recordset returned by the database while the
recordset is not at the end of file (EOF). The 'Response.Write' method is used to output the recordset
to the web page. The 'MoveNext' method of the recordset object is used to move to the next record in
the recordset before looping back round to display the next record.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
64
And finally we need to close the recordset, reset the server objects, close the server side scripting tag,
and close the html tags.
Now call the file you have created 'guestbook.asp' and save it in the same directory folder as the
database, don't forget the '.asp' extension.
If you find that you are getting errors connecting to the database then please read through the Access
Database Errors FAQ's, practically make sure you have the correct 'ODBC Drivers' installed on your
system and if you are using the, 'NTFS file system', make sure the permissions are correct for the
database and the directory the database in.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
65
<html>
<head>
<title>Guestbook Form</title>
</head>
<body bgcolor="white" text="black">
<!-- Begin form code -->
<form name="form" method="post" action="add_to_guestbook.asp">
Name: <input type="text" name="name" maxlength="20">
<br>
Comments: <input type="text" name="comments" maxlength="50">
<input type="submit" name="Submit" value="Submit">
</form>
<!-- End form code -->
</body>
</html>
Save the page as 'guestbook_form.htm' in the same folder as the Guestbook database.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
66
<%
'Dimension variables
Dim adoCon
'Holds the Database Connection Object
Dim rsAddComments 'Holds the recordset for the new record to be added
Dim strSQL
'Holds the SQL query to query the database
Next we need to create a database connection object on the server using the ADO Database
connection object.
Now we need to open a connection to the database. There are a couple of ways of doing this either by
using a system DSN or a DSN-less connection. First I am going to show you how to make a DSN-less
connection as this is faster and simpler to set up than a DSN connection.
To create a DSN-less connection to an Access database we need tell the connection object we created
above to open the database by telling the connection object to use the 'Microsoft Access Driver' to
open the database 'guestbook.mdb'.
You'll notice the ASP method 'Server.MapPath' in font of the name of the database. This is used as we
need to get the physical path to the database. Server.MapPath returns the physical path to the script,
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
67
e.g. 'c:\website\', as long as the database is in the same folder as the script it now has the physical
path to the database and the database name.
If on the other hand you want to use a slower DSN connection to the database then you will need to
replace the line above with the one below.
Next create an ADO recordset object which will hold the records from the database and the new record
to be added to the database.
To query a database we need to use SQL (Structured Query Language). In the next line we initialise
the variable 'strSQL' with an SQL query to read in the fields 'Name' and 'Comments' form the
'tblComments' table.
'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblComments.Name, tblComments.Comments FROM tblComments;"
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
68
Set the cursor type we are using to 'adLockOptomistic' so we can move through the record set. The
integer value for this is 2.
'Set the cursor type we are using so we can navigate through the recordset
rsAddComments.CursorType = 2
Because we are going to be saving an updated recordset back to the database we need to set the
LockType of the recordset to 'adoLockOptimistic' so that the recordset is locked, but only when it is
updated. The integer value for this lock type is 3.
'Set the lock type so that the record is locked by ADO when it is updated
rsAddComments.LockType = 3
Now we can open the recordset and run the SQL query on the database returning the results of the
query to the recordset.
Once the recordset is open we can add a new record onto the end of the recordset. In the next line we
let the recordset know we are adding a new record to it.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
69
Now we can add a new record to the recordset. The details taken from the form we created at the
start of this tutorial are entered into there relevant fields in the recordset. To get the data entered by
the user from the form we use the 'Form' method of the ASP 'Request' object to request the data
entered into the text boxes, 'name' and 'comments'.
The data has been entered into the recordset we can save the recordset to the database using the
'Update' method of the recordset object.
We have finished using the database in this script so we can now close the recordset and reset the
server objects.
Now that the database is updated we are going to use the 'Redirect' method of the ASP response
object to redirect to the 'guestbook.asp' page we created earlierNote that if you are going to use the
'Response.Redirect' method you must remember to redirect before any HTML is written.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
70
Now call the file 'add_to_guestbook.asp' and save it to the same directory as the database and the
'guestbook.asp' page, don't forget the '.asp' extension.
<html>
<head>
<title>Delete Entry Select</title>
</head>
<body bgcolor="white" text="black">
<%
'Dimension variables
Dim adoCon
'Holds the Database Connection Object
Dim rsGuestbook
'Holds the recordset for the records in the database
Dim strSQL
'Holds the SQL query for the database
'Create an ADO connection object
Set adoCon = Server.CreateObject("ADODB.Connection")
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
71
Loop
Save this page as 'delete_select.asp' in the same folder as the Guestbook database.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
72
Next we need to get the 'ID Number' of the entry to be deleted from the database. This ID number
was passed to the page we are writing by the script we wrote at the beginning of the tutorial, by
adding the '?ID= Entry ID Number' at the end of the URL.
To read in the ID number we are going to use the 'QueryString' method of the ASP 'Request' object,
we are also going to use the 'CLng' VBScript function to convert the ID number to the data type, 'Long
Integer'.
Next we need to create a database connection object on the server using the ADO Database
connection object.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
73
Now we need to open a connection to the database. There are a couple of ways of doing this either by
using a system DSN or a DSN-less connection. First I am going to show you how to make a DSN-less
connection as this is faster and simpler to set up than a DSN connection.
To create a DSN-less connection to an Access database we need tell the connection object we created
above to open the database by telling the connection object to use the 'Microsoft Access Driver' to
open the database 'guestbook.mdb'.
You'll notice the ASP method 'Server.MapPath' in font of the name of the database. This is used as we
need to get the physical path to the database. Server.MapPath returns the physical path to the script,
e.g. 'c:\website\', as long as the database is in the same folder as the script it now has the physical
path to the database and the database name.
If on the other hand you want to use a slower DSN connection to the database then you will need to
replace the line above with the one below
Next create an ADO recordset object which will hold the records from the database and the new record
to be added to the database.
74
To query a database we need to use SQL (Structured Query Language). In the next line we initialise
the variable 'strSQL' with an SQL query to read in all the fields from the 'tblComments' table where
the 'ID_no' = the entry to be deleted, this way the query will only return one record to the recordset.
'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblComments.* FROM tblComments WHERE ID_no=" & lngRecordNo
Because we are going to be deleting the record held in the recordset we need to set the LockType of
the recordset to 'adoLockOptimistic' so that the recordset is locked when it is deleted. The integer
value for this lock type is 3.
'Set the lock type so that the record is locked by ADO when it is deleted
rsDeleteEntry.LockType = 3
Now we can open the recordset and run the SQL query on the database to get the database entry that
we want to delete.
Once the recordset is open and contains the entry we want to delete we can delete the entry from the
database by using the 'Delete' method of the 'Recordset' object.
75
We have finished using the database in this script so we can now close the recordset and reset the
server objects.
Now that the database entry has been deleted we are going to use the ' Redirect' method of the ASP
response object to redirect back to the page we wrote at the beginning of this tutorial,
'delete_select.asp' so that another entry can be selected to be deleted from the database. Note that if
you are going to use the 'Response.Redirect' method you must remember to redirect before any HTML
is written.
'Return to the delete select page in case another record needs deleting
Response.Redirect "delete_select.asp"
%>
Now call the file 'delete_entry.asp' and save it to the same directory as the Guestbook database and
the 'delete_select.asp' page, don't forget the '.asp' extension.
In this tutorial we are going to be Updating data in the Guestbook database made in the tutorial Part:
Connecting to an Access Database.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
76
In the first database tutorial, Part: Connecting to an Access Database, we learned how to connect to a
database and display the contents of a database table in a web page.
In the second database tutorial, Part : Adding Data to an Access Database, we learned how to add
data to the database created in the first database tutorial and then use the page 'guestbook.asp'
made in the first database tutorial to display the updated contents of the database.
In the third database tutorial, Part : Deleting Data from an Access Database, we learned how to delete
data from the Guestbook database we created in the first database tutorial.
In this tutorial we are going to create three pages to update data in the 'Guestbook' database made in
the first database tutorial. The first page is used to display the contents of the database so you can
select which entry you want update. In the second page we use a form to display the present data
held in the database and allow you to change the details. In the third page we update the database.
<html>
<head>
<title>Update Entry Select</title>
</head>
<body bgcolor="white" text="black">
<%
'Dimension variables
Dim adoCon
'Holds the Database Connection Object
Dim rsGuestbook
'Holds the recordset for the records in the database
Dim strSQL
'Holds the SQL query for the database
'Create an ADO connection object
Set adoCon = Server.CreateObject("ADODB.Connection")
'Set an active connection to the Connection object using a DSN-less connection
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
77
Loop
Save this page as 'update_select.asp' in the same folder as the Guestbook database.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
78
<%
'Dimension variables
Dim adoCon
'Holds the Database Connection Object
Dim rsGuestbook
'Holds the recordset for the records in the database
Dim strSQL
'Holds the SQL query for the database
Dim lngRecordNo
'Holds the record number to be updated
'Read in the record number to be updated
lngRecordNo = CLng(Request.QueryString("ID"))
'Create an ADO connection object
Set adoCon = Server.CreateObject("ADODB.Connection")
'Set an active connection to the Connection object using a DSN-less connection
adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("guestbook.mdb")
'Set an active connection to the Connection object using DSN connection
'adoCon.Open "DSN=guestbook"
'Create an ADO recordset object
Set rsGuestbook = Server.CreateObject("ADODB.Recordset")
'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblComments.* FROM tblComments WHERE ID_no=" & lngRecordNo
'Open the recordset with the SQL query
rsGuestbook.Open strSQL, adoCon
%>
As you can see in the code above we haven't closed the recordset yet, so we can read in the data from
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
79
the recordset into the default values of the text boxes in the form. At the end of the page we close the
recordset and reset the server objects.
