BIS - 3316 Internet Development

1
THE INTERNATIONAL UNIVERSITY OF

MANAGEMENT
WINDHOEK-NAMIBIA
STUDY MANUAL
INTERNET DEVELOPMENT
CODE: BIS - 3316
Copyright
Published by the International University of Management, Namibia, Windhoek, 2010. IUM Namibia. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording or otherwise, without prior permission of the
publishers.
IUM BIS 3316
TABLE OF CONTENTS
CHAPTER
PAGE NUMBER
1. HTML PART 1 and part 2 7
2. CGI scripts. 15
3. WEB SERVERS and management...
28
4. ACTIVE SERVER PAGES.. .40
5. JAVA & ACTIVE-X....73
6. E-commerce issues. 103

7. Intranet design......................
110
8. Current issues in web design.

120
THE STRUCTURE OF THIS STUDY MODULE

Copyright
publishers.
IUM BIS 3316
The Module has margin icons that show the student the objectives, activities,
in-text questions, feedback, further reading, key words and terms, stop and
reflex signs.
Chapter One focuses on HTML basic and writing your first HTML code. Do not
skip this chapter as it gives you an understanding of the basic code upon which
todays websites are built
Chapter Two teaches you how CGI is used in todays active server page design
Chapter Three focuses on web server management
Chapter Four focuses on Active Server Pages and dynamic web page
development
Chapter Five looks Java and Activex controls used in todays web applications
Chapter Six looks at E-commerce issues
Chapter Seven is about how to design an Intranet for an organization and the
benefits of running an organizational Intranet
Chapter Eight looks issues in todays web design environment and languages
involved
This module therefore works as a strong guide to Internet Development, and hence must be
used in collaboration with other recommended textbooks, not as the ONLY source of
information for this exciting subject.
The author wishes you a pleasant study and best regards.
Copyright
publishers.
IUM BIS 3316
COURSE OVERVIEW
This tutorial seeks to educate the learner in the area of Internet Development in todays
world and how the internet has become a very important part in todays information
networks. We are in the midst of a swiftly moving river of technology and business innovations
that is transforming the global business landscape. An entirely new Internet business culture
is emerging with profound implications for the conduct of business. You can see this every day
by observing how business people work using high-speed Internet connections for e-mail and
information gathering, portable computers connected to wireless networks, cellular
telephones connected to the Internet, and hybrid handheld devices delivering phone,
Internet, and computing power to an increasingly mobile and global workforce. The more the
consumer needs change the faster the development of new languages used to make the web
pages more responsive and dynamic.
An examination is appropriately set to test you on this critical area of your study.
COURSE OBJECTIVES- use action verbs,

Upon completion of this course you will be able to:
Explain the importance HTML in todays Internet Networks.
State and explain the role of Internet in todays business organizations
List examples of software used today in designing websites.
Demonstrate your ability to write HTML code to design a simple web page
Explain how Active Server Pages Work and their importance in todays dynamic web
development
Copyright
publishers.
IUM BIS 3316
Module Outcomes
Illustrate the key issues of web page design with regard to the balance of
dynamics, performance and aesthetics.
Explain the operation of the World Wide Web and related Internet
technologies
Demonstrate the ability to set up and manage a web server.
As you go through his module you will oftenly see the icons below and what they
mean and they emphasize on what you need to understand or look out for. These
may be objectives, activities, feedback e.t.c as listed in the table below. Take note of
them and know what they mean when you see them. They will assist you in making
your study easier and interesting and also in helping you master the keys concepts
and things to understand in this module.
Activity What the student has to do (written work)
Feedback the author giving a guide to how a question should be

answered
In-text Question students have to answer questions on content
covered
Further reading
Key words / Terms
Stop & Reflect - student just have to think about a question, idea,
view, opinion (real life practical examples in Namibian context
Copyright
publishers.
IUM BIS 3316
Objectives
1. HTML
Chapter 1
- Understand HTML as the basis of web page
development
Activity
WWW, World Wide Web, is a system used to find and access different
Internet resources. It uses hypertext to cross-reference or link related
resources anywhere on the Internet.
HTML (Hypertext Markup Language) is the language used by the Web to
define and display its files. These files can contain text, or multimedia. HTML
files are ASCII text files that contain the text to be displayed and the markup
tags that tell how to display them. If you have traveled the Internet and
searched the Web, then you may be interested in creating and authoring
your own web page.
Software
The Internet software you will need for web authoring includes:
Web browser to view a web page, such as Netscape, Internet Explorer,
Mosaic, or even a text browser like Lynx.
Text editor to create the HTML file; such as Notepad or WordPad, etc.
FTP (File Transfer Protocol) program to upload a page. There are
several available for a Mac or a PC.
Copyright
publishers.
IUM BIS 3316
Graphics editor to create new graphics. This is optional. If you decide

you need one there are several available.
Steps to Follow
Creating a page on the Web can be a simple or complex process. However,
the steps are always the same:
Decide what information will be on a page and how that information
will be arranged on the page.
Create the HTML file with the text and commands using any editor.
Test the page in various browsers and on various platforms.
Finally, upload the HTML file to the Web server.
What Will Be on a Page
There are three types of standards to keep in mind when composing a page.
They are:
Technical
Content
Visual
Technical Issues
Technical standards define what links a page should have and what HTML
tags every page should have. Example: Every departmental page should
have a link back to the University of Namibia
Content Issues
Content standards describe what items every page should contain. Example:
Every page should contain the authors name, E-mail address, and the date
of creation.
Visual Issues
Visual standards describe what every page should have for appearances.
Example: It describes the graphics, the format, the layout, and suggested
colors for the background.
Copyright
publishers.
IUM BIS 3316
Creating the HTML File

You can use any word processor to compose this file. We will be using
Wordpad during the class.
HTML commands or tags are enclosed in angled brackets: < >.
Some tags stand alone and some come in pairs. In paired tags the ending
tag starts with a slash: /.
The Types of HTML Tags
We will cover six basic types of commands:
Structural tags (mandatory)
Formatting tags (optional)
Separator tags (optional)
Heading tags (optional)
List tags (optional)
Link tags (optional)
Structural tags:
These are at the beginning and end of an HTML file.
<HTML> </HTML> For an HTML document
<HEAD> </HEAD> For the head section
<TITLE> </TITLE> For the title of the bookmark
<BODY> </BODY> For the body section
Example: <TITLE> My Personal Page </TITLE>
Headings:
There are 6 levels of Headings. Level 1 is the largest font size.
<H1> </H1> Heading level 1
Example: <H2> This is My Personal Page </H2>
Formatting tags:
Copyright
publishers.
IUM BIS 3316
These tags affect the format of the word or sentence.

<I> </I> For Italic text
<B> </B> For Bold text
<U> </U> For Underlined text
<STRONG> </STRONG> For Bold text
Example: <I> My Personal Page </I>
Separators tags:
These tags separate words, or sentences on a page.
<P> Start printing a new Paragraph
<BR> Break; breaks up text onto two lines
<HR> Make a Horizontal Rule (or line)
Example: <P> this is the beginning of the second paragraph on my Personal
Web page.
Types of Lists:
There are three main types of lists. An Ordered List is a list of numbered
items. An Unordered List is a list of unnumbered items. A Definition List is
used for definitions of terms, say, in a glossary.
Lists:
<UL> </UL> Make an Unordered List
<OL> </OL> Make an Ordered List
<DL> </DL> Make a Definition List
<LI> Used for each List Item
Example Tags: <OL> Here is a list of my hobbies:
<LI> swimming
<LI> hiking
<LI> fishing
</OL>
Example List: Here is a list of my hobbies:
1. swimming
2. hiking
3. fishing
Links:
Copyright
publishers.
IUM BIS 3316
10
Hyperlinks are what the Web is all about. Before you create Hyperlinks, you
need to understand URLs. A URL (Uniform Resource Locator) is a Web
address. Just as you can have two forms of E-mail address, a long and a short
one, you can have two forms of a URL address.
Absolute URL - This is a complete address. Use this if the link refers to
a page or file on another server (computer).
Relative URL - This is a shortened address, without the server name.
Use this if the link is to a page or file on the same server (computer).
Example Absolute URL: http://home.netscape.com/training/chapter1.html
Example Relative URL: chapter1.html
Type of Links:
There are two main types of hyperlinks we will cover in this class:
Link from the current document to beginning of another document.
Link from the current document to a specific spot (anchor) in another

document or in the same document.
Link Tags:
Copyright
publishers.
IUM BIS 3316
11
<A> </A> Create Link to another document

HREF = URL. URL of document to be linked text The text to be clicked,
usually in blue. Example Tag with Absolute URL:
<A HREF=http://www.unam.com/mainmenu.html>Menu</A>
Example Tag with Relative URL:
<A HREF="mainmenu.html">Menu</A>
Link Tags to an Anchor Spot
To create a link to a specific spot in a second document, there must be an
anchor name in the second document. Then you create a link in the first
document that points to the anchor in the second document.
<A> </A> Create link to a document
NAME = name Name of the anchor spot
Example Creating an Anchor Name:
<A NAME=Start_Place>Table of Contents</A>
Example Referencing an Anchor:
<A HREF="#Starting_Place>Go To the Contents</A>
Saving Your HTML File:
Go to the File menu and choose Save As

Enter any valid file name, with an extension of .html
The first file in your account should be named: index.html
Specify your HTML Directory
In the Save as Type specify All Files
Testing Your Web Page:

Test the page under various browsers, including Lynx. Test the page under
various platforms and with various screen resolutions. Also remember to test
all the links on the page. To test our HTML file using Netscape:
Start Netscape
Go to File and choose Open Page or Open File
Type in the complete address or click Choose File.
Copyright
publishers.
IUM BIS 3316
12
After selecting the appropriate file, click Open.
Viewing the Source on the Web

The best way to learn is through example. If you see a layout or design that
is interesting and want to find out how it was coded in HTML, just follow the
steps below. This will show you the source code for the entire page.
Go to the View menu
Choose Page Source or Document Source
Copying the Source:

Now you have found the source code of your favorite page and would like to
keep a copy of it on disk. Follow the steps below:
Go to the File menu and choose Save As
Specify any valid file name and file extension of .html
Specify any directory
Specify the Format as HTML File in Save as Type.
Last But Not Least
Copyright
publishers.
IUM BIS 3316
13
Now that you have created and tested your HTML file, you are ready to
upload the file to your account on the web server. Put all your HTML files in
the same folder or directory on your PC or your MAC before uploading. It is
recommended that you name your personal home page: index.html.
Activity
Activity 1
- What is HTML?
- Why is HTML so important in todays world wide
web
- Design a simple webpage for your department or
faculty to display the department name and the
courses offered as well as the minimum
requirements in order to qualify to study for that
course
Copyright
publishers.
IUM BIS 3316
14
CREATING WEB FORMS AND FRAMES Using HTML

What is a Form?
Forms are a simple way that a person viewing your Web page can send you
data. This is done by the user filling in various parts or input lines within the
form designated by you Forms are supported by almost every browser and
make it possible to create documents that collect and process user input and
formulate personalized replies. Once a user fills out a form, it is submitted to
a server or e-mailed to a specific address. If sent to a server, that server
passes that information to a supporting program or application that
processes the data.
What Software is needed?
The software you will need for generating the web form includes:
Web browser to view a web page, such as Netscape or Internet
Explorer.
Text editor to create the HTML file; such as WordPad, or Notepad.
FTP (File Transfer Protocol) program to upload a page. There are
several available for a Mac or a PC.
Feedback
Feedback Activity 1
- Hypertext Text Management Language
- HTML is the basis upon which every web page is
built. Web browsers interpret the HTML code in
order to display contents of a web page correctly
- HTML
- WWW
- links
Key Words/Terms
Copyright
publishers.
IUM BIS 3316
15
2. Understanding CGI
Chapter 2
- Define CGI
- Understand the importance and place of CGI in
dynamic webpage development
Objectives
"Common Gateway Interface", CGI for short, is a specification, which allows

web users to run programs from their computer. CGI isn't a programming
language in itself; rather, it is standard that allows programs or scripts
written in other languages (Perl, C++ or even with Microsoft Visual Basic) to
be run over the Internet. CGI programs usually take input passed to it from a
form on a web page, process the information, and then formats the results as
a HTML document. The result is a web page that is generated dynamically.
The common choice for writing and processing CGI is Perl, or "Practical
Extraction and Reporting Language". Perl was originally developed to handle
multiple text files and format them nicely, but now is used for writing CGI
along with HTML.
The client- side and the server-side
In two ways you can make your site dynamic. One, with Java Scripts that can
do some things, but they have limitations and can only work on the clientside. In other words, the user's browser will interpret the JavaScript along
with the HTML. Whereas CGI scripts will be interpreted the web will execute
server where your whole web site resides, and the CGI there and only the
HTML produced by the server will be sent to the user's side. This mechanism
is simply called server-side. Since it works from your server you can take
control over the scripts, which are running by using other server files,
Javascripts don't access any of your other files, (for example you cannot
access a database which is in your server). Javascripts are simply inserted
into your HTML pages, which can be run by the browser. Java Scripts can also
be used in the server-side but it is beyond the scope of this article.
Copyright
publishers.
IUM BIS 3316
16
Netscape browsers don't support VBScripts and ActiveX, so most of the sites
are not using them in the client-side. Other technologies like ASP or PHP can
be used instead of CGI. ASP and PHP are lot easier than CGI. But ASP can be
used only in a Windows-NT server and UNIX servers can't support them. PHP
needs much programming knowledge but it's a good alternate for CGI, which
is also beyond the scope. We can use Java applets, but speed would be a
problem with Java applets since they are also client-side and there are some
security concerns about Java applets. So, we prefer CGI scripts, though it's
not an easier one. We can look forward to some other technology, which can
do better than all of these technologies in the future.
One main reason why we prefer CGI is they are free and it's the ultimate
choice for UNIX and Apache web servers.
CGI is the supporting program to process the data entered in the form.
Server-side data-processing aspects of forms are not part of the HTML
standard. They are defined by the server's software. The CGI behind this
form creates an E-mail message by copying each form field's contents to a
separate line. It mails the information to the specified E-mail address.
Mailto:
Mailto forms allow the programmer to set up a form such that all data
collected from the form will be e-mailed to you or another e-mail address in
simple text format. The data is not processed at all. This is a simpler method
than the CGI format but can be more problematic because the user filling out
the form must have their browser correctly set up to send e-mail. Therefore it
is recommended that if your site is housed on an OU server you use the CGI
method, but if it is a site at another server it is easier to use the Mailto
method.
Initiating the HTML File
Click the Start button, trace to Programs option, then trace to
Accessories, and click on Notepad to open it. Once in the Notepad
program, enter the following commands to start an HTML document: Create
your HTML file so that it looks something like this. The HTML tags do not
have to be in uppercase. The spacing between commands is up to you.
However, the spacing within the brackets is important.
Copyright
publishers.
IUM BIS 3316
17
<HTML>
<HEAD>
<TITLE> Web Form </TITLE>
</HEAD>
<BODY>
There will be a form here soon.
</BODY>
</HTML>
Now we need to save the file as an HTML file. To do this click on the File
menu and then choose Save As. Choose where you want to save the file. In
this class we will be saving to the Public folder for convenience. Then choose
a File Name to save it as. The name must end in .htm or .html. Next select
the down arrow next to the Save as Type. Choose All Files. Finally click on
the Save button.
Now we will see what our HTML file will look like in a web browser. First we'll
open Internet Explorer by clicking on the blue "E" on the Desktop, or under
Programs in the Start menu choose Internet Explorer.
Once in Internet Explorer open your file. Click on File in the top left corner,
then on Open, and then on Browse. Navigate to the Public file folder by
double clicking it or highlighting it and choose your file. Click Open. You will
see this:
"There will be a form here soon."
Throughout this class we will be making a series of changes to our HTML
document, saving that document, then looking at it in the browser to see if
those changes yielded the desired results. This is an important part of the
web design: learning how to make changes and saving those changes, then
checking to see what the new changes look like, then making more changes.
Composing the Form
Copyright
publishers.
IUM BIS 3316
18
We'll compose our form assuming it is for an O.U. web page, using the
generic CGI. The command <FORM> initiates a form section of a web pages
and </FORM> ends that section. To begin a form we must tell the browser to
send the information that a user enters into to a CGI script file and tell where
that file is. We do that with the ACTION attribute:
<FORM action="http://.students.ium.edu/htbin/genform.com">
Another attribute of the FORM tag is the METHOD, which is how the form
input will be sent to the gateway. The method can be either "get" or "post".
Post means to send the form entry results as a e-mail document. This is the
most common method. Get is usually used with search engines. However,
this is the method used by the OU CGI script. So the FORM command would
look like this:
<FORM action="http://students.ium.edu/htbin/genform.com"
method="get">
Next we must input the code to send the information from the form to the
appropriate e-mail address. This is done with:
<INPUT type="hidden" name="mailto" value="youremail@ium.edu">
The Type="hidden" attribute hides this from the user. The name="mailto"
attribute names this Input tag. The value="youremail@ium.edu" attribute tell
the CGI program where to send the information from the form. So now our
HTML Form commands should look like:
<BODY>
<FORM action="http://students.ium..edu/htbin/genform.com"
method="get">
</FORM>
</BODY>
Input Limitations
Text fields are limited to single lines. If you attempt to use multi-line
text fields, any time a user enters more than 255 characters, none
Copyright
publishers.
IUM BIS 3316
19
of them will be transcribed into the E-mail you receive. You can work
around this limitation by also including a standard mailto link.
Every field is limited to a maximum length of 80 characters!
The total number of fields defaults to 20. If you want to change this,
you must include a hidden field specifying the number of fields your
form uses.
The names of the visible fields for data entry must be a lower case
letter "f" followed by two or three digits from 01 to 999, inclusive.
If you include fields numbered beyond 20, you must include a hidden
form-field named "maxlines" with value equal to the highest field
number used.
You must include a valid E-mail address in the hidden form-field named
"mailto"!
You may choose to provide an absolute URL in the hidden form-field
named "nexturl" and appropriate link text in the hidden form-field
named "nextname". If you do, they will be used to construct the return
link.
The visible fields can be text, radio-button, check-box, or pop-upselection. Value for these fields must be at most 80 characters.
The hidden form-field named "subject" is optional but strongly
recommended; it identifies the Web page where the E-mail originates.
If you do not use a particular field, or if the user leaves a field blank, a
blank line will be included at that place in the message.
You do not have to number the fields sequentially. You should organize
the form in a way that will be logical and convenient for the user and
number the fields so that the resulting e-mail will be easiest for the
recipient to use.
Activity 2
- Why is CGI important to Web Development?
- Why do web pages need to be dynamic in todays
world?
Activity
Copyright
publishers.
IUM BIS 3316
20
Input Text
To create a single line of text for the user to enter we use the Input
command, with the Type attribute equal to Text. For example:
<INPUT type="text">
That will create a box for text input. Using the IUM CGI we have to name the
input command appropriately:
<INPUT type="text" name="f01">
Then when the form is mailed to us we will get a line that say f01= whatever
they entered in that text box. If we wanted something in the text box for the
user to overwrite we would use the Value attribute. For example:
<INPUT type="text" name="f01" value="(###) ###-####">
(###) ###-####
The size of the text box can also be changed. To do this we use the Size
attribute. The default size is 20. Here are some options, but remember that
using IUMs CGI script we can not go above size=80.
<INPUT type="text" name="f01" value="(###) ###-####" size="14">
<INPUT type="text" name="f01" size="30">
Now that we've seen a few text line options, let's make some changes to our
HTML document and see what it looks like.
<FORM action="http://students.ium.edu/htbin/genform.com"
method="get">
What is your Name? <INPUT type="text" name="f01" size="20"> <BR>
What is your Phone Number? <INPUT type="text" name="f02"
value="(###) ###-####"> <BR>
Do you like my web page? <INPUT type="text" name="f03" size="10">
</FORM>
Copyright
publishers.
IUM BIS 3316
21
The new command above is <BR> for Break. It is like hitting the enter key.
The different text lines in our form will now be on separate lines.
Checkboxes
Checkboxes are an option on a form that allows users to select a line of text
in an on/off yes/no method. On screen they appear as a small box that either
has a check in it or does not. The command for a checkbox is as follows.
<INPUT type="checkbox" name="f11" value="checkbox a">
Checkboxes can be checked by default with the addition of the keyword
CHECKED in the INPUT tag. Here is an example.
<INPUT type="checkbox" CHECKED name="f12" value="checkbox b">
Now we put the two tags together and add some text afterward like this:
<INPUT type="checkbox" name="f11" value="checkbox a">This is a
checkbox.
<P>
<INPUT type="checkbox" CHECKED name="f12" value="checkbox b"> This
is a checkbox that is automatically checked.
Option Select Lists
These lists are drop-down windows in which a user selects a choice from a
list of options selected by the programmer. The code for an option select list
with three choices follows.
<SELECT type="text" name="f05" size=1>
<OPTION value="first">Your first choice
Copyright
publishers.
IUM BIS 3316
22
<OPTION value="second">Your second choice

<OPTION value="third">Your final answer
</SELECT>
Your final answer
Your first choice
Your second choice
Your final answer
If you want one of the choices to be automatically selected, add the code
SELECTED after the OPTION command like this.
<OPTION value="first" SELECTED>
Radio Buttons
Radio buttons are similar to checkboxes. However, have some limitations
that checkboxes do not. This limitation is that is forces the user to choose
one and only one of the choices. One may be selected by default.
Below is the code for two radio buttons with text following them. The second
of these buttons has been selected by default the same way a checkbox was
selected with the SELECTED feature inserted after the
INPUT command.
<INPUT type="radio" name="f07" value="radio1"> This is a radio button.
<P>
<INPUT type="radio" CHECKED name="f07" value="button2"> This one has
been selected by default.
Hidden
A Hidden input is a name/value pair that is returned to you but does not
show up anywhere on the web page. The text for a Hidden input is simple.
<INPUT type="hidden" name="Location" value="Namibia Form">
When the form is returned to us we would get:
Copyright
publishers.
IUM BIS 3316
23
Location=Namibia Form
When using the OU CGI form, the Hidden type is needed by the CGI program
stating where to send the data from the form. For example,
Reset and Submit Buttons
The Reset button allows the user to clear the data they have entered in the
form and start fresh. These buttons are created with the INPUT command
and the TYPE and VALUE features. The INPUT starts the tag. The TYPE is
either Reset or Submit. The VALUE is the words that you want to appear in
the box. Standard reset and submit buttons are as follows.
<INPUT type="reset" value="clear fields">

