Advanced Database Systems

1
13. Databases on the Web
2
Requirements for Web-DBMS Integration

• The ability to access valuable corporate data in
  a secure manner
• Support for session and application-based
  authentication
• The ability to interface to the database
  independent of any proprietary Web browser or Web
  server
• An open architecture
• Acceptable performance
• Support for transactions that span multiple HTTP
  requests
• Minimal administration overhead
• A connectivity solution that takes advantage of
  all the features of an organization's DBMS
• A set of high-level application development tools

3
Web-DBMS Architecture

• Three-tier architecture
• First Tier (Client)
• a Web browser acting as a 'thin' client
• Second Tier (Application Server)
• a Web server
• Third Tier (Database Server)

4
Advantages of the Web-DBMS Approach

• DBMS advantages
• Simplicity
• Platform independence
• Graphical user interface
• Standardization
• Cross-platform support
• Transparent network access
• Scalable deployment
• Innovation

5
Disadvantages of the Web-DBMS Approach

• Reliability
• Security
• Cost
• Scalability
• Limited functionality of HTML
• Statelessness
• Bandwidth
• Performance
• Immaturity of development tools

6
Approaches to the Web-DBMS Integration

• Common Gateway Interface (CGI)
• Server-Side Includes
• HTTP cookies
• Extension to the Web server
• Java and JDBC, JSQL, JRB
• Scripting languages such as JavaScript and
  VBScript
• Microsoft's Active Platform
• Oracle's Network Computing Architecture (NCA)

7
Common Gateway Interface (CGI)

• CGI is a specification to allow a program (the
  CGI program) to control the information passed
  between a Web browser and a Web server during a
  connection session
• The CGI program executes at the Web server
• The output from the CGI program is passed back by
  the Web server to the Web Browser
• Information from the browser is passed to the CGI
  program via environment variables or read from
  standard input
• A URL can point to a CGI program
• Forms data is passed to the CGI program
  specified in the Action parameter

8
Extending the Web Server

• Server API called non-CGI gateways
• Netscape Server API (NSAPI)
• Microsoft's Internet Information Server API
  (ISAPI)
• Interface between the server and back-end
  applications using DLL or shared objects
• More powerful and complex than CGI
• Reliability and non-portability problems

9
JAVA, JDBC, JSQL

• A proprietary language developed by Sun
• A simple, object-oriented, distributed,
  interpreted, robust, secure, architecture
  neutral, high-performance, multi-threaded and
  dynamic language
• The de facto standard language for Web
  programming
• Web applications (applets) and server
  applications (servlets)
• Java bytecodes (class) can be interpreted by JVM,
  or translated to native methods
• JDBC define a databases access API
• JSQL is a specification for Java with static
  embedded SQL

10
Scripting Languages

• The script code is embedded in the HTML an
  interpreted by the client
• JavaScript
• Netscape's Web scripting language
• The JavaScript language resembles Java
• Server-side JavaScript for database access
• VBScript
• Microsoft proprietary interpreted scripting
  language
• Syntax like Visual Basic
• ActiveX controls

11
Active Server Pages (ASP)

• Microsoft ASP is a programming model that allows
  dynamic, interactive Web pages to be created on
  the Server
• VBScript is the default scripting language for
  ASP
• ASP files can contain text, HTML tags, Script
  command
• When a browser request and '.asp' file, the Web
  server calls ASP, which reads the file and
  executes any commands, and sends the generated
  HTML page to the browser

12
. . . Active Server Pages (ASP)

• With ASP we can
• Generate dynamic Web pages
• Process content of HTML forms
• Create database-driven Web pages
• Track user sessions
• Create searchable Web pages
• Detect the capabilities of different browsers
• Send and retrieve e-mail
• Integrate custom components into Web site
• Internet resources
• aspsite.com, activeserverpages.com,
  15seconds.com serverobjects.com, asphole.com
  msdn.microsoft.com/workshop/server/default.asp
  microsoft.com/ntserver/web/

13
How ASP Works

• IIS
• Static HTML pages
• .asp dynamic pages
• ASP.dll
• A server-side scripting environment
• ASP editor
• Script delimiters lt and gt
• Script language
• IIS Default ASP language
• lt _at_ LanguageJScript gt
• ltscript languageJScript runatservergt

14
ASP Example
ltbodygt This is a lt for i1 to 10 gt very, lt
next gt very long sentence.
lt If Time gt 120000 AM And Time lt 120000
PM Then gt Good Morning!lt Else gtHello! lt
End If gt
15
Network and Information Security

• Cryptography is the science of providing security
  for information
• Good cryptography makes attempts to violate
  security cost-prohibitive
• cryptography can offer the following basic
  functions
• Confidentiality
• Authentication
• Integrity
• Basic Components of Modern Cryptography
• Symmetric Key Encryption
• Public Key Encryption (e.g. RSA)
• Secret Key Exchange
• Message Digest Functions
• Digital Signatures

16
RSA Digital Signature Process
17
Internet Security

• Proxy Servers
• Improve performance
• Filter requests
• Firewalls
• A system designed to prevent unauthorized access
  to or from a private network
• Encryption
• Secure Sockets Layer (SSL)
• Secure HTTP (S-HTTP)
• Kerberos
• A server of secured user names and passwords