Beruflich Dokumente
Kultur Dokumente
A PROJECT REPORT
of
BACHELOR OF TECHNOLOGY
in
INFORMATION TECHNOLOGY
MAY 2011
8
BONAFIDE CERTIFICATE
9
ACKNOWLEDGEMENT
I would also like to thank our friends for the support they
extended during the course of this project.
10
ABSTRACT
CAPTCHA also plays a significant role in limiting usage rate. For example, the
automatic use of a particular service is allowed unless such use goes beyond a certain
extent and affects other users. When that happens, we can limit such usage through the
introduction of CAPTCHA mechanism.
11
TABLE OF CONTENTS
LIST OF FIGURES ii
1 INTRODUCTION
2 SYSTEM ANALYSIS
3 REQUIREMENTS SPECIFICATION
3.1 Introduction 17
3.2 Hard
ware and Software specification 17
12
4 SYSTEM DESIGN
5.1 Modules 26
6.1 Coding 28
REFERENCES 78
SNAP SHOTS
13
LIST OF FIGURES
Architecture
Sequence Diagram
Activity Diagram
14
LIST OF ABBREVATIONS
15
CHAPTER 1
INTRODUCTION
Aim:
Synopsis:
16
used CAPTCHA mechanism, requiring that users must input the correct letters to leave a
message.
CAPTCHA also plays a significant role in limiting usage rate. For example, the
automatic use of a particular service is allowed unless such use goes beyond a certain
extent and affects other users. When that happens, we can limit such usage through the
introduction of CAPTCHA mechanism.
CHAPTER 2
SYSTEM ANALYSIS
Currently, there are mainly three kinds of methods to implement the CAPTCHA
mechanism: OCR (Optical character recognition) visual method, non-OCR visual method
and non-visual method.
17
Microsoft live mail has been bothered by junk mails many times. Given facts like these,
newly designed CAPTCHAs have become increasingly complex, so that some of those
are extremely difficult to identify.
Though there are many different kinds of specific implementations for non-OCR
visual method, it eventually comes down to the OCR problem in general, requiring users
to identify images. It is not so widely used. Up to now, except some research sites,
commercial sites rarely use it. Specific implementation algorithms are: CAPTCHA
algorithm based on real object image identification and designed by R. Datta, etc,
CAPTCHA algorithm based on image similarity judgment and designed by J. Elson, etc
and so forth. Non-OCR visual method is designed for special occasions and certain user
groups, thus it has very limited applications.
Dynamic CAPTCHA can make it not only extremely hard to crack for computer
programs using multiple frames, but also easy for humans to identify. According to
anatomical, physiological and functional characteristics of the visual system, there are
two visual pathways in the brain, the ventral pathway, which function is to identify
objects, and the dorsal pathway, which function is to identify spatial location and
movement of objects. Both the identifiability and contrast ratio of images will affect
moving objects. In the right hemisphere, 3D movement shows stronger brain activity than
2D movement. The biological vision theory says that the perception ability of moving
18
objects far exceeds that of static objects for biological vision. For example, we can easily
recognize a running cheetah in a jungle while could hardly notice a stationary cheetah in
the jungle. The reason is that the human visual system can easily reconstruct the overall
shape merely from vague displacements of parts of the moving object.
CHAPTER 3
REQUIREMENT SPECIFICATIONS
3.1 INTRODUCTION
the software products. It is the first step in the requirements analysis process it lists the
security requirements. The requirements also provide usage scenarios from a user, an
specification is to provide a detailed overview of the software project, its parameters and
goals. This describes the project target audience and its user interface, hardware and
software requirements. It defines how the client, team and audience see the project and its
functionality.
19
3.2.2 SOFTWARE REQUIREMENTS
Visual Studio
INTRODUCTION TO ASP.NET
20
data, may reside anywhere on the Internet rather than all being contained inside one
software program somewhere. Each part of an application can be referenced and accessed
using a standard procedure ASP.NET is the part that provides the features necessary to
easily tie all this capability together for coherent web-based applications. It is a
programming framework, and one of the primary differences between it and traditional
ASP is that it uses a common language runtime (CLR) capable of running compiled code
on a web server to deploy powerful wed-based applications.
ASP.NET still use HTTP to communicate to the browser and back, but it brings
added functionality that makes the communication process much richer. If any files have
the appropriate extension or contain code, the server routes those files to ASP.NET for
processing prior to sending them out to the client. The script or code is then processed
and the appropriate content is generated for transmission back to the browser/client.
Because processing takes place before the results are delivered to the user, all manner of
functionality can be built-in such as database access, component usage and the ordinary
programmatic functionality available with scripting languages.
ASP.NET applications can be coded using a plain text edited such as notepad,
although this not the most efficient method to use. Developing all the other resources that
might be required for a particular ASP.NET application, especially for the user interface,
may involve range of specialized tools including image-editing programs, database
programs and HTML editors.
ASP.NET enables you to access information from data sources, such as back-
end database and text files that are stored on a web server or a computer that is accessible
to a web server.
21
ASP.NET enables you to use a set of programming code called templates to
create HTML documents. The advantage of using template is that you can dynamically
insert content retrieved from data sources, such as back-end database and text-files, into
an HTML document before the HTML document is displayed to users. Therefore, the
information need not be changed manually as and when the content s retrieved from data
source change.