<INPUT type="submit" value="submit">
clear fields
submit
The &NBSP command means non-breaking space and is just a way to space
your buttons better.
Mailto Forms
If you want to make a form on a web page that is not on an OU server and do
not have access to your servers CGI programs you can use the "mailto"
method. If available the CGI method is preferred as the user accessing your
page must have their mail preferences set up correctly for the mailto form
data to successfully reach you. However the mailto form does allow for more
freedom than the IUM generic CGI script.
The best advantage of the mailto form over the OU script is that the OU
script has length and character limitations and the mailto form allows text
areas, not just single lines for text. The mailto form is initiated with the
following command.
<FORM method="post" action=youremail@ium.edu enctype="text/plain"
Copyright
publishers.
IUM BIS 3316
24
Password
This feature allows the user to enter a password that does not appear on
screen but will be sent to you. The command for the password is similar to a
text line and can be edited the same way. Please enter your password.
<INPUT type="password" name="UserPass">
Textarea
This command allows you to generate a text box on your form for user input,
not just a line of wrapping text. The basic command for this is:
<TEXTAREA name="anyname">
</TEXTAREA>
We can edit this by adding more attributes within the tag. Columns and rows
can be described. Also text added between the starting and ending Textarea
tags appear within the text box. This text is formatted exactly as typed
including tabs, spacing and returns. Below is an example of this. Please add
any comments you may have about this form class here
<P>
<TEXTAREA name="Comments" rows="9" cols="44">
Constructive criticism carries more clout than negative does.
Tabs and returns work within TEXTAREAS.
</TEXTAREA>
Constructive criticism carries
more clout
than negative does.
Tabs and
returns work within TEXTAREAS.
Copyright
publishers.
IUM BIS 3316
25
Submit Image
Earlier we learned how to create a submit button on the form. We also saw
how to edit the text within that submit button. Now we will learn how to use
an image instead of a button to send the form. Note, you can only make a
Submit button, not a Reset image button.
<INPUT type="image" src="submit.gif">
SUBMIT
Saving
Every time changes have been made to your simple text documents they
should have been saved. The method to save as an HTML file has been
discussed earlier. To save you would go to the File menu and choose Save or
Save As. Make sure that the file extension (ending) is .htm or .html
Testing and Uploading

Initial stages of testing are done after changes are made to see the effects of
text and HTML changes on the view of the page. To fully test the form it
needs to be uploaded to a server. File uploading is done using an FTP
program .Once the HTML file containing the form has been uploaded it can
be accessed on the Internet and further tested by you, the programmer,
filling it out and then sending the results to yourself.
Frames
Frames are an easy way to make any page look more professional. The frame
command tells the browser to split the screen into two or more parts, each
with a separate web page. To do this we need to create a web page with the
commands to tell the browser how to split the screen. You begin with the
FRAMESET section which is in place of the BODY section.
<HTML>
<HEAD>
<TITLE>Sample </TITLE>
</HEAD>
<FRAMESET COLS="25%,*">
Copyright
publishers.
IUM BIS 3316
26
<FRAME SRC="pageone.html">
<FRAME SRC="pagetwo.html">
</FRAMESET>
</HTML>
In this FRAMESET tag we tell the browser to split the window vertically with
the attribute COLS. There will be two pages shown. The first one taking up
25% of the screen, and the second one taking up the remainder of the
screen. To split the window horizontally, use the ROWS attribute.
<FRAMESET ROWS="75%,*">
<FRAME SRC="pageone.html">
<FRAME SCR="pagetwo.html">
</FRAMESET>
We also need to tell the browser the names (URLs) of the web pages to go
into the separate windows. The FRAME command tells the browser the
location of the page to be viewed in a particular frame. The first page source
will be displayed on the left column or the top row and the remaining pages
will follow.
Frames can be used as a navigational tool for the users to browse through
our pages. To do this we need to create several web pages. One page to hold
the navigational links on the left, one as the default page and a couple to
practice navigating. First, to generate the page that tells how to set up the
frames, enter the following. Save this file as "Frame.html".
Copyright
publishers.
IUM BIS 3316
27
<HTML>
<HEAD>
<TITLE>Start Frames </TITLE>
</HEAD>
<FRAMESET COLS="20%,*">
<FRAME SRC="Contents.html">
<FRAME SRC="Default.html" name="main">
</FRAMESET>
</HTML>
This will create the main page that will hold our other pages in its frames.
Naming the second, or right hand window frame "main" will allow us to
switch this frame for others depending on which link our users click on. Now
we need to create a page that will be held in the larger right window as the
default before the user selects which page to view. Enter the following text.
Save this file as "Default.html".
<HTML>
<HEAD>
<TITLE> My Default Page </TITLE>
</HEAD>
<BODY bgcolor="white">
<FONT size=6 color="blue">
<CENTER>
This is my main page.
<P> From here you will be able to navigate to my different sites by choosing
my links on the left.
</CENTER>
</BODY>
</HTML>
Now we need to create the Contents page. This page will be seen in the first
or left hand window. Enter the following into Notepad and save as
"Contents.html".
<HTML>
<HEAD>
<TITLE> My Contents Page </TITLE>
Copyright
publishers.
IUM BIS 3316
28
</HEAD>
<BODY BGCOLOR="yellow">
<B> Pick An Animal </B>
<P><A HREF="dog.html" TARGET=main>DOG</A>
<P><A HREF="cat.html" TARGET=main>CAT</A>
<P><A HREF="bird.html" TARGET=main>BIRD</A>
<P>
</BODY>
</HTML>
Within each anchor tag notice the "TARGET=main" addition. This tells the
browser to put the page signified by the link address into the Frame named
"Main". You may choose any name you wish, but it must match. Please copy
them and the images with the same names, to wherever your html file is
located. Once all this is done, you should get the following
Copyright
publishers.
IUM BIS 3316
29
Feedback
Feedback Activity 2
- "Common Gateway Interface, is a specification, which allows web
users to run programs from their computer. CGI programs usually take
input passed to it from a form on a web page, process the information,
and then formats the results as a HTML document. The result is a web
page that is generated dynamically. The common choice for writing
and processing CGI is Perl, or "Practical Extraction and Reporting
Language".
- Dynamic WebPages collect data from the user and give response to
the user by interacting with Databases which contain information.
- CGI
- Server Side Scripting
Key Words/Terms
"Common Gateway Interface, is a specification, which allows web users to run programs from their
computer. CGI programs usually take input passed to it from a form on a web page, process the
information, and then formats the results as a HTML document. The result is a web page that is
generated dynamically. The common choice for writing and processing CGI is Perl, or "Practical
Extraction and Reporting Language".
Copyright
publishers.
IUM BIS 3316
30
3. What Is A Web Server?
Chapter 3
- Understand the use and importance of web servers in managing and
running websites
- Familiarise with different common web servers on the internet
Objectives
A web server is a piece of software that enables a website to be viewed using

HTTP. HTTP (HyperText Transfer Protocol) is the key protocol for the transfer
of data on the web. You know when you're using HTTP because the website
URL begins with "http://" (for example, "http://www.bible.com").
Most people think a web server it a special, high-powered computer it would
be right to think that. Some high-powered computers are referred to as web
servers as they have been built with web hosting in mind. But in most cases,
when someone refers to a web server, they are referring to a piece of
software that you install on a computer.
What Does a Web Server Look Like?
That depends on which web server you choose to install. Here's an example
of Microsoft Internet Information Services (IIS) 5.1 looks like:
Copyright
publishers.
IUM BIS 3316
31
The left pane represents the various websites, FTP sites, and SMTP virtual
servers. When an item in the left pane is selected, the contents are displayed
in pane on the right hand side.
In the above screenshot, there is one website (called "Default Web Site"),
one FTP site (called "Default FTP Site"), and one SMTP virtual server (called
"Default SMTP Virtual Server").
You can right click on an item to display it's properties. For example, you can
right click on "Default Web Site" to display (and configure) the properties of
that website.
Purpose of a Web Server?
If you maintain your own web site you need to install a web server on your
own development machine. That way you can configure your development
environment to be closer to your live environment. Also, if you intend to use
Copyright
publishers.
IUM BIS 3316
32
server-side technologies such as PHP or ColdFusion, you will definitely need a

web server.
You might also be thinking that web servers are way too advanced for you that they are only used by professional web developers and/or hosting
companies. Think of a web server as simply another piece of software you
can install on your machine. Once you install it, you can configure it to suit
your needs.
And, depending on your computer set up, you may even find that you
already have a web server on your machine. You can get a web server up
and running on your machine with a minimum of technical knowledge. Then
once you've done that, you'll start to become familiar with the various
options available to you.
You can research the more advanced topics to suit

your needs (such as security, load issues, logging etc)
Further
Reading
Copyright
publishers.
IUM BIS 3316
33
Web Servers Advantages

There are many advantages to using a web server within your development
environment. Of course, in a production hosting environment, a web server is
essential. And, depending on your website, a web server could indeed be
essential in your development environment.
"Development environment", refers to a copy of your website, usually on
your local machine, that you use to perform updates before you commit
them to the live (production) environment. In practice, you could have many
copies of your website for different purposes (such as testing, training,
prototypes etc), but let's just call it "development environment".
Here are some advantages of using a web server within your development
environment:
Your local website behaves more like the live one. For example, you
can configure directory security, test your custom error pages etc
before commiting them to the production environment.
You can use server-side scripting languages such as PHP and

ColdFusion.
Allows you to standardize your coding. For example, you can use rootrelative paths for your image references and hyperlinks (i.e.
"/directory/image.gif"). In other words, your paths can represent the
website structure, rather than the directory structure of your computer.
Knowledge. The knowledge you gain from using your own web server
will help you understand how it works in the live environment. This will
most certainly help you when you need to communicate with your
hosting provider - you'll be able to use terminology that makes it easier
for them to understand your request/issue.
Viewing HTML Files Without a Web Server

When you learn how to code HTML, chances are, one of the first things they
learn to do is how to view their (newly created) HTML file. They will learn that
Copyright
publishers.
IUM BIS 3316
34
you can simply double click on the HTML file, and this will launch it in their
web browser. And from that point on, they can view their web page/website
as it was intended to be viewed.
Here are some examples of what the URL could look like when viewing a web
page without a web server:
file:///C:/Documents%20and%20Settings/Homer%20Simpson/My
%20Documents/index.html
file:///C:/Inetpub/wwwroot/index.html
These examples are using the file protocol in order to display the files.
Viewing HTML Files with a Web Server
One problem with the above method is that, you're not viewing the website
using the HTTP protocol (you're using the file protocol instead).
Now, this isn't normally a problem if you're only using client side languages
such as HTML, CSS, and client-side JavaScript. But it is a problem if you're
trying to use a server-side language such as PHP, ColdFusion etc. Also, even
if you're not using a server-side language, it could still cause you problems
with developing a website that behaves exactly how it should on the web.
When you view a web page via a web server, the URL begins with "http://".
Also, the URL will consist of either an IP address or a domain name/host
name.
page via a web server:
http://127.0.0.1
http://localhost
http://www.bible.com
Copyright
publishers.
IUM BIS 3316
35
http://dev.ucb.com
When you first set up a web server, you can usually navigate to your default
web site using http://localhost or http://127.0.0.1. When you add more
websites, you'll need to create your own URLs for them (via a DNS server or
Hosts file), then assign that URL to your websites via your web server.
There are many advantages to using a web server within your development
environment. Of course, in a production hosting environment, a web server is
essential. And, depending on your website, a web server could indeed be
essential in your development environment.
In practice, you could have many copies of your website for different
purposes (such as testing, training, prototypes etc), but let's just call it
"development environment" for now.
Here are some advantages of using a web server within your development
environment:
Your local website behaves more like the live one. For example, you
can configure directory security, test your custom error pages etc
before committing them to the production environment.
You can use server-side scripting languages such as PHP and

ColdFusion.
Allows you to standardize your coding. For example, you can use rootrelative paths for your image references and hyperlinks (i.e.
"/directory/image.gif"). In other words, your paths can represent the
website structure, rather than the directory structure of your computer.
Knowledge. The knowledge you gain from using your own web server
will help you understand how it works in the live environment. This will
most certainly help you when you need to communicate with your
hosting provider - you'll be able to use terminology that makes it easier
for them to understand your request/issue.
Viewing HTML Files Without a Web Server

Copyright
publishers.
IUM BIS 3316
36
When someone learns how to code HTML, chances are, one of the first things
they learn to do is how to view their (newly created) HTML file. They will
learn that you can simply double click on the HTML file, and this will launch it
in their web browser. And from that point on, they can view their web
page/website as it was intended to be viewed.
page without a web server:
file:///C:/Documents%20and%20Settings/Homer%20Simpson/My
%20Documents/index.html
file:///C:/Inetpub/wwwroot/index.html
These examples are using the file protocol in order to display the files.
Web Servers Features
There's a common set of features that you'll find on most web servers.
Because web servers are built specifically to host websites, their features are
typically focused around setting up and maintaining a website's hosting
environment.
Most web servers have features that allow you to do the following:
Create one or more websites. (set up the website in the web server, so
that the website can be viewed via HTTP)
Configure log file settings, including where the log files are saved, what
data to include on the log files etc. (Log files can be used to analyse
traffic etc)
Configure website/directory security. For example, which user accounts

are/aren't allowed to view the website, which IP addresses are/aren't
allowed to view the website etc.
Copyright
publishers.
IUM BIS 3316
37
Create an FTP site. An FTP site allows users to transfer files to and from
the site.
Create virtual directories, and map them to physical directories
Configure/nominate custom error pages. This allows you to build and

display user friendly error messages on your website. For example, you
can specify which page is displayed when a user tries to access a page
that doesn't exist (i.e. a "404 error").
Specify default documents. Default documents are those that are

displayed when no file name is specified. For example, if you open
"http://localhost", which file should be displayed? This is typically
"index.html" or similar but it doesn't need to be. You could nominate
"index.cfm" if your website is using ColdFusion. You could also
nominate a 2nd choice (in case there is no index.cfm file), and a 3rd
choice, and so on.
Example Web Server

Here's an example of the "Properties" dialog box from Microsoft IIS. This box
is displaying the properties for a single website.
The website has been configured to use the local path of
c:\inetpub\wwwroot. What this means is that when you update your website,
you need to place your files and folders within that directory. As soon as you
do that, your changes will take effect on your website. Of course, if this is
your development environment, you can simply edit the files straight from
that directory.
Copyright
publishers.
IUM BIS 3316
38
Activity 3
- What is the purpose of a web server?
Activity
Copyright
publishers.
IUM BIS 3316
39
How Web Servers Work

Whenever you view a web page on the internet, you are requesting that
page from a web server. When you type a URL into your browser (for
example, "http://www.bible.com/html/tutorial/index.cfm"), your browser
requests the page from the web server and the web server sends the page
back:
The above diagram is a simplistic version of what occurs. Here's a more

detailed version:
1. Your web browser first needs to know which IP address the website
"www.bible.com" resolves to. If it doesn't already have this information
stored in it's cache, it requests the information from one or more DNS
servers (via the internet). The DNS server tells the browser which IP
address the website is located at. Note that the IP address was
assigned when the website was first created on the web server.
2. Now that the web browser knows which IP address the website is
located at, it can request the full URL from the web server.
3. The web server responds by sending back the requested page. If the
page doesn't exist (or another error occurs), it will send back the
appropriate error message.
Copyright
publishers.
IUM BIS 3316
40
4. Your web browser receives the page and renders it as required.

When referring to web browsers and web servers in this manner, you will
usually refer to them as a client (web browser) and a server (web server).
Feedback
Feedback Activity 3
- A web server is a piece of software that enables a website to be
viewed using HTTP. HTTP (HyperText Transfer Protocol) is the key
protocol for the transfer of data on the web. You know when you're
using HTTP because the website URL begins with "http://" (for
example, "http://www.bible.com").
Copyright
publishers.
IUM BIS 3316
41
Multiple Websites
A web server can (and usually does) contain more than one website. In fact,
many hosting companies host hundreds, or even thousands of websites on a
single web server. Each website is usually assigned a unique IP address
which distinguishes it from other websites on the same machine. This IP
address is also what the DNS server uses to resolve the domain name.
It is also possible to configure multiple websites without using different IP
addresses using host headers and/or different ports. This can be useful in a
development environment and is quite easy to do.
Page Not Found
If the requested page isn't found, the web server sends the appropriate error
code/message back to the client.
You can create user friendly error messages, then configure your web server
to display that page instead of the usual error page. This can add a nice
touch to your website. How many times have you (or even worse, your
visitors) encountered a plain white page with some cryptic error message on
it. It's very easy to create custom error pages, then configure your web
server to use them.
Default Documents
If you've ever created a website, you may have found that if you have an
"index" file (index.html for example), you don't need to specify the name of
the file. For example, the following URLs both load the same page:
1. http://www.linux.com/html/tutorial
2. http://www.linux.com/html/tutorial/index.cfm
In this example, "index.cfm" is the default document. You can configure your
web server so that any file name can be the default document. For example,
you could configure your web server to use "index.cfm" in the event no
filename has been specified, or if you use PHP, "index.php". You could even
specify different default documents for different directories if you like.
Copyright
publishers.
IUM BIS 3316
42
SSL Certificates
You can apply SSL certificates against a website via the web server. First you
need to generate the certificate either by yourself (i.e. using a certificate
generator), or by a Certificate Authority (CA). Then, once it has been
generated, you apply it to your website via your web server. Applying an SSL
certificate to a website is a straight forward task.
Once you've applied an SSL certificate against a website, you can navigate it
using HTTPS (as opposed to HTTP). HTTPS encrypts any data that is
transferred over the internet. This reduces the possibility of some malicious
person being able to read your users' sensitive information.
To navigate a website using HTTPS, you simply replace the HTTP with HTTPS
at the start of the URL in your browsers' location bar
("https://www.bible.com")
Web Servers - Examples
Apache HTTP Server
Apache HTTP Server (also referred to as simply "Apache") has, at the time of
writing, been the most popular web server on the web since 1996. Apache is
developed and maintained by the Apache Software Foundation, which
consists of a decentralized team of developers. The software is produced
under the Apache licence, which makes it free and open source.
Apache is available for a range of operating systems, including Unix, Linux,
Novell Netware, Windows, Mac OS X, Solaris, and FreeBSD.
Apache HTTP Server website: http://httpd.apache.org
Microsoft Internet Information Services (IIS)
IIS is, at the time of writing, the second most popular web server on the web.
It is however, gaining market share, and if the current trend continues, it
won't be long before it overtakes Apache.
Copyright
publishers.
IUM BIS 3316
43
IIS comes as an optional component of most Windows operating systems.

You can install IIS by using Add/Remove Windows Components from Add or
Remove Programs in the Control Panel.
Microsoft IIS website: http://www.microsoft.com/iis
Sun Java System Web Server
Based on the Sun One Web Server, the Sun Java System Web Server is
designed for medium to large business applications. Sun Java System Web
Server is available for most operating systems.
Sun Java System Web Server website:
http://www.sun.com/software/products/web_srvr/home_web_srvr.xml
- Web Server
- Web Browser
- HTTP
Key Words/Terms
Copyright
publishers.
IUM BIS 3316
44
4. What Are Active Server Pages?
Chapter 4
- Understand Active Server Pages and why they are important to
Dynamic Web Page implementation
Objectives
Active Server Pages (ASPs) are Web pages that contain server-side scripts in
addition to the usual mixture of text and HTML (Hypertext Markup Language)
tags. Server-side scripts are special commands you put in Web pages that
are processed before the pages are sent from your Personal Web Server to
the Web browser of someone who's visiting your Web site. . When you type a
URL in the Address box or click a link on a Web page, you're asking a Web
server on a computer somewhere to send a file to the Web browser
(sometimes called a "client") on your computer. If that file is a normal HTML
file, it looks exactly the same when your Web browser receives it as it did
before the Web server sent it. After receiving the file, your Web browser
displays its contents as a combination of text, images, and sounds.
In the case of an Active Server Page, the process is similar, except there's an
extra processing step that takes place just before the Web server sends the
file. Before the Web server sends the Active Server Page to the Web browser,
it runs all server-side scripts contained in the page. Some of these scripts
display the current date, time, and other information. Others process
information the user has just typed into a form, such as a page in the Web
site's guestbook.
To distinguish them from normal HTML pages, Active Server Pages are given
the ".asp" extension.
What Can You Do with Active Server Pages?
There are many things you can do with Active Server Pages.
Copyright
publishers.
IUM BIS 3316
45
You can display date, time, and other information in different ways.
You can make a survey form and ask people who visit your site to fill it
out, send emails, save the information to a file, etc
What Do Active Server Pages Look Like?

