1.1 project summary
TRANSCRIPT
1
CHAPTER 1
Introduction
1.1 Project Summary
All the data security technical is built on confidentiality, integrity and availability of these three
basic principles. Confidentiality refers to the so-called hidden the actual data or information,
especially in the military and other sensitive areas, the confidentiality of data on the more
stringent requirements. For cloud computing, the data are stored in "data center", the security and
confidentiality of user data is even more important. The so-called integrity of data in any state is
not subject to the need to guarantee unauthorized deletion, modification or damage. The
availability of data means that users can have the expectations of the use of data by the use of
capacity.
The main problems cloud computing faces are preserving confidentiality and integrity of data
in aiding data security.
Trust between the Service provider and the customer is one of the main issues cloud
computing faces today.
There is no way for the customer to be sure whether the management of the Service is
trustworthy, and whether there is any risk of insider attacks.
The only legal document between the customer and service provider is the Service Level
Agreement (SLA).
Preserving confidentiality is one of the major issues faced by cloud systems since the
information is stored at a remote location that the Service Provider has full access to.
Therefore, there has been some method of preserving the confidentiality of data stored in the
cloud.
Preserving Integrity, like confidentiality is another major issue faced by cloud systems that
needs to be handled.
2
1.2 Object
The aim of project is to secure the data of CRM system.
Secure it from other users and even from Admin
Data Security Technical is built on Confidentiality
We are securing Our System By Using Encryption
1.3 Scope
To ensure the data storage security and to allay users’ concerns, we aim to design a
efficient mechanism which will give highly secure services and will achieve the
following goals:
Storage Correctness – The users’ data on the cloud should remain consistent and must be
at the cloud all the time.
Availability of data- The data stored on the cloud must be always available to the users.
Dynamic updating- The data should be updated dynamically with proper storage without
violating contents of data.
Data Recovery- the Chunks of data stored at slave server must be placed
Efficiently for easy retrieval.
Light-Weight - To satisfy users about the storage correctness and make its verification
with minimum overhead
3
CHAPTER 2
Introduction to Project
2.1 Problem Summary:
All the data security technical is built on confidentiality, integrity and availability of these three
basic principles. Confidentiality refers to the so-called hidden the actual data or information,
especially in the military and other sensitive areas, the confidentiality of data on the more
stringent requirements. For cloud computing, the data are stored in "data center", the security and
confidentiality of user data is even more important. The so-called integrity of data in any state is
not subject to the need to guarantee unauthorized deletion, modification or damage. The
availability of data means that users can have the expectations of the use of data by the use of
capacity.
The main problems cloud computing faces are preserving confidentiality and integrity of data
in aiding data security.
Trust between the Service provider and the customer is one of the main issues cloud
computing faces today.
There is no way for the customer to be sure whether the management of the Service is
trustworthy, and whether there is any risk of insider attacks.
The only legal document between the customer and service provider is the Service Level
Agreement (SLA).
Preserving confidentiality is one of the major issues faced by cloud systems since the
information is stored at a remote location that the Service Provider has full access to.
Therefore, there has been some method of preserving the confidentiality of data stored in the
cloud.
Preserving Integrity, like confidentiality is another major issue faced by cloud systems that
needs to be handled.
4
2.2 Defination:
Data Protection and Security in Cloud using Encryption
SaaS is a software application shared with others, and even the most secure providers
usually need access to our data at some point. They might never take a peek, and might
have a hearty array of security and auditing controls around access, but in the end, our
data is in a database someplace that someone else needs to manage and keep running. I'm
not saying this to generate a bunch of FUD. I provide plenty of private data to the
different SaaS providers we use to maintain our business, but that doesn't mean there isn't
some risk involved. In our case, that sometimes means keeping certain data in-house. For
some of you, this will mean using SaaS, but protecting your data in their environment.
SaaS security involves a number of different controls, including identity management
(and federation), internal security settings and role management, incident response and
service outage planning, and auditing. In this tip, we'll focus on techniques for protecting
sensitive data stored within a SaaS application, including SaaS encryption.