ASP.NET also enables you to separate HTML design from the data retrieval
mechanism. Therefore changing the HTML deign does not affect the program that
retrieve data from the databases. Similarly, server-side scripting ensures that changing
data sources does not require a change in HTML documents.
ASP.NET has a number of advance features that help you develop robust web
applications. The advance features of ASP.NET are based on the .NET Framework.
22
FEATURES OF ASP.NET
23
Manageability - ASP.NET enables you to manage Web application by
storing the configuration information in an XML file. You can open the XML file
in the visual Studio .NET IDE.
The most important server you can install is internet information server (IIS)
because you will need it to run your ASP.NET applications. There a number of other
servers specifically designed to work with the .NET Framework.
SQL-SERVER
24
(ISO/IEC 23270). C# is one of the programming languages designed for the Common
Language Infrastructure.
Design goals
The language, and implementations thereof, should provide support for software
engineering principles such as strong type checking, array bounds checking, detection of
attempts to use uninitialized variables, and automatic garbage collection. Software
robustness, durability, and programmer productivity are important.
The language is intended for use in developing software components suitable for
deployment in distributed environments.
C# is intended to be suitable for writing applications for both hosted and embedded
systems, ranging from the very large that use sophisticated operating systems, down to
the very small having dedicated functions.
25
Although C# applications are intended to be economical with regard to memory and
processing power requirements, the language was not intended to compete directly on
performance and size with C or assembly language.
Name
The name "C sharp" was inspired by musical notation where a sharp indicates that the
written note should be made a semitone higher in pitch. This is similar to the language
name of C++, where "++" indicates that a variable should be incremented by 1.
Due to technical limitations of display (standard fonts, browsers, etc.) and the fact that
the sharp symbol (♯, U+266F, MUSIC SHARP SIGN) is not present on the standard
keyboard, the number sign (#, U+0023, NUMBER SIGN) was chosen to represent the
sharp symbol in the written name of the programming language. This convention is
reflected in the ECMA-334 C# Language Specification.[7] However, when it is practical
to do so (for example, in advertising or in box art[10]), Microsoft uses the intended musical
symbol.
The "sharp" suffix has been used by a number of other .NET languages that are variants
of existing languages, including J# (a .NET language also designed by Microsoft which is
derived from Java 1.1), A# (from Ada), and the functional F#. The original
implementation of Eiffel for .NET was called Eiffel#,[12] a name since retired since the
full Eiffel language is now supported. The suffix has also been used for libraries, such as
Gtk# (a .NET wrapper for GTK+ and other GNOME libraries), Cocoa# (a wrapper for
Cocoa) and Qt# (a .NET language binding for the Qt toolkit).
History
During the development of the .NET Framework, the class libraries were originally
written using a managed code compiler system called Simple Managed C (SMC). In
January 1999, Anders Hejlsberg formed a team to build a new language at the time called
26
Cool, which stood for "C-like Object Oriented Language".[16] Microsoft had considered
keeping the name "Cool" as the final name of the language, but chose not to do so for
trademark reasons. By the time the .NET project was publicly announced at the July 2000
Professional Developers Conference, the language had been renamed C#, and the class
libraries and ASP.NET runtime had been ported to C#.
C#'s principal designer and lead architect at Microsoft is Anders Hejlsberg, who was
previously involved with the design of Turbo Pascal, Embarcadero Delphi (formerly
CodeGear Delphi and Borland Delphi), and Visual J++. In interviews and technical
papers he has stated that flaws in most major programming languages (e.g. C++, Java,
Delphi, and Smalltalk) drove the fundamentals of the Common Language Runtime
(CLR), which, in turn, drove the design of the C# language itself.
James Gosling, who created the Java programming language in 1994, and Bill Joy, a co-
founder of Sun Microsystems, the originator of Java, called C# an "imitation" of Java;
Gosling further claimed that "[C# is] sort of Java with reliability, productivity and
security deleted."Klaus Kreft and Angelika Langer (authors of a C++ streams book)
stated in a blog post that "Java and C# are almost identical programming languages.
Boring repetition that lacks innovation," "Hardly anybody will claim that Java or C# are
revolutionary programming languages that changed the way we write programs," and "C#
borrowed a lot from Java - and vice versa. Now that C# supports boxing and unboxing,
we'll have a very similar feature in Java."Anders Hejlsberg has argued that C# is "not a
Java clone" and is "much closer to C++" in its design.
C# used to have a mascot called Andy (named after Anders Hejlsberg). It was retired on
29 Jan 2004.
Versions
In the course of its development, the C# language has gone through several versions:
27
.NET Visual
January
C# 1.0 January 2002 Framework Studio .NET
2002
December 1.0 2002
April 2003
2002 .NET Visual
C# 1.2 October 2003 April 2003 Framework Studio .NET
1.1 2003
.NET
September September November Visual
C# 2.0 June 2006 Framework
2006 2005[note 1] 2005 Studio 2005
2.0
.NET
November Visual
C# 3.0 August 2007 Framework
2007 Studio 2008
None[note 2] 3.5
.NET Visual
C# 4.0 April 2010 April 2010
Framework 4 Studio 2010
^ The Microsoft C# 2.0 specification document only contains the new 2.0 features. For
older features use the 1.2 specification above.
^ There are currently, as of May 2010, no ECMA and ISO/IEC specifications for C# 3.0
and 4.0.