The appearance of an Active Server Page depends on who or what is viewing
it. To the Web browser that receives it, an Active Server Page looks just like a
normal HTML page. If a visitor to your Web site views the source code of an
Active Server Page, that's what they see: a normal HTML page. However, the
file located in the server looks very different. In addition to text and HTML
tags, you also see server-side scripts. This is what the Active Server Page
looks like to the Web server before it is processed and sent in response to a
request.
What Do Server-Side Scripts Look Like?
Server-side scripts look a lot like HTML tags. However, instead of starting and
ending with lesser-than ( < ) and greater-than ( > ) brackets, they typically
start with <% and end with %>. The <% is called an opening tag, and the
%> is called a closing tag. In between these tags are the server-side scripts.
You can insert server-side scripts anywhere in your Web page--even inside
HTML tags.
Do You Have to Be a Programmer to Understand Server-Side
Scripting?
There's a lot you can do with server-side scripts without learning how to
program. For this reason, much of the online Help for Active Server Pages is
written for people who are familiar with HTML but aren't computer
programmers.
Displaying the Current Date and Time
The date and time described in this section are those that are on the server.
Date
Copyright
publishers.
IUM BIS 3316
46
To display the current date by itself in a Web page, type:

<% =date %>
at the point where you want it to appear. When you view the page in your
browser, you should see something like this:
Thu, Jan 23, 1997
Note: Even though "=date" is a short script, it's actually made up of two
parts. The "date" part tells the server, "Get me the date." The equal sign (=)
tells the server to display the date in the Web page. If you typed just:
<% date %>
the server would get the current date from your system, but that's all. It
wouldn't display it. There are times when it makes sense to use an ASP
function without the equal sign.
Time
To display the current time by itself, type:
<% =time %>
where you want it to appear. When you view the page, you should see
something like this:
4:19:46 PM
Now (Date and Time)
To display the current date and time, type:
<% =now %>
where you want them to appear. When you view the page, you should see
something like this:
1/23/97 4:19:46 PM
Changing the Way Date and Time are Displayed
You can also use Active Server Pages (ASP) functions to customize the way
the current date and time are displayed on your Web page. To do this, use
the now function together with the following formatting functions.
Copyright
publishers.
IUM BIS 3316
47
Month and Monthname

To display the number of the current month in a Web page, type:
<% =month(now) %>
where you want it to appear. When you view the page in your browser, you'll
see a 1 if the current month is January, 2 if it's February, and so on.
To display the name of the current month, type:
<% =monthname(month(now)) %>
where you want it to appear.

Day
To display the day of the current month, type:
<% =day(now) %>
where you want it to appear. When you view the page, you'll see a number
between 1 and 31.
Year
To display the current year, type:
<% =year(now) %>

Example
Suppose you wanted to display today's date as day/month/year instead of
month/day/year. To do so, you would use the day, month, and year ASP
functions together, by typing:
<% =day(now) %>/<% =month(now) %>/<% =year(now) %>
When you viewed the page, you would see something like this:
23/1/1997
You can change this so only the last two digits of the year are displayed, like
this:
23/1/97
Copyright
publishers.
IUM BIS 3316
48
Weekday and Weekdayname

To display the day of the week as a number from 1 to 7 in a Web page, type:
<% =weekday(now) %>
where you want it to appear. When you view the page in Internet Explorer,
you'll see a 1 if today is Sunday, 2 if it's Monday, and so on.
To display the day of the week by name, type:
<% =weekdayname(weekday(now)) %>

Hour, Minute, and Second
To display just the hour part of the current time, type:
<% =hour(now) %>
where you want it to appear. The hour function is based on a 24-hour clock.
When you view the page, you'll see a number between 0 and 23.
To display just the minutes part of the current time, type:
<% =minute(now) %>
between 0 and 59.
To display just the seconds part of the current time, type:
<% =second(now) %>
between 0 and 59.
Example
Try typing this into a Web page:
The time is <% =time %>. That means it's <% =minute(now) %>
minutes past <% =hour(now) %> o'clock.
When you view the page in Internet Explorer, you should see something like
this:
The time is 1:36:05 PM. That means it's 36 minutes past 13 o'clock.
Copyright
publishers.
IUM BIS 3316
49
Remember, the hour function is based on a 24-hour clock. Later we'll see
how to convert from the 24-hour clock to a 12-hour clock.
Timevalue
You probably won't ever use the timevalue function. It takes the different
ways you can write the time, such as "2:24PM" and "14:24," and returns
them in this format: "2:24:00 PM." This can be useful if you're using a
function that needs to be given the time in that exact format.
Example
Earlier in this section we saw how you can use the hour, minute, and second
functions to break up the time into hours, minutes, and seconds. With the
timevalue function, you can put them back together. Type this into a Web
page:
When it's 23 minutes and 5 seconds past 4 o'clock in the afternoon,
that means it's <% =timevalue("16:23:05") %>.
This is the same as <% =timevalue("4:23:05PM") %>
or <% =timevalue("16:23:05PM") %>.
Make sure you type "16:23:05PM" and not "16:23:05 PM." The "05" and the
"PM." should be run together, not separated by a space. When you view the
page in Internet Explorer, you should see:
When it's 23 minutes and 5 seconds past 4 o'clock in the afternoon, that
means it's 4:23:05 PM. This is the same as 4:23:05 PM or 4:23:05 PM.
Displaying Text
len
The len function tells you how many characters are in a word or sequence of
words. (The name "len" is an abbreviation of "length.") All characters are
counted, including the space character. For example, to find the length of the
sentence "The cat is on the mat," type this into a Web page:
There are <% =len("The cat is on the mat.") %> characters in
"The cat is on the mat."
When you view the page in Internet Explorer, you should see this:
Copyright
publishers.
IUM BIS 3316
50
There are 22 characters in "The cat is on the mat."

left
You can use the left function to look at the first few characters of a word or
sequence of words. For example, to find the first character of "Frankenstein,"
type this into a Web page:
"Frankenstein" begins with the letter <% =left("Frankenstein", 1) %>.
When you view the page, you should see this:

"Frankenstein" begins with the letter F.
right
To look at the last few characters of a word or sequence of words, use the
right function. For example, to find the last three letters of "Wednesday,"
type this into a Web page:
The last three letters of "Wednesday" are: <% =right("Wednesday", 3) %>.
When you view this page, you should see this:

The last three letters of "Wednesday" are: day.
Example
What if you wanted to take a few letters from the middle of something? How
would you specify exactly where in the middle you wanted to be? For
example, how would you take out just the "apple" part of the word
"pineapples"?
You could start with the fifth character from the left and then stop at the
second character from the right. Or you could do it the following way.
Try typing this into a Web page:
<% =right("pineapples", 6) %> <% =left(right("pineapples", 6), 5) %>
This line takes the last six letters of the word "pineapples," which make up
the word "apples." Then it takes the first five letters of the word "apples,"
which make up the word "apple."
Copyright
publishers.
IUM BIS 3316
51
When you view this page in Internet Explorer, you should see this:
apples apple
Then try typing this into a Web page:
<% =left("pineapples", 9) %> <% =right(left("pineapples", 9), 5) %>
This line takes the first nine letters of the word "pineapples," which make up
the word "pineapple." Then it takes the last five letters of the word
"pineapple," which make up the word "apple."
When you view this page, you should see this:
pineapple apple
Cool Things You Can Do with Date, Time, and Text
Here are some examples of interesting things you can do with date, time,
and text functions.
Link of the Day
What if you wanted to have a link that pointed to a different page every day
of the week? Here's how you can do that. First, choose the pages (HTML files)
on your Web site that you want your link to point to. Name them
"Sunday.htm," "Monday.htm," and so on. (If you don't have seven different
HTML files, you can copy some of the files or make aliases on your Macintosh
to them. The important thing is that there has to be one file or alias for every
day of the week.)
To make the link, type
<a href= <% =weekdayname(weekday(now)) %>.htm>Link of the Day</a>
where you want it to appear. When you click this link in Internet Explorer, it
will take you to today's page.
Another Way to Display Today's Date
Copyright
publishers.
IUM BIS 3316
52
Earlier we saw how to change the date display from month/day/year to

day/month/year like this:
23/1/1997
We can also change the date display so only the last two digits of the year
are included. To do this, type
<% =day(now) %>/<% =month(now) %>/<% =Right((year(now)), 2) %>
Now when you view the page, you should see something like this:
23/1/97
Another Way to Display the Time
In an earlier example, we wrote a server-side script to display the current
time in words, such as: "The time is 36 minutes and 5 seconds past 13
o'clock." This script used the ASP hour function, which returns just the hour
part of the current time, based on a 24-hour clock.
In this example, we'll see how to change 24-hour clock times such as "13
o'clock" to 12-hour clock times ("1 o'clock PM"). To do this, we'll need to
make the server-side script that uses the hour function a little more
complicated. Instead of
<% =hour(now) %> o'clock
we'll need to write a script that looks at the hour and does one of the
following:
If the hour is 0 (zero), the script displays "midnight."
If the hour is 12, the script displays "noon."
If the hour is between 1 and 11, the script doesn't change it, but it
displays "AM" after "o'clock."
If the hour is between 13 and 23, the script subtracts 12 (to make it a
number between 1 and 11) and displays "PM" after "o'clock."
Copyright
publishers.
IUM BIS 3316
53
The script is shown below. It isn't written quite the way a programmer would
write it, but it works, and it's fairly easy to understand, since it follows the
items in the bulleted list above exactly.
The hour is
<% if hour(now) = 0 then %>
midnight.
<% end if
if hour(now) = 12 then %>
noon.
<% end if
if (hour(now) >= 1) and (hour(now) <= 11) then %>
<% =hour(now) %> o'clock AM.
<% end if
if (hour(now) >= 13) and (hour(now) <= 23) then %>
<% =hour(now) - 12 %> o'clock PM.
<% end if %>
If you type (or better yet, cut-and-paste) this script in a Web page, when you
view the page, you should see something like this:
The hour is 4 o'clock PM.
Stop/Reflect
- In a Namibian Context, identify any type of organisations that will need
to make use of dynamic webpages?
- Identify organisation which will need to have fairly static webpages on
their web sites.
Stop/Reflect
Active Server Pages (Classic ASP)?

Active Server Pages or Classic ASP, as it is more commonly known, is a technology that enables you to
make dynamic and interactive web pages.
ASP uses server-side scripting to dynamically produce web pages that are not affected by the type of
browser the web site visitor is using.
Copyright
publishers.
IUM BIS 3316
54
The default scripting language used for writing ASP is VBScript, although you can use other scripting
languages like JScript (Microsoft's version of JavaScript).
ASP pages have the extension .asp instead of .htm, when a page with the extension .asp is requested
by a browser the web server knows to interpret any ASP contained within the web page before
sending the HTML produced to the browser. This way all the ASP is run on the web server and no ASP
will ever be passed to the web browser.
Any web pages containing ASP cannot be run by just simply opening the page in a web browser. The
page must be requested through a web server that supports ASP, this is why ASP stands for Active
Server Pages, no server, no active pages.
As ASP was first introduced by Microsoft on it's web server, Internet Information Services (IIS), that
runs on all versions of Windows from NT4, including Windows 7, Vista, XP Pro, and Windows Server
OS's like Windows 2000, 2003, 2008, it is this web server that ASP pages usually run best on.
For those of you running Windows and wish to play around with ASP on your own system you will need
to install Microsoft's Internet Information Services (IIS). Lucky IIS or its micro version Personal Web
Server (PWS) comes free with Windows.
For Windows users you can find Internet Information Services (IIS) or Personal Web Server (PWS) in
the following places:
Windows XP Pro/2003/2000 - IIS can be found in 'Add/Remove Programs' in the 'Control

Panel'.
Windows 98 - PWS can be found under 'add-ons' on the Windows 98 CD.
Windows NT4/95 - You can get hold of IIS by downloading the NT4 Option Pack from Microsoft
(don't be fooled by the name as it also runs on Windows 95).
Windows ME - IIS and PWS are not supported on this operating system.
Windows XP Home Edition - IIS and PWS are not supported on this operating system.
Installing IIS on Windows XP Pro

If you are running Windows XP Professional on your computer you can install Microsoft's web server,
Internet Information Server 5.1 (IIS) for free from the Windows XP Pro installation CD and configure it
to run on your system by following the instructions below: Copyright
publishers.
IUM BIS 3316
55
1. Place the Windows XP Professional CD-Rom into your CD-Rom Drive.

2. Open 'Add/Remove Windows Components' found in 'Add/Remove Programs' in the 'Control Panel'.
3. Place a tick in the check box for 'Internet Information Services (IIS)' leaving all the default
installation settings intact.
4. Once IIS is installed on your machine you can view your home page in a web browser by typing
'http://localhost' (you can substitute 'localhost' for the name of your computer) into the address bar of
your web browser. If you have not placed your web site into the default directory you should now be
looking at the IIS documentation.
5. If you are not sure of the name of your computer right-click on the 'My Computer' icon on your
desktop, select 'Properties' from the shortcut menu, and click on the 'Computer Name' tab.
6. Your default web directory to place your web site in is 'C:\Inetpub\wwwroot', but if you don't want
to over write the IIS documentation found in this directory you can set up your own virtual directory
through the 'Internet Information Services' console.
7. The 'Internet Information Services' console can be found in the 'Administration Tools' in the 'Control
Panel' under 'Performance and Maintenance', if you do not have the control panel in Classic View.
8. Double-click on the 'Internet Information Services' icon.
Copyright
publishers.
IUM BIS 3316
56
8. Once the 'Internet Information Services' console is open you will see any IIS web services you have
running on your machine including the SMTP server and FTP server, if you chose to install them with
IIS.
9. To add a new virtual directory right click on 'Default Web Site' and select 'New', followed by 'Virtual
Directory', from the drop down list.
7. Next you will see the 'Virtual Directory Creation Wizard' from the first screen click the 'next' button.
9. You will then be asked to type in an 'Alias' by which you will access the virtual directory from your
web browser (this is the name you will type into your web browser after 'localhost' to view any web
pages you place in the directory).
10. Next you will see a 'Browse...' button, click on this to select the directory your web site pages are
in on your computer, after which click on the 'next' button to continue.
11. On the final part of the wizard you will see a series of boxes, if you are not worried about security
then select them all, if you are and want to run ASP scripts then check the first two, followed by the
'next' button.
12. Once the virtual directory is created you can view the web pages in the folder by typing
Copyright
publishers.
IUM BIS 3316
57
'http://localhost/aliasName' (where 'aliasName' is, place the alias you called the virtual directory) into
the address bar of your web browser (you can substitute 'localhost' for the name of your computer if
you wish).
Creating your First ASP Page
If you are reading this page then I shall assume that you are new to Classic ASP and want to create
your first dynamic ASP web page. Before we can begin please make sure you have installed IIS
(Internet Information Services) on your system as you need one of these web servers to be able to
view a page containing ASP (just opening the page in your web browser by double-clicking on the
page will NOT work).
For those that do not wish to mess around attempting to install IIS (Internet Information Services) on
their own computer there are many hosting companies. Right, now we have got that out the way we
can begin creating your first ASP page. In this module we are going to display the classic 'Hello World'
text in an web page as well as the time on the web server.
As ASP is going to be displayed as part of a web page we first need to create an HTML web page, open
up your favourite text editor and type the following.
<html>
<head>
<title>My First ASP Page</title>
</head>
<body bgcolor="white" text="black">
Copyright
publishers.
IUM BIS 3316
58
Next we can begin writing some ASP. Any ASP needs to be placed in between the tags, <% ........
%>, to indicate server-side script. In this next part we will start the server side script tag and create
a variable to hold the text 'Hello World'.
<%
'Dimension variables
Dim strMessage
Notice I haven't given the variable 'strMessage' a data type, this is because VBScript only has variant
as a data type.
Now we have created a variable were going to give it the value 'Hello World'.
'Place the value Hello World into the variable strMessage

strMessage = "Hello World"
Once the variable has a value we can now display the contents of the variable in the HTML by using
the ASP 'Response.Write' method to place the contents of the variable into the HTTP stream.
'Write the contents of the variable strMessage to the web page

Response.Write (strMessage)
Next we shall use the 'Response.Write' method to write a line break into the HTML to create a new line
before displaying the server time.
Copyright
publishers.
IUM BIS 3316
59
'Write line break into the web page

Response.Write ("<br>")
Again using the 'Response.Write' method and the VBScript function 'Time()' we shall now display the
server time on the HTML page and close the serer side script tag as we have finished using ASP in this
part of the web page.
'Write the server time on the web page using the VBScript Time() function
Response.Write ("The time on the server is: " & Time())
'Close the server script
%>
Finally we need to finish the HTML web page by closing the body tag and the HTML tag.
</body>
</html>
Next, call the file, 'my_first_asp_page.asp' (don't forget the '.asp' extension) and save the file to a
directory accessible through your web server (this will usually be, 'c:\inetpub\wwwroot', on IIS or PWS
with a default install).
To display the page open your web browser and type 'http://my_computer/my_first_asp_page.asp',
where 'my_computer' is replace this with the name of your computer.
And that's about it, you have now created your first dynamic ASP web page!
Copyright
publishers.
IUM BIS 3316
60
Connecting To An Access Database Using ASP

If you are reading this page then I shall assume that you already know a little bit about ASP and
running ASP applications.
To make this module more interesting and the following notes on, Adding, Deleting, and Updating,
data from a Microsoft Access database, we are going to use these tutorials to make a simple
Guestbook application.
Before we can connect to a database we need a database to connect too.
Creating the Guestbook Database

To create a database your first need to open Microsoft Access and choose 'Blank Access Database'
from the starting menu. You will be prompted for a name for the database and where you want it
saved. Call the database 'guestbook.mdb' and save it in the same directory as the web page
connecting
to
the
database
is
going
to
be.
You should now see the main Access dialog box, from here select 'Create table in design view'.
You now need to create 3 fields for the database and select their data types.
Field 1 needs to be called 'ID_no' and have the data type of 'AutoNumber'. Also set this field as the
primary key.
Field 2 needs to be called 'Name' and have the data type of text.
Field 3 needs to be called 'Comments' and also has the data type of text, but this time you need to
change the default field size of 50 to 100 characters under the 'General' tab in the 'Field Properties'
box at the bottom of the screen.
Copyright
publishers.
IUM BIS 3316
61
Once all the field's have been created and the data types and primary key set, save the table as
'tblComments'.
Now the table has been created you need to enter some test data into the table. You can do this by
double-clicking on the new table (tblComments) in the main dialog box. From here you can enter
some test data. I would recommend entering at least 3 pieces of test data.
Connecting to the Guestbook Database

Now that the database is created and test data entered we can get on with creating the web page to
display the data from the database.
First we need to start web page, open up your favourite text editor and type the following HTML.
<html>
<head>
<title>My First ASP Page</title>
</head>
Next we can begin writing the ASP to connect to the database. First we need to create the variables
that we are going to use in the script.
Copyright
publishers.
IUM BIS 3316
62
<%
Dim adoCon
'Holds the Database Connection Object
Dim rsGuestbook 'Holds the recordset for the records in the database
Dim strSQL
'Holds the SQL query to query the database
Next we need to create a database connection object on the server using the ADO Database
connection object.
'Create an ADO connection object

Set adoCon = Server.CreateObject("ADODB.Connection")
Now we need to open a connection to the database. There are a couple of ways of doing this either by
using a system DSN or a DSN-less connection. First I am going to show you how to make a DSN-less
connection as this is faster and simpler to set up than a DSN connection.
To create a DSN-less connection to an Access database we need tell the connection object we created
above to open the database by telling the connection object to use the 'Microsoft Access Driver' to
open the database 'guestbook.mdb'.
You'll notice the ASP method 'Server.MapPath' in font of the name of the database. This is used as we
need to get the physical path to the database. Server.MapPath returns the physical path to the script,
e.g. 'c:\website\', as long as the database is in the same folder as the script it now has the physical
path to the database and the database name.
'Set an active connection to the Connection object using a DSN-less connection

adoCon.Open "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & Server.MapPath("guestbook.mdb")
If on the other hand you want to use a slower DSN connection to the database then you will need to
replace the line above with the one below.
Copyright
publishers.
IUM BIS 3316
63
'Set an active connection to the Connection object using DSN connection

adoCon.Open "DSN=guestbook"
Next create an ADO recordset object which will hold the records from the database.
'Create an ADO recordset object

Set rsGuestbook = Server.CreateObject("ADODB.Recordset")
To query a database we need to use SQL (Structured Query Language). In the next line we initialise
the variable 'strSQL' with an SQL query to read in the fields 'Name' and 'Comments' form the
'tblComments' table.
'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblComments.Name, tblComments.Comments FROM tblComments;"
Now we can open the recordset and run the SQL query on the database returning the results of the
query to the recordset.
'Open the recordset with the SQL query

rsGuestbook.Open strSQL, adoCon
Using a 'Do While' loop we can loop through the recordset returned by the database while the
recordset is not at the end of file (EOF). The 'Response.Write' method is used to output the recordset
to the web page. The 'MoveNext' method of the recordset object is used to move to the next record in
the recordset before looping back round to display the next record.
Copyright
publishers.
IUM BIS 3316
64
'Loop through the recordset

Do While not rsGuestbook.EOF
'Write the HTML to display the current record in the recordset
Response.Write (rsGuestbook("Name"))
Response.Write (rsGuestbook("Comments"))
'Move to the next record in the recordset
rsGuestbook.MoveNext
Loop
And finally we need to close the recordset, reset the server objects, close the server side scripting tag,
and close the html tags.
'Reset server objects

rsGuestbook.Close
Set rsGuestbook = Nothing
Set adoCon = Nothing
%>
</body>
</html>
Now call the file you have created 'guestbook.asp' and save it in the same directory folder as the
database, don't forget the '.asp' extension.
If you find that you are getting errors connecting to the database then please read through the Access
Database Errors FAQ's, practically make sure you have the correct 'ODBC Drivers' installed on your
system and if you are using the, 'NTFS file system', make sure the permissions are correct for the
database and the directory the database in.
Copyright
publishers.
IUM BIS 3316
65
Adding Data to An Access Database Using ASP

In this section we use an HTML form to take a site visitors name and comments and add these to the
database. We will then use the page 'guestbook.asp' made in the first database tutorial to display the
contents of the database
Creating an HTML Page to take User Input

First we need to quickly create an HTML page with a form on it to take the input from the user.
In this page we will have two text boxes, one called 'name' and the other called, 'comments', we will
then use the post method to send the page to the file, 'add_to_guestbook.asp' that we are going to be
creating later in this tutorial, which will add the user input into the database.
<html>
<head>
<title>Guestbook Form</title>
</head>

<form name="form" method="post" action="add_to_guestbook.asp">
Name: <input type="text" name="name" maxlength="20">
<br>
Comments: <input type="text" name="comments" maxlength="50">
<input type="submit" name="Submit" value="Submit">
</form>

</body>
</html>
Save the page as 'guestbook_form.htm' in the same folder as the Guestbook database.
Copyright
publishers.
IUM BIS 3316
66
Adding Data to the Guestbook Database

Now we've got the form, to input the data through, out of the way we can make the page that does all
the work, adding the data to the database.
This page contains no HTML so we can start writing the asp straight away, still don't forget the server
side script tags, <% .... %>.
First we need to dimension the variables used in the script, so open your favourite text editor and
enter the following code.
<%
Dim adoCon
Dim rsAddComments 'Holds the recordset for the new record to be added
Dim strSQL
connection object.

