COMP2113 E-Commerce Richard Henson University of Worcester April 2008

Week 7: Client-Server systems and E-commerce n Objectives:  Describe the client-server model  Explain what a communications protocol is and why comms protocols are so crucial for client- server networks  Understand the rationale for using server-end scripting, rather than having all the code on the client machine  Produce a working server script running on an IIS platform

Why is an understanding of Networks important? n Any E-commerce application works across at least two different systems linked via the Internet n These systems must communicate 100% effectively  must therefore use an entirely reliable set of protocols n TCP/IP and Client-Server systems have been around since the early days of the Internet and have a proven reliability over many years

Network Protocols n Data has to be reliably transferred between Internet sites n An early model of network protocols was created in the early days of the Unix operating system  four software layers: »Physical Network access layer »Internet layer - IP protocol »Transport or Host-Host - TCP protocol »Application layer - FTP and SMTP

THE OSI seven layer model n In 1978, several years after Unix, the network protocols model was expanded by ISO (International Standards Organisation)  separated all levels of abstraction from physical network through to screen display  Produced SEVEN software layers  remain to present day!

How a message is “sent” PhysicalLayer Data link Layer NetworkLayer TransportLayer SessionLayer PresentationLayer ApplicationLayer PhysicalLayer Layer NetworkLayer TransportLayer SessionLayer PresentationLayer ApplicationLayer TransmitStation ReceiveStation AHDATA PHAHDATA SHPHAHDATA THSHPHAHDATA NHTHSHPHAHDATA LHNHTHSHPHAHDATALT DATAAH DATAAHPH DATAAHPHSH DATAAHPHSHTH DATAAHPHSHTHNH LTDATAAHPHSHTHNHLH Link

Web-based Client-Server

More about HTTP and Client- Server Computing n Client and server systems work right up to the application layer  communication therefore needs to function accordingly… n Tim Berners-Lee invented HTTP to facilitate web- based application layer communication n To allow client-server interaction, Tim designed HTTP to integrate well with his basic web page formatting language - HTML  HTML language GET command instructs the client process to get data for the server  HTML POST command sends client data either using an protocol or using HTTP

Web Dynamic Client-Server Model

Server-Side Processing n In a typical web-based client-server application:  The HTML form displayed on a web browser at the client end collects data  Using HTTP the data is sent to a web server  The web server processes the data according to instructions on a specified server script  Using HTTP, the results of processing generated as specified by the script are sent back to the client  The web browser on the client machine displays the results on a web page in a specified position n This gets even more complex when a database, and database programming, are also involved at the server end…

Introduction to Server-scripting n Today – principles of scripting only; apply to ALL types of scripting…  Scripts need to use real programming code »note: HTML is a FORMATTING language, NOT a programming language  Both client and server ends have programming code usually embedded within a HTML page

Languages used for Server Scripting n Much has been tried since HTML became interactive in the early 1990s:  Can use an existing language in a completely separate file, which is already compiled and ready to go: »the original approach:.cgi »any language could in theory be used »in practice “C” was usually favoured  Can use an existing language embedded in a HTML file »The Microsoft.asp approach, using embedded VB source code »The Sun.jsp approach, using embedded Java (Script) source  Can invent a new scripting language that is “HTML-like” and easily embeds with HTML »Cold Fusion.cf »Preprocessor Hypertext processing.php

Microsoft’s first attempt at server scripting… n In 1996, Microsoft introduced active server pages (asp)  hugely successful  soon became more popular than cgi n However, in spite of the great success of asp…  by 2000, hackers were attacking Microsoft servers and finding many security holes in IIS  Microsoft coped by offering hotfixes  further problem: used VB source code  if server not secure, code could be copied or compromised  not “object oriented”

ASP becomes ASP.NET n Microsoft’s new approach to server scripting, building on asp principles  new system that used “intermediate language”, rather than source code on the server  much more difficult to hack n Problem was… they had to scrap the.asp environment, and adopt a new architecture…  known as the.net framework  As many developers were accustomed to.asp this took awhile to catch on!

Alternative to ASP.NET? PHP (Hypertext Pre-processor) n n Originally designed for Linux-based systems   executed on a type of web server called Apache n n Integrate well with a Linux database and a free-to-download SQL-supporting product called MySQL n n Can now run happily on IIS   now getting very popular with non-Linux platforms n n Can download the environment directly from the PHP website:  

PHPs (continued) “ free” n n Only for serious programmers n n Cut-and-paste code still needs an environment like Dreamweaver n n Popular with those who dislike Microsoft! n n Unix-based Servers running PHPs considered to be more secure against hackers than Windows 2000/IIS running asp   but asp.net on Windows 2003/IIS v6 is another matter…

Alternative to ASP.NET? Cold Fusion n n Originally produced by Altair with its own scripting language (CFML) for the Microsoft platform   arguably easier to use than asp n n Purchased by Macromedia in 2003 (Dreamweaver, Flash, Director, etc.)   Dreamweaver has good support for Cold Fusion scripting n n Now also available for the Java environment n n Macromedia itself now part of Adobe

Hardware/Software Requirements to develop a website running server-scripts n Computer capable of supporting Windows 2000/XP/2003 or equivalent operating system n TCP/IP protocol stack running on server n Web Server software such as:  Internet Information Server  Apache n Broadband connection to the Internet