Summary of versions
C# 2.0 C# 3.0 C# 4.0 C# 5.0 (planned)
Features Generics Implicitly typed Dynamic binding Asynchronous
added variables methods
Partial types Named and optional
Implicitly typed arguments Compiler As a
Anonymous
arrays Service
methods Generic co- and
Anonymous types contravariance
Iterators
Extension methods
Nullable types
Query expressions
28
Lambda
expressions
Expression trees
Features
By design, C# is the programming language that most directly reflects the underlying
Common Language Infrastructure (CLI). Most of its intrinsic types correspond to value-
types implemented by the CLI framework. However, the language specification does not
state the code generation requirements of the compiler: that is, it does not state that a C#
compiler must target a Common Language Runtime, or generate Common Intermediate
Language (CIL), or generate any other specific format. Theoretically, a C# compiler
could generate machine code like traditional compilers of C++ or Fortran.
There are no global variables or functions. All methods and members must be declared
within classes. Static members of public classes can substitute for global variables and
functions.
Local variables cannot shadow variables of the enclosing block, unlike C and C++.
Variable shadowing is often considered confusing by C++ texts.
C# supports a strict Boolean datatype, bool. Statements that take conditions, such as
while and if, require an expression of a type that implements the true operator, such as the
boolean type. While C++ also has a boolean type, it can be freely converted to and from
integers, and expressions such as if(a) require only that a is convertible to bool, allowing
a to be an int, or a pointer. C# disallows this "integer meaning true or false" approach on
the grounds that forcing programmers to use expressions that return exactly bool can
prevent certain types of common programming mistakes in C or C++ such as if (a = b)
(use of assignment = instead of equality ==).
29
In C#, memory address pointers can only be used within blocks specifically marked as
unsafe, and programs with unsafe code need appropriate permissions to run. Most object
access is done through safe object references, which always either point to a "live" object
or have the well-defined null value; it is impossible to obtain a reference to a "dead"
object (one which has been garbage collected), or to a random block of memory. An
unsafe pointer can point to an instance of a value-type, array, string, or a block of
memory allocated on a stack. Code that is not marked as unsafe can still store and
manipulate pointers through the System.IntPtr type, but it cannot dereference them.
Multiple inheritance is not supported, although a class can implement any number of
interfaces. This was a design decision by the language's lead architect to avoid
complication and simplify architectural requirements throughout CLI.
C# is more type safe than C++. The only implicit conversions by default are those which
are considered safe, such as widening of integers. This is enforced at compile-time,
during JIT, and, in some cases, at runtime. There are no implicit conversions between
booleans and integers, nor between enumeration members and integers (except for literal
0, which can be implicitly converted to any enumerated type). Any user-defined
conversion must be explicitly marked as explicit or implicit, unlike C++ copy
constructors and conversion operators, which are both implicit by default.
30
Full type reflection and discovery is available.
Checked exceptions are not present in C# (in contrast to Java). This has been a conscious
decision based on the issues of scalability and versionability.[21]
C# has a unified type system. This unified type system is called Common Type System
(CTS).[22]
A unified type system implies that all types, including primitives such as integers, are
subclasses of the System.Object class. For example, every type inherits a ToString()
method. For performance reasons, primitive types (and value types in general) are
internally allocated on the stack.
Libraries
The C# specification details a minimum set of types and class libraries that the compiler
expects to have available. In practice, C# is most often used with some implementation of
the Common Language Infrastructure (CLI), which is standardized as ECMA-335
Common Language Infrastructure (CLI).
The following is a very simple C# program, a version of the classic "Hello, world"
example:
using System;
class ExampleClass
31
static void Main()
Console.WriteLine("Hello, world!");
Hello, world!
using System;
The above line of code tells the compiler to use 'System' as a candidate prefix for types
used in the source code. In this case, when the compiler sees use of the 'Console' type
later in the source code, it tries to find a type named 'Console', first in the current
assembly, followed by all referenced assemblies. In this case the compiler fails to find
such a type, since the name of the type is actually 'System.Console'. The compiler then
attempts to find a type named 'System.Console' by using the 'System' prefix from the
using statement, and this time it succeeds. The using statement allows the programmer to
state all candidate prefixes to use during compilation instead of always using full type
names.
class ExampleClass
Above is a class definition. Everything between the following pair of braces describes
ExampleClass.
32
This declares the class member method where the program begins execution. The .NET
runtime calls the Main method. (Note: Main may also be called from elsewhere, like any
other method, e.g. from another method of ExampleClass.) The static keyword makes the
method accessible without an instance of ExampleClass. Each console application's Main
entry point must be declared static. Otherwise, the program would require an instance,
but any instance would require a program. To avoid that irresolvable circular
dependency, C# compilers processing console applications (like that above) report an
error if there is no static Main method. The void keyword declares that Main has no
return value.
Console.WriteLine("Hello, world!");
This line writes the output. Console is a static class in the System namespace. It provides
an interface to the standard input, output, and error streams for console applications. The
program calls the Console method WriteLine, which displays on the console a line with
the argument, the string "Hello, world!".
Implementations
The Mono project provides an open source C# compiler, a complete open source
implementation of the Common Language Infrastructure including the required
framework libraries as they appear in the ECMA specification, and a nearly complete
33
implementation of the Microsoft proprietary .NET class libraries up to .NET 3.5. As of
Mono 2.6, there are no plans to implement WPF; WF is planned for a later release; and
there are only partial implementations of LINQ to SQL and WCF.