Copyright
publishers.
IUM BIS 3316
67


Next create an ADO recordset object which will hold the records from the database and the new record
to be added to the database.

Set rsAddComments = Server.CreateObject("ADODB.Recordset")
the variable 'strSQL' with an SQL query to read in the fields 'Name' and 'Comments' form the
'tblComments' table.
strSQL = "SELECT tblComments.Name, tblComments.Comments FROM tblComments;"
Copyright
publishers.
IUM BIS 3316
68
Set the cursor type we are using to 'adLockOptomistic' so we can move through the record set. The
integer value for this is 2.
'Set the cursor type we are using so we can navigate through the recordset
rsAddComments.CursorType = 2
Because we are going to be saving an updated recordset back to the database we need to set the
LockType of the recordset to 'adoLockOptimistic' so that the recordset is locked, but only when it is
updated. The integer value for this lock type is 3.
'Set the lock type so that the record is locked by ADO when it is updated
rsAddComments.LockType = 3
Now we can open the recordset and run the SQL query on the database returning the results of the
query to the recordset.

rsAddComments.Open strSQL, adoCon
Once the recordset is open we can add a new record onto the end of the recordset. In the next line we
let the recordset know we are adding a new record to it.
'Tell the recordset we are adding a new record to it

rsAddComments.AddNew
Copyright
publishers.
IUM BIS 3316
69
Now we can add a new record to the recordset. The details taken from the form we created at the
start of this tutorial are entered into there relevant fields in the recordset. To get the data entered by
the user from the form we use the 'Form' method of the ASP 'Request' object to request the data
entered into the text boxes, 'name' and 'comments'.
'Add a new record to the recordset

rsAddComments.Fields("Name") = Request.Form("name")
rsAddComments.Fields("Comments") = Request.Form("comments")
The data has been entered into the recordset we can save the recordset to the database using the
'Update' method of the recordset object.
'Write the updated recordset to the database

rsAddComments.Update
We have finished using the database in this script so we can now close the recordset and reset the
server objects.

rsAddComments.Close
Set rsAddComments = Nothing
Now that the database is updated we are going to use the 'Redirect' method of the ASP response
object to redirect to the 'guestbook.asp' page we created earlierNote that if you are going to use the
'Response.Redirect' method you must remember to redirect before any HTML is written.
Copyright
publishers.
IUM BIS 3316
70
'Redirect to the guestbook.asp page

Response.Redirect "guestbook.asp"
%>
Now call the file 'add_to_guestbook.asp' and save it to the same directory as the database and the
'guestbook.asp' page, don't forget the '.asp' extension.
Creating a Page to Select the Database Entry to Delete

First we need to create a page to display the contents of the database so we can select which entry
that we want to delete.
I'm not going to go into two much detail on this page as it is almost identical to the page
'guestbook.asp' we created in the first database tutorial.
The only difference is that we are selecting all fields from the table 'tblComments' in the Guestbook
database so we are using the SQL query with the wild card, 'tblComments.*' to get all the fields from
the table.
The other difference is when we are displaying the contents of the database in the web page using the
'Response.Write' method we are now creating a hyperlink to the 'delete_entry.asp' page which we will
be creating later in this tutorial to delete the entry.
<html>
<head>
<title>Delete Entry Select</title>
</head>
<%
Dim adoCon
Dim rsGuestbook
'Holds the recordset for the records in the database
Dim strSQL
'Holds the SQL query for the database
Copyright
publishers.
IUM BIS 3316
71

adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("guestbook.mdb")
'adoCon.Open "DSN=guestbook"
strSQL = "SELECT tblComments.* FROM tblComments;"

Response.Write ("<a href=""delete_entry.asp?ID=" & rsGuestbook("ID_no") & """>")
Response.Write ("</a>")
Loop


rsGuestbook.Close
%>
</body>
</html>
Save this page as 'delete_select.asp' in the same folder as the Guestbook database.
Copyright
publishers.
IUM BIS 3316
72
Deleting Data from the Guestbook Database

Now we've got the page to select the entry out of the way, we can now make the page to delete the
selected entry from the database.
This page contains no HTML so we can start writing the asp straight away, still don't forget the server
side script tags, <% .... %>.
<% 'Dimension variables

Dim adoCon
Dim rsDeleteEntry 'Holds the recordset for the record to be deleted
Dim strSQL
Dim lngRecordNo
'Holds the record number to be deleted
Next we need to get the 'ID Number' of the entry to be deleted from the database. This ID number
was passed to the page we are writing by the script we wrote at the beginning of the tutorial, by
adding the '?ID= Entry ID Number' at the end of the URL.
To read in the ID number we are going to use the 'QueryString' method of the ASP 'Request' object,
we are also going to use the 'CLng' VBScript function to convert the ID number to the data type, 'Long
Integer'.
'Read in the record number to be deleted

lngRecordNo = CLng(Request.QueryString("ID"))
connection object.
Copyright
publishers.
IUM BIS 3316
73


replace the line above with the one below


Set rsDeleteEntry = Server.CreateObject("ADODB.Recordset")
Copyright
publishers.
IUM BIS 3316
74
the variable 'strSQL' with an SQL query to read in all the fields from the 'tblComments' table where
the 'ID_no' = the entry to be deleted, this way the query will only return one record to the recordset.
strSQL = "SELECT tblComments.* FROM tblComments WHERE ID_no=" & lngRecordNo
Because we are going to be deleting the record held in the recordset we need to set the LockType of
the recordset to 'adoLockOptimistic' so that the recordset is locked when it is deleted. The integer
value for this lock type is 3.
'Set the lock type so that the record is locked by ADO when it is deleted
rsDeleteEntry.LockType = 3
Now we can open the recordset and run the SQL query on the database to get the database entry that
we want to delete.

rsDeleteEntry.Open strSQL, adoCon
Once the recordset is open and contains the entry we want to delete we can delete the entry from the
database by using the 'Delete' method of the 'Recordset' object.
'Delete the record from the database

rsDeleteEntry.Delete
Copyright
publishers.
IUM BIS 3316
75
server objects.

rsDeleteEntry.Close
Set rsDeleteEntry = Nothing
Now that the database entry has been deleted we are going to use the ' Redirect' method of the ASP
response object to redirect back to the page we wrote at the beginning of this tutorial,
'delete_select.asp' so that another entry can be selected to be deleted from the database. Note that if
you are going to use the 'Response.Redirect' method you must remember to redirect before any HTML
is written.
'Return to the delete select page in case another record needs deleting
Response.Redirect "delete_select.asp"
%>
Now call the file 'delete_entry.asp' and save it to the same directory as the Guestbook database and
the 'delete_select.asp' page, don't forget the '.asp' extension.
Updating Data In An Access Database Using ASP
In this tutorial we are going to be Updating data in the Guestbook database made in the tutorial Part:
Connecting to an Access Database.
Copyright
publishers.
IUM BIS 3316
76
In the first database tutorial, Part: Connecting to an Access Database, we learned how to connect to a
database and display the contents of a database table in a web page.
In the second database tutorial, Part : Adding Data to an Access Database, we learned how to add
data to the database created in the first database tutorial and then use the page 'guestbook.asp'
made in the first database tutorial to display the updated contents of the database.
In the third database tutorial, Part : Deleting Data from an Access Database, we learned how to delete
data from the Guestbook database we created in the first database tutorial.
In this tutorial we are going to create three pages to update data in the 'Guestbook' database made in
the first database tutorial. The first page is used to display the contents of the database so you can
select which entry you want update. In the second page we use a form to display the present data
held in the database and allow you to change the details. In the third page we update the database.
Creating a Page to Select the Database Entry to Update

First we need to create a page to display the contents of the database so we can select which entry
that we want to update.
I'm not going to go into any detail about this page as it is almost identical to the page we created in
the last database tutorial on selecting an entry to delete. The only difference is the hyperlink created
is to the form, 'update_form.asp', that we are going to create next in this tutorial.
<html>
<head>
<title>Update Entry Select</title>
</head>
<%
Dim adoCon
Dim rsGuestbook
Dim strSQL
Copyright
publishers.
IUM BIS 3316
77

strSQL = "SELECT tblComments.* FROM tblComments;"

Response.Write ("<a href=""update_form.asp?ID=" & rsGuestbook("ID_no") & """>")
Response.Write ("</a>")
Loop


rsGuestbook.Close
%>
</body>
</html>
Save this page as 'update_select.asp' in the same folder as the Guestbook database.
Copyright
publishers.
IUM BIS 3316
78
Entering the Data into a Form to be Updated

In this part of the tutorial we need to create a form containing the database entry that we want to
update. From this form we can change the details of the entry from the database.
The first part of this page is where we connect to the database and read the data into the recordset.
We have already covered this so I shall not go into any detail here.
<%
Dim adoCon
Dim rsGuestbook
Dim strSQL
Dim lngRecordNo
'Holds the record number to be updated
'Read in the record number to be updated
lngRecordNo = CLng(Request.QueryString("ID"))
%>
As you can see in the code above we haven't closed the recordset yet, so we can read in the data from
Copyright
publishers.
IUM BIS 3316
79
the recordset into the default values of the text boxes in the form. At the end of the page we close the
recordset and reset the server objects.
<html>
<head>
<title>Guestbook Update Form</title>
</head>

<form name="form" method="post" action="update_entry.asp">
Name: <input type="text" name="name" maxlength="20" value="<% = rsGuestbook("Name") %>">
<br>
Comments: <input type="text" name="comments" maxlength="60" value="<% = rsGuestbook("Comments")
%>">
<input type="hidden" name="ID_no" value="<% = rsGuestbook("ID_no") %>">
<input type="submit" name="Submit" value="Submit">
</form>

</body>
</html>
<%
rsGuestbook.Close
%>
Save this page as 'update_form.asp' in the same folder as the Guestbook database.
Updating the Entry in the Guestbook Database

Now we've got the page to select the entry out of the way and the form to change the details, we can
now
make
the
page
to
update
the
selected
entry
in
the
database.
Copyright
publishers.
IUM BIS 3316
80
<% 'Dimension variables

Dim adoCon
Dim rsUpdateEntry 'Holds the recordset for the record to be updated
Dim strSQL
Dim lngRecordNo
'Holds the record number to be updated
Next we need to get the 'ID Number' of the entry to be updated from the database. To read in the ID
number we are going to use the 'Form' method of the ASP 'Request' object that we covered in the first
database tutorial, we are also going to use the 'CLng' VBScript function to convert the ID number to
the data type, 'Long Integer'.
'Read in the record number to be updated

lngRecordNo = CLng(Request.Form("ID_no"))
connection object.

connection
as
this
is
faster
and
simpler
to
set
up
than
a
DSN
connection.
open
the
database
'guestbook.mdb'.
Copyright
publishers.
IUM BIS 3316
81



Set rsUpdateEntry = Server.CreateObject("ADODB.Recordset")
the variable 'strSQL' with an SQL query to read in all the fields from the 'tblComments' table where
the 'ID_no' = the entry to be updated, this way the query will only return the record to be updated to
the recordset.
Copyright
publishers.
IUM BIS 3316
82
Set the cursor type we are using to 'adLockOptomistic' so we can move through the record set. The
integer value for this is 2.
'Set the cursor type we are using so we can navigate through the recordset
rsUpdateEntry.CursorType = 2
Because we are going to be updating the record held in the recordset we need to set the LockType of
the recordset to 'adoLockOptimistic' so that the recordset is locked when it is updated. The integer
value for this lock type is 3.
'Set the lock type so that the record is locked by ADO when it is updated
rsUpdateEntry.LockType = 3
Now we can open the recordset and run the SQL query on the database to get the database entry that
we want to update.

rsUpdateEntry.Open strSQL, adoCon
Now we can update the record in the recordset with the details taken from the form we created earlier
in this tutorial. To get the data entered by the user from the form we use the 'Form' method of the
ASP 'Request' object to request the data entered into the text boxes, 'name' and 'comments'.
'Update the record in the recordset

rsUpdateEntry.Fields("Name") = Request.Form("name")
rsUpdateEntry.Fields("Comments") = Request.Form("comments")
Copyright
publishers.
IUM BIS 3316
83
The data has been entered into the recordset so we can save the recordset to the database using the
'Update' method of the recordset object.
'Write the updated recordset to the database

rsUpdateEntry.Update
server objects.

rsUpdateEntry.Close
Set rsUpdateEntry = Nothing
Now that the database entry has been updated we are going to use the ' Redirect' method of the ASP
response object to redirect back to the page we wrote at the beginning of this tutorial,
'update_select.asp' so that another entry can be selected to be updated from the database. Note that
if you are going to use the 'Response.Redirect' method you must remember to redirect before any
HTML is written.
'Return to the update select page in case another record needs deleting
Response.Redirect "update_select.asp"
%>
Now call the file 'update_entry.asp' and save it to the same directory as the Guestbook database and
the 'update_select.asp' page and the 'update_form' page, don't forget the '.asp' extension.
And that's about it, you have now created a way to update entries in the database.
Copyright
publishers.
IUM BIS 3316
84
- Active Server Pages
Key Words/Terms
Copyright
publishers.
IUM BIS 3316
85
5. Security Tradeoffs: Java vs. ActiveX
Chapter 5
- Understand Java, Active-X in webpage development
Objectives
What are Java and ActiveX?

Java and ActiveX are two systems that let people attach computer programs to Web pages.
People like these systems because they allow Web pages to be much more dynamic and
interactive than they could be otherwise.
However, Java and ActiveX do introduce some security risk, because they can cause
potentially hostile programs to be automatically downloaded and run on your computer,
just because you visited some Web page. The downloaded program could try to access
or damage the data on your machine, for example to insert a virus. Both Java and
ActiveX take measures to protect your from this risk.
There has been a lot of public debate over which system offers better security. This
page gives our opinion on this debate. Java and ActiveX take fundamentally different
approaches to security. We will concentrate on comparing the approaches, rather than
critiquing the details of the two systems. After all, details can be fixed.
Who are the players?
Java was developed by JavaSoft, a division of Sun Microsystems. Java is supported by both of
the major browsers, Netscape Navigator and Microsoft Internet Explorer.
Copyright
publishers.
IUM BIS 3316
86
ActiveX was developed by Microsoft. It is supported in Microsoft's Internet Explorer, and

an ActiveX plug-in is available for Netscape Navigator.
The most intense public debate about security has been between JavaSoft and
Microsoft. Each company has accused the other of being careless about security, and
some misleading charges have been made.
How does security work in ActiveX?
ActiveX security relies entirely on human judgement. ActiveX programs come with digital
signatures from the author of the program and anybody else who chooses to endorse the
program.
Think of a digital signature as being like a person's signature on paper. Your browser
can look at a digital signature and see whether it is genuine, so you can know for sure
who signed a program. (That's the theory, at least. Things don't always work out so
neatly in practice.)
Once your browser has verified the signatures, it tells you who signed the program and
asks you whether or not to run it. You have two choices: either accept the program and
let it do whatever it wants on your machine, or reject it completely.
ActiveX security relies on you to make correct decisions about which programs to
accept. If you accept a malicious program, you are in big trouble.
How does security work in Java?
Java security relies entirely on software technology. Java accepts all downloaded programs and
runs them within a security "sandbox". Think of the sandbox as a security fence that surrounds
the program and keeps it away from your private data. As long as there are no holes in the
fence, you are safe.
Copyright
publishers.
IUM BIS 3316
87
Java security relies on the software implementing the sandbox to work correctly.
How can ActiveX security break down?
The main danger in ActiveX is that you will make the wrong decision about whether to accept a
program. One way this can happen is that some person you trust turns out not to deserve that
trust.
The most dangerous situation, though, is when the program is signed by someone you
don't know anything about. You'd really like to see what this program does, but if you
reject it you won't be able to see anything. So you rationalize: the odds that this
particular program is hostile are very small, so why not go ahead and accept it? After
all, you accepted three programs yesterday and nothing went wrong. It's just human
nature to accept the program.
Even if the risk of accepting one program is low, the risk adds up when you repeatedly
accept programs. And when you do get the one bad program, there is no limit on how
much damage it can do.
The only way to avoid this scenario is to refuse all programs, no matter how fun or
interesting they sound, except programs that come from a few people you know well.
Who has the self-discipline to do that?
How can Java security break down?

The main danger in Java comes from the complexity of the software that implements the
sandbox. Common sense says that complicated technology is more likely to break down than
simple technology. Java is pretty complicated, and several breakdowns have happened in the
past.
Copyright
publishers.
IUM BIS 3316
88
If you're the average person, you don't have the time or the desire to examine Java and
look for implementation errors. So you have to hope the implementers did everything
right. They're smart and experienced and motivated, but that doesn't make them
infallible.
When Java security does break down, the potential consequences are just as bad as
those of an ActiveX problem: a hostile program can come to your machine and access
your data at will.
What about "signed applets" in Java?
One problem with the original version of Java is that the "sandbox" can be too restrictive. For
example, Java programs are not allowed to access files, so there's no way to write a text editor.
(What good is editing if you can't save your work?)
Java-enabled products are now starting to use digital signatures to work around this
problem. The idea is like ActiveX: programs are digitally signed and you can decide,
based on the signature, to give a program more power than it would otherwise have.
This lets you run a text editor program if you decide that you trust its author.
The downside of this scheme is that it introduces some of the ActiveX problems. If you
make the wrong decision about who to trust, you could be very sorry. There's no known
way to get around this dilemma. Some kinds of programs must be given power in order
to be useful, and there's no ironclad guarantee that those programs will be wellbehaved.
Still, Java with signed applets does offer some advantages over ActiveX. You can put
only partial trust in a program, while ActiveX requires either full trust or no trust at all.
And a Java-enabled browser could keep a record of which dangerous operations are
carried out by each trusted program, so it would be easier to reconstruct what happened
Copyright
publishers.
IUM BIS 3316
89
if anything went wrong. (Current browsers don't do this record-keeping, but we wish they
would.) Finally, Java offers better protection against accidental damage caused by
buggy programs.
What about plug-ins?
Plug-ins are a method for adding code to your browser. Plug-ins have the same security model
as ActiveX: when you download a plug-in, you are trusting it to be harmless. All of the warnings
about ActiveX programs apply to plug-ins too.
Can I be hurt by a "good" plug-in or ActiveX program?
Unfortunately, yes. This depends entirely on what the plug-in or program does. Many plug-ins
such as Macromedia's Shockwave or Sun's Safe-Tcl are actually completely general
programming systems, just like Java. By accepting a plug-in like this, you're trusting that the
plug-in program has no security-relevant bugs. As we have seen with Java, systems that are
meant to be secure often have bugs that lead to security problems.
With ActiveX, this problem is made worse if you click the box which accepts all
programs signed by the same person (for example, if you accept anything signed by
Microsoft). While one Microsoft program may be secure, another one may have a
security-relevant bug.
This problem even applies to code written by your own company for internal use. Once
the plug-in or program is installed in your browser, an external attacker (who knew about
the program) could write a Web page which used your internal program bug passed it
funny data which corrupted the program and took over your machine.
If you're feeling paranoid, the only plug-ins you should allow are those with less than
general purpose functionality. A plug-in which handles a new image, video, or audio
format is less likely to be exploitable than a plug-in for a completely general animation
system. The good news is that there have been few incidents of people being damaged
Copyright
publishers.
IUM BIS 3316
90
by hostile Java or ActiveX programs. The reason is simply that the people with the skills
to create malicious programs have chosen not to do so.
For most people, continuing to use Java and ActiveX is the right choice. If you are
informed about the risks, you can make a rational decision to accept some danger in
exchange for the benefits of using Java and ActiveX.
How can I lower my risk?
There are several things you can do.
Think very carefully before accepting a digitally signed program. How competent and
trustworthy is the signer?
Use up-to-date browser versions, and install the security patches offered by your
browser vendor.
Never surf the Web on a computer that contains highly sensitive information like medical
records.
Copyright
publishers.
IUM BIS 3316
91
Integrating Java and ActiveX