<html>
<head>
<title>Guestbook Update Form</title>
</head>
<body bgcolor="white" text="black">
<!-- Begin form code -->
<form name="form" method="post" action="update_entry.asp">
Name: <input type="text" name="name" maxlength="20" value="<% = rsGuestbook("Name") %>">
<br>
Comments: <input type="text" name="comments" maxlength="60" value="<% = rsGuestbook("Comments")
%>">
<input type="hidden" name="ID_no" value="<% = rsGuestbook("ID_no") %>">
<input type="submit" name="Submit" value="Submit">
</form>
<!-- End form code -->
</body>
</html>
<%
'Reset server objects
rsGuestbook.Close
Set rsGuestbook = Nothing
Set adoCon = Nothing
%>
Save this page as 'update_form.asp' in the same folder as the Guestbook database.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
80
Next we need to get the 'ID Number' of the entry to be updated from the database. To read in the ID
number we are going to use the 'Form' method of the ASP 'Request' object that we covered in the first
database tutorial, we are also going to use the 'CLng' VBScript function to convert the ID number to
the data type, 'Long Integer'.
Next we need to create a database connection object on the server using the ADO Database
connection object.
Now we need to open a connection to the database. There are a couple of ways of doing this either by
using a system DSN or a DSN-less connection. First I am going to show you how to make a DSN-less
connection
as
this
is
faster
and
simpler
to
set
up
than
a
DSN
connection.
To create a DSN-less connection to an Access database we need tell the connection object we created
above to open the database by telling the connection object to use the 'Microsoft Access Driver' to
open
the
database
'guestbook.mdb'.
You'll notice the ASP method 'Server.MapPath' in font of the name of the database. This is used as we
need to get the physical path to the database. Server.MapPath returns the physical path to the script,
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
81
e.g. 'c:\website\', as long as the database is in the same folder as the script it now has the physical
path to the database and the database name.
If on the other hand you want to use a slower DSN connection to the database then you will need to
replace the line above with the one below.
Next create an ADO recordset object which will hold the records from the database and the new record
to be added to the database.
To query a database we need to use SQL (Structured Query Language). In the next line we initialise
the variable 'strSQL' with an SQL query to read in all the fields from the 'tblComments' table where
the 'ID_no' = the entry to be updated, this way the query will only return the record to be updated to
the recordset.
'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblComments.* FROM tblComments WHERE ID_no=" & lngRecordNo
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
82
Set the cursor type we are using to 'adLockOptomistic' so we can move through the record set. The
integer value for this is 2.
'Set the cursor type we are using so we can navigate through the recordset
rsUpdateEntry.CursorType = 2
Because we are going to be updating the record held in the recordset we need to set the LockType of
the recordset to 'adoLockOptimistic' so that the recordset is locked when it is updated. The integer
value for this lock type is 3.
'Set the lock type so that the record is locked by ADO when it is updated
rsUpdateEntry.LockType = 3
Now we can open the recordset and run the SQL query on the database to get the database entry that
we want to update.
Now we can update the record in the recordset with the details taken from the form we created earlier
in this tutorial. To get the data entered by the user from the form we use the 'Form' method of the
ASP 'Request' object to request the data entered into the text boxes, 'name' and 'comments'.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
83
The data has been entered into the recordset so we can save the recordset to the database using the
'Update' method of the recordset object.
We have finished using the database in this script so we can now close the recordset and reset the
server objects.
Now that the database entry has been updated we are going to use the ' Redirect' method of the ASP
response object to redirect back to the page we wrote at the beginning of this tutorial,
'update_select.asp' so that another entry can be selected to be updated from the database. Note that
if you are going to use the 'Response.Redirect' method you must remember to redirect before any
HTML is written.
'Return to the update select page in case another record needs deleting
Response.Redirect "update_select.asp"
%>
Now call the file 'update_entry.asp' and save it to the same directory as the Guestbook database and
the 'update_select.asp' page and the 'update_form' page, don't forget the '.asp' extension.
And that's about it, you have now created a way to update entries in the database.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
84
Key Words/Terms
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
85
Chapter 5
- Understand Java, Active-X in webpage development
Objectives
However, Java and ActiveX do introduce some security risk, because they can cause
potentially hostile programs to be automatically downloaded and run on your computer,
just because you visited some Web page. The downloaded program could try to access
or damage the data on your machine, for example to insert a virus. Both Java and
ActiveX take measures to protect your from this risk.
There has been a lot of public debate over which system offers better security. This
page gives our opinion on this debate. Java and ActiveX take fundamentally different
approaches to security. We will concentrate on comparing the approaches, rather than
critiquing the details of the two systems. After all, details can be fixed.
Who are the players?
Java was developed by JavaSoft, a division of Sun Microsystems. Java is supported by both of
the major browsers, Netscape Navigator and Microsoft Internet Explorer.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
86
Think of a digital signature as being like a person's signature on paper. Your browser
can look at a digital signature and see whether it is genuine, so you can know for sure
who signed a program. (That's the theory, at least. Things don't always work out so
neatly in practice.)
Once your browser has verified the signatures, it tells you who signed the program and
asks you whether or not to run it. You have two choices: either accept the program and
let it do whatever it wants on your machine, or reject it completely.
ActiveX security relies on you to make correct decisions about which programs to
accept. If you accept a malicious program, you are in big trouble.
How does security work in Java?
Java security relies entirely on software technology. Java accepts all downloaded programs and
runs them within a security "sandbox". Think of the sandbox as a security fence that surrounds
the program and keeps it away from your private data. As long as there are no holes in the
fence, you are safe.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
87
Java security relies on the software implementing the sandbox to work correctly.
How can ActiveX security break down?
The main danger in ActiveX is that you will make the wrong decision about whether to accept a
program. One way this can happen is that some person you trust turns out not to deserve that
trust.
The most dangerous situation, though, is when the program is signed by someone you
don't know anything about. You'd really like to see what this program does, but if you
reject it you won't be able to see anything. So you rationalize: the odds that this
particular program is hostile are very small, so why not go ahead and accept it? After
all, you accepted three programs yesterday and nothing went wrong. It's just human
nature to accept the program.
Even if the risk of accepting one program is low, the risk adds up when you repeatedly
accept programs. And when you do get the one bad program, there is no limit on how
much damage it can do.
The only way to avoid this scenario is to refuse all programs, no matter how fun or
interesting they sound, except programs that come from a few people you know well.
Who has the self-discipline to do that?
88
If you're the average person, you don't have the time or the desire to examine Java and
look for implementation errors. So you have to hope the implementers did everything
right. They're smart and experienced and motivated, but that doesn't make them
infallible.
When Java security does break down, the potential consequences are just as bad as
those of an ActiveX problem: a hostile program can come to your machine and access
your data at will.
What about "signed applets" in Java?
One problem with the original version of Java is that the "sandbox" can be too restrictive. For
example, Java programs are not allowed to access files, so there's no way to write a text editor.
(What good is editing if you can't save your work?)
Java-enabled products are now starting to use digital signatures to work around this
problem. The idea is like ActiveX: programs are digitally signed and you can decide,
based on the signature, to give a program more power than it would otherwise have.
This lets you run a text editor program if you decide that you trust its author.
The downside of this scheme is that it introduces some of the ActiveX problems. If you
make the wrong decision about who to trust, you could be very sorry. There's no known
way to get around this dilemma. Some kinds of programs must be given power in order
to be useful, and there's no ironclad guarantee that those programs will be wellbehaved.
Still, Java with signed applets does offer some advantages over ActiveX. You can put
only partial trust in a program, while ActiveX requires either full trust or no trust at all.
And a Java-enabled browser could keep a record of which dangerous operations are
carried out by each trusted program, so it would be easier to reconstruct what happened
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
89
if anything went wrong. (Current browsers don't do this record-keeping, but we wish they
would.) Finally, Java offers better protection against accidental damage caused by
buggy programs.
What about plug-ins?
Plug-ins are a method for adding code to your browser. Plug-ins have the same security model
as ActiveX: when you download a plug-in, you are trusting it to be harmless. All of the warnings
about ActiveX programs apply to plug-ins too.
Can I be hurt by a "good" plug-in or ActiveX program?
Unfortunately, yes. This depends entirely on what the plug-in or program does. Many plug-ins
such as Macromedia's Shockwave or Sun's Safe-Tcl are actually completely general
programming systems, just like Java. By accepting a plug-in like this, you're trusting that the
plug-in program has no security-relevant bugs. As we have seen with Java, systems that are
meant to be secure often have bugs that lead to security problems.
With ActiveX, this problem is made worse if you click the box which accepts all
programs signed by the same person (for example, if you accept anything signed by
Microsoft). While one Microsoft program may be secure, another one may have a
security-relevant bug.
This problem even applies to code written by your own company for internal use. Once
the plug-in or program is installed in your browser, an external attacker (who knew about
the program) could write a Web page which used your internal program bug passed it
funny data which corrupted the program and took over your machine.