2.3 Abstract
SaaS is a software application shared with others, and even the most secure providers
usually need access to our data at some point. They might never take a peek, and might
have a hearty array of security and auditing controls around access, but in the end, our
data is in a database someplace that someone else needs to manage and keep running. I'm
not saying this to generate a bunch of FUD. I provide plenty of private data to the
different SaaS providers we use to maintain our business, but that doesn't mean there isn't
some risk involved. In our case, that sometimes means keeping certain data in-house. For
some of you, this will mean using SaaS, but protecting your data in their environment.
SaaS security involves a number of different controls, including identity management
(and federation), internal security settings and role management, incident response and
service outage planning, and auditing. In this tip, we'll focus on techniques for protecting
sensitive data stored within a SaaS application, including SaaS encryption.
There are four main options, but as you'll see unless you are using a file-oriented service,
only two of the options are usually realistic:
Trust the provider and rely on their internal controls (which may include encryption,
data dispersion and other options).
Encrypt data in a client application before sending it to the provider -- usually only
an option if the service provides a client application with this capability.
5
Encrypt data locally before sending to the service.
Use a local or remote encryption proxy to encrypt and decrypt data going to the
provider.
Relying on the provider isn't always bad; many have far better security controls than you
probably do on internal applications. Still, we do see use cases where you might want to
protect some of the information you keep with them, and that's where the other options
come into play.
2.3.1 SaaS encryption options
Certain services provide a client application and don't necessarily run everything through
a Web browser. This is common with file storage and backup applications that combine
SaaS and PaaS capabilities. Some of those services allow you to encrypt your data in the
client application before it's sent to their servers, and secure services even allow you to
manage your own keys. This completely blinds them from your data, although they can
usually see metadata. Over time I expect to see some of this expand to encrypt data
within the Web browser, but I haven't seen anyone implement that yet.
Client encryption is great, but isn't always an option (especially for non-file oriented
services). Another option is to use your own software to encrypt the data locally before
sending it up to the Internet. This can be difficult to manage and I almost only ever see it
used for file-based data. There are some niche masking solutions that will intercept Web
forms locally to encrypt pieces of data, but that isn't in common use yet and is bleeding-
edge early to the market.
The last option is to use some sort of network-based encryption proxy, and this is what
we see most organizations turning to when they don't completely trust their provider.
The proxy is placed on the network and works like a Web gateway. When a user goes to
access the SaaS website, they are redirected through the proxy. The proxy relies on deep
knowledge of the SaaS application and intercepts key form fields in the webpages.
Sensitive data placed in these fields is encrypted before going to the provider, and
decrypted before going back to the user.
To the user it looks like normal access to the service as long as they are on the network
with the proxy. But if they try and access, say, customer account numbers through a
direct connection to the SaaS application, all they will see is encrypted data. For services
that don't provide as fine-grained access controls as you want, you can mask data to users
and gain security above and beyond the application's internal controls. Also, you can
technically host the proxy itself in the cloud to support remote access.
6
It should be glaringly obvious that this option isn't available for anything except major
cloud services due to the large effort it can take to build the intercept functions and
seamlessly integrate with the destination service. Plus, one change in the SaaS application
user interface can break functionality until the proxy provider can update things.
2.3.2 SaaS security recommendations
In light of those SaaS encryption challenges, I tend to recommend the following:
Your best bet is to work with a SaaS provider you can trust, and protect yourself with
good contracts and maybe some audits.
If you are concerned about file-based data, there are plenty of encryption options that are
effective; most file-based enterprise encryption tools will work well.
If you don't completely trust your provider, look for a proxy encryption solution. Encrypt
as little as possible to reduce the risk of breakage. Understand that unless you put the
proxy itself in the cloud, you may lose some mobility.
7
CHAPTER 3
Project Planning
3.1 Project Scope
To ensure the data storage security and to allay users’ concerns, we aim to design an
efficient mechanism which will give highly secure services and will achieve the
following goals:
Storage Correctness – The users’ data on the cloud should remain consistent and must
be at the cloud all the time.
Availability of data- The data stored on the cloud must be always available to the
users.
Dynamic updating- The data should be updated dynamically with proper storage
without violating contents of data.
Data Recovery- the Chunks of data stored at slave server must be placed efficiently
for easy retrieval.
Light-Weight - To satisfy users about the storage correctness and make its
verification with minimum overhead
3.2Software Process Model
A (software/system) process model is a description of the sequence of activities
Carried out in an SE project.