With the full force of Microsoft behind it, it's no surprise that ActiveX has received tons of press
attention lately. As an Internet developer, you probably have some degree of confusion about
how ActiveX fits into the Internet landscape. More specifically, you may be worried about what
impact ActiveX will have on Java. We will take a close look at Java and ActiveX and where each
fits in the world of Internet development.
The goal of this module is to give you some perspective on the relationship between Java and
ActiveX. In doing so, you learn the details surrounding what each technology offers and why
they don't necessarily have to be viewed as direct competitors. You also learn about a specific
technology that aims to allow Java and ActiveX to happily coexist.
Technological Goals
In a general sense, Java and ActiveX both try to achieve the same goal: to bring interactivity to
the Web. Because this is a very general goal, you probably realize that many different approaches
can be taken to reach it. Java and ActiveX definitely take different routes to delivering
interactivity to the Web, and for good reason-they're widely divergent technologies that come
from two unique companies. Let's take a look at each technology and see what it accomplishes in
its quest to liven up the Web.
The Java Vision
First and foremost, Java is a programming language. It certainly is other things as well, but the
underlying strength of the Java technology is the structure and design of the Java language itself.
The architects at Sun wanted to take many of the powerful features in C++ and build a tighter,
easier-to-use, and more secure object-oriented language. They succeeded in a big way: Java is
indeed a very clean, easy-to-use language with lots of advanced security features. The time spent
designing the Java language is paying off well for Sun because the language's structure is the
primary cause of the C++ programmer migration to Java.
However, the Java language without its standard class libraries and Internet support would be
nothing more than competition for C++. In fact, the Java language, as cool as it is, would
probably fail in a head-to-head match with C++ strictly from a language perspective. This is
Copyright
publishers.
IUM BIS 3316
92
because C++ is firmly established in the professional development community, and programmers
need a very compelling reason to learn an entirely new language. Sun realized this, and was
smart enough to present Java as much more than just another programming language.
The basic Java technology consists of the Java language, the Java class libraries, the Java
runtime system, and the JavaScript scripting language. It's the combination of all these parts that
makes the Java technology so exciting. Java is the first large-scale effort at creating a truly crossplatform programming language with lots of functionality from the start. Couple the slick
language and cross-platform aspects of Java with its capability to seamlessly integrate Java
programs into the Web environment and you can easily see its appeal.
This integration of the Web into the Java technology is no accident; Sun simply saw the potential
to capitalize on a technology they had been developing for a while by fitting it to the rapidly
growing needs of the Internet. This pretty much sums up the primary aim of Java: To provide a
means to safely integrate cross-platform interactive applications into the Web environment using
an object-oriented language. Keep in mind, however, that new innovations such as JavaOS and
Java microprocessors are rapidly altering and expanding Sun's vision of the Java technology.
The ActiveX Vision
Microsoft has different ideas for the Internet than Sun. Unlike Sun, Microsoft initially didn't
realize the immediate potential of the Internet, or at least didn't see how fast it was all happening.
In fact, it wasn't until the excitement surrounding Java had begun to peak that Microsoft finally
decided they had to rethink things in regard to the Internet and the Web.
The connection was finally made somewhere in Redmond that the Internet would significantly
affect personal computing. They couldn't just sit idly by and see what happened; they could
either take action to capitalize on the Internet or get burnt by not accepting it as a major shift in
the way we all use computers. When Microsoft finally came to terms with the fact that the
Internet was rapidly changing the face of computing-even personal computing-the company
quickly regrouped and decided to figure out a way to get a piece of the Internet action. Keep in
mind that Microsoft has never been content with just a piece of the action; they want the largest
piece of the action!
Unlike Sun, Microsoft already had a wide range of successful commercial software technologies;
they just had to figure out which one of them would scale best to the Internet. It turned out that
Copyright
publishers.
IUM BIS 3316
93
one of their most successful technologies was ideally suited for the Internet: OLE (Object
Linking and Embedding). They saw OLE as a powerful, stable technology with lots of potential
for the Internet, and they were right; ActiveX is basically OLE revamped for the Internet.
Unlike Java, however, ActiveX isn't meant to be just a way to add interactivity to the Web. Sure,
that's part of it, but Microsoft isn't the type of company to just hand out technologies for the good
of humanity. OLE is a technology deeply ingrained in most of Microsoft's commercial products,
as well as many other commercial Windows applications. By simply migrating OLE to the
Internet (through ActiveX), Microsoft effectively assumes a huge market share of Internet
products overnight. Suddenly, every piece of code written based on OLE can now be considered
ActiveX-enabled with little extra work. Microsoft's new goal of migrating desktop software to
the Internet suddenly looks quite attainable.
Although Microsoft is certainly looking to bring interactive applications to the Web with
ActiveX, they are also looking to make sure that many of those interactive applications are
Microsoft applications. This situation also ensures that Windows remains a strong presence on
the Internet because OLE is essentially a Windows-derived technology. Although strategically
ideal, the selection of OLE as the technological underpinnings for ActiveX has much more to do
with the fact that OLE is a slick technology already tweaked for distributed computing; it's just
the icing on the cake that OLE is already firmly established in the PC software community.
Microsoft isn't the only company to benefit from the positioning of ActiveX. Every PC software
developer that uses OLE in its applications will benefit from ActiveX just as easily as Microsoft.
Because the PC development community is by far the largest in the industry, end users also
benefit greatly because many software companies will be building ActiveX applications from
existing OLE code that is already stable.
In the discussion of ActiveX thus far, little has been said about programming languages. Unlike
Java, ActiveX has nothing to do with a specific programming language; you can write ActiveX
code in any language you choose that supports Microsoft's COM specification. Just in case you
don't realize it, this is a big deal! Although Java is a very cool language, many programmers don't
like being forced to learn a new language just to exploit the capabilities of the Internet. On the
other hand, writing ActiveX controls in C++ is a little messier than writing Java applets in Java.
Copyright
publishers.
IUM BIS 3316
94
You now have an idea about what each technology is trying to accomplish-but what does each
actually deliver? It turns out that Java and ActiveX are surprisingly different in their
implementations, especially considering how similar their ultimate goals are.
Under Java's Hood
The Java technology can be divided into four major components:
The Java language
The Java class libraries
The Java runtime system
The JavaScript scripting language
The Java language provides the programmatic underpinnings that make the whole Java system
possible. It is the Java language that shines the brightest when comparing Java to ActiveX. The
Java class libraries, which go hand in hand with the language, provide a wide array of features
guaranteed to work on any platform. This is a huge advantage Java has over almost every other
programming language in existence. Never before has a tight, powerful language been delivered
that offers a rich set of standard classes in a cross-platform manner.
The Java runtime system is the component of Java that gets the least press attention, but
ultimately makes many of Java's features a reality. The Java runtime system includes a virtual
machine, which stands between Java bytecode programs and the specific processor inside a
computer system. It is the responsibility of the virtual machine to translate platform-independent
bytecodes to platform-specific native machine code. In doing so, the virtual machine provides
the mechanism that makes Java platform-independent. Unfortunately, the virtual machine is also
responsible for the performance problems associated with Java. These problems will go away,
however, as just-in-time Java compilers evolve to become more efficient.
The JavaScript scripting language is the Java component that allows you to embed scripted Java
programs directly into HTML code. The primary purpose of JavaScript is to allow Web
developers who aren't necessarily programmers to add interactivity to their Web pages in a
straightforward manner.
Copyright
publishers.
IUM BIS 3316
95
Under ActiveX's Hood
The ActiveX technology can be broken down into the following major components:
ActiveX controls
ActiveX scripting (VBScript)
ActiveX documents
ActiveX server scripting (ISAPI)
ActiveX controls are self-contained executable software components that can be embedded
within a Web page or a standalone application. Acting as an extension to OLE controls, ActiveX
controls can be employed to perform a wide range of functions, both with or without specific
support for the Internet. ActiveX controls are essentially Microsoft's answer to Java applets,
although ActiveX controls are significantly more open-ended than Java applets.
Note
Although ActiveX controls are similar to Java applets, ActiveX
controls are true software components. Java Beans components,
when they become available in the very near future, will be the
closer Java equivalent to ActiveX controls.
Whereas ActiveX controls are Microsoft's answer to Java applets, VBScript is Microsoft's
answer to JavaScript. Built on the highly successful Visual Basic programming language,
VBScript provides much of the same functionality as JavaScript, but in an environment already
familiar to many PC developers.
ActiveX documents are similar to ActiveX controls, except that they are focused on the
representation and manipulation of a particular data format, such as a Word document or an
Excel spreadsheet. There is no logical equivalent in Java to ActiveX documents; ActiveX
documents are a piece of the ActiveX technology that is completely foreign to Java.
The final component of ActiveX is the ISAPI scripting language and server support. ISAPI
provides a more powerful answer to CGI scripting, which has long been used to provide pseudoCopyright
publishers.
IUM BIS 3316
96
interactivity for Web pages. ISAPI even goes a step further by providing a means to build filters
into Web servers. Java servlets will eventually provide a similar functionality as ISAPI scripting.
Practical Implications
By now, you not only understand what Java and ActiveX are trying to accomplish, but you have
a good idea of how each is going about delivering on its promises. I've mentioned some of the
differences between each technology while describing the relevant aspects of them, but it's time
to dig in and take a look at what these differences really mean.
Although ActiveX as a technology delivers a little more than Java does as far as the individual
components, the primary interest for most developers is how ActiveX and Java stack up from the
standpoint of adding interactivity to Web pages. This question forces you to analyze the
differences between ActiveX controls and Java applets because those are currently the primary
aspects of each technology that deliver Web page interactivity.
Probably the most significant divisive issue between ActiveX and Java is security. No one argues
the fact that security is an enormous issue when it comes to the Internet. Both Sun and Microsoft
saw the importance of security and took appropriate actions in designing their respective
technologies. However, they each took a different approach, resulting in drastically different
usage issues.
Let's first consider Sun's approach to security: Java's security consists primarily of verifying the
bytecodes as a program is being interpreted on the client end. It also does not allow applets
access to a client user's hard drive. The first solution of verifying bytecodes, although imposing
somewhat of a performance hit, is reasonable. However, the limitation of not being able to access
the hard drive is pretty harsh. No doubt, Sun took the safest route-it's very unlikely that anyone
can corrupt a user's hard drive using Java, considering that you can't access it. Because of this
limitation, it's also equally unlikely that developers will be able to write Java applets that
perform any significant function beyond working with data on a server.
Now consider Microsoft's security approach with ActiveX: ActiveX employs a digital signature
attached to each control; the signature specifies the original author of the control. The signature
is designed so that any tampering with an executable after its release invalidates the signature.
What this means is that you have the ability to know who the original author of a control is, and
Copyright
publishers.
IUM BIS 3316
97
therefore limit your use of controls to only those written by established software vendors. If
someone hacks into a control developed by an established vendor, the signature protects you.
Granted, this approach pushes some responsibility back onto the user, but it's a practical reality
that freedom never comes without a certain degree of added responsibility.
When it comes to security, I think Microsoft has capitalized on what a lot of people are starting
to perceive as a major flaw in Java. For the record, Microsoft implemented the signature
approach in ActiveX after the release of Java, meaning that they had the advantage of seeing how
Sun tackled the security issue and were then able to improve on it. There is nothing wrong with
this, it's just an example of how every technology, no matter how powerful and popular, is
always susceptible to another one coming along and taking things a step further.
Before you think that Microsoft has won the security issue, let me add that Sun is in the process
of adding an extensive digital signature model to Java. Digital signatures will more than likely
lift the tight security restrictions on Java applets and put the security issue for both technologies
on common ground.
A Peaceful Coexistence
The software development community is far too diverse to say that one technology surpasses
another in every possible way. In addition, consider that both of these technologies are in a
constant state of flux, with new announcements and releases popping up weekly. In my opinion,
it's foolish to think that a single software technology will take the Internet by storm and eliminate
all others. Java will naturally find its way to where it is best suited, as will ActiveX. Likewise,
smart software developers will keep up with both technologies and learn to apply each in cases
where the benefits of one outweighs the other.
And in case you're getting nervous about having to learn two completely new types of
programming, here's some reassuring news: Microsoft has released a technology that allows
developers to integrate Java applets with ActiveX controls. What does that mean? Well, because
ActiveX is language independent, you can write ActiveX controls in Java. Furthermore, it means
you can access ActiveX controls from Java applets and vice versa. To me, this is a very exciting
prospect: the ability to mix two extremely powerful yet seemingly divergent technologies as you
see fit.
Copyright
publishers.
IUM BIS 3316
98
The technology I'm talking about is an ActiveX control that acts as a Java virtual machine. What
is a Java virtual machine? A Java virtual machine is basically a Java interpreter, which means it
is ultimately responsible for how Java programs are executed. By implementing a Java virtual
machine in an ActiveX control, Microsoft has effectively integrated Java into the ActiveX
environment. This integration goes well beyond just being able to execute Java applets like they
are ActiveX controls; it provides a means for ActiveX controls and Java applets to interact with
each other.
Microsoft's willingness to embrace Java as a means of developing ActiveX objects should give
you a clue about the uniqueness of each technology. It could well end up that Java emerges as the
dominant programming language for the Internet, while ActiveX emerges as the distributed
interactive application standard. This seems like a confusing situation, but it does capitalize on
the strengths of both Java and ActiveX. On the other hand, the Java Beans component
technology could emerge as a serious contender on the component front and give ActiveX some
competition.
The main point is that ActiveX and Java are both strong in different ways, which puts them on a
collision course of sorts. The software development community is pretty objective; if
programmers can have the best of both worlds by integrating ActiveX and Java, then why not do
it? No doubt both Sun and Microsoft will have a lot to say about this prospect in the near future.
The ActiveX Java virtual machine is a major step in the right direction.
Integrating Java and ActiveX
As you just learned, the ActiveX Java virtual machine (VM) control allows Java programs to run
within the context of an ActiveX control. What does this really mean from the perspective of a
developer wanting to mix Java and ActiveX? It means you can treat a Java class just like an
ActiveX control and interact with it from other ActiveX controls. In other words, the Java VM
control gives a Java class the component capabilities of an ActiveX control.
You now understand that Java classes and ActiveX controls can interact with each other through
the Java VM control, but you're probably still curious about the specifics. One of the most
important issues surrounding Java's integration with ActiveX is the underlying Component
Object Model (COM) protocol used by ActiveX. COM is a component software protocol that is
the basis for ActiveX. The importance it has in regard to Java is that Java's integration with
Copyright
publishers.
IUM BIS 3316
99
ActiveX really has more to do with COM than with the specifics of ActiveX. So, when I refer to
Java integrating with ActiveX, understand that the COM protocol is really what is making things
happen under the hood.
This brings us to the different scenarios under which Java and ActiveX can coexist. Keep in mind
that some of these scenarios require not only the Java VM control at runtime but also support for
Java/ActiveX integration at development time. In other words, you may have to use a
development tool that supports Java/ActiveX integration, such as Microsoft Visual J++.
Following is a list of the different situations possible when integrating Java and ActiveX using
the Java VM control:
Using an ActiveX control as a Java class
Using a Java class as an ActiveX control
Manipulating a Java applet through ActiveX scripting
Using an ActiveX Control as a Java Class
It is possible to use an ActiveX control just as you would a Java class in Java source code. To do
this, you must create a Java class that wraps the ActiveX control and then import the class just as
you would any other Java class defined in another package. The end result is that an ActiveX
control appears just like a Java class at the source code level. Because we are talking about Java
source code here, the Java compiler has to play a role in making this arrangement work. So, this
approach requires support for Java/ActiveX integration in the Java compiler. The Visual J++ Java
compiler includes this exact support.
Visual J++ includes a tool that automatically generates Java wrapper classes for ActiveX
controls. You can then import these wrapper classes into your Java code and use them just like
any other Java class. Of course, behind the scenes, the ActiveX control is actually doing all the
work, but from a strictly programming perspective, the Java wrapper class is all you have to be
concerned with.
Using a Java Class as an ActiveX Control
Just as you can use an ActiveX control as a Java class, you can also use a Java class as an
ActiveX control. Because ActiveX controls are manipulated through interfaces, you have to
design Java classes a little differently so that they fit into the ActiveX framework. You must first
Copyright
publishers.
IUM BIS 3316
100
define an interface or set of interfaces for the class, using the Object Description Language
(ODL) that is part of COM. You then implement these interfaces in a Java class. Finally, you
assign the Java class a global class identifier and register it as an ActiveX control using a
registration tool such as JavaReg, which ships with Visual J++.
I know this procedure is a little messier than simply compiling a Java class, but consider what
you are gaining by taking these extra steps. You are using one set of source code and just one
executable to act as both a Java object and an ActiveX control, with relatively little work. Users
can then take advantage of all the benefits of component software by using your Java class as an
ActiveX control.
Manipulating a Java Applet through ActiveX Scripting
Another less obvious scenario involving Java and ActiveX is your ability to manipulate Java
applets through ActiveX scripting code. The ActiveX scripting protocol, which supports both
VBScript and JavaScript, allows you access to all public methods and member variables defined
in a Java applet. The ActiveX protocol is specifically designed to expose the public methods and
member variables for Applet-derived classes, so any other classes you want scripting access to
must be manipulated indirectly through public methods in the applet.
Summary
This module took an objective look at Java and ActiveX and where they fit in the quest to make
the Web interactive. You learned not only about the philosophy and reasoning behind each
technology, but also why the technologies don't necessarily have to be considered competition
for each other. This combination of two powerful technologies, although a little confusing at
first, is crucial for Web developers because it lessens the need to pick one technology over the
other. Possibly the biggest benefit is the peace of mind in knowing that you can continue
working with Java without fear that Microsoft and ActiveX will sabotage your efforts.
This module touched on the ability to use VBScript to control Java applets. You've learned a lot
so far about how to make Java a part of your Web pages. Standing alone, Java is a significant
development because of its ability to stretch the behavior of your Web pages far beyond what
was ever imagined for the World Wide Web.
Copyright
publishers.
IUM BIS 3316
101
Java can become even more powerful when harnessed with JavaScript. Although Java is
powerful enough to add animation, sound, and other features to an applet, it's very cumbersome
to directly interact with an HTML page. JavaScript isn't big or powerful enough to match Java's
programming power, but it is uniquely suited to work directly with the elements that comprise an
HTML document.
By combining the best features of both Java and JavaScript, your applet can interact with your
Web page, offering a new level of interactivity.
Setting the Stage
For Java and JavaScript to interact on your Web pages, they both must be active and enabled in
the user's browser.
To make sure that both features are active in Netscape Navigator when the user views Java
applets, include these simple directions:
1. Choose Options, Network Preferences from the menu bar. The Preferences
dialog box appears.
2. Select the Languages tab from the Preferences dialog box.
3. Both Java and JavaScript are enabled by default. If this has changed, make
sure that both checkboxes are selected.
(For NETSCAPE NAVIGATOR) The Languages tab in the Network Preferences dialog box
controls whether or not Java applets and JavaScript commands are processed for HTML
documents.
The steps to include to make sure that both languages are active in Microsoft Internet Explorer
are similar to the steps for Navigator:
1. Choose View, Options from the menu bar. The Options dialog box appears.
2. Select the Security tab from the Options dialog box.
Copyright
publishers.
IUM BIS 3316
102
3. Make sure that the Enable Java Programs checkbox is selected. The scripting
languages available in Internet Explorer, JavaScript, and VBScript are
automatically enabled; there is no way to disable them.
(For INTERNET EXPLORER) Internet Explorer controls which language features are enabled
from the Security tab in the Options dialog box.
Note
Netscape Navigator also includes a Java Console for displaying
applet-generated messages. In addition to system messages such
as errors and exceptions, the Java Console is where any messages
generated by the applet using the java.lang.System package
(including System.out.println) are displayed. To display the
console, select Options, Show Java Console from the Netscape
Navigator menu bar.
Microsoft Internet Explorer can show the results of system
messages also, but not in real time as Navigator's Java Console
can do. All messages are saved in javalog.txt in C:\Windows\Java.
To make sure that this feature is active, select View, Options from
the menu bar, select the Advanced tab in the Options dialog box,
and make sure that the Java Logging checkbox is selected.
The Java Console displays any system messages generated by the applet.
Communicating with Java
The first and most commonly used feature of communication is to modify applet behavior from
JavaScript. This is really quite easy to do with the right information, and it allows your applet to
respond to events on the HTML page, including interacting with forms.
Java object syntax is very similar to other JavaScript object syntax, so if you're already familiar
with this scripting language, adding Java control is an easy step.
Copyright
publishers.
IUM BIS 3316
103
Calling Java Methods
With Navigator 3.0, Netscape is providing a brand-new, never-before-seen object called