If you're feeling paranoid, the only plug-ins you should allow are those with less than
general purpose functionality. A plug-in which handles a new image, video, or audio
format is less likely to be exploitable than a plug-in for a completely general animation
system. The good news is that there have been few incidents of people being damaged
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
90
by hostile Java or ActiveX programs. The reason is simply that the people with the skills
to create malicious programs have chosen not to do so.
For most people, continuing to use Java and ActiveX is the right choice. If you are
informed about the risks, you can make a rational decision to accept some danger in
exchange for the benefits of using Java and ActiveX.
How can I lower my risk?
There are several things you can do.
Think very carefully before accepting a digitally signed program. How competent and
trustworthy is the signer?
Use up-to-date browser versions, and install the security patches offered by your
browser vendor.
Never surf the Web on a computer that contains highly sensitive information like medical
records.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
91
First and foremost, Java is a programming language. It certainly is other things as well, but the
underlying strength of the Java technology is the structure and design of the Java language itself.
The architects at Sun wanted to take many of the powerful features in C++ and build a tighter,
easier-to-use, and more secure object-oriented language. They succeeded in a big way: Java is
indeed a very clean, easy-to-use language with lots of advanced security features. The time spent
designing the Java language is paying off well for Sun because the language's structure is the
primary cause of the C++ programmer migration to Java.
However, the Java language without its standard class libraries and Internet support would be
nothing more than competition for C++. In fact, the Java language, as cool as it is, would
probably fail in a head-to-head match with C++ strictly from a language perspective. This is
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
92
because C++ is firmly established in the professional development community, and programmers
need a very compelling reason to learn an entirely new language. Sun realized this, and was
smart enough to present Java as much more than just another programming language.
The basic Java technology consists of the Java language, the Java class libraries, the Java
runtime system, and the JavaScript scripting language. It's the combination of all these parts that
makes the Java technology so exciting. Java is the first large-scale effort at creating a truly crossplatform programming language with lots of functionality from the start. Couple the slick
language and cross-platform aspects of Java with its capability to seamlessly integrate Java
programs into the Web environment and you can easily see its appeal.
This integration of the Web into the Java technology is no accident; Sun simply saw the potential
to capitalize on a technology they had been developing for a while by fitting it to the rapidly
growing needs of the Internet. This pretty much sums up the primary aim of Java: To provide a
means to safely integrate cross-platform interactive applications into the Web environment using
an object-oriented language. Keep in mind, however, that new innovations such as JavaOS and
Java microprocessors are rapidly altering and expanding Sun's vision of the Java technology.
The ActiveX Vision
Microsoft has different ideas for the Internet than Sun. Unlike Sun, Microsoft initially didn't
realize the immediate potential of the Internet, or at least didn't see how fast it was all happening.
In fact, it wasn't until the excitement surrounding Java had begun to peak that Microsoft finally
decided they had to rethink things in regard to the Internet and the Web.
The connection was finally made somewhere in Redmond that the Internet would significantly
affect personal computing. They couldn't just sit idly by and see what happened; they could
either take action to capitalize on the Internet or get burnt by not accepting it as a major shift in
the way we all use computers. When Microsoft finally came to terms with the fact that the
Internet was rapidly changing the face of computing-even personal computing-the company
quickly regrouped and decided to figure out a way to get a piece of the Internet action. Keep in
mind that Microsoft has never been content with just a piece of the action; they want the largest
piece of the action!
Unlike Sun, Microsoft already had a wide range of successful commercial software technologies;
they just had to figure out which one of them would scale best to the Internet. It turned out that
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
93
one of their most successful technologies was ideally suited for the Internet: OLE (Object
Linking and Embedding). They saw OLE as a powerful, stable technology with lots of potential
for the Internet, and they were right; ActiveX is basically OLE revamped for the Internet.
Unlike Java, however, ActiveX isn't meant to be just a way to add interactivity to the Web. Sure,
that's part of it, but Microsoft isn't the type of company to just hand out technologies for the good
of humanity. OLE is a technology deeply ingrained in most of Microsoft's commercial products,
as well as many other commercial Windows applications. By simply migrating OLE to the
Internet (through ActiveX), Microsoft effectively assumes a huge market share of Internet
products overnight. Suddenly, every piece of code written based on OLE can now be considered
ActiveX-enabled with little extra work. Microsoft's new goal of migrating desktop software to
the Internet suddenly looks quite attainable.
Although Microsoft is certainly looking to bring interactive applications to the Web with
ActiveX, they are also looking to make sure that many of those interactive applications are
Microsoft applications. This situation also ensures that Windows remains a strong presence on
the Internet because OLE is essentially a Windows-derived technology. Although strategically
ideal, the selection of OLE as the technological underpinnings for ActiveX has much more to do
with the fact that OLE is a slick technology already tweaked for distributed computing; it's just
the icing on the cake that OLE is already firmly established in the PC software community.
Microsoft isn't the only company to benefit from the positioning of ActiveX. Every PC software
developer that uses OLE in its applications will benefit from ActiveX just as easily as Microsoft.
Because the PC development community is by far the largest in the industry, end users also
benefit greatly because many software companies will be building ActiveX applications from
existing OLE code that is already stable.
In the discussion of ActiveX thus far, little has been said about programming languages. Unlike
Java, ActiveX has nothing to do with a specific programming language; you can write ActiveX
code in any language you choose that supports Microsoft's COM specification. Just in case you
don't realize it, this is a big deal! Although Java is a very cool language, many programmers don't
like being forced to learn a new language just to exploit the capabilities of the Internet. On the
other hand, writing ActiveX controls in C++ is a little messier than writing Java applets in Java.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
94
You now have an idea about what each technology is trying to accomplish-but what does each
actually deliver? It turns out that Java and ActiveX are surprisingly different in their
implementations, especially considering how similar their ultimate goals are.
Under Java's Hood
The Java language provides the programmatic underpinnings that make the whole Java system
possible. It is the Java language that shines the brightest when comparing Java to ActiveX. The
Java class libraries, which go hand in hand with the language, provide a wide array of features
guaranteed to work on any platform. This is a huge advantage Java has over almost every other
programming language in existence. Never before has a tight, powerful language been delivered
that offers a rich set of standard classes in a cross-platform manner.
The Java runtime system is the component of Java that gets the least press attention, but
ultimately makes many of Java's features a reality. The Java runtime system includes a virtual
machine, which stands between Java bytecode programs and the specific processor inside a
computer system. It is the responsibility of the virtual machine to translate platform-independent
bytecodes to platform-specific native machine code. In doing so, the virtual machine provides
the mechanism that makes Java platform-independent. Unfortunately, the virtual machine is also
responsible for the performance problems associated with Java. These problems will go away,
however, as just-in-time Java compilers evolve to become more efficient.
The JavaScript scripting language is the Java component that allows you to embed scripted Java
programs directly into HTML code. The primary purpose of JavaScript is to allow Web
developers who aren't necessarily programmers to add interactivity to their Web pages in a
straightforward manner.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
95
The ActiveX technology can be broken down into the following major components:
ActiveX controls
ActiveX documents
ActiveX controls are self-contained executable software components that can be embedded
within a Web page or a standalone application. Acting as an extension to OLE controls, ActiveX
controls can be employed to perform a wide range of functions, both with or without specific
support for the Internet. ActiveX controls are essentially Microsoft's answer to Java applets,
although ActiveX controls are significantly more open-ended than Java applets.
Note
Although ActiveX controls are similar to Java applets, ActiveX
controls are true software components. Java Beans components,
when they become available in the very near future, will be the
closer Java equivalent to ActiveX controls.
Whereas ActiveX controls are Microsoft's answer to Java applets, VBScript is Microsoft's
answer to JavaScript. Built on the highly successful Visual Basic programming language,
VBScript provides much of the same functionality as JavaScript, but in an environment already
familiar to many PC developers.
ActiveX documents are similar to ActiveX controls, except that they are focused on the
representation and manipulation of a particular data format, such as a Word document or an
Excel spreadsheet. There is no logical equivalent in Java to ActiveX documents; ActiveX
documents are a piece of the ActiveX technology that is completely foreign to Java.
The final component of ActiveX is the ISAPI scripting language and server support. ISAPI
provides a more powerful answer to CGI scripting, which has long been used to provide pseudoCopyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
96
interactivity for Web pages. ISAPI even goes a step further by providing a means to build filters
into Web servers. Java servlets will eventually provide a similar functionality as ISAPI scripting.
Practical Implications
By now, you not only understand what Java and ActiveX are trying to accomplish, but you have
a good idea of how each is going about delivering on its promises. I've mentioned some of the
differences between each technology while describing the relevant aspects of them, but it's time
to dig in and take a look at what these differences really mean.
Although ActiveX as a technology delivers a little more than Java does as far as the individual
components, the primary interest for most developers is how ActiveX and Java stack up from the
standpoint of adding interactivity to Web pages. This question forces you to analyze the
differences between ActiveX controls and Java applets because those are currently the primary
aspects of each technology that deliver Web page interactivity.
Probably the most significant divisive issue between ActiveX and Java is security. No one argues
the fact that security is an enormous issue when it comes to the Internet. Both Sun and Microsoft
saw the importance of security and took appropriate actions in designing their respective
technologies. However, they each took a different approach, resulting in drastically different
usage issues.