The DotGNU project also provides an open source C# compiler, a nearly complete
implementation of the Common Language Infrastructure including the required
framework libraries as they appear in the ECMA specification, and subset of some of the
remaining Microsoft proprietary .NET class libraries up to .NET 2.0 (those not
documented or included in the ECMA specification but included in Microsoft's
standard .NET Framework distribution).
• The user who creates the database becomes the owner of the database.
• The name of the database must follow the rules for identifiers.
• Primary files
34
These files contain the startup information for the database. The primary files are
also used to store data. Every database has one primary file.
• Secondary files
These files hold all the data that does not fit in the primary data file. Databases do
not need secondary data files if the primary file is large enough to hold all the data
in the database. Some databases may be large enough to need multiple secondary
data files, or they may use secondary files on separate disk drives to spread the
data across multiple disks.
• Transaction log
These files hold the log information used to recover the database. There must be
at least one transaction log file for each database, although there may be more
than one. The minimum size for a log file is 512 kilobytes (KB).
When a database is created, all the files that comprise the database are filled with zeros to
overwrite any existing data left on the disk by previously deleted files. Although this
means that the files take longer to create, this action prevents the operating system from
having to fill the files with zeros when data is written to the files for the first time during
usual database operations. This improves the performance of day-to-day operations.
It is recommended that you specify a maximum size to which the file is permitted to
grow. This prevents the file from growing, as data is added, until disk space is exhausted.
To specify a maximum size for the file, use the MAXSIZE parameter of the CREATE
DATABASE statement or the Restrict filegrowth (MB) option when using the Properties
dialog box in SQL Server Enterprise Manager to create the database.
The first step in creating a database is creating a plan that serves both as a
guide to be used when implementing the database and as a functional specification for the
database after it has been implemented. The complexity and detail of a database design is
35
dictated by the complexity and size of the database application as well as the user
population.
In planning the database, regardless of its size and complexity, use these basic steps:
• Gather information.
GATHERING INFORMATION:
Before creating a database, you must have a good understanding of the job
the database is expected to perform. If the database is to replace a paper-based or
manually performed information system, the existing system will give you most of the
information you need. It is important to interview everyone involved in the system to find
out what they do and what they need from the database. It is also important to identify
what they want the new system to do, as well as to identify the problems, limitations, and
bottlenecks of any existing system. Collect copies of customer statements, inventory lists,
36
management reports, and any other documents that are part of the existing system,
because these will be useful to you in designing the database and the interfaces.
IDENTIFYING OBJECTS
During the process of gathering information, you must identify the key
objects or entities that will be managed by the database. The object can be a tangible
thing, such as a person or a product, or it can be a more intangible item, such as a
business transaction, a department in a company, or a payroll period. There are usually a
few primary objects, and after these are identified, the related items become apparent.
Each distinct item in your database should have a corresponding table.
The primary object in the pubs sample database included with Microsoft® SQL Server™
2000 is a book. The objects related to books within this company's business are the
authors who write the books, the publishers who manufacture the books, the stores which
sell them, and the sales transactions performed with the stores. Each of these objects is a
table in the database.
For this purpose, database developers use tools that range in technical complexity from
pencils and scratch paper to word processing or spreadsheet programs, and even to
software programs specifically dedicated to the job of data modeling for database
designs. Whatever tool you decide to use, it is important that you keep it up-to-date.
37
SQL Server Enterprise Manager includes visual design tools such as the Database
Designer that can be used to design and create objects in the database.
• Categorical columns
• Identifier columns
38
These columns establish a link between information in one table
and related information in another table. For example, a table that tracks sales
transactions will commonly have a link to the customer’s table so that the
complete customer information can be associated with the sales transaction.
For example, the designer of the pubs database has created tables for titles
and publishers in the database. The titles table contains information for each book: an
identifier column named title_id; raw data columns for the title, the price of the book, and
the publishing date; and some columns with sales information for the book. The table
contains a categorical column named type, which allows the books to be grouped by the
type of content in the book. Each book also has a publisher, but the publisher information
is in another table; therefore, the titles table has a pub_id column to store just the ID of
the publisher. When a row of data is added for a book, the publisher ID is stored with the
rest of the book information.
Data Security
39
Designing Tables
When you design a database, you decide what tables you need, what type
of data goes in each table, which can access each table, and so on. As you create and
work with tables, you continue to make more detailed decisions about them.
The most efficient way to create a table is to define everything you need in the table at
one time, including its data restrictions and additional components. However, you can
also create a basic table, add some data to it, and then work with it for a while. This
approach gives you a chance to see what types of transactions are most common and
what types of data are frequently entered before you commit to a firm design by adding
constraints, indexes, defaults, rules, and other objects.
It is a good idea to outline your plans on paper before creating a table and
its objects. Decisions that must be made include:
• Columns in the table and the data type (and length, if required) for each column.
• Types of indexes needed, where required, and which columns are primary keys
and which are foreign keys.
40
Like most mainframe or minicomputer databases, SQL Server is a database that has seen
an evolution from its introduction in the mid-1960s until today. Microsoft's SQL Server
is founded in the mature and powerful relational model, currently the preferred model for
data storage and retrieval.
SQL Server also contains many of the front-end tools of PC databases that traditionally
haven't been available as part of either mainframe or minicomputer databases. In addition
to using a dialect of Structured Query Language (SQL), GUI applications can be used for
the storage, retrieval, and administration of the database.