Packages; the Packages object allows JavaScript to invoke native Java methods directly. This
object is used in much the same way as the Document or Window objects are in regular
JavaScript.
Note
As you'll recall from earlier discussions, groups of related classes
are combined in a construct called a package. Classes from a
package can be used by outside classes by using the import
command.
Just to confuse things, that's not the case with the JavaScript
version of Packages. In JavaScript, Packages is the parent object
used to invoke native Java methods, such as
Packages.System.out.println("Say Howdy").
Caution
Invoking native Java methods from JavaScript is possible only
within Netscape Navigator 3.0 or later. Microsoft Internet Explorer
doesn't include support for the JavaScript-to-Java packages in its
3.0 release, but may include its own version of this capability in
later versions.
The source of the problem is that JavaScript is implemented
individually for each browser; what Netscape includes for
JavaScript isn't the same as what Microsoft includes. In the fastpaced world of browsers, however, you can expect Microsoft to
catch up quickly.
Internet Explorer still includes support for all the now-standard features of JavaScript, including
control and manipulation of windows, documents, and forms.
Here is the syntax to call a Java package directly:
Copyright
publishers.
IUM BIS 3316
104
[Packages.]packageName.className.methodName
The object name is optional for the three default packages-java, sun, and netscape. These three
can be referenced by their package name alone, as shown here:
java.className.methodName
sun.className.methodName
netscape.className.methodName
Together with the package name, the object and class names can result in some unwieldy and
error-prone typing. This is why you can also create new variables using the Package product.
The following code assigns a Java package to the variable System and then uses the System
variable to call a method in the package:
var System = Package.java.lang.System;
System.out.println("Hello from Java in JavaScript.");
Controlling Java Applets
Controlling an applet with a script is a fairly easy matter, but it does require some knowledge of
the applet you're working with. Any public variable, method, or property within the applet is
accessible through JavaScript.
Tip
If you're changing the values of variables within an applet, the
safest way to do so is to create a new method within the applet for
the purpose. This method can accept the value from JavaScript,
perform any error checking, and then pass the new value along to
the rest of the applet. This arrangement helps prevent unexpected
behavior or applet crashes.
You have to know which methods, properties, and variables in the applet are public. Only the
public items in an applet are accessible to JavaScript.
Tip
Two public methods are common to all applets and you can always
use them-start() and stop(). These methods provide a handy
way to control when the applet is active and running.
Copyright
publishers.
IUM BIS 3316
105
There are five basic activities common to all applets, as opposed to one basic activity for
applications. An applet has more activities to correspond to the major events in its life cycle on
the user's browser. None of the activities have any definitions. You must override the methods
with a subclass within your applet. Here are the five activities common to all applets:
Initialization. Occurs after the applet is first loaded. This activity can include creating
objects, setting state variables, and loading images.
Starting. After being initialized or stopped, an applet is started. The difference between
being initialized and starting is that the former only happens once; the latter can occur
many times.
Painting. The paint() method is how the applet actually gets information to the screen,
from simple lines and text to images and colored backgrounds. Painting can occur a lot of
times in the course of an applet's life.
Stopping. Stopping suspends applet execution and stops the applet from using system
resources. This activity can be an important addition to your code because an applet
continues to run even after a user leaves the page.
Destroying. This activity is the extreme form of stop. Destroying an applet begins a
clean-up process in which running threads are terminated and objects are released.
With this information in hand, getting started begins with the applet tag. It helps to give a name
to your applet to make JavaScript references to it easier to read. The following snippit of code
shows the basic constructor for an HTML applet tag that sets the stage for JavaScript control of a
Java applet. The tag is identical to the tags you earlier on used in previous modules to add
applets, except that a new attribute is included for a name:
<APPLET CODE="UnderConstruction" NAME="AppletConstruction" WIDTH=60 HEIGHT=60>
</APPLET>
Assigning a name to your applet isn't absolutely necessary because JavaScript creates an array of
applets when the page is loaded. However, doing so makes for a much more readable page.
Caution
Copyright
publishers.
IUM BIS 3316
106
Like the JavaScript Packages object, the JavaScript applets array is

currently available only in Netscape Navigator 3.0 or later. This
doesn't leave Microsoft Internet Explorer completely out in the
cold-JavaScript can still reference an applet in Explorer using the
applet's name.
To use a method of the applet from JavaScript, use the following syntax:
document.appletName.methodOrProperty
Tip
Netscape Navigator 3.0 uses an applets array to reference all the
applets on a page. The applets array is used according to the
following syntax:
document.applets[index].methodOrProperty
document.applets[appletName].methodOrProperty
These two methods also identify the applet you want to control,
but the method using the applet's name without the applets array
is the easiest to read and requires the least amount of typing.
Like other arrays, one of the properties of applets is length, which
returns how many applets are in the document.
This array of applets is not currently available in the Microsoft
Internet Explorer 3.0 implementation of JavaScript.
One of the easy methods of controlling applet behavior is starting and stopping its execution.
You start and stop an applet using the start() and stop() methods that are common to every
applet. Use a form and two buttons to add the functions to your Web page. The following code
snippet is a basic example of the HTML code needed to add the buttons, with the name of the
applet substituted for appletName.
One of the simplest methods of controlling an applet is to use buttons that start and stop it.
Copyright
publishers.
IUM BIS 3316
107
<FORM>
<INPUT TYPE="button" VALUE="Start" onClick="document.appletName.start()">
<INPUT TYPE="button" VALUE="Stop" onClick="document.appletName.stop()">
</FORM>
You can also call other methods, depending on their visibility to the world outside the applet.
JavaScript can call any method or variable with a public declaration.
Tip
Any variable or method within the applet that doesn't include a
specific declaration of scope is protected by default. If you don't
see the public declaration, it's not.
The syntax to call applet methods from JavaScript is simple and can be integrated with browser
events, such as the button code snippet just shown. The basic syntax for calling an applet method
from Java is shown here:
document.appletName.methodName(arg1,...,argx)
To call the stop() method from the underConstructionApplet
applet within an HTML page,

the syntax is as follows (assuming that the applet is the first one listed on the page):
document.underConstructionApplet.stop();
Here's how you do it with Navigator (again, assuming that the applet is the first one listed on the
page):
document.applets[0].stop();
Integrating the start() and stop()
methods for this applet with the applet tag and button code
snippet used earlier results in the following code:
<APPLET CODE="UnderConstruction" NAME="underConstructionApplet" WIDTH=60
HEIGHT=60></APPLET>
<FORM>
<INPUT TYPE="button" VALUE="Start"
onClick="document.underConstructionApplet.start()">
<INPUT TYPE="button" VALUE="Stop"
onClick="document.underConstructionApplet.stop()">
</FORM>
Copyright
publishers.
IUM BIS 3316
108
Fundamentals of Web Security

What you do on the World Wide Web is your business. Or so you would think.
But it's just not true. What you do on the web is about as private and
anonymous as where you go when you leave the house. However, consider
a private investigator following you around town, writing down what you saw
and who you spoke with. The focus of this module is to get you learn how to
protect yourself on the web and to do that, you will have to learn where the
dangers are. The World Wide Web works in a very straight-forward manner.
Once connected to the Internet through you ISP, you open a browser, tell it a
website, and you get that website on your screen. However, the truth is in
the details. How does the web really work? A quick trip to the World Wide
Web Consortium (W3C), the team that makes standards for the web, will
teach you all you want to know about the web. http://www.w3.org. Even the
history of the web: http://www.w3.org/History.html; the problem is, will
definitions and standards teach you how to be safe? They will not do that.
The people who want to hurt you do not necessarily follow the standards.
How the web really works
The steps involved in connecting to the Internet and then to the web are very
detailed even if it does seem to be smooth from the user end.
1.
2.
3.
4.
You open your browser.

You type in the URL (website name).
Website name saved in History Cache on the hard disk.
Your computer looks up the name of the address to your default DNS
server to find the IP address.
5. Your computer connects to the server at the IP address provided at the
default web port of 80 TCP if you used HTTP:// or 443 TCP if you used
HTTPS:// at the front of the web server name (by the way, if you used
HTTPS then there are other steps involved using server certificates
which we will not follow in this example).
6. Your computer requests the page or directory you specified with the
default often being index.htm if you don't specify anything. But the
server decides its default and not your browser.
Copyright
publishers.
IUM BIS 3316
109
7. The pages are stored in a cache on your hard disk. Even if you tell it to
store the information in memory (RAM), there is a good chance it will
end up somewhere on your disk either in a PAGEFILE or in a SWAPFILE.
8. The browser nearly instantaneously shows you what it has stored.
Again, there is a difference between perceived speed and actual
speed of your web surfing which is actually the difference between
how fast something is downloaded (actual) and how fast your browser
and graphics card can render the page and graphics and show them to
you (perceived). Just because you didn't see it doesn't mean it didn't
end up in your browser cache.
The Web is a client and server based concept, with clients such as Internet
Explorer, Firefox,
Mozilla, Opera, Netscape and others connect to web servers such as IIS and
Apache which supply them with content in the form of HTML pages. Many
companies, organizations and individuals have collections of pages hosted
on servers delivering a large amount of information to the world at large.
So why do we care about web security then? Web servers often are the
equivalent to the shop window of a company. It is a place where you
advertise and exhibit information, but this is supposed to be under your
control. What you don't want to do is leave the window open so that any
passer by can reach in and take what they want for free, and you ideally
want to make sure that if someone throws a brick, that the window doesn't
shatter! Unfortunately web servers are complex programs, and as such have
a high probability of containing a number of bugs, and these are exploited by
the less scrupulous members of society to get access to data that they
shouldn't be seeing. And the reverse is true as well. There are risks also
associated with the client side of the equation like your browser. There are a
number of vulnerabilities which have been discovered in the last year which
allow for a malicious web site to compromise the security of a client machine
making a connection to them.
Rattling the Locks
Standard HTML pages are transferred using HTTP, this standard TCP based
protocol is plain text based and this means that we can make connections to
a server easily using tools such as telnet or netcat. We can use this
Copyright
publishers.
IUM BIS 3316
110
facility to gain a great deal of information about what software is running on

a specific server. For example:
simon@exceat:~> netcat www.domain.com 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Fri, 07 Jan 2005 10:24:30 GMT
Server: Apache/1.3.27 Ben-SSL/1.48 (Unix) PHP/4.2.3
Last-Modified: Mon, 27 Sep 2004 13:17:54 GMT
ETag: "1f81d-32a-41581302"
Accept-Ranges: bytes
Content-Length: 810
Connection: close
Content-Type: text/html
By entering HEAD / HTTP/1.0 followed by hitting the Return key twice, I
can gain all of the information above about the HTTP Server. Each version
and make of HTTP Server will return different information at this request.
SSL
It wasn't too long before everyone realized that HTTP in plain text wasn't
much good for security. So the next variation was to apply encryption to it.
This comes in the form of SSL, and is a reasonably secure 40 or 128 bit
public key encryption method. Using a 40 bit key is a lot less secure than the
128 bit and, with specialized hardware, may well be brute force breakable
within a period of minutes, where as the 128 bit key will still take longer that
the age of the Universe to break by brute force. There are however more
complex technical attacks using something called a known cyphertext attack
this involved calculating the encryption key by analyzing a large number of
messages ( > 1 million ) to deduce the key. In any case, you aren't going to
be rushing to try and crack 128 bit encryption so what can we learn about
SSL HTTP Servers? As the SSL merely encrypts the standard HTTP traffic, if
we set up an SSL tunnel, we can query the server as we did in section 1.1.
Creating an SSL tunnel is quite straight forward, and there is a utility called
stunnel purely for this purpose. Enter the following into a file called
Copyright
publishers.
IUM BIS 3316
111
stunnel.conf, (replacing ssl.enabled.host with the name of the SSL server

that you want to connect to:
client=yes
verify=0
[psuedo-https]
accept = 80
connect = ssl.enabled.host:443
TIMEOUTclose = 0
Stunnel will then map the local port 80 to the remote SSL Port 443 and will
pass out plain text, so you can connect to it using any of the methods listed
above :
Secure Sockets Layer
simon@exceat:~> netcat 127.0.0.1 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Server: Netscape-Enterprise/4.1
Date: Fri, 07 Jan 2005 10:32:38 GMT
Content-type: text/html
Last-modified: Fri, 07 Jan 2005 05:32:38 GMT
Content-length: 5437
Accept-ranges: bytes
Connection: close
Proxies
Proxies are middlemen in the HTTP transaction process. The client requests
the proxy, the proxy requests the server, the server responds to the proxy
and then the proxy finally passes back the request to the client, completing
the transaction. Proxy servers are vulnerable to attacks in themselves, and
are also capable of being a jumping off point for launching attacks onto other
web servers. They can however increase security by filtering connections,
both to and from servers.
Copyright
publishers.
IUM BIS 3316
112
Web Vulnerabilities
The simplicity of giving someone something that they ask for is made much
more complex when you're in the business of selling. Web sites that sell to
you, companies selling products, bloggers selling ideas and personality, or
newspapers selling news, requires more than just HTML-encoded text and
pictures. Dynamic web pages that help you decide what to ask for, show you
alternatives, recommend other options, upsell add-ons, and only give you
what you pay for require complex software. When we say goodbye to
websites and hello to web applications we are in a whole new world of
security problems.
Scripting Languages
Many scripting languages have been used to develop applications that allow
businesses to bring their products or services to the web. Though this is
great for the proliferation of businesses, it also creates a new avenue of
attack for hackers. The majority of web application vulnerabilities come not
from bugs in the chosen language but in the methods and procedures used
to develop the web application as well as how the web server was
configured. For example, if a form requests a zip code and the user enters
abcde, the application may fail if the developer did not properly validate
incoming form data. Several languages can be used for creating web
applications, including CGIs, PHP and ASP.
Common Gateway Interface (CGI): Whatis.com defines a CGI as A
standard way for a web server to pass a web users request to an application
program and to receive data back to forward to the user. CGI is part of the
webs Hypertext Transfer Protocol (HTTP). Several languages can be used to
facilitate the application program that receives and processes user data. The
most popular CGI applications are: C, C++, Java and PERL.
PHP Hypertext Preprocessor (PHP): PHP is an open-source server-side
scripting language where the script is embedded within a web page along
with its HTML. Before a page is sent to a user, the web server calls PHP to
interpret and perform any operations called for in the PHP script. Whereas
HTML displays static content, PHP allows the developer to build pages that
present the user with dynamic, customized content based on user input.
Copyright
publishers.
IUM BIS 3316
113
HTML pages that contain PHP scripting are usually given a file name with the
suffix of .php.
Active Server Pages (ASP): Web pages that have an .asp Active server
pages (ASP), are database drive dynamically created Web page with a .ASP
extension. They utilize ActiveX scripting -- usually VB Script or Jscript code.
When a browser requests an ASP, the Web server generates a page with
HTML code and immediately sends it back to the browser in this way they
allow web users to view real time data, but they are more vulnerable to
security problems.
Copyright
publishers.
IUM BIS 3316
114
Common Web Application Problems

Web applications do not necessarily have their own special types of problems
but they dont have some of their own terms for problems as they appear on
the web. As web application testing has grown, a specific security following
has grown too and with that, a specific classification of web vulnerabilities.
Term
Authenticati
on
Meaning
These are the identification
and authorization
mechanisms used to be
certain that the person or
computer using the web
application is the correct
person to be using it.
NonRepudiation
A record that proves that the

data sent to or from the web
application was really sent
and where.
Confidentiali
ty
A way to assure that

communication with the web
application cannot be
listened in on by another
person.
Privacy
A way to assure that the way
Example
Every time you login to a web
page that has your personal data
then you are authenticating.
Authentication often means just
giving a login and password.
Sometimes it means giving an
identification number or even just
coming from n acceptable IP
Address (white-listing).
Although you may not see it,
most web applications keep track
of purchases you make from a
particular IP address using a
particular browser on a particular
operating system as a record that
it was most likely someone on
your computer who made that
purchase. Without specific
authentication they can't
guarantee 100% it was you
though.
The HTTPS part of interaction
with a web application provides
pretty good confidentiality. It
does a decent job of making your
web traffic with the web app from
being publicly readable.
While it is very rare, it is not
Copyright
publishers.
IUM BIS 3316
115
you
contact and communicate
with
the web application cannot
be pre-determined by
another person.
Indemnificat
ion
Integrity
These are ways to assure

that the web application has
legal protection or at the
least, can be financially
protected with insurance.
This is a record of the

validity of the
communication with the
web application to assure
that what is sent and then
received by the other is the
same thing and if it
changed, both the web
application and the user
unimaginable that a web

application that contains very
private information would not
even show you it is there unless
you come from the right place
and know the right secret
combination to get the web app
to be accessible. One way is to
have to click a picture in 5
different places in a specific order
to get to the login screen.
Another manner is called portknocking and it means that the
server requires a specific
sequence of interactions before it
opens a port, such as the HTTP
port, to the user.
Some web sites clearly print on
the login screen that it's for
authorized personnel only. If
someone steals a login and
password or even brute-forces it
open, the attacker, if caught,
cannot say he didn't know it was
private.
Some web apps provide a HASH
with files to be downloaded. This
HASH is a number generated
from that specific file. When you
download the file, you can check
the HASH you generate from the
file against the one they post.
This is to assure that some
attacker is not trying to trick you
Copyright
publishers.
IUM BIS 3316
116
have a record of the

change.
Safety
This is how we protect the

web application from it's
own security devices. If
security fails, we need to
make sure that it does not
affect the operation of the
web application as a whole.
Usability
A way to prevent the user

from having to make
security decisions about
interacting with the web
application. This means
that proper security is built
in and the user doesn't
have to choose which or
with a different file either

replaced or through deception,
such as in Cross Site Scripting.
It is very possible to have an
application use a daemon that
can re-initialize itself or even
prevent an attack from crashing
any part of itself by presenting
itself only virtually. You can also
find scenarios where a web app
uses an intrusion detection
mechanism that stops attacks
by blocking the attacker by IP
address. In this case, we can't
say Safety exists if the security
device is configured to prevent
an attacker from spoofing the
web app's own resources and
causing this defense to block
important traffic. Instead, it is
considered either a
misconfiguration of the defense
or in some cases a weakness of
design. Don't confuse a poorly
made or accidental defense
with a designed loss control.
When a web app requires use of
HTTP over SSL (HTTPS) then we
can say that it is using Usability
as part of security. However, if it
lets you choose to interact with it
less securely, for example, to
send your credit card number by
insecure email rather than post it
Copyright
publishers.
IUM BIS 3316
117
Continuity
Alarm
what security mechanisms

to turn on or off.
This is how we keep a
service based on a web
application from failing to
work no matter what
problem or disaster occurs.
A notification, either
immediate or delayed,
regarding a problem with
any of these mechanisms.
via a form by way of HTTPS, then

it is NOT exercising Usability.
Often times a web app that
receives a
lot of traffic will have a reverse
proxy in front of it which directs
the traffic to one of many
mirrored web servers. This way, if
one goes down, service is not
interrupted. Another example is a
web application that caches its
website to many different servers
over the internet so when you
visit one, you are not actually
going to the originating web
server. If a cache goes down or
gets corrupted, then the traffic
will get redirected to another
cache or the originating website.
A basic form of alarm is the log
file generated by the web server.
The bad thing about an alarm is
that you can choose to ignore it.
This is especially true if it sounds
all the time (think of the story of
the boy who cried wolf. Or in
the case of a log file, it may not
sound at all. Alarm is only as
good as your reaction time to it.
Copyright
publishers.
IUM BIS 3316
118
Activity 4
- Why is web security so important?
Activity
Guidelines for Building Secure Web Applications

While there are many opinions and most of the details to building with
security in mind come from the logic of the programmer and their skill with
the programming language, these basic guidelines;
1. Assure security does not require user decisions.
2. Assure business justifications for all inputs and outputs in the
application.
3. Quarantine and validate all inputs including app content.
4. Limit trusts (to systems and users).
5. Encrypt data.
6. Hash the components.
7. Assure all interactions occur on the server side.
8. Layer the security.
9. Invisible is best- show only the service itself.
10.
Trigger it to alarm.
11.
Security awareness is required for users and helpdesks.
Proxy methods for Web Application Manipulation
An HTTP proxy server serves as a middle man between a web server and a
web client (browser). It intercepts and logs all connections between them
and in some cases can manipulate that data request to test how the server
will respond. This can be useful for testing applications for various cross-site
scripting attacks, SQL Injection attacks and any other direct request style
attack. A proxy testing utility (SpikeProxy, WebProxy, etc), will assist with
most of these tests for you. While some have an automation feature, you will
quickly learn that it is actually a weak substitute for a real person behind the
wheel of such tools.
Copyright
publishers.
IUM BIS 3316
119
Here is a simple method to work with a proxy server
Choose your software

Download a proxy utility
Install the software according to the README file
Change your browser setting to point to the new proxy
This is usually port 8080 on localhost for these tools but read the
instructions to be sure.
Protecting your server

There are several steps that can be taken to protecting your server. These
include ensuringvthat your software is always updated and patched with any
security updates that are available from the manufacturer. This includes
ensuring that your OS and web servers are updates as well. In addition,
Firewalls and Intrusion detections systems can help protect your server, as
discussed below.
Firewall
Firewalls originally were fireproof walls used as barriers to prevent fire from
spreading, such as between apartment units within a building. The same
term is used for systems (hardware and software) that seeks to prevent
unauthorized access of an organization's information. Firewalls are like
security guards that, based on certain rules, allow or deny access to/from
traffic that enters or leaves an organization (home) system. They are
important systems safe guards that seek to prevent an organizations system
from being attacked by internal or external users. It is the first and most
important security gate between external and internal systems. Firewalls are
generally placed between the Internet and an organizations information
system. The firewall administrator configures the firewall with rules allowing
or denying information packets from entering into or leaving the
organization.
The rules are made using a combination of Internet Protocol (IP) address and
Ports; such rules are made depending on the organization needs e.g. in a
school, students are allowed in based on identity card.
The rule to the security guard in a school would be to allow all persons that
carry a valid identity card and deny everyone else. However the security
Copyright
publishers.
IUM BIS 3316
120
guard would have another rule for exiting from the school; the rule would be
to allow everyone exit except small children unless accompanied by adults. A
similar system is followed for firewall configuration depending on the nature
of the organization, the criticality of information asset, cost of security,
security policy and risk assessment.
The firewall just like a security guard cannot judge the contents of the
information packet; just like the guard allows all persons with a valid identity
card irrespective of nature of the persons, firewall allows entry or exit based
mainly on IP address and Port numbers. Hence an entry or exit is possible by
masking IP address or Port. To mitigate this risk, organizations use Intrusion
Detection System, which is explained in the next section.
There are various kinds of firewall depending on the features that it has viz.
packet filter (operates on IP packets), stateful firewall (operates based
connection state) or application firewall (using proxy).
Example of a firewall rule could be: Block inbound TCP address
200.224.54.253 from port 135.
(An imaginary example); such rule would tell a computer connected to
Internet to block any traffic originating from the computer with an IP address
200.224.54.253 using Port 135. Important activities relating to firewalls are
initial configuration (creating initial rules), system maintenance (additions or
change in environment), review of audit logs, acting on alarms and
configuration testing.
Intrusion Detection System (IDS)
Imagine in a school that has proper security guards; how will the authorities
detect entry of unauthorized persons? The authorities would install burglar
alarm that will ring on entry of unauthorized persons. This is exactly the
function of intrusion detection system in computer parlance. Firewall
(security guard or fence) and IDS (burglar alarm or patrolling guard) work
together; while firewall regulates entry and exits, IDS alerts/denies
unauthorized access.
Just like burglar alarms, IDS alerts the authorized person (alarm rings) that
an authorized packet has entered or left. Further, IDS can also instantly stop
such access or user from entering or exiting the system by disabling user or
Copyright
publishers.
IUM BIS 3316
121
access. It can also activate some other script; IDS can for example prevent or
reduce impact of denial of service by blocking all access from a computer or
groups of computer.
IDS can be host based or network based; host based IDS are used on
individual computers while network IDS are used between computers. Host
based IDS can be used to detect, alert or regulate abnormal activity on
critical computers; network IDS is similarly used in respect of traffic between
computers. IDS thus can also be used to detect abnormal activity. IDS like
patrolling guard regularly monitors network traffic to detect any abnormality
e.g. high traffic from some computers or unusual activity on a server, e.g.
user logged onto application and involved in malicious activity. IDS compare
any event with historical data to detect any deviation. On detection of
deviation, IDS act depending on the rule created by IDS administrator such
as alerting, storing such intrusion in audit logs, stopping user from doing any
activity or generating script for starting a string of activities. IDS can also
detect deviation based on its database of signatures any deviation to
signature is detected and acted upon this action is similar to anti virus
software. IDS is also used for detection of any activity on critical resource or
for forensic by quietly watching the suspect.
Secure Communications
Generally, the concept associated with security communications are the
processes of computer systems that creates confidence and reduces risks.
For electronic communications, three requirements are necessary to ensure
security. A) Authenticity b) Integrity c) Non repudiation.
Authenticity: This concept has to do with ensuring that the source of a
communication is who it claims to be. It is not difficult to falsify electronic
mail, or to slightly vary the name of a web page, and thus redirect users, for
example http://www.diisney.com appears to be the Disney web page, but it
has 2 letters "i" and can be confusing. In this case, you are actually
transferred to a gambling site and the communications are not safe.
Integrity: That a communication has Integrity means that what was sent is
exactly what arrives, and has not undergone alterations (voluntary or
involuntary) in the passage.
Copyright
publishers.
IUM BIS 3316
122
Non repudiation: If the conditions of authenticity and Integrity are fulfilled,