Let's first consider Sun's approach to security: Java's security consists primarily of verifying the
bytecodes as a program is being interpreted on the client end. It also does not allow applets
access to a client user's hard drive. The first solution of verifying bytecodes, although imposing
somewhat of a performance hit, is reasonable. However, the limitation of not being able to access
the hard drive is pretty harsh. No doubt, Sun took the safest route-it's very unlikely that anyone
can corrupt a user's hard drive using Java, considering that you can't access it. Because of this
limitation, it's also equally unlikely that developers will be able to write Java applets that
perform any significant function beyond working with data on a server.
Now consider Microsoft's security approach with ActiveX: ActiveX employs a digital signature
attached to each control; the signature specifies the original author of the control. The signature
is designed so that any tampering with an executable after its release invalidates the signature.
What this means is that you have the ability to know who the original author of a control is, and
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
97
therefore limit your use of controls to only those written by established software vendors. If
someone hacks into a control developed by an established vendor, the signature protects you.
Granted, this approach pushes some responsibility back onto the user, but it's a practical reality
that freedom never comes without a certain degree of added responsibility.
When it comes to security, I think Microsoft has capitalized on what a lot of people are starting
to perceive as a major flaw in Java. For the record, Microsoft implemented the signature
approach in ActiveX after the release of Java, meaning that they had the advantage of seeing how
Sun tackled the security issue and were then able to improve on it. There is nothing wrong with
this, it's just an example of how every technology, no matter how powerful and popular, is
always susceptible to another one coming along and taking things a step further.
Before you think that Microsoft has won the security issue, let me add that Sun is in the process
of adding an extensive digital signature model to Java. Digital signatures will more than likely
lift the tight security restrictions on Java applets and put the security issue for both technologies
on common ground.
A Peaceful Coexistence
The software development community is far too diverse to say that one technology surpasses
another in every possible way. In addition, consider that both of these technologies are in a
constant state of flux, with new announcements and releases popping up weekly. In my opinion,
it's foolish to think that a single software technology will take the Internet by storm and eliminate
all others. Java will naturally find its way to where it is best suited, as will ActiveX. Likewise,
smart software developers will keep up with both technologies and learn to apply each in cases
where the benefits of one outweighs the other.
And in case you're getting nervous about having to learn two completely new types of
programming, here's some reassuring news: Microsoft has released a technology that allows
developers to integrate Java applets with ActiveX controls. What does that mean? Well, because
ActiveX is language independent, you can write ActiveX controls in Java. Furthermore, it means
you can access ActiveX controls from Java applets and vice versa. To me, this is a very exciting
prospect: the ability to mix two extremely powerful yet seemingly divergent technologies as you
see fit.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
98
The technology I'm talking about is an ActiveX control that acts as a Java virtual machine. What
is a Java virtual machine? A Java virtual machine is basically a Java interpreter, which means it
is ultimately responsible for how Java programs are executed. By implementing a Java virtual
machine in an ActiveX control, Microsoft has effectively integrated Java into the ActiveX
environment. This integration goes well beyond just being able to execute Java applets like they
are ActiveX controls; it provides a means for ActiveX controls and Java applets to interact with
each other.
Microsoft's willingness to embrace Java as a means of developing ActiveX objects should give
you a clue about the uniqueness of each technology. It could well end up that Java emerges as the
dominant programming language for the Internet, while ActiveX emerges as the distributed
interactive application standard. This seems like a confusing situation, but it does capitalize on
the strengths of both Java and ActiveX. On the other hand, the Java Beans component
technology could emerge as a serious contender on the component front and give ActiveX some
competition.
The main point is that ActiveX and Java are both strong in different ways, which puts them on a
collision course of sorts. The software development community is pretty objective; if
programmers can have the best of both worlds by integrating ActiveX and Java, then why not do
it? No doubt both Sun and Microsoft will have a lot to say about this prospect in the near future.
The ActiveX Java virtual machine is a major step in the right direction.
Integrating Java and ActiveX
As you just learned, the ActiveX Java virtual machine (VM) control allows Java programs to run
within the context of an ActiveX control. What does this really mean from the perspective of a
developer wanting to mix Java and ActiveX? It means you can treat a Java class just like an
ActiveX control and interact with it from other ActiveX controls. In other words, the Java VM
control gives a Java class the component capabilities of an ActiveX control.
You now understand that Java classes and ActiveX controls can interact with each other through
the Java VM control, but you're probably still curious about the specifics. One of the most
important issues surrounding Java's integration with ActiveX is the underlying Component
Object Model (COM) protocol used by ActiveX. COM is a component software protocol that is
the basis for ActiveX. The importance it has in regard to Java is that Java's integration with
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
99
ActiveX really has more to do with COM than with the specifics of ActiveX. So, when I refer to
Java integrating with ActiveX, understand that the COM protocol is really what is making things
happen under the hood.
This brings us to the different scenarios under which Java and ActiveX can coexist. Keep in mind
that some of these scenarios require not only the Java VM control at runtime but also support for
Java/ActiveX integration at development time. In other words, you may have to use a
development tool that supports Java/ActiveX integration, such as Microsoft Visual J++.
Following is a list of the different situations possible when integrating Java and ActiveX using
the Java VM control:
It is possible to use an ActiveX control just as you would a Java class in Java source code. To do
this, you must create a Java class that wraps the ActiveX control and then import the class just as
you would any other Java class defined in another package. The end result is that an ActiveX
control appears just like a Java class at the source code level. Because we are talking about Java
source code here, the Java compiler has to play a role in making this arrangement work. So, this
approach requires support for Java/ActiveX integration in the Java compiler. The Visual J++ Java
compiler includes this exact support.
Visual J++ includes a tool that automatically generates Java wrapper classes for ActiveX
controls. You can then import these wrapper classes into your Java code and use them just like
any other Java class. Of course, behind the scenes, the ActiveX control is actually doing all the
work, but from a strictly programming perspective, the Java wrapper class is all you have to be
concerned with.
Using a Java Class as an ActiveX Control
Just as you can use an ActiveX control as a Java class, you can also use a Java class as an
ActiveX control. Because ActiveX controls are manipulated through interfaces, you have to
design Java classes a little differently so that they fit into the ActiveX framework. You must first
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
100
define an interface or set of interfaces for the class, using the Object Description Language
(ODL) that is part of COM. You then implement these interfaces in a Java class. Finally, you
assign the Java class a global class identifier and register it as an ActiveX control using a
registration tool such as JavaReg, which ships with Visual J++.
I know this procedure is a little messier than simply compiling a Java class, but consider what
you are gaining by taking these extra steps. You are using one set of source code and just one
executable to act as both a Java object and an ActiveX control, with relatively little work. Users
can then take advantage of all the benefits of component software by using your Java class as an
ActiveX control.
Manipulating a Java Applet through ActiveX Scripting
Another less obvious scenario involving Java and ActiveX is your ability to manipulate Java
applets through ActiveX scripting code. The ActiveX scripting protocol, which supports both
VBScript and JavaScript, allows you access to all public methods and member variables defined
in a Java applet. The ActiveX protocol is specifically designed to expose the public methods and
member variables for Applet-derived classes, so any other classes you want scripting access to
must be manipulated indirectly through public methods in the applet.
Summary
This module took an objective look at Java and ActiveX and where they fit in the quest to make
the Web interactive. You learned not only about the philosophy and reasoning behind each
technology, but also why the technologies don't necessarily have to be considered competition
for each other. This combination of two powerful technologies, although a little confusing at
first, is crucial for Web developers because it lessens the need to pick one technology over the
other. Possibly the biggest benefit is the peace of mind in knowing that you can continue
working with Java without fear that Microsoft and ActiveX will sabotage your efforts.
This module touched on the ability to use VBScript to control Java applets. You've learned a lot
so far about how to make Java a part of your Web pages. Standing alone, Java is a significant
development because of its ability to stretch the behavior of your Web pages far beyond what
was ever imagined for the World Wide Web.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
101
Java can become even more powerful when harnessed with JavaScript. Although Java is
powerful enough to add animation, sound, and other features to an applet, it's very cumbersome
to directly interact with an HTML page. JavaScript isn't big or powerful enough to match Java's
programming power, but it is uniquely suited to work directly with the elements that comprise an
HTML document.
By combining the best features of both Java and JavaScript, your applet can interact with your
Web page, offering a new level of interactivity.
Setting the Stage
For Java and JavaScript to interact on your Web pages, they both must be active and enabled in
the user's browser.
To make sure that both features are active in Netscape Navigator when the user views Java
applets, include these simple directions:
1. Choose Options, Network Preferences from the menu bar. The Preferences
dialog box appears.
2. Select the Languages tab from the Preferences dialog box.
3. Both Java and JavaScript are enabled by default. If this has changed, make
sure that both checkboxes are selected.
(For NETSCAPE NAVIGATOR) The Languages tab in the Network Preferences dialog box
controls whether or not Java applets and JavaScript commands are processed for HTML
documents.
The steps to include to make sure that both languages are active in Microsoft Internet Explorer
are similar to the steps for Navigator:
1. Choose View, Options from the menu bar. The Options dialog box appears.
2. Select the Security tab from the Options dialog box.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
102
3. Make sure that the Enable Java Programs checkbox is selected. The scripting
languages available in Internet Explorer, JavaScript, and VBScript are
automatically enabled; there is no way to disable them.