SQL Server permits client applications to control the information retrieved from the
server by using several specialized tools and techniques, including options such as stored
procedures, server-enforced rules, and triggers that permit processing to be done on the
server automatically. You don't have to move all processing to the server, of course; you
still can do appropriate information processing on the client workstation.
41
Although organizations routinely use SQL Server to manipulate millions of records, SQL
Server provides several tools that help you manage the system and its databases and
tables. The Windows- and command-line-based tools that come with SQL Server allow
you to work with the many aspects of SQL Server. You can use these tools to
You also can use a command-line interface to perform all operations with SQL Server.
A key characteristic of SQL Server is that it is a relational database. You must understand
the features of a relational database to effectively understand and access data with SQL
Server. You can't construct successful queries to return data from a relational database
unless you understand the basic features of a relational database.
ADO.NET
Features of ADO.NET
42
needs of several applications simultaneously since the interaction is for a shorter
duration.
Data cached in datasets- A dataset is the most common method of
accessing data since it implements a disconnected architecture. Since ADO.NET is based
on a disconnected data structure, it is not possible for the application to interact with the
database for processing each record. Therefore, the data is retrieved and stored in
datasets. A dataset is a cached set of database records. We can work with the records
stored in a dataset as we work with real data; the only difference being that the dataset is
independent of data source and we remain disconnected from the data source.
ADO.NET supports scalability by working with datasets. Datasets
operations are performed on the datasets instead of on the database. As a result, resources
are saved, and the database can meet the increasing demands of users more efficiently.
Data transfer in XML format- XML is the fundamental format for
data transfer in ADO.NET. Data is transferred from a database into a dataset and from
the dataset to another component by using XML. We can even use an XML file as a
data source and store data from it in a dataset. Using XML as the data transfer
language is beneficial as XML is an industry standard format for exchanging information
between different types of applications. The knowledge of XML is not required for
working with ADO.NET since data conversion in the XML and any component that can
read the dataset structure from and to XML is hidden from the user. Since a dataset is
stored can process the data.
Interaction with the database is done through data commands – All operations on the
database are performed by using data commands. A data command can be a SQL
statement or a stored procedure. We can retrieve, insert, delete or modify data from a
database by executing data commands.
Microsoft Silver light is an application framework for writing and running rich
Internet applications with emphasis on multimedia, animations, and graphics, with
features and purposes similar to those of Adobe Flash. The run-time environment for
43
Silver light is available as a plug-in for most web browsers. While early versions of
Silver light focused on streaming media, current versions support multimedia, graphics
and animation, and give developers support for CLI languages and development tools.
The current version 4 was released in April 2010. It is compatible with multiple
web browsers used on Microsoft Windows and Mac OS X operating systems. Mobile
devices, starting with Windows Phone 7 and Symbian (Series 60) phones, are likely to
become supported in 2010.[4][5] A free software implementation named Moonlight,
developed by Novell in cooperation with Microsoft, is available to bring most Silver light
functionality to Linux, FreeBSD and other open source platforms.
Silver light supports H.264 video, Advanced Audio Coding, Windows Media
Video (WMV), Windows Media Audio (WMA) and MPEG Layer III (MP3) media
content[7] across all supported browsers without requiring Windows Media Player, the
Windows Media Player ActiveX control or Windows Media browser plug-ins. Because
Windows Media Video 9 is an implementation of the Society of Motion Picture and
Television Engineers (SMPTE) VC-1 standard, Silver light also supports VC-1 video.
According to the End user license agreement VC-1 and H.264 are only licensed for the
"personal and non-commercial use of a consumer".[8] Silver light, since version 3,
supports the playback of H.264 video.[9] Silver light makes it possible to dynamically
load Extensible Markup Language (XML) content that can be manipulated through a
Document Object Model (DOM) interface, a technique that is consistent with
conventional Ajax techniques. Silver light exposes a Downloader object which can be
used to download content, like scripts, media assets or other data, as may be required by
the application.[10] With version 2, the programming logic can be written in any .NET
44
language, including some derivatives of common dynamic programming languages like
Iron Ruby and Iron Python
Silver light 1, which was developed under the codename Windows Presentation
Foundation/Everywhere (WPF/E) and released in 2007, consists of the core presentation
framework, which is responsible for the user interface (UI), interactivity and user input,
basic UI controls, graphics and animation, media playback, Digital rights management
(DRM), and DOM integration.[12] It is made up of the following components:
A Silver light application starts by invoking the Silver light control from the
HyperText Markup Language (HTML) page, which then loads up a XAML file. The
XAML file contains a Canvas object, which acts as a container for other elements. Silver
light provides various geometrical primitives like lines, ellipses and other shapes, to
elements like text, images, and media, etc. The elements are properly positioned to
achieve the desired layout. Any arbitrary shape can be created as well. These elements
can be animated using Event triggers; some animation effects are predefined, others can
be created as composite of the pre-defined effects. Events like keyboard or mouse
movements can also raise Events which can be handled by custom scripts.
45
Programmatic manipulation of the UI is achieved by using scripting languages to
modify the Document Object Model of the Silver light Canvas object. To facilitate this,
Silver light exposes a DOM application programming interface (API), accessible from
any scripting language supported by Silver light, which in version 1 release is limited to
JavaScript running in the browser. However, there are no UI widgets built in. The native
widgets of the browser must be overlaid on top of the Silver light Canvas for user input.