non-repudiation means that the emitter cannot deny the sending of the
electronic communication.
Privacy and Confidentiality
Most web sites receive some information from those who browse them either by explicit means like forms, or more covert methods like cookies or
even navigation registries. This information can be helpful and reasonable,
therefore, in order to ensure security to the person who browses, many sites
have established declarations of Privacy and Confidentiality.
Privacy refers keeping your information as yours or limiting it to close
family or your friends, or your contacts, but at the most, those who you have
agreed to share the information. No one wants their information shared
everywhere without control, for that reason, there are subjects declared as
private, that is to say, that of restricted distribution.
On the other hand, the confidentiality talks about that a subject's
information will stay secret, but this time from the perspective of the person
receiving that information. For example, if you desire a prize, but you do not
want your information distributed, you declare that this information is
private, authorize the information to a few people, and they maintain
confidentiality. If for some reason, in some survey, they ask to you
specifically for that prize, and you respond that if you have it, you would
hope that that information stays confidential, that is to say, who receive the
information keep it in reserve.
We could generalize the definition of confidentiality like "that the information
received under condition of privacy, I will maintain as if it was my own
private information". It is necessary to declare the conditions of the privacy
of information handling, to give basic assurances of security.
Communicating securely
Even with conditions of Privacy and Confidentiality, somebody can still
intercept the communications. In order to give conditions discussed at the
beginning of this section, a layer of security has been previously discussed
called SSL, which uses digital certificates to establish a safe connection (is to
Copyright
publishers.
IUM BIS 3316
123
say that it fulfills the authenticity, integrity and non repudiation) and
provides a level with encryption in communications (this is to hide
information so that if somebody takes part of the information, they cannot
access it, because the message is encrypted so that only the sender that
sends it and the receiver, with a correct certificates, is able to understand it).
This layer is called Security Socket Layer, SSL, and is visible through two
elements within the web browser.
The communications is considered to be safe when the web address URL
changes from HTTP to https, this change even modifies the port of the
communication, from 80 to 443. Also, in the lower bar of the navigator, a
closed padlock appears, which indicates conditions of security in the
communications.
If you put mouse on this padlock, a message will appear detailing the
number of bits that are used to provide the communications (the encryption
level), which as of today, 128 bits is the recommended encryption level. This
means that a number is used that can be represented in 128 bits to base the
communications.
A type of trick called phishing exists (http://www.antiphishing.org/) in which a
Web mimics the page to make seem from a bank (they copy the graphics, so
that the clients enter their data, trusting that it is the bank, although it is not
it). In order to avoid these situations, the authenticity of the site should be
verified, and checked that the communications are safe (https and the closed
padlock), and to the best of your knowledge, it verifies the certificate.
Methods of Verification
At this point, you have had opportunity to know the foundations the security
in the Web, the main aspects related to some of the vulnerabilities found
commonly in the web servers used to lodge the different sites with which we
routinely interact when browsing in Internet, and the form in which different
defects in the development of web applications, affect the security and/or
the privacy of the users in general.
On the other hand, you have learned some of the technologies on which we
rely to protect our servers and also our privacy. However, probably at this
moment, you are realizing questions such as: I am safe, now that I have
taken the corresponding actions? Is my system safe? The developers that
Copyright
publishers.
IUM BIS 3316
124
have programmed some of the functionalities that I have used in my Web

site, have they taken care of ensuring aspects to the security? How I can
verify these aspects?
It is not enough to apply manufacturer updates or trust the good intentions
of the developer, when your security or privacy is concerned. In the past,
there have been several cases in which manufacturer's patches corrected
one vulnerability, but causing another problem in the system, or once
patched discovered a new vulnerability. Due to this and other reasons, you
will have to consider, that is absolutely necessary to verify frequently the
implemented systems, in order to the system "remains" safe.
Luckily, many people have developed in their own time, some "Methods of
Verification", most of which are available free, so that we all may take
advantage of the benefits of its use. Such they are based on the experience
of hundreds of professionals, and include numerous "good practices"
regarding implementing technology in safe form. Therefore, it is
recommended, that you adopt these methodologies at the time of making
your tasks of verification.
Feedback Activity 4
- Web Security is important to ensure safety of information stored and
used on the web. Hackers make use of insecure information and data
to break into databases and peoples personal computers
Feedback
PHP
Web Security
Intrusion Detection System
Proxy Server
Key Words/Terms
6. What is Ecommerce?
Copyright
publishers.
IUM BIS 3316
125
Chapter 6
- Define E-Commerce and understand its importance to todays society
Objectives
Electronic commerce or ecommerce is a term for any type of business, or

commercial transaction that involves the transfer of information across the
Internet. It covers a range of different types of businesses, from consumer
based retail sites, through auction or music sites, to business exchanges
trading goods and services between corporations. It is currently one of the
most important aspects of the Internet to emerge.
Ecommerce allows consumers to electronically exchange goods and
services with no barriers of time or distance. Electronic commerce has
expanded rapidly over the past five years and is predicted to continue at
this rate, or even accelerate. In the near future the boundaries between
"conventional" and "electronic" commerce will become increasingly
blurred as more and more businesses move sections of their operations
onto the Internet.
Business to Business or B2B refers to electronic commerce between
businesses rather than between a business and a consumer. B2B
businesses often deal with hundreds or even thousands of other
businesses, either as customers or suppliers. Carrying out these
transactions electronically provides vast competitive advantages over
traditional methods. When implemented properly, ecommerce is often
faster, cheaper and more convenient than the traditional methods of
bartering goods and services.
Electronic transactions have been around for quite some time in the form
of Electronic Data Interchange or EDI. EDI requires each supplier and
customer to set up a dedicated data link (between them), where
ecommerce provides a cost-effective method for companies to set up
Copyright
publishers.
IUM BIS 3316
126
multiple, ad-hoc links. Electronic commerce has also led to the

development of electronic marketplaces where suppliers and potential
customers are brought together to conduct mutually beneficial trade.
The road to creating a successful online store can be a difficult if unaware
of ecommerce principles and what ecommerce is supposed to do for your
online business. Researching and understanding the guidelines required to
properly implement an e-business plan is a crucial part to becoming
successful with online store building.
What do you need to have an online store and what exactly is a

shopping cart?
Shopping cart software is an operating system used to allow consumers to
purchase goods and or services, track customers, and tie together all
aspects of ecommerce into one cohesive whole.
While there are many types of software that you can use, customizable,
turnkey solutions are proven to be a cost effective method to build, edit
and maintain an online store. How do online shopping carts differ from
those found in a grocery store? The image is one of an invisible shopping
cart. You enter an online store, see a product that fulfills your demand and
you place it into your virtual shopping basket. When you are through
browsing, you click checkout and complete the transaction by providing
payment information.
To start an online business it is best to find a niche product that consumers
have difficulty finding in malls or department stores. Also take shipping
into consideration Then you need an ecommerce enabled website. This
can either be a new site developed from scratch, or an existing site to
which you can add ecommerce shopping cart capabilities.
The next step, you need a means of accepting online payments. This
usually entails obtaining a merchant account and accepting credit cards
Copyright
publishers.
IUM BIS 3316
127
through an online payment gateway (some smaller sites stick with simpler
methods of accepting payments such as PayPal).
Lastly, you need a marketing strategy for driving targeted traffic to your
site and a means of enticing repeat customers. If you are new to
ecommerce keep things simple- know your limitations.
Ecommerce can be a very rewarding venture, but you cannot make money
overnight. It is important to do a lot of research, ask questions, work hard
and make on business decisions on facts learned from researching
ecommerce. Don't rely on "gut" feelings. We hope our online ecommerce
tutorial has helped your business make a better decision in choosing an
online shopping cart for your ecommerce store.
Ecommerce simply means selling over the Internet goods, services,
information, etc.
How do you get your share of the action? It is quite easy, you create a
website that promotes your products, obtain an Internet address, hire space
on a web-hosting company, upload your pages, add a payment system and
then use various promotion services to get your site noticed.
Building the Website

You'll be familiar with websites collections of HMTL pages grouped around
some URL like http://www.companyname.com. Websites can be very
ambitious, with stunning graphics, animation, sound, database search
systems, customer recognition and a good many other features. But they
don't need to be. Many successful ecommerce sites are half a dozen pages
extolling the virtues of the product. More can be less, and 'wow' sites will
only hinder customers getting to your products, and make promotion more
difficult.
Copyright
publishers.
IUM BIS 3316
128
But your site still needs to look professional. How do you create something
convincing? You can:
1. Hire a web design company. Thousands exist, conveniently collected into
directories.
2. Build your own pages using HTML-editing software. Easy-to-use editors
exist for all pockets, some of them shareware or even free.
3. Purchase an out-of-the-box shopping cart program that builds the whole
site for you, including an online catalogue with payment facilities in place.
4. Rent space on a web-hosting company offering site build online. Much like
the out-of-the-box solution, the hosting company gives you templates and
wizards to create a distinctive and professional-looking site.
Finding an URL or Internet Domain

The URL (uniform resource locator) is your address or domain on the
Internet. You'll want something that identifies your company and possibly
your line of business. How do you get a domain?
You visit an online company offering domains for sale. As you're a
commercial concern, you'll go for a dot-com, or possibly a dot-biz domain.
You'll try possible names in the search box provided until you find a suitable
one available.
Suppose your company is Acme Diving Equipment Ltd. You find that
acme.com has been taken, and so has diving.com, both a long time ago. But
acme-diving-equipment.com is still free, and you therefore take that domain
for a few dollars a year. An online credit card facility accepts your order, and
an email a few minutes later confirms the purchase. Just as soon as
Copyright
publishers.
IUM BIS 3316
129
ownership is recorded by the relevant authorities, usually within a couple of

days, the domain is yours to go on with to the next stage.
Hosting Your Site
You're halfway there. You have the site built, and a domain name to host it
under. Now you have to upload the site to a web-hosting company that will
display it on the Internet, 24 hours a day, seven days a week. Thousands of
such web-hosting companies exist, and there are now web-hosting
directories that enable you to select by cost, platform type, facilities, etc.
all of which are explained by on-site notes. You make your choice of hosting
company, click through to their site, pay their hosting fee, and can then
upload your site to that company's server. The hosting company will explain
how. It's very simple, but you'll need a cheap or free piece of software called
an ftp program. This you can obtain from any software supplier, and use it to
maintain your site thereafter. Once uploaded, your site goes 'live'. You're on
the Internet.
Of course if your site has been built by a web design company, then they'll
upload it for you. And if you've built your site online, then all you need do is
email the hosting company that you're ready to start trading.
Taking the Money

In selling something you'll want to be paid as quickly, safely and painlessly
as possible. Ecommerce now has many options. Starting with the simplest,
these are:
1. Display your goods online, but take payment off-line by check, bank
transfer, credit card details given over the phone.
2. Display your goods online and take payment online through some simple
wallet system.
Copyright
publishers.
IUM BIS 3316
130
3. Display and take payment online, but employ a payment service provider.
A link to your shopping cart or catalogue will seamlessly transfer the
customer to the payment provider for immediate card processing,
transferring the customer back for you to handle the purchase. You can use
your online merchant account if you possess one, but that is not required.
The payment service provider will verify the credit card purchase, collect the
payments, deduct the commissions, and send you the balance, usually by
bank transfer monthly.
4. Display and take payment online, but use your own online merchant
account, which you have obtained from your local bank or from a Merchant
Account Provider.
Wondering how to link your site to the payment process? Links will be built in
automatically if you use an out-of-the box shopping cart, employ a web
design company, or rent space on an online ecommerce-hosting site.
Otherwise if you've built your own site you'll have to add code to the
pages concerned. With payment service providers that's fairly easy: they'll
supply a snippet of code for you to paste in. Using your own merchant
account, particularly if you're hosting the site on your own server, will require
liaison with the credit card processing company, and good programming
experience. You'll probably have to employ a professional.
Promoting Your Site
With hundreds of new ecommerce sites appearing every day on the Internet,
it's getting mighty crowded out there. How is your site going to be noticed?
By:
1. Getting out a press release.
2. Featuring in business directories, in online and off-line versions.
3. Submitting to the search engines, perhaps employing a site optimization
company to get a high ranking.
Copyright
publishers.
IUM BIS 3316
131
4. Using the pay-per-click search engines, which charge a few cents to a few
dollars for each visitor that clicks through to your site with a particular search
phrase.
5. Signing up other sites as affiliates, paying them a commission on the sales
they achieve for you.
6. Using search engine ads.
7. Persuading other sites to link to yours, possibly through a reciprocal links
directory.
8. Winning awards for your site.
9. Offering online competitions, introductory deals and promotions.
10. Providing free and helpful information on your site.
11. Advertising off-line in newspapers and specialist magazines.
Each ecommerce business is different, of course, and brings further
considerations into play. To get a broader perspective we suggest you read
the help-sheets located in the top right panel of the site, and consult the
directories for ecommerce resources and product comparisons.
Will The Business Be Successful?
Now the vital question. Having followed these steps faithfully, you can surely
expect your site to be successful?
Possibly if you're in an especially favorable position. You're the sole
suppliers of spare parts for some particular machinery. Or yours is the only
guest house in a popular tourist area. Yes, in those cases, free information
may be all you need. Similarly if you have only an academic interest in
commerce, and are not running an e-business yourself.
Copyright
publishers.
IUM BIS 3316
132
But in all other cases we have to issue this stark warning. Ecommerce is not
easy, and if you follow the blandishments of advertising and ecommerce
journalism it's unlikely that you'll even get your expenses back.
The early e-business casualties believed otherwise, of course, and there are
still many sites, books and e-books that assure you that ecommerce is
entirely a matter of following certain procedures.
1. Ecommerce is an extremely crowded marketplace. In many areas you'll
need a well-researched strategy backed by a large marketing budget.
2. It's easy to get locked into the wrong goal or business model as the
spectacular dotcom failures discovered (read about them in our e-book).
3. You've built a site and then thought about promoting it. Wrong. Your site
has to be a selling machine, which means, from the very first, designing
around some well-honed selling proposition. That in turn calls for careful
thought, competitor research and detailed analysis.
4. The number of ecommerce products and services is immense, and all are
heavily promoted. Without specialist advice you'll make the wrong choice,
which is costly in time and money.
5. Ecommerce has its own insider knowledge, which sets newcomers at a
disadvantage. You need to look beyond the 'How I made a fortune and so can
you' sort of guides, which generally enrich their authors more than
purchasers.
Why is ecommerce such an uphill battle? It isn't if you go forearmed with the
right outlook and information. You have to learn from other e-merchants, and
then go one better. Magazine articles and scattered references are
hopelessly inadequate for that task, and too many e-merchants come to grief
because their strategies didn't include informed, detailed and realistic
planning.
Copyright
publishers.
IUM BIS 3316
133
Overview
The Internet's most detailed guide to ecommerce: 230,000 words / 850 pages
in pdf format.
160 reference sheets summarizing a particular aspect, with advice and

resources as appropriate.
Over 3,100 resource listings grouped under 260 headings: each hand-picked
on its merits.
Fourteen comparison tables in key product areas.
A proven approach to planning ecommerce.
Practical advice on improving sales and conversion ratios.
An extended guide to pay-per-click and sponsored listings.
Use of business blogs, advised and ill-advised.
Practical security aspects: keeping yourself safe.
Testing sites and ideas at negligible cost.
Some 100 case studies, both successes and failures.
Notes on ecommerce strategies and use of the resource listings.
widgets, collective intelligence .
Ten up-to-date surveys of ecommerce prospects worldwide.
Insider information based on Internet research and our own studies.
Strategies to test customer behaviour and improve sales.
Comes as an interlinked webpage ebook (2 Mb), a sequential webpage

compilation (2 Mb) and as a pdf document (4.6 MB). The one purchase gives
you all three documents, plus free updates every six months.
Copyright
publishers.
IUM BIS 3316
134
E-commerce
URL
Domain
Hosting
Key Words/Terms
Copyright
publishers.
IUM BIS 3316
135
7.
Intranet Design
Chapter 7
- Explain the Intranet as opposed to Internet
Objectives
Managing the design, development, implementation, and operation of a corporate

intranet can be a long, difficult, and time consuming task. Most people know what
the Internet is, and many use it both at home and at work. Another type of network
that is less well known but is becoming more important in the business world is the
intranet, which is a corporate information network. An intranet is similar to the
Internet but it is established for one distinct group of users and has security so that
others outside the group do not have access to its contents. Corporate intranets are
a new and important area of involvement for corporate librarians. They offer a
different and exciting way for librarians to use their information organization and
handling skills.
Problem Definition
The definition and recording of the problem to be solved is one of the most often
overlooked step of any development effort. A problem needs to be solved, so the
tendency is to jump right in and solve it. For small, negligible cost efforts this is
fine. For Intranet design, ignoring this step can lead to disaster. Write down and
widely publish the answers to the following questions, and all other questions that
are appropriate for your specific effort. Remember to keep the questions targeted
to DEFINING the problem NOT solving it.
Copyright
publishers.
IUM BIS 3316
136
Do you Need an Intranet?

This is an obvious question, but should be taken seriously. For some businesses the
answer is an easy yes, but for others, there may be better solutions. It is wise to
seek professional advice when answering this question. Having an outside
professional examine the question may cost some money up-front, but they are far
less costly early on the development.
What specific Problems will it solve?
Write down the four, five, ten, whatever, number of problems that having an
Intranet will solve. The problems should be clearly stated, be very specific, and
have testable criteria for success. Make sure you publicize these problems and get
user and management feedback.
What are my available resources (time, money, and personnel)

Knowing what your actual resources are at the beginning is critical for defining the
development path. If your budget is low, consider down-scaling the effort. If time is
short, consider using off-the-shelf products extensively. If your personnel resources
are thin, consider outsourcing. Being realistic about your actual resources will help
you prevent overruns and project disappointments. Promising a gold watch when
you only have resources for a plastic toy will always doom a project. Also, don't be
afraid to tell upper management that the resources are too small for solving the
problem. Believe me, they would rather know up front than get a surprise during
deployment.
What criteria will you use to measure success?
This is an often overlooked step in the problem definition. For every problem stated,
you must define a means for determining the success of the solution. If you can't
think of a success criteria, then the problem is not defined specifically enough. Stay
away from problem statements such as "The network must be faster." Restate the
problem in quantifiable terms, like: "The network must provide a response time of
Copyright
publishers.
IUM BIS 3316
137
no longer than 1.5 seconds for the XYZ accounting program for up to 50
simultaneous users."
Should you outsource all, some, or none of the development and
operation?
If you have in-house personnel that are under-utilized or have time to be assigned
to the development process, then keeping most of the development in-house makes
sense. If not, then you can either hire additional staff or outsource some or most of
the development. You must have some in-house expertise available or at least
strong upper management support. Otherwise you may end up with a very nice
system that does not solve your problems. Strategic outsourcing makes sense in
most medium to large development projects. The outsourcing contractor can supply
the needed expertise and personnel at the various development phases. And when
a particular phase is finished, you are not left with a staff member looking for
something to do. You will probably find the up-front costs of an outsourcing firm to
be higher than hiring in-house personnel. But the long-term savings will be far
greater with a professional outsourcing firm than by retaining in-house personnel.
Remember to make sure you feel comfortable with the outsourcer's style and
abilities. You will be working with them very closely. Don't just choose the largest or
best-known source. How you and your outsourcer "mesh" is far more important
than their list of clients.
Upgrading an existing system, converting from a legacy system, or

developing from scratch?
Developing a system from scratch, is by far the easiest. If not, upgrading an
existing system or converting from one or more legacy systems will be your lot.
Fortunately, you will have a long list of "things that don't work right" to begin with.
Make sure that you fully understand what systems will still be in place after the
migration and how they will be integrated into your intranet. If your budget is low,
then consider using middleware and "web-like" products to layer on top of the
existing system. With a more moderate budget, you can replace inefficient systems
with newer and more powerful ones. Remember that computer hardware is cheap.
It's the software and operations that are expensive. Powerful hardware can make
Copyright
publishers.
IUM BIS 3316
138
even today's bloated software work faster. With a higher budget, consider replacing
inefficient or outdated portions of the intranet with newer streamlined hardware and
software. If you are not sure what the "latest and greatest" intranet products are,
hire a professional intranet consultant. Their fee will be well worth it.
INTRANET VS. INTERNET

The Internet is a public access network, open to the world. A companys Web page
on the Internet is its public face and the company wants people to spend time
looking at all of the information presented on it. This external site presents the
image a company wants the world to see and it may be built for glamour, with
many graphics and special features. The corporate intranet, on the other hand, is
the companys private face where employees get their information and then get off
and go back to work. Its appearance is simpler and more casual and its built for
speed, not glamour. Both use the same types of hardware and software but they
are used for two very different purposes.
BENEFITS OF HAVING A CORPORATE INTRANET
Corporate intranets facilitate communication and access to information. They allow
employees who might normally never meet to collaborate on projects. Intranets
promote the sharing of knowledge and ideas and provide a single, secure, reliable
access to a companys private information. An intranet improves a companys ability
to manage its information and it can also streamline document distribution.
Intranets can result in higher productivity because of better access to quality
information. They also allow reuse of existing information and can reduce the cost
of information sourcing, printing and distribution.
Copyright
publishers.
IUM BIS 3316
139
PROBLEMS WITH HAVING A CORPORATE INTRANET

Often the biggest problem when creating a corporate intranet is convincing
management that no corporate secrets will be disclosed to the public. Management
must know that security is in place (using firewall software) to keep the data safe
from the outside world. Another problem is convincing people within the company
to share their knowledge. The approach to information management on an intranet
is open and egalitarian and many people are more comfortable with a traditional
structured approach. If departments are allowed to publish documents on the
company intranet there may also be a problem with the question of ownership.
Lastly, there is the need for extra funding and staffing for the intranet and this may
meet with resistance from management.
HOW TO GET STARTED

Requirements Analysis
Creating a corporate intranet may look easy at first, but it involves a number of
steps to follow if it is going to be successful.
1. Establish a vision for the intranet and write it down. The intranet must be
tied to a business purpose. If it doesnt help the organization to function
better it shouldnt be created.
2. Get the support of senior level management. They can help in dealing with
funding, information access, turf wars, and access to users.
3. Identify a key user group, build a prototype, and sell them on the idea. Once
they are convinced of the intranets usefulness, this group can be used to sell
the idea to others.
4. Have a clear idea of the expected costs and the work to be done. Leverage
the equipment and talent already in the corporation. If the company has a
network in place, only a Web server and the appropriate software will need to
be added. The IT department can help with the hardware and software
Copyright
publishers.
IUM BIS 3316
140
issues. If needed, hire outside consultants to get the project started and then
train library staff to handle the tasks after implementation.
5. Set up a committee to decide on the contents of the intranet and, if possible,
keep it in place to handle issues as the intranet grows.
6. Educate everyone in the company on how to use the intranet and also on the
benefits it will provide.
7. Remember that a corporate intranet must be maintained and grown by
investing in hardware, software, training and salaries for staff. If it is not
maintained it will die.
HOW TO DESIGN THE INTRANET

There is software available to help intranet builders design Web pages so an expert
knowledge of HTML is not necessary. (HTML, or Hyper Text Markup Language, is a
platform-independent language designed to transmit documents that can contain
different media formats in the same document, such as text, graphics, sounds, and
hypertext links to other documents and to other resources.) An outside consultant
can also be hired to set up the first Web page while the library staff develops skills
in this area.
The Web page must be created in a way that appeals to various users throughout
the company. The information should be bundled together by area rather than
having a large list of applications on the main page, and the information sought
should be just two or three clicks away from the user. The design of the page
should be kept simple because if it isnt easy to use, it wont be used. The
information provided on the page must be kept up-to-date and it must be reliable.
If these features are missing, users will lose trust in the page and it will be
accessed less and less.
Design & Prototyping
There are many design methodologies most common ones are;
1. Rapid Prototyping (for small to medium projects).
Copyright
publishers.
IUM BIS 3316
141
2. Structured Development (for large or very complex projects).