(For INTERNET EXPLORER) Internet Explorer controls which language features are enabled
from the Security tab in the Options dialog box.
Note
Netscape Navigator also includes a Java Console for displaying
applet-generated messages. In addition to system messages such
as errors and exceptions, the Java Console is where any messages
generated by the applet using the java.lang.System package
(including System.out.println) are displayed. To display the
console, select Options, Show Java Console from the Netscape
Navigator menu bar.
Microsoft Internet Explorer can show the results of system
messages also, but not in real time as Navigator's Java Console
can do. All messages are saved in javalog.txt in C:\Windows\Java.
To make sure that this feature is active, select View, Options from
the menu bar, select the Advanced tab in the Options dialog box,
and make sure that the Java Logging checkbox is selected.
The Java Console displays any system messages generated by the applet.
Communicating with Java
The first and most commonly used feature of communication is to modify applet behavior from
JavaScript. This is really quite easy to do with the right information, and it allows your applet to
respond to events on the HTML page, including interacting with forms.
Java object syntax is very similar to other JavaScript object syntax, so if you're already familiar
with this scripting language, adding Java control is an easy step.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
103
Internet Explorer still includes support for all the now-standard features of JavaScript, including
control and manipulation of windows, documents, and forms.
Here is the syntax to call a Java package directly:
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
104
[Packages.]packageName.className.methodName
The object name is optional for the three default packages-java, sun, and netscape. These three
can be referenced by their package name alone, as shown here:
java.className.methodName
sun.className.methodName
netscape.className.methodName
Together with the package name, the object and class names can result in some unwieldy and
error-prone typing. This is why you can also create new variables using the Package product.
The following code assigns a Java package to the variable System and then uses the System
variable to call a method in the package:
var System = Package.java.lang.System;
System.out.println("Hello from Java in JavaScript.");
Controlling an applet with a script is a fairly easy matter, but it does require some knowledge of
the applet you're working with. Any public variable, method, or property within the applet is
accessible through JavaScript.
Tip
If you're changing the values of variables within an applet, the
safest way to do so is to create a new method within the applet for
the purpose. This method can accept the value from JavaScript,
perform any error checking, and then pass the new value along to
the rest of the applet. This arrangement helps prevent unexpected
behavior or applet crashes.
You have to know which methods, properties, and variables in the applet are public. Only the
public items in an applet are accessible to JavaScript.
Tip
Two public methods are common to all applets and you can always
use them-start() and stop(). These methods provide a handy
way to control when the applet is active and running.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
105
There are five basic activities common to all applets, as opposed to one basic activity for
applications. An applet has more activities to correspond to the major events in its life cycle on
the user's browser. None of the activities have any definitions. You must override the methods
with a subclass within your applet. Here are the five activities common to all applets:
Initialization. Occurs after the applet is first loaded. This activity can include creating
objects, setting state variables, and loading images.
Starting. After being initialized or stopped, an applet is started. The difference between
being initialized and starting is that the former only happens once; the latter can occur
many times.
Painting. The paint() method is how the applet actually gets information to the screen,
from simple lines and text to images and colored backgrounds. Painting can occur a lot of
times in the course of an applet's life.
Stopping. Stopping suspends applet execution and stops the applet from using system
resources. This activity can be an important addition to your code because an applet
continues to run even after a user leaves the page.
Destroying. This activity is the extreme form of stop. Destroying an applet begins a
clean-up process in which running threads are terminated and objects are released.
With this information in hand, getting started begins with the applet tag. It helps to give a name
to your applet to make JavaScript references to it easier to read. The following snippit of code
shows the basic constructor for an HTML applet tag that sets the stage for JavaScript control of a
Java applet. The tag is identical to the tags you earlier on used in previous modules to add
applets, except that a new attribute is included for a name:
<APPLET CODE="UnderConstruction" NAME="AppletConstruction" WIDTH=60 HEIGHT=60>
</APPLET>
Assigning a name to your applet isn't absolutely necessary because JavaScript creates an array of
applets when the page is loaded. However, doing so makes for a much more readable page.
Caution
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
106
To use a method of the applet from JavaScript, use the following syntax:
document.appletName.methodOrProperty
Tip
Netscape Navigator 3.0 uses an applets array to reference all the
applets on a page. The applets array is used according to the
following syntax:
document.applets[index].methodOrProperty
document.applets[appletName].methodOrProperty
These two methods also identify the applet you want to control,
but the method using the applet's name without the applets array
is the easiest to read and requires the least amount of typing.
Like other arrays, one of the properties of applets is length, which
returns how many applets are in the document.
This array of applets is not currently available in the Microsoft
Internet Explorer 3.0 implementation of JavaScript.
One of the easy methods of controlling applet behavior is starting and stopping its execution.
You start and stop an applet using the start() and stop() methods that are common to every
applet. Use a form and two buttons to add the functions to your Web page. The following code
snippet is a basic example of the HTML code needed to add the buttons, with the name of the
applet substituted for appletName.
One of the simplest methods of controlling an applet is to use buttons that start and stop it.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
107
<FORM>
<INPUT TYPE="button" VALUE="Start" onClick="document.appletName.start()">
<INPUT TYPE="button" VALUE="Stop" onClick="document.appletName.stop()">
</FORM>
You can also call other methods, depending on their visibility to the world outside the applet.
JavaScript can call any method or variable with a public declaration.
Tip
Any variable or method within the applet that doesn't include a
specific declaration of scope is protected by default. If you don't
see the public declaration, it's not.
The syntax to call applet methods from JavaScript is simple and can be integrated with browser
events, such as the button code snippet just shown. The basic syntax for calling an applet method
from Java is shown here:
document.appletName.methodName(arg1,...,argx)
To call the stop() method from the underConstructionApplet
Here's how you do it with Navigator (again, assuming that the applet is the first one listed on the
page):
document.applets[0].stop();
Integrating the start() and stop()
methods for this applet with the applet tag and button code
snippet used earlier results in the following code:
<APPLET CODE="UnderConstruction" NAME="underConstructionApplet" WIDTH=60
HEIGHT=60></APPLET>
<FORM>
<INPUT TYPE="button" VALUE="Start"
onClick="document.underConstructionApplet.start()">
<INPUT TYPE="button" VALUE="Stop"
onClick="document.underConstructionApplet.stop()">
</FORM>
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
108
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
109
7. The pages are stored in a cache on your hard disk. Even if you tell it to
store the information in memory (RAM), there is a good chance it will
end up somewhere on your disk either in a PAGEFILE or in a SWAPFILE.
8. The browser nearly instantaneously shows you what it has stored.
Again, there is a difference between perceived speed and actual
speed of your web surfing which is actually the difference between
how fast something is downloaded (actual) and how fast your browser
and graphics card can render the page and graphics and show them to
you (perceived). Just because you didn't see it doesn't mean it didn't
end up in your browser cache.
The Web is a client and server based concept, with clients such as Internet
Explorer, Firefox,
Mozilla, Opera, Netscape and others connect to web servers such as IIS and
Apache which supply them with content in the form of HTML pages. Many
companies, organizations and individuals have collections of pages hosted
on servers delivering a large amount of information to the world at large.
So why do we care about web security then? Web servers often are the
equivalent to the shop window of a company. It is a place where you
advertise and exhibit information, but this is supposed to be under your
control. What you don't want to do is leave the window open so that any
passer by can reach in and take what they want for free, and you ideally
want to make sure that if someone throws a brick, that the window doesn't
shatter! Unfortunately web servers are complex programs, and as such have
a high probability of containing a number of bugs, and these are exploited by
the less scrupulous members of society to get access to data that they
shouldn't be seeing. And the reverse is true as well. There are risks also
associated with the client side of the equation like your browser. There are a
number of vulnerabilities which have been discovered in the last year which
allow for a malicious web site to compromise the security of a client machine
making a connection to them.
Rattling the Locks
Standard HTML pages are transferred using HTTP, this standard TCP based
protocol is plain text based and this means that we can make connections to
a server easily using tools such as telnet or netcat. We can use this
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
110
SSL
It wasn't too long before everyone realized that HTTP in plain text wasn't
much good for security. So the next variation was to apply encryption to it.
This comes in the form of SSL, and is a reasonably secure 40 or 128 bit
public key encryption method. Using a 40 bit key is a lot less secure than the
128 bit and, with specialized hardware, may well be brute force breakable
within a period of minutes, where as the 128 bit key will still take longer that
the age of the Universe to break by brute force. There are however more
complex technical attacks using something called a known cyphertext attack
this involved calculating the encryption key by analyzing a large number of
messages ( > 1 million ) to deduce the key. In any case, you aren't going to
be rushing to try and crack 128 bit encryption so what can we learn about
SSL HTTP Servers? As the SSL merely encrypts the standard HTTP traffic, if
we set up an SSL tunnel, we can query the server as we did in section 1.1.
Creating an SSL tunnel is quite straight forward, and there is a utility called
stunnel purely for this purpose. Enter the following into a file called
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
111
112
Web Vulnerabilities
The simplicity of giving someone something that they ask for is made much
more complex when you're in the business of selling. Web sites that sell to
you, companies selling products, bloggers selling ideas and personality, or
newspapers selling news, requires more than just HTML-encoded text and
pictures. Dynamic web pages that help you decide what to ask for, show you
alternatives, recommend other options, upsell add-ons, and only give you
what you pay for require complex software. When we say goodbye to
websites and hello to web applications we are in a whole new world of
security problems.