Support for data formats is limited to XML and JavaScript Object Notation (JSON) only
Silver light 2:
Silver light ships with a lightweight class library which includes features such as
extensible controls, XML Web Services, networking components and Language
Integrated Query (LINQ) APIs. This class library is a subset of, and is considerably
smaller than, .NET Framework's Base Class Library (BCL). Silver light code runs in a
sandbox, thus preventing the invocation of platform APIs.
46
Silver light 2 Architecture:
The included BCL provides classes for collections, reflection, regular expressions,
string handling and data access. It also supports LINQ, with full support for LINQ to
Objects and expression trees. Almost all of the System.Linq and System.Linq.Expression
namespaces are exposed. It also supports serialization of objects, for data persistence.
Silver light can handle data in Really Simple Syndication (RSS) or JSON format, in
addition to XML. The BCL provides enhanced support for working with XML data,
including the XMLReader and XMLWriter classes. Silver light 2 also supports
asynchronous programming via the use of the threading libraries.
Silver light also includes classes for data access over XML-based Web services,
Representational State Transfer (REST), Windows Communication Foundation (WCF)
Services and ADO.NET Data Services.[18] The networking support in Silver light can be
used by Silver light applications to communicate using Hypertext Transfer Protocol
(HTTP), or at the lower socket level. Cross-domain communication is supported. Silver
light uses an XML-based configuration file to control the cross-domain resource-access
policy, for both HTTP and socket connections. It can be used by site administrators to
control which resources a Silver light application can access, when that application did
47
not originate in the domain of the site. In addition, Silver light also supports the Adobe
Flash Cross-domain policy file format. Silver light sockets can only initiate a connection;
they cannot listen for connections.
Silver light 2 includes the Dynamic Language Runtime (DLR) which allows
dynamic compilation and execution of dynamic (scripting) languages. Compilers for the
languages based on the DLR (including IronPython and IronRuby) are [to be?] packaged
with the Dynamic Languages application in the .xap package. The Dynamic Languages
software development kit (SDK) includes a web server named Chiron, that can
dynamically package all the dependencies for the Dynamic Languages application and
serve it to the browser. The first upcoming languages written for the DLR are Managed
JScript, IronPython 2.0, and IronRuby. Microsoft also plans to build Visual Basic .NET
10.0 (VBx) on the DLR. All four languages share the same infrastructure, to allow Silver
light to compile and execute the language source. Conversely, other .NET languages
must be compiled ahead-of-time and delivered to Silver light as .NET assemblies. The
implementation of Managed JScript conforms to the ECMAScript 3.0 specification, and
Microsoft asserts that it is 250 times faster than interpreted JScript.
With the integration of .NET Framework, Silver light also allows HTML-
managed code interaction, which enables the manipulation of HTML DOM elements
from managed code, and permits JavaScript code to call managed code and use objects
instantiated by managed code. Silver light encloses JavaScript objects and DOM
elements in managed wrappers to make them available from managed code. While there
is no provision for calling JavaScript code directly in the 1.1 alpha release, managed-code
events can fire JavaScript handlers. A Silver light instance does not need to have a UI
component in order to manipulate the HTML DOM from managed code. It is done by
creating a XAML Canvas with both width and height set to zero, and using its code-
behind code to modify the Document Object Model of the HTML page via the APIs in
the System.Browser namespace.
48
Silver light 2 includes Deep Zoom, a technology derived from Microsoft Live
Labs' Seadragon. It allows users to zoom into, or out of, an image (or a collage of
images), with smooth transitions, using the mouse wheel. The images can scale from 2 or
3 megapixels in resolution into the gigapixel range, but the user need not wait for it to be
downloaded entirely; rather, Silver light downloads only the parts in view, optimized for
the zoom level being viewed. Beta 2 onwards, Deep Zoom uses an XML-based file
format.
The Media Stream Source is the API responsible for enabling adaptive streaming
of media. Adaptive streaming allows the player application to choose the bit rate of the
media based on available client bandwidth and central processing unit (CPU) resources.
[18] Media Stream Source allows the developer to specify a custom method of retrieving
media data, the only requirement being that the final video and audio streams be
presented to Silver light runtime in a format that Silver light can decode (VC-1, H.264,
WMA, MP3, etc.). This allows extensible support for otherwise natively unsupported file
formats (i.e. MP4, Matroska, Ogg), protocols (i.e. Shoutcast) and delivery methods (i.e.
adaptive streaming, peer-to-peer (P2P)). Microsoft first publicly showcased Media
Stream Source by powering the NBC Olympics website with their own implementation
of adaptive streaming.
49
Silver light 2 also allows limited filesystem access to Silver light applications. It
can use the operating system's native file dialog box to browse to any file (to which the
user has access). The file is sanitized of path information, to prevent the application from
getting access to information such as user name, and can be opened only in read-only
mode. For local storage of data, Silver light provides isolated local storage (isostorage),
namely, outside the browser cache, in a folder hidden inside the private user-profile
folder. It is set to 1 MB per URL by default, but this can be changed by the user. Data
stored by a Silver light application in the isostorage is identified by the URL from which
it loads, and can be accessed by that application only. All instances of Silver light share
the same isostorage, so all instances of the same Silver light application can share the
saved data, even if they are running on different browsers.