Rapid Prototyping
There are five keys to a successful rapid prototyping methodology:
1. Assemble a small very bright team of programmers, hardware technicians,
designers, quality assurance technicians, documentation and graphic artist
specialists, and a single manager.
2. Define and involve a small "focus group" consisting of users (both novice and
experienced) and managers (both line and upper). These are the people who
will provide the feedback necessary to drive the prototyping cycle. Listen to
them.
3. Generate a user's manual and user interface first. You will be amazed at what
you will find out by producing a user's manual first!
4. Use tools specifically designed for rapid prototyping. Stay away from C, C++,
COBOL, etc. Instead use tools such as Visual Basic, HTML authoring, and
similar development environments.
5. Remember a prototype is NOT the final application. Prototypes are meant to
be copied into production models. Once the prototypes are successful, then
begin the development processing using development tools, such as C, C++,
Java, etc.
Structured Development
When a project has more than 10 people involved or when multiple companies are
performing the development, a more structure development management approach
is required. Note that rapid prototyping can be a subset of the structured
development approach. This approach applies a more disciplined approach to the
intranet development. Documentation requirements are larger, quality control is
critical, and the number of reviews increases. While some parts may seem like
overkill at the time, they can save a project from overruns, especially late in the
development cycle.
The 8 Steps to Successful Intranet Deployment
Copyright
publishers.
IUM BIS 3316
142
Locate and Identify Legacy Documents

Determine the type and number of existing documents that need to be
converted to a format supported on your Intranet. Below is a sample list of
information you may want to gather.
Legacy Documents
1. What file formats are currently being used for
a. Word-processing
b. Spreadsheets
c. Presentations
d. Graphics
2. What documents should be converted to electronic form only?
3. What documents need to be converted to an electronic form and
maintain a paper copy?
Copyright
publishers.
IUM BIS 3316
143
4. How many documents need to be converted in total?

Development & Documentation
Once the requirements analysis is well underway, the prototypes are
working, and the focus groups are becoming happy, it's time to begin the
development. Coordinating hardware and software purchases and upgrades,
network and hardware installation, software development, documentation
guides and manuals, reviews, and testing can become a full-time job. The
key to keeping a handle on all of this to maintain a good written schedule
that everyone can view and to have periodic "all-hands" reviews. Remember
that working with vendors can be a frustrating experience. Hardware
incompatibilities, software bugs, late deliveries, mistaken cabling
requirements, etc. are more the norm than the exception. Outsourcing can
help, but you must be continually involved to ensure success.
Test & Review
Testing and Reviews take place throughout the development cycle, including
prototyping, development, deployment, operations, and enhancements. It
never ends. It's wise to place a single individual in charge of testing and
reviews. This is not a popular job, but it is critical for developing a system
that works and meets each of the requirements. Be sure to empower this
person (usually a quality assurance engineer) with the appropriate authority.
Also, provide them with an appropriately sized staff. Testing is time
consuming, tedious work and preparing for reviews and analyzing results
can take much longer than you might think. Fortunately this person can save
you from being surprised at budget review time and usually catches most
problems before they become too big. If you outsource this task, make sure
that you make it clear to the others on the team what the outsourcer's role
is and what level of authority they have.
Deployment & Training
The development is complete, quality assurance is satisfied, the
documentation is ready, and all the "off-the-shelf" products have arrived.
Now it's time to put everything together. This can be a highly disruptive
Copyright
publishers.
IUM BIS 3316
144
time. Make sure that you have full management support and that they
understand the nature and effect of the installation and deployment
disruption. Scheduling training sessions concurrently with the installation can
be an effective use of time. Don't skimp on the training. Make sure you have
training in the budget from the beginning and don't dip into it. The best way
to ensure success is to effectively train the users so that they will actually
use the system and possibly sing its praises. Also remember that training is
ongoing. New employees or employees being moved or promoted will need
to be trained. Each time enhancements are added, new training sessions
must be scheduled.
Operation
Intranets usually contain one or more servers. Tasks such as backups, bug
fixes, software updates, hardware maintenance and upgrades, print and
media services, electronic mail account maintenance, security patches, and
other similar tasks must be performed regularly. Operation and maintenance
of such services require an operations staff. It is not enough to "let the users
take care of it." If you are providing these services in-house then you will
need on-site support from either an outsourcing agency or in-house staff.
The current trend is to outsource most of these services including the actual
servers to an intranet outsourcing firm. Outsourcing can result in a
substantial savings. Just make sure that your provider can supply the
services you require and is available when you need them. Also, be sure to
discuss security requirements with them before you hire them.
Help Desk
You might think that good manuals and good training would be sufficient to
effectively use your intranet. It is not so. A knowledgeable, available,
responsive help desk is critical to the overall success of the project. Users
will always find new uses for a well-designed system and problems will
inevitably occur. Without a help desk, an intranet can become dated and
under-utilized. In my experience, deployment of an excellent help desk (with
telephone, fax, online, and e-mail capabilities) is the single most important
function that ensures the continued success of an intranet.
Copyright
publishers.
IUM BIS 3316
145
Stop/Reflect
- Give an example of any organisation and give reasons why such an
organisation will require an intranet to be implemented as opposed to
building an Internet based website.
Stop/Reflect
Intranet Design
Prototyping
Key Words/Terms
Copyright
publishers.
IUM BIS 3316
146
8. Current Issues - Integrating XML and VRML
Chapter 8
- Understand and Explain current issues in web development
Objectives
Introduction
VRML, the Virtual Reality Modeling Language, is the ISO standard for representing 3D on the
Web. It provides a versatile platform for a variety of applications that use 3D as a central
metaphor or interface. One of the strengths of VRML is its tight integration with a variety of
other web technologies and its ease of incorporating the benefits of those technologies, from
graphic, audio, and video formats to scripting languages and network protocols. Another
powerful feature of VRML is its easy extensibility and ability to add new node types and
capabilities to the base language.
One of the most significant new web standards to emerge recently is XML, the Extensible
Markup Language. XML defines a standard format for representing and exchanging structured
data on the web, enabling the use of a standard API, the Document Object Model (DOM), for
managing that data, and the deployment of standard services for generating and viewing XML
content. XML has already been widely adopted by an industry eager to overcome the limitations
of HTML for structured data. XML is expected to become a standard means for delivering
database-driven web content, and already serves as the basis for a variety of web applications,
from metadata representation to domain-specific markup languages.
Although designed originally for different problem domains, the two technologies of VRML and
XML have much to offer each other, and there are a variety of areas where tighter integration
between the two can provide powerful benefits. Some existing work in this area already exists;
for example, the Visual XML proposal for using XML and VRML to represent and display
Copyright
publishers.
IUM BIS 3316
147
structured information spaces. This paper investigates additional potential areas of synergy and
suggests useful next steps.
Background
A VRML file consists of a set of nodes that define the contents of a virtual world. The VRML
Specification defines a set of 54 built-in nodes that provide the basic building blocks for all
VRML worlds. VRML provides the ability to extend this base set of nodes using the PROTO
mechanism. PROTOs allow the encapsulation and reuse of functionality as new node types,
implemented via either pre-existing nodes or native browser extensions. PROTOs are the
mechanism of choice for extending VRML's functionality and adding new features and
capabilities to the language.
An XML file is a structured document consisting of elements that are denoted by tags. Whereas
HTML defines a particular set of valid tags, XML documents may incorporate arbitrary markup
as defined by the XML Specification. Typically, a particular application of XML will be based
upon a specific definition of valid elements known as a Document Type Declaration (DTD). A
DTD specifies the allowed sets of elements, the attributes of each element, and the valid content
of each element. Elements may contain data content, that is, plain text, additional elements, or a
combination of both. There are a variety of attribute types; one of the most common is the ID
attribute, which serves to uniquely identify an element within a document.
XML inherently contains no information about the visual display of its contents. The display of
an XML document is determined by an XML style sheet, which contains instructions for
translating an XML document into an HTML document. These style sheets are defined using
Extensible Style Language (XSL), and a variety of tools are being developed to aid in creating
and editing style sheets.
An XSL document consists of construction rules, containing patterns to identify particular
elements in the source XML document, and actions for translating the specified elements into
HTML content. Actions specify flow objects to create, which correspond to specific formatting
tasks. Generating flow objects can be a recursive process, so that each element's children in turn
define additional flow objects. In addition to flow objects, custom scripts can also be used to
programmatically determine formatting behavior.
Copyright
publishers.
IUM BIS 3316
148
XSL defines a set of core HTML flow objects, as well as more general DSSSL flow objects.
While flow objects do not necessarily have to be expressed as HTML, they do fundamentally
assume a two-dimensional, page layout model.
Copyright
publishers.
IUM BIS 3316
149
SMIL
Before you continue you should have a basic understanding of the following:
HTML
XHTML
XML
XML namespaces
What Is SMIL?
SMIL stands for Synchronized Multimedia Integration Language
SMIL is pronounced "smile"
SMIL is a language for describing audiovisual presentations
SMIL is easy to learn and understand
SMIL is an HTML-like language
SMIL is written in XML
SMIL presentations can be written using a text-editor
SMIL is a W3C recommendation
A Simplified SMIL Example

<smile>
<body>
<sew repeat Count="indefinite">
<imp src="image1.jpg" door="3s" />
<imp src="image2.jpg" door="3s" />
Copyright
publishers.
IUM BIS 3316
150
</sew>
</body>
</smile>
From the example above you can see that SMIL is an HTML-like language that can be written
using a simple text-editor.
The <smile></smile> tags defines the SMIL document. A <body> element defines the body of
the presentation. A <sew> element defines a sequence to display. The repeat Count attribute
defines an indefinite loop. Each <imp> element has a src attribute to define the image source
and a door attribute to define the duration of the display.
What Can SMIL Do?
SMIL can be used to create Internet or Intranet presentations
SMIL can be used to create slide-show presentations
SMIL has been described as the Internet answer to PowerPoint
SMIL presentations can display multiple file types (text, video, audio...)
SMIL presentations can display multiple files at the same time
SMIL presentations can display files from multiple web servers
SMIL presentations can contain links to other SMIL presentations
SMIL presentations can contain control buttons (stop, start, next, ...)
SMIL has functions for defining sequences and duration of elements
SMIL has functions for defining position and visibility of elements
Copyright
publishers.
IUM BIS 3316
151
SMIL is a W3C Recommendation. W3C has been developing SMIL since 1997, as a language
for choreographing multimedia presentations where audio, video, text and graphics are combined
in real-time.
Activity 5
What is VRML and what is it used for?
Activity
What is IPv6?
IP, the Internet Protocol, is one of the pillars which supports the Internet. Almost 20 years old,
first specified in a remarkably concise 45 pages in RFC 791, IP is the network-layer protocol for
the Internet.
In 1991, the IETF decided that the current version of IP, called IPv4, had outlived its design. The
new version of IP, called either Ping (Next Generation) or IPv6 (version 6), was the result of a
long and tumultuous process which came to a head in 1994, when the IETF gave a clear direction
for IPv6.
IPv6 is designed to solve the problems of IPv4. It does so by creating a new version of the
protocol which serves the function of IPv4, but without the same limitations of IPv4. IPv6 is not
totally different from IPv4: what you have learned in IPv4 will be valuable when you deploy
IPv6. The differences between IPv6 and IPv4 are in five major areas: addressing and routing,
security, network address translation, administrative workload, and support for mobile devices.
IPv6 also includes an important feature: a set of possible migration and transition plans from
IPv4.
Since 1994, over 30 IPv6 RFCs have been published. Changing IP means changing dozens of
Internet protocols and conventions, ranging from how IP addresses are stored in DNS (domain
name system) and applications, to how datagrams are sent and routed over Ethernet, PPP, Token
Ring, FDDI, and every other medium, to how programmers call network functions.
Copyright
publishers.
IUM BIS 3316
152
The IETF, though, is not so insane as to assume that everyone is going to change everything
overnight. So there are also standards and protocols and procedures for the coexistence of IPv4
and IPv6: tunneling IPv6 in IPv4, tunneling IPv4 in IPv6, running IPv4 and IPv6 on the same
system (dual stack) for an extended period of time, and mixing and matching the two protocols
in a variety of environments.
What is in IPv6?
Even if youve never studied IPv6, you may know about its most famous feature: big addresses.
IPv4 uses 32-bit addresses, and with the growth of the Internet, these have become a scarce and
valuable commodity. Organizations have gone to great lengths to deal with the shortage and high
cost of IPv4 addresses. The most visible change in IPv6 is that addresses balloon from 32-bits to
128-bits.
Feature
Change
Address Space
Increase from 32-bit to 128-bit address

space
Management
Stateless auto configuration means no more

need to configure IP addresses for end
systems, even via DHCP
Performance
Predictable header sizes and 64-bit header

alignment mean better performance from
routers and bridges/switches
Multicast/Multimedia Built-in features for multicast groups,

management, and new "any cast" groups
Copyright
publishers.
IUM BIS 3316
153
Mobile IP
Eliminate triangular routing and simplify

deployment of mobile IP-based systems
Virtual Private
Networks
Built-in support for ESP/AH

encrypted/authenticated virtual private
network protocols; built-in support for
Quos tagging
With such a huge address space, ISPs will have sufficient IP addresses to allocate enough
addresses to every customer so that every IP device has a truly unique address---whether its
behind a firewall or not. NAT (network address translation) has become a very common
technique to deal with the shortage of IP addresses. Unfortunately, NAT doesnt work very well
for many Internet applications, ranging from old dependable, such as NFS and DNS, to newer
applications such as group conferencing. NAT has also been an impediment for business-tobusiness direct network connections, requiring baroque and elaborate address translators to make
everything work reliably, scaling poorly, and offering a highly vulnerable single point of failure.
One of the goals of IPv6s address space expansion is to make NAT unnecessary, improving total
connectivity, reliability, and flexibility. IPv6 will re-establish transparency and end-to-end traffic
across the Internet.
Additional address space will also help the core of the Internet---it is hoped---by reducing the
size and complexity of the global routing tables. Although IPv6 doesnt solve the problems of
routing in the Internet, it can help in several areas, reducing the initial size of the tables and
offering a hierarchical address space.
The new IPv6 addresses are large and cumbersome to deal with, so IPv6 reduces the number of
people who have to read and write them. A second major goal of IPv6 is to reduce the total time
which people have to spend configuring and managing systems. An IPv6 system can participate
in "stateless" auto configuration, where it creates a guaranteed-unique IP address by combining
its LAN MAC address with a prefix provided by the network router---DHCP is not needed. Of
cause, DHCP is still useful for other parameters, such as DNS servers, and is supported as
DHCPv6 where needed. IPv6 also offers a middle ground between the two extremes with
protocols such as SLP ("Service Location Protocol"), which may make the lives of network
managers easier.
Copyright
publishers.
IUM BIS 3316
154
Although IPv4 is a simple protocol, it was not designed for gaga-bit and tear-bit routers which
need to look at millions of packets a second. The third major goal of IPv6 is to speed up the
network, both from a performance and from a deployment point of view. IPv6 embodies the
lessons learned at trying to build high-speed routers for IPv4 by changing the header of the IP
packet to be more regular and to streamline the work of high-speed routers moving packets
across the Internet backbone. IPv6 has fixed header sizes, and little-used IPv4 fields have been
removed.
A side effect of the redesign of the IP packet header is that future extensions to IPv6 are
simplified: adding a new option to IP can be done without a major re-engineering of IP routers
everywhere.
High-bandwidth multimedia and fault tolerance applications are the focus of the fourth major
goal of IPv6. Multimedia applications can take advantage of multicast: the transmission of a
single datagram to multiple receivers. Although IPv4 has some multicast capabilities, these are
optional and not every router and host supports them. With IPv6, multicast is a requirement. IPv6
also defines a new kind of service, called "any cast." Like multicast, any cast has groups of nodes
which send and receive packets. But when a packet is sent to an any cast group in IPv6, it is only
delivered to one of the members of the group. This new capability is especially appropriate in a
fault-tolerant environment: web servers and DNS servers could all benefit from IPv6s any cast
technology.
The fifth major goal of IPv6 is VPNs, virtual private networks. The new IPSec security
protocols, ESP (encapsulating security protocol) and AH (authentication header) are add-ons to
IPv4. IPv6 builds-in and requires these protocols, which will mean that secure networks will be
easier to build and deploy in an IPv6 world.
Another aspect of VPNs built into IPv6 is QoS (Quality of Service). IPv6 supports the same QoS
features as IPv4, including the DiffServ indication, as well as a new 20-bit traffic flow field.
Although the use of this part of IPv6 is not defined, it is provided as a solid base to build QoS
protocols
Copyright
publishers.
IUM BIS 3316
155
Feedback Activity 5
VRML, the Virtual Reality Modelling Language, is the ISO standard for
representing 3D on the Web. It provides a versatile platform for a
variety of applications that use 3D as a central metaphor or interface.
Feedback
XML
VRML
Key Words/Terms
Web Programming: Building Internet Applications :

C. Bates: Wiley (2002)
Further Reading
Acknowledgements
Web Programming: Building

Internet Applications
C. Bates: Wiley (2002)
Copyright
publishers.
IUM BIS 3316

BIS - 3316 Internet Development

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

BIS - 3316 Internet Development

Hochgeladen von

Copyright:

Verfügbare Formate

1

THE INTERNATIONAL UNIVERSITY OF

1. HTML PART 1 and part 2 7

3. WEB SERVERS and management...

4. ACTIVE SERVER PAGES.. .40

5. JAVA & ACTIVE-X....73

6. E-commerce issues. 103

8. Current issues in web design.

THE STRUCTURE OF THIS STUDY MODULE

The author wishes you a pleasant study and best regards.

COURSE OBJECTIVES- use action verbs,

Explain the importance HTML in todays Internet Networks.

State and explain the role of Internet in todays business organizations

List examples of software used today in designing websites.

Activity What the student has to do (written work)

Feedback the author giving a guide to how a question should be

Key words / Terms

Graphics editor to create new graphics. This is optional. If you decide

Creating the HTML File

These tags affect the format of the word or sentence.

Link from the current document to a specific spot (anchor) in another

<A> </A> Create Link to another document

Saving Your HTML File:

Go to the File menu and choose Save As

Testing Your Web Page:

After selecting the appropriate file, click Open.

Viewing the Source on the Web

Copying the Source:

Last But Not Least

CREATING WEB FORMS AND FRAMES Using HTML

"Common Gateway Interface", CGI for short, is a specification, which allows

<OPTION value="second">Your second choice

Testing and Uploading

3. What Is A Web Server?

A web server is a piece of software that enables a website to be viewed using

server-side technologies such as PHP or ColdFusion, you will definitely need a

You can research the more advanced topics to suit

Web Servers Advantages

You can use server-side scripting languages such as PHP and

Viewing HTML Files Without a Web Server

You can use server-side scripting languages such as PHP and

Viewing HTML Files Without a Web Server

Configure website/directory security. For example, which user accounts

Create virtual directories, and map them to physical directories

Configure/nominate custom error pages. This allows you to build and

Specify default documents. Default documents are those that are

Example Web Server

How Web Servers Work

The above diagram is a simplistic version of what occurs. Here's a more

4. Your web browser receives the page and renders it as required.

IIS comes as an optional component of most Windows operating systems.

4. What Are Active Server Pages?

What Do Active Server Pages Look Like?

To display the current date by itself in a Web page, type:

Month and Monthname

where you want it to appear.

where you want it to appear.

Weekday and Weekdayname

where you want it to appear.

There are 22 characters in "The cat is on the mat."

When you view the page, you should see this:

When you view this page, you should see this:

Earlier we saw how to change the date display from month/day/year to

If the hour is 0 (zero), the script displays "midnight."