Scripting Languages
Many scripting languages have been used to develop applications that allow
businesses to bring their products or services to the web. Though this is
great for the proliferation of businesses, it also creates a new avenue of
attack for hackers. The majority of web application vulnerabilities come not
from bugs in the chosen language but in the methods and procedures used
to develop the web application as well as how the web server was
configured. For example, if a form requests a zip code and the user enters
abcde, the application may fail if the developer did not properly validate
incoming form data. Several languages can be used for creating web
applications, including CGIs, PHP and ASP.
Common Gateway Interface (CGI): Whatis.com defines a CGI as A
standard way for a web server to pass a web users request to an application
program and to receive data back to forward to the user. CGI is part of the
webs Hypertext Transfer Protocol (HTTP). Several languages can be used to
facilitate the application program that receives and processes user data. The
most popular CGI applications are: C, C++, Java and PERL.
PHP Hypertext Preprocessor (PHP): PHP is an open-source server-side
scripting language where the script is embedded within a web page along
with its HTML. Before a page is sent to a user, the web server calls PHP to
interpret and perform any operations called for in the PHP script. Whereas
HTML displays static content, PHP allows the developer to build pages that
present the user with dynamic, customized content based on user input.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
113
HTML pages that contain PHP scripting are usually given a file name with the
suffix of .php.
Active Server Pages (ASP): Web pages that have an .asp Active server
pages (ASP), are database drive dynamically created Web page with a .ASP
extension. They utilize ActiveX scripting -- usually VB Script or Jscript code.
When a browser requests an ASP, the Web server generates a page with
HTML code and immediately sends it back to the browser in this way they
allow web users to view real time data, but they are more vulnerable to
security problems.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
114
Meaning
These are the identification
and authorization
mechanisms used to be
certain that the person or
computer using the web
application is the correct
person to be using it.
NonRepudiation
Confidentiali
ty
Privacy
Example
Every time you login to a web
page that has your personal data
then you are authenticating.
Authentication often means just
giving a login and password.
Sometimes it means giving an
identification number or even just
coming from n acceptable IP
Address (white-listing).
Although you may not see it,
most web applications keep track
of purchases you make from a
particular IP address using a
particular browser on a particular
operating system as a record that
it was most likely someone on
your computer who made that
purchase. Without specific
authentication they can't
guarantee 100% it was you
though.
The HTTPS part of interaction
with a web application provides
pretty good confidentiality. It
does a decent job of making your
web traffic with the web app from
being publicly readable.
While it is very rare, it is not
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
115
you
contact and communicate
with
the web application cannot
be pre-determined by
another person.
Indemnificat
ion
Integrity
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
116
Usability
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
117
Continuity
Alarm
A notification, either
immediate or delayed,
regarding a problem with
any of these mechanisms.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
118
Activity 4
- Why is web security so important?
Activity
119
120
guard would have another rule for exiting from the school; the rule would be
to allow everyone exit except small children unless accompanied by adults. A
similar system is followed for firewall configuration depending on the nature
of the organization, the criticality of information asset, cost of security,
security policy and risk assessment.
The firewall just like a security guard cannot judge the contents of the
information packet; just like the guard allows all persons with a valid identity
card irrespective of nature of the persons, firewall allows entry or exit based
mainly on IP address and Port numbers. Hence an entry or exit is possible by
masking IP address or Port. To mitigate this risk, organizations use Intrusion
Detection System, which is explained in the next section.
There are various kinds of firewall depending on the features that it has viz.
packet filter (operates on IP packets), stateful firewall (operates based
connection state) or application firewall (using proxy).
Example of a firewall rule could be: Block inbound TCP address
200.224.54.253 from port 135.
(An imaginary example); such rule would tell a computer connected to
Internet to block any traffic originating from the computer with an IP address
200.224.54.253 using Port 135. Important activities relating to firewalls are
initial configuration (creating initial rules), system maintenance (additions or
change in environment), review of audit logs, acting on alarms and
configuration testing.
Intrusion Detection System (IDS)
Imagine in a school that has proper security guards; how will the authorities
detect entry of unauthorized persons? The authorities would install burglar
alarm that will ring on entry of unauthorized persons. This is exactly the
function of intrusion detection system in computer parlance. Firewall
(security guard or fence) and IDS (burglar alarm or patrolling guard) work
together; while firewall regulates entry and exits, IDS alerts/denies
unauthorized access.
Just like burglar alarms, IDS alerts the authorized person (alarm rings) that
an authorized packet has entered or left. Further, IDS can also instantly stop
such access or user from entering or exiting the system by disabling user or
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
121
access. It can also activate some other script; IDS can for example prevent or
reduce impact of denial of service by blocking all access from a computer or
groups of computer.
IDS can be host based or network based; host based IDS are used on
individual computers while network IDS are used between computers. Host
based IDS can be used to detect, alert or regulate abnormal activity on
critical computers; network IDS is similarly used in respect of traffic between
computers. IDS thus can also be used to detect abnormal activity. IDS like
patrolling guard regularly monitors network traffic to detect any abnormality
e.g. high traffic from some computers or unusual activity on a server, e.g.
user logged onto application and involved in malicious activity. IDS compare
any event with historical data to detect any deviation. On detection of
deviation, IDS act depending on the rule created by IDS administrator such
as alerting, storing such intrusion in audit logs, stopping user from doing any
activity or generating script for starting a string of activities. IDS can also
detect deviation based on its database of signatures any deviation to
signature is detected and acted upon this action is similar to anti virus
software. IDS is also used for detection of any activity on critical resource or
for forensic by quietly watching the suspect.
Secure Communications
Generally, the concept associated with security communications are the
processes of computer systems that creates confidence and reduces risks.
For electronic communications, three requirements are necessary to ensure
security. A) Authenticity b) Integrity c) Non repudiation.
Authenticity: This concept has to do with ensuring that the source of a
communication is who it claims to be. It is not difficult to falsify electronic
mail, or to slightly vary the name of a web page, and thus redirect users, for
example http://www.diisney.com appears to be the Disney web page, but it
has 2 letters "i" and can be confusing. In this case, you are actually
transferred to a gambling site and the communications are not safe.
Integrity: That a communication has Integrity means that what was sent is
exactly what arrives, and has not undergone alterations (voluntary or
involuntary) in the passage.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
122
123
say that it fulfills the authenticity, integrity and non repudiation) and
provides a level with encryption in communications (this is to hide
information so that if somebody takes part of the information, they cannot
access it, because the message is encrypted so that only the sender that
sends it and the receiver, with a correct certificates, is able to understand it).
This layer is called Security Socket Layer, SSL, and is visible through two
elements within the web browser.
The communications is considered to be safe when the web address URL
changes from HTTP to https, this change even modifies the port of the
communication, from 80 to 443. Also, in the lower bar of the navigator, a
closed padlock appears, which indicates conditions of security in the
communications.
If you put mouse on this padlock, a message will appear detailing the
number of bits that are used to provide the communications (the encryption
level), which as of today, 128 bits is the recommended encryption level. This
means that a number is used that can be represented in 128 bits to base the
communications.
A type of trick called phishing exists (http://www.antiphishing.org/) in which a
Web mimics the page to make seem from a bank (they copy the graphics, so
that the clients enter their data, trusting that it is the bank, although it is not
it). In order to avoid these situations, the authenticity of the site should be
verified, and checked that the communications are safe (https and the closed
padlock), and to the best of your knowledge, it verifies the certificate.
Methods of Verification
At this point, you have had opportunity to know the foundations the security
in the Web, the main aspects related to some of the vulnerabilities found
commonly in the web servers used to lodge the different sites with which we
routinely interact when browsing in Internet, and the form in which different
defects in the development of web applications, affect the security and/or
the privacy of the users in general.
On the other hand, you have learned some of the technologies on which we
rely to protect our servers and also our privacy. However, probably at this
moment, you are realizing questions such as: I am safe, now that I have
taken the corresponding actions? Is my system safe? The developers that
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
124
Feedback Activity 4
- Web Security is important to ensure safety of information stored and
used on the web. Hackers make use of insecure information and data
to break into databases and peoples personal computers
Feedback
PHP
Web Security
Intrusion Detection System
Proxy Server
Key Words/Terms
6. What is Ecommerce?
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
125
Chapter 6
- Define E-Commerce and understand its importance to todays society
Objectives
126
127
through an online payment gateway (some smaller sites stick with simpler
methods of accepting payments such as PayPal).
Lastly, you need a marketing strategy for driving targeted traffic to your
site and a means of enticing repeat customers. If you are new to
ecommerce keep things simple- know your limitations.
Ecommerce can be a very rewarding venture, but you cannot make money
overnight. It is important to do a lot of research, ask questions, work hard
and make on business decisions on facts learned from researching
ecommerce. Don't rely on "gut" feelings. We hope our online ecommerce
tutorial has helped your business make a better decision in choosing an
online shopping cart for your ecommerce store.
Ecommerce simply means selling over the Internet goods, services,
information, etc.
How do you get your share of the action? It is quite easy, you create a
website that promotes your products, obtain an Internet address, hire space
on a web-hosting company, upload your pages, add a payment system and
then use various promotion services to get your site noticed.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
128
But your site still needs to look professional. How do you create something
convincing? You can:
1. Hire a web design company. Thousands exist, conveniently collected into
directories.