50
However, only platform code is allowed to be marked as critical or safecritical. The
Silver light runtime ensures that platform assemblies are loaded only from the Silver light
installation directory, and are digitally signed by Microsoft. This effectively means that
user-application assemblies can only be transparent code (run under partial trust and
limited rights). Platform code can be marked with either attribute. The BCL methods of
the .NET Framework, which have the Internet attribute set, allowing them to be called
from untrusted code originating from Internet, are exposed in Silver light BCL as
transparent methods.
Silver light 3
A Silver light 3 application, with one instance running in Google Chrome as well as
installed locally. The start menu icon is also shown.
Silver light 3 was announced at the International Broadcasting Convention (IBC) 2008
show in Amsterdam on September 12, 2008. It was unveiled at MIX09 in Las Vegas on
March 18, 2009.[37] A beta version was made available for download the same day. The
final version was released July 9, 2009.
On the media front, Silver light 3 supports Advanced Audio Coding (AAC) audio
decoding as well as hardware-accelerated H.264 video decoding. Silver light 3 also offers
1080p smooth streaming. The native multimedia pipeline is also programmatically
exposed, so that other formats can also be supported by third-parties using managed code
decoders. Silver light 3 supports perspective 3D which enables 3D transformations of 2D
elements. These transformations, as well as many 2D operations like stretches, alpha
51
blending etc. are hardware accelerated. Custom animations, including transforms and
blends, can be created on Silver light elements using High Level Shader Language
(HLSL) to make use of pixel shaders. A bitmap API is provided to let Silver light 3
applications manipulate bitmaps. Silver light now uses the graphics processing unit
(GPU) to accelerate the composition of Visual Trees (like WPF, Silver light elements
correspond to Visual elements, which, when coupled with the layout information, forms a
Composition Tree or Visual Tree which is then rendered to form the final display; see
WPF architecture). Visual trees can now be cached; this increases performance in cases
like transforms, which creates lots of throw-away intermediate states, by not making the
state transitions on the main Visual tree. Silver light 3 now also supports ClearType text
rendering.
Silver light 3 also includes a LocalConnection API to communicate (using a named pipe
style model) among multiple running applications on the same machine, irrespective of
the browser and can monitor for network connectivity events. Silver light 3 can
optionally use Binary XML to communicate with WCF services.
Silver light 3 supports Out-of-Browser experiences, i.e., Silver light applications can be
installed to the system for offline access (provided the application manifest is designed to
allow local installation) where they run outside the browser. They are launched using the
Start Menu or desktop shortcuts, and run without the browser window. Applications can
check whether they are running inside a browser or not. When running outside of a
52
browser, HTML interop is disabled. In addition, access to the Function Keys is enabled.
Locally installed Silver light applications still run in a sandbox.
Silver light 3 is now listed as a requirement for eFiling income tax returns for free in the
US.
Introduction
a. Purpose
b. Project Scope
53
In order to prevent similar incidents from happening again, CAPTCHA
mechanism comes into being, which is short for Completely Automated Public Turing
Test to Tell Computers and Humans Apart. In 2000 Carnegie Mellon University set up
the first CAPTCHA group, followed by many scholars studying CAPTCHA to find how
to better tell between humans and computers apart.
2. Overall Description
a. Product Perspective
CAPTCHA also plays a significant role in limiting usage rate. For example, the
automatic use of a particular service is allowed unless such use goes beyond a certain
extent and affects other users. When that happens, we can limit such usage through the
introduction of CAPTCHA mechanism.
54
platform to form a complete e-Commerce business system. Therefore, the key concern is
client register and login, merchandise inquiries, order entry; data update these four areas,
respectively to achieve system sign-on, goods checking, orders placing and submit to the
node database
Character Layer:
55
3. Determination of character attributes. Optional character attributes are size, font,
color, tilt, twist, spin, etc. In the same CAPTCHA, a variety of fonts or different
sizes can easily increase the difficulty of attack
The background interference of this design can include not only background color
transformation and messy pixels or characters, etc, traditional interference sources used
in 2D static images, but also light, smoke and texture rendering, etc, new interference
sources used in 3D dynamic videos. In this case, we combine the interference point and
the interference character, randomly selecting some regions and generating a lot of
interference points as well as an interference character.
56
♦ Constraints as a Separate Concept
♦ Constraints Implied by the Model Structure
System Features
57
distribute the valid information among multiple frames according to certain rules to make
every single frame difficult to identify, and that if we can also make sure that it is still
very difficult for computer programs to crack even using multiple frames, as well as easy
for humans to identify, then the new design can pursue a better balance between security
and racticality.
o User can interact with text area to enter the multiple line of
text.
b. Hardware Interfaces
Ethernet
Ethernet on the AS/400 supports TCP/IP, Advanced Peer-to-Peer Networking
(APPN) and advanced program-to-program communications (APPC).
58
ISDN
c. Software Interfaces
2) This product is interacted with the Socket and listening on unused ports.
ports.
d. Communication Interfaces
59
continue the task. It is the user's subjective wait time. It is not from entry to a subroutine
until the first write statement. If the user denies interest in response time and indicates
that only the result is of interest, you can ask whether "ten times your current estimate of
stand-alone execution time" would be acceptable. If the answer is "yes," you can proceed
to discuss throughput. Otherwise, you can continue the discussion of response time with
the user's full attention. The response time that is minimally acceptable the rest of the
time. A longer response time can cause users to think the system is down. You also need
to specify rest of the time; for example, the peak minute of a day, 1 percent of
interactions. Response time degradations can be more costly or painful at a particular
time of the day.