Basic Infrastructure required to put a server-system “on-line” n Typical networking server software:  Windows NT/2000/2003  Unix (many types; Linux increasing popularity) n A Firewall to keep the server secure  security is a BIG issue in e-commerce

More typical Infrastructure to go online (existing local network) n Make sure the internal “client-server” computer network is secure n EITHER Use the firewall computer as a router to separate the internal (local) network from the External (i.e. Internet) network  diverts data between the Internet and the local network  will only work if the network will need to be running an appropriate protocol nOR, if necessary, use a gateway »converts data into appropriate protocol and diverts it between the Internet and the local network »Can be used to link networks running different protocols

Firewall & Security matters n Servers MUST ALL be correctly configured  The Firewall or Proxy Server will them make sure that:  internal users do not access unauthorised sites  unauthorised remote Internet users do not access the local network

Putting the Secured network on-line n A digital connection is needed between the router/gateway and a computer connected to the Internet n PROVIDED THAT THE NETWORK IS SECURE, there is no need to worry about payment systems…  secure (VPN) Internet connections can be made to credit card authorisation and payment sites using “Merchant Server” software n Regular monitoring of the network is essential to ensure that unauthorised users are not trying to gain access

Client-Server web applications & Server Scripts   Systems developed to run client-server web applications usually require: processing of the scripts to be done by the server, on the server a server-end database to provide and store data logical connections between server-scripts, client-end input forms and server-end database clearly defined locations for both client and server scripts

Writing Server Scripts n n The code is embedded directly into the body of the web page n n Needs to be a command to inform the browser that non-HTML code is about to be used: n n With.asp, and.aspx:   the command to start the script is <%   to end the script… %> n n The code can only be executed on an operating system that supports a web server   e.g. XP Professional/Internet Information Server

Server Scripts and “Localhost” n No matter which is used… n No matter which server-scripting technology is used…   asp (active server pages)  .aspx (.net framework)  .jsp (java server pages)  .cf (Cold Fusion) .php (hypertext preprocessor) n The code can be tested locally on a webserver using the URL at the browser window

Using Dreamweaver for Client-Server Development n n Localhost therefore makes it possible, for development purposes, to have “local site” (development) and “remote site” (testing on server) both on the same machine n n Dreamweaver makes this even easier by:   allowing easy local site and remote site management including up & downloading   running the server scripts directly without having to use localhost to check each time   creating server scripts in a number of different formats (asp, asp.net, php, etc…)

Development of.NET framework for Server Scripting n n Microsoft moved away from their previous commitment to applications running source VB code with the help of an interpreter program within IIS n n Evolved VB into a more object oriented language called VB.NET n n Principles of ActiveX controls provided a basis for new type of.net server-side controls

Similarities between ASP and ASP.NET scripts n n Despite their fundamental differences, each type of script runs on the same platform   ….IIS n n The.net framework:   does not attempt to process existing.asp files and IIS still runs them through an interpreter   works with IIS to use the same folder - c:/inetpub/wwwroot - as the default root folder

Differences between ASP and ASP.NET scripts n n All asp code held as VB source code between n n Asp.net code:   uses xml-type tags   can be written using a variety of programming languages   is compiled, not interpreted   is full object-oriented and can easily be used as “controls” to respond to on-screen “events”

Running controls with ASP.NET n n Microsoft developed an “intermediate language” (IL)   could be readily converted into machine code but the code not easily hacked n n Source code for.net can be written in any language that can be translated into IL   VB.NET builds on existing practice   C# has proved to be most popular

.net and Dreamweaver n You may be thinking…  “I can’t program in “C”! n DON’T BE SCARED!  the syntax of object-oriented C is similar to Java  Dreamweaver MX provides a range of controls already written in C#  Dreamweaver Extensions enable other controls to be added n Not a good idea to produce code completely blindly…  however, because of the similarities between Java and C so you shouldn’t be working completely in the dark! n The next few slides will look at the.net environment, and how to set it up so at least you’ll understand something about the file structure that is generated by Dreamweaver for running.aspx controls

Components of the.net framework n.net applications can’t execute without the.net common language infrastructure (CLI)  common Language run-time (CLR) for executing controls n “Managed execution” framework  runs Intel x86 IL code  development language doesn’t matter n To support all this, each.net web application needs to have its own subfolder from the root (wwwroot)  This folder must contain… » a /bin folder for “assemblies” & executables »a web.config file n (store of configuration info) e.g. a path to the set of class libraries n v2 also supports the following folders: »app_data, app_code, app_browsers, app_themes, app_localresources, app_globalresources, app_webreferences

How the.net environment manages an application n “Assemblies” from.aspx files added to /bin n Execution of assemblies completely reliant on CLR services  CLR is just a set of Win32 DLLs created by compiling the assembly components »written in IL (generalised Intel assembly language)  makes sure script execution is “controlled” and kept within boundaries »an earlier version of IIS used to “leak” memory until the system needed rebooting  usually loaded implicitly when a.net application is run

Loading Assemblies n AppDomain provides a security boundary for each application n Code (.exe, or.dll) then loaded into process spaceperfo  JIT compilation ensures “flat out performance”  cf Wallace & Grommit – latter lays out the track as the train is about to pass along it

And now for the practical….

Thanks for listening Thanks for listening