2. Build your own pages using HTML-editing software. Easy-to-use editors
exist for all pockets, some of them shareware or even free.
3. Purchase an out-of-the-box shopping cart program that builds the whole
site for you, including an online catalogue with payment facilities in place.
4. Rent space on a web-hosting company offering site build online. Much like
the out-of-the-box solution, the hosting company gives you templates and
wizards to create a distinctive and professional-looking site.
129
130
3. Display and take payment online, but employ a payment service provider.
A link to your shopping cart or catalogue will seamlessly transfer the
customer to the payment provider for immediate card processing,
transferring the customer back for you to handle the purchase. You can use
your online merchant account if you possess one, but that is not required.
The payment service provider will verify the credit card purchase, collect the
payments, deduct the commissions, and send you the balance, usually by
bank transfer monthly.
4. Display and take payment online, but use your own online merchant
account, which you have obtained from your local bank or from a Merchant
Account Provider.
Wondering how to link your site to the payment process? Links will be built in
automatically if you use an out-of-the box shopping cart, employ a web
design company, or rent space on an online ecommerce-hosting site.
Otherwise if you've built your own site you'll have to add code to the
pages concerned. With payment service providers that's fairly easy: they'll
supply a snippet of code for you to paste in. Using your own merchant
account, particularly if you're hosting the site on your own server, will require
liaison with the credit card processing company, and good programming
experience. You'll probably have to employ a professional.
Promoting Your Site
With hundreds of new ecommerce sites appearing every day on the Internet,
it's getting mighty crowded out there. How is your site going to be noticed?
By:
1. Getting out a press release.
2. Featuring in business directories, in online and off-line versions.
3. Submitting to the search engines, perhaps employing a site optimization
company to get a high ranking.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
131
4. Using the pay-per-click search engines, which charge a few cents to a few
dollars for each visitor that clicks through to your site with a particular search
phrase.
5. Signing up other sites as affiliates, paying them a commission on the sales
they achieve for you.
6. Using search engine ads.
7. Persuading other sites to link to yours, possibly through a reciprocal links
directory.
8. Winning awards for your site.
9. Offering online competitions, introductory deals and promotions.
10. Providing free and helpful information on your site.
11. Advertising off-line in newspapers and specialist magazines.
Each ecommerce business is different, of course, and brings further
considerations into play. To get a broader perspective we suggest you read
the help-sheets located in the top right panel of the site, and consult the
directories for ecommerce resources and product comparisons.
Will The Business Be Successful?
Now the vital question. Having followed these steps faithfully, you can surely
expect your site to be successful?
Possibly if you're in an especially favorable position. You're the sole
suppliers of spare parts for some particular machinery. Or yours is the only
guest house in a popular tourist area. Yes, in those cases, free information
may be all you need. Similarly if you have only an academic interest in
commerce, and are not running an e-business yourself.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
132
But in all other cases we have to issue this stark warning. Ecommerce is not
easy, and if you follow the blandishments of advertising and ecommerce
journalism it's unlikely that you'll even get your expenses back.
The early e-business casualties believed otherwise, of course, and there are
still many sites, books and e-books that assure you that ecommerce is
entirely a matter of following certain procedures.
1. Ecommerce is an extremely crowded marketplace. In many areas you'll
need a well-researched strategy backed by a large marketing budget.
2. It's easy to get locked into the wrong goal or business model as the
spectacular dotcom failures discovered (read about them in our e-book).
3. You've built a site and then thought about promoting it. Wrong. Your site
has to be a selling machine, which means, from the very first, designing
around some well-honed selling proposition. That in turn calls for careful
thought, competitor research and detailed analysis.
4. The number of ecommerce products and services is immense, and all are
heavily promoted. Without specialist advice you'll make the wrong choice,
which is costly in time and money.
5. Ecommerce has its own insider knowledge, which sets newcomers at a
disadvantage. You need to look beyond the 'How I made a fortune and so can
you' sort of guides, which generally enrich their authors more than
purchasers.
Why is ecommerce such an uphill battle? It isn't if you go forearmed with the
right outlook and information. You have to learn from other e-merchants, and
then go one better. Magazine articles and scattered references are
hopelessly inadequate for that task, and too many e-merchants come to grief
because their strategies didn't include informed, detailed and realistic
planning.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
133
Overview
The Internet's most detailed guide to ecommerce: 230,000 words / 850 pages
in pdf format.
Over 3,100 resource listings grouped under 260 headings: each hand-picked
on its merits.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
134
E-commerce
URL
Domain
Hosting
Key Words/Terms
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
135
7.
Intranet Design
Chapter 7
- Explain the Intranet as opposed to Internet
Objectives
Problem Definition
The definition and recording of the problem to be solved is one of the most often
overlooked step of any development effort. A problem needs to be solved, so the
tendency is to jump right in and solve it. For small, negligible cost efforts this is
fine. For Intranet design, ignoring this step can lead to disaster. Write down and
widely publish the answers to the following questions, and all other questions that
are appropriate for your specific effort. Remember to keep the questions targeted
to DEFINING the problem NOT solving it.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
136
137
no longer than 1.5 seconds for the XYZ accounting program for up to 50
simultaneous users."
Should you outsource all, some, or none of the development and
operation?
If you have in-house personnel that are under-utilized or have time to be assigned
to the development process, then keeping most of the development in-house makes
sense. If not, then you can either hire additional staff or outsource some or most of
the development. You must have some in-house expertise available or at least
strong upper management support. Otherwise you may end up with a very nice
system that does not solve your problems. Strategic outsourcing makes sense in
most medium to large development projects. The outsourcing contractor can supply
the needed expertise and personnel at the various development phases. And when
a particular phase is finished, you are not left with a staff member looking for
something to do. You will probably find the up-front costs of an outsourcing firm to
be higher than hiring in-house personnel. But the long-term savings will be far
greater with a professional outsourcing firm than by retaining in-house personnel.
Remember to make sure you feel comfortable with the outsourcer's style and
abilities. You will be working with them very closely. Don't just choose the largest or
best-known source. How you and your outsourcer "mesh" is far more important
than their list of clients.
138
even today's bloated software work faster. With a higher budget, consider replacing
inefficient or outdated portions of the intranet with newer streamlined hardware and
software. If you are not sure what the "latest and greatest" intranet products are,
hire a professional intranet consultant. Their fee will be well worth it.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
139
140
issues. If needed, hire outside consultants to get the project started and then
train library staff to handle the tasks after implementation.
5. Set up a committee to decide on the contents of the intranet and, if possible,
keep it in place to handle issues as the intranet grows.
6. Educate everyone in the company on how to use the intranet and also on the
benefits it will provide.
7. Remember that a corporate intranet must be maintained and grown by
investing in hardware, software, training and salaries for staff. If it is not
maintained it will die.
141
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
142
143
144
time. Make sure that you have full management support and that they
understand the nature and effect of the installation and deployment
disruption. Scheduling training sessions concurrently with the installation can
be an effective use of time. Don't skimp on the training. Make sure you have
training in the budget from the beginning and don't dip into it. The best way
to ensure success is to effectively train the users so that they will actually
use the system and possibly sing its praises. Also remember that training is
ongoing. New employees or employees being moved or promoted will need
to be trained. Each time enhancements are added, new training sessions
must be scheduled.
Operation
Intranets usually contain one or more servers. Tasks such as backups, bug
fixes, software updates, hardware maintenance and upgrades, print and
media services, electronic mail account maintenance, security patches, and
other similar tasks must be performed regularly. Operation and maintenance
of such services require an operations staff. It is not enough to "let the users
take care of it." If you are providing these services in-house then you will
need on-site support from either an outsourcing agency or in-house staff.
The current trend is to outsource most of these services including the actual
servers to an intranet outsourcing firm. Outsourcing can result in a
substantial savings. Just make sure that your provider can supply the
services you require and is available when you need them. Also, be sure to
discuss security requirements with them before you hire them.
Help Desk
You might think that good manuals and good training would be sufficient to
effectively use your intranet. It is not so. A knowledgeable, available,
responsive help desk is critical to the overall success of the project. Users
will always find new uses for a well-designed system and problems will
inevitably occur. Without a help desk, an intranet can become dated and
under-utilized. In my experience, deployment of an excellent help desk (with
telephone, fax, online, and e-mail capabilities) is the single most important
function that ensures the continued success of an intranet.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
145
Stop/Reflect
- Give an example of any organisation and give reasons why such an
organisation will require an intranet to be implemented as opposed to
building an Internet based website.
Stop/Reflect
Intranet Design
Prototyping
Key Words/Terms
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
146
Chapter 8
- Understand and Explain current issues in web development
Objectives
Introduction
VRML, the Virtual Reality Modeling Language, is the ISO standard for representing 3D on the
Web. It provides a versatile platform for a variety of applications that use 3D as a central
metaphor or interface. One of the strengths of VRML is its tight integration with a variety of
other web technologies and its ease of incorporating the benefits of those technologies, from
graphic, audio, and video formats to scripting languages and network protocols. Another
powerful feature of VRML is its easy extensibility and ability to add new node types and
capabilities to the base language.