The software may be safety-critical. If so, there are issues associated with its
integrity level. The software may not be safety-critical although it forms part of a safety-
critical system. For example, software may simply log transactions. If a system must be
of a high integrity level and if the software is shown to be of that integrity level, then the
hardware must be at least of the same integrity level. There is little point in producing
'perfect' code in some language if hardware and system software (in widest sense) are not
reliable. If a computer system is to run software of a high integrity level then that system
should not at the same time accommodate software of a lower integrity level. Systems
with different requirements for safety levels must be separated. Otherwise, the highest
level of integrity required must be applied to all systems in the same environment.
Do not block the some available ports through the windows firewall
60
5.4 Software Quality Attributes
Usability: how easy it is to understand, learn, and operate the software System
CHAPTER 4
Architecture:
61
Character Layer Background Foreground Interference
Interference Layer Layer (Special
(A-Z|a-z|0-9) (Image, Noise) Characters)
62
User Application Server
Request Invoke
Display code
Identify code
Verify code
Respond
Respond
63
Regis ter
G enerate V erific ation c ode
Identify Code
S y s tem
Us er
V erify c ode
E nter V erific ation c ode
Login
64
Collaboration Diagram:
65
6:
1:
7:
User Applicati
on
5:
11:
3: 4:
9: 10:
2:
8:
Server
66
Class Diagram
67
CHAPTER 5
68
SYSTEM DESIGN
5.1 MODULES
1. Character Layer
2. Background Interference Layer
3. Foreground Layer
The background interference of this design can include not only background
color transformation and messy pixels or characters, etc, traditional interference sources
used in 2D static images, but also light, smoke and texture rendering, etc, new
interference sources used in 3D dynamic videos. In this case, we combine the
interference point and the interference character, randomly selecting some regions and
generating a lot of interference points as well as an interference character.
69
Different with the background interference layer, the foreground interference
is to make the identifying characters in the character layer incomplete, further increasing
difficulty of attack whether using single frame or multiple frames. Foreground
interference involves character interference, line interference and point interference. In
this case we combine all three together.
CHAPTER 6
Testing strategies
The extent of testing a system is controlled by many factors, such as the risk involved, the
limitations of the resources and deadlines. We deploy a testing strategy that does the best
job of finding the defects in the product within the given constraints. The different testing
strategies are:
70
objects in object oriented environment. For inspection the input and output are defined
through use cases or other analysis information.
Statement testing coverage: where every statement in the objects method is covered by
executing it at least once.
Branch testing coverage: it is to perform enough tests to ensure that every branch
alternative is executed at least once.
A top-down strategy supports the user interface and event driven system. This serves two
purposes; first the top down approach can test navigation through screens and verify that
it matches the requirement. Second, users at the early stage can see how the final
application will look and feel.
Bottom up testing
Bottom up testing starts with the details of the system and proceeds to higher levels by a
progressive aggregation of details until they collectively fit requirements of the system.
In this testing the methods and classes which are independent are tested.
Source Code
71
Screenshots:
72
REFERENCES
[1] JIN Hai-kun, DU Wen-jie SHA Li-min. Research on security model with Chinese
CAPTCHA [J]. Computer Engineering and Design, 2006,27(6): 985-987 (in Chinese).
73
[2] Luis von Ahn, Manuel Blum, Nicholas J, Hopper and John Langford,The CAPTCHA
Web Page: http://www.captcha.net, 2000.
[3] Luis von Ahn, Manuel Blum and John Langford, Telling Humans and Computers
Apart Automatically: How Lazy Cryptographers do AI, In Communications of the ACM,
2004.
[4] L. von Ahn, M. Blum, N. Hopper, and J. Langford. CAPTCHA: Using hard AI
problems for security. In Proceedings of Eurocrypt, 2003, 2003.
[7] J. Elson, J. R. Douceur, J. Howell, and J. Saul. ASIRRA: a CAPTCHA that exploits
interest-aligned manual image categorization. Proc. of 14th ACM Conf. on Computer and
Communications Security (CCS 2007),pp. 366–374, October – November 2007.
[8] G. Kochanski, D. Lopresti, and C. Shih. A Reverse Turing Test Using Speech. Proc.
of 7th Int. Conf. on Spoken Language Processing, pp.1357–1360, September 2002.
[9] M. Chew and J. Tygar. Collaborative filtering CAPTCHAs. Proc. Of 2nd Int.
Workshop on Human Interactive Proofs (HIP 2005), vol. 3517 of Lecture Notes in
Computer Science, pp. 66–81, May 2005.
[10] Lin Hongwen, Tu Dan, and Li Guohui. Moving Objects Detection Method Based on
Statistical Background Model. Computer Engineering,Vol.29, No.16, p97-99, September
2003 (in Chinese).
[11] Luo Yanlin, Luo Yuejia. Research Status Of Brain Mechanism Of Visual Motion
Perception [J]. Advances in Psychological Science, 2003,11(2): 132-135 (in Chinese).
74
[12] http://img.bimg.126.net/photo/i0qg9hqHVxtd_gp86Szrdg==/256902211
2438987652.jpg. September 2009.
75