One of the most significant new web standards to emerge recently is XML, the Extensible
Markup Language. XML defines a standard format for representing and exchanging structured
data on the web, enabling the use of a standard API, the Document Object Model (DOM), for
managing that data, and the deployment of standard services for generating and viewing XML
content. XML has already been widely adopted by an industry eager to overcome the limitations
of HTML for structured data. XML is expected to become a standard means for delivering
database-driven web content, and already serves as the basis for a variety of web applications,
from metadata representation to domain-specific markup languages.
Although designed originally for different problem domains, the two technologies of VRML and
XML have much to offer each other, and there are a variety of areas where tighter integration
between the two can provide powerful benefits. Some existing work in this area already exists;
for example, the Visual XML proposal for using XML and VRML to represent and display
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
147
structured information spaces. This paper investigates additional potential areas of synergy and
suggests useful next steps.
Background
A VRML file consists of a set of nodes that define the contents of a virtual world. The VRML
Specification defines a set of 54 built-in nodes that provide the basic building blocks for all
VRML worlds. VRML provides the ability to extend this base set of nodes using the PROTO
mechanism. PROTOs allow the encapsulation and reuse of functionality as new node types,
implemented via either pre-existing nodes or native browser extensions. PROTOs are the
mechanism of choice for extending VRML's functionality and adding new features and
capabilities to the language.
An XML file is a structured document consisting of elements that are denoted by tags. Whereas
HTML defines a particular set of valid tags, XML documents may incorporate arbitrary markup
as defined by the XML Specification. Typically, a particular application of XML will be based
upon a specific definition of valid elements known as a Document Type Declaration (DTD). A
DTD specifies the allowed sets of elements, the attributes of each element, and the valid content
of each element. Elements may contain data content, that is, plain text, additional elements, or a
combination of both. There are a variety of attribute types; one of the most common is the ID
attribute, which serves to uniquely identify an element within a document.
XML inherently contains no information about the visual display of its contents. The display of
an XML document is determined by an XML style sheet, which contains instructions for
translating an XML document into an HTML document. These style sheets are defined using
Extensible Style Language (XSL), and a variety of tools are being developed to aid in creating
and editing style sheets.
An XSL document consists of construction rules, containing patterns to identify particular
elements in the source XML document, and actions for translating the specified elements into
HTML content. Actions specify flow objects to create, which correspond to specific formatting
tasks. Generating flow objects can be a recursive process, so that each element's children in turn
define additional flow objects. In addition to flow objects, custom scripts can also be used to
programmatically determine formatting behavior.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
148
XSL defines a set of core HTML flow objects, as well as more general DSSSL flow objects.
While flow objects do not necessarily have to be expressed as HTML, they do fundamentally
assume a two-dimensional, page layout model.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
149
SMIL
Before you continue you should have a basic understanding of the following:
HTML
XHTML
XML
XML namespaces
What Is SMIL?
150
</sew>
</body>
</smile>
From the example above you can see that SMIL is an HTML-like language that can be written
using a simple text-editor.
The <smile></smile> tags defines the SMIL document. A <body> element defines the body of
the presentation. A <sew> element defines a sequence to display. The repeat Count attribute
defines an indefinite loop. Each <imp> element has a src attribute to define the image source
and a door attribute to define the duration of the display.
SMIL presentations can display multiple file types (text, video, audio...)
SMIL presentations can contain control buttons (stop, start, next, ...)
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
151
SMIL is a W3C Recommendation. W3C has been developing SMIL since 1997, as a language
for choreographing multimedia presentations where audio, video, text and graphics are combined
in real-time.
Activity 5
What is VRML and what is it used for?
Activity
What is IPv6?
IP, the Internet Protocol, is one of the pillars which supports the Internet. Almost 20 years old,
first specified in a remarkably concise 45 pages in RFC 791, IP is the network-layer protocol for
the Internet.
In 1991, the IETF decided that the current version of IP, called IPv4, had outlived its design. The
new version of IP, called either Ping (Next Generation) or IPv6 (version 6), was the result of a
long and tumultuous process which came to a head in 1994, when the IETF gave a clear direction
for IPv6.
IPv6 is designed to solve the problems of IPv4. It does so by creating a new version of the
protocol which serves the function of IPv4, but without the same limitations of IPv4. IPv6 is not
totally different from IPv4: what you have learned in IPv4 will be valuable when you deploy
IPv6. The differences between IPv6 and IPv4 are in five major areas: addressing and routing,
security, network address translation, administrative workload, and support for mobile devices.
IPv6 also includes an important feature: a set of possible migration and transition plans from
IPv4.
Since 1994, over 30 IPv6 RFCs have been published. Changing IP means changing dozens of
Internet protocols and conventions, ranging from how IP addresses are stored in DNS (domain
name system) and applications, to how datagrams are sent and routed over Ethernet, PPP, Token
Ring, FDDI, and every other medium, to how programmers call network functions.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
152
The IETF, though, is not so insane as to assume that everyone is going to change everything
overnight. So there are also standards and protocols and procedures for the coexistence of IPv4
and IPv6: tunneling IPv6 in IPv4, tunneling IPv4 in IPv6, running IPv4 and IPv6 on the same
system (dual stack) for an extended period of time, and mixing and matching the two protocols
in a variety of environments.
What is in IPv6?
Even if youve never studied IPv6, you may know about its most famous feature: big addresses.
IPv4 uses 32-bit addresses, and with the growth of the Internet, these have become a scarce and
valuable commodity. Organizations have gone to great lengths to deal with the shortage and high
cost of IPv4 addresses. The most visible change in IPv6 is that addresses balloon from 32-bits to
128-bits.
Feature
Change
Address Space
Management
Performance
153
Mobile IP
Virtual Private
Networks
With such a huge address space, ISPs will have sufficient IP addresses to allocate enough
addresses to every customer so that every IP device has a truly unique address---whether its
behind a firewall or not. NAT (network address translation) has become a very common
technique to deal with the shortage of IP addresses. Unfortunately, NAT doesnt work very well
for many Internet applications, ranging from old dependable, such as NFS and DNS, to newer
applications such as group conferencing. NAT has also been an impediment for business-tobusiness direct network connections, requiring baroque and elaborate address translators to make
everything work reliably, scaling poorly, and offering a highly vulnerable single point of failure.
One of the goals of IPv6s address space expansion is to make NAT unnecessary, improving total
connectivity, reliability, and flexibility. IPv6 will re-establish transparency and end-to-end traffic
across the Internet.
Additional address space will also help the core of the Internet---it is hoped---by reducing the
size and complexity of the global routing tables. Although IPv6 doesnt solve the problems of
routing in the Internet, it can help in several areas, reducing the initial size of the tables and
offering a hierarchical address space.
The new IPv6 addresses are large and cumbersome to deal with, so IPv6 reduces the number of
people who have to read and write them. A second major goal of IPv6 is to reduce the total time
which people have to spend configuring and managing systems. An IPv6 system can participate
in "stateless" auto configuration, where it creates a guaranteed-unique IP address by combining
its LAN MAC address with a prefix provided by the network router---DHCP is not needed. Of
cause, DHCP is still useful for other parameters, such as DNS servers, and is supported as
DHCPv6 where needed. IPv6 also offers a middle ground between the two extremes with
protocols such as SLP ("Service Location Protocol"), which may make the lives of network
managers easier.
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
154
Although IPv4 is a simple protocol, it was not designed for gaga-bit and tear-bit routers which
need to look at millions of packets a second. The third major goal of IPv6 is to speed up the
network, both from a performance and from a deployment point of view. IPv6 embodies the
lessons learned at trying to build high-speed routers for IPv4 by changing the header of the IP
packet to be more regular and to streamline the work of high-speed routers moving packets
across the Internet backbone. IPv6 has fixed header sizes, and little-used IPv4 fields have been
removed.
A side effect of the redesign of the IP packet header is that future extensions to IPv6 are
simplified: adding a new option to IP can be done without a major re-engineering of IP routers
everywhere.
High-bandwidth multimedia and fault tolerance applications are the focus of the fourth major
goal of IPv6. Multimedia applications can take advantage of multicast: the transmission of a
single datagram to multiple receivers. Although IPv4 has some multicast capabilities, these are
optional and not every router and host supports them. With IPv6, multicast is a requirement. IPv6
also defines a new kind of service, called "any cast." Like multicast, any cast has groups of nodes
which send and receive packets. But when a packet is sent to an any cast group in IPv6, it is only
delivered to one of the members of the group. This new capability is especially appropriate in a
fault-tolerant environment: web servers and DNS servers could all benefit from IPv6s any cast
technology.
The fifth major goal of IPv6 is VPNs, virtual private networks. The new IPSec security
protocols, ESP (encapsulating security protocol) and AH (authentication header) are add-ons to
IPv4. IPv6 builds-in and requires these protocols, which will mean that secure networks will be
easier to build and deploy in an IPv6 world.
Another aspect of VPNs built into IPv6 is QoS (Quality of Service). IPv6 supports the same QoS
features as IPv4, including the DiffServ indication, as well as a new 20-bit traffic flow field.
Although the use of this part of IPv6 is not defined, it is provided as a solid base to build QoS
protocols
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
155
Feedback Activity 5
VRML, the Virtual Reality Modelling Language, is the ISO standard for
representing 3D on the Web. It provides a versatile platform for a
variety of applications that use 3D as a central metaphor or interface.
Feedback
XML
VRML
Key Words/Terms
Further Reading
Acknowledgements
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316