Project plan = process model + project parameters
Spiral Model:
Project risk is a moving target. Natural to progress a project cyclically in four step phases:
1. Consider alternative scenarios, constraints
2. Identify and resolve risks
3. Execute the phase
4. Plan next phase: e.g. user req, software req, architecture then go to 1
8
Advantages:
Realism: the model accurately reflects the iterative nature of software development
on projects with unclear requirements
Flexible: incorporates the advantages of the waterfall and evolutionary methods
Comprehensive model decreases risk
Good project visibility.
Disadvantages:
Needs technical expertise in risk analysis and risk management to work well.
Model is poorly understood by non-technical management, hence not so widely used
Complicated model needs competent professional management. High administrative
overhead.
9
CHAPTER 4
System Analysis
4.1 Leterature Survey
The purpose of such a survey is for you to demonstrate to your employer or tutor that you
are knowledgeable in the area of expertise that they require. You are proving to them that
you are well read and aware of the relevant theories and practices in your field.
The researcher could start the literature survey even as the information from the
unstructured and structured interviews is being gathered. Reviewing the literature on the
topic area at this time helps the researcher to focus further interviews more meaningfully
on certain aspects found to be important is the published studies even if these had not
surfaced during the earlier questioning. So the literature survey is important for gathering
the secondary data for the research which might be proved very helpful in the research.
The literature survey can be conducted for several reasons. The literature review can be
in any area of the business.
Based on the specific issues of concern to the manager and the factors identified during
the interview process, a literature review needs to be done on these variables. The first
step in this process involves identifying the various published and unpublished materials
that are available on the topics of interest and gaining access to these. The second step in
gathering the relevant information either by going through the necessary materials in a
library or by getting access to online sources. The third step is writing up the literature
review. A modern technology locating sources where the topics of interest have been
published has become easy. Almost every library today has computer online systems to
locate and print out the published information on various topics.
Objectives of literature survey
Gaining an understanding on the fundamentals and state-of-the art of the area
Learning the definitions of the concepts
Access to latest approaches, methods and theories
Discovering research topics based on the existing research
Concentrate on your own field of expertise
Even if another field uses the same words, they usually mean completely different thing
It improves the quality of the literature survey to exclude sidetracks
–Remember to explicate what is excluded
10
“Jack of all trades is master of none.”
Valid sources
Refereed article in a journal or a conference.
Book published in scientific series.
Articles referred to in other articles are excellent sources.
At some stage you will learn to evaluate the coherence and concept definitions.
Wikipedia and other sites for other relevant information
Google-code-prettify
Gdocs API
W3schools.com
www.webresourcesdepot.com
Dropbox Help files
Pressman, Roger S., Software Engineering: A Practitioner’s Approach. McGraw-Hill,
2001.
4.2 STUDY OF CURRENT SYSTEM
At present ensuring security in cloud computing platform has become one of the most
significant concerns for the researchers. We have undertaken these problems in our
research, to provide some solution correlated with security.
At present ensuring security in cloud computing platform has become one of the most
significant concerns for the researchers. We have undertaken these problems in our
research, to provide some solution correlated with security.
At the present world of networking system, Cloud computing is one the most important
and developing concept for both the developers and the users. Persons who are
interrelated with the networking environment, cloud computing is a preferable platform
for them. Therefore in recent days providing security has become a major challenging
Issue in cloud computing
11
4.3 PROBLEM AND WEAKNESSES OF CURRENT SYSTEM
The traditional data centre security measures on the edge of the hardware platform, while
cloud computing may be a server in a number of virtual servers, the virtual server may
belong to different logical server group, virtual server, therefore there is the possibility of
attacking each other ,which brings virtual servers a lot of security threats.
4.4 REQUIREMENTS OF NEW SYSTEM
In the proposed model AES encryption algorithm is used.
In this model, the encryption key for a particular file of a particular user is only known to
the main system server. The path of the encrypted file is only known to the storage server
which is only known to the main server. For this, the key as well as the encrypted file is
hidden from the unauthorized persons. In this communication system when a file is sent
from the main system server to the storage server it is already in its fully encrypted form.
That’s why there is no need to provide security in this communication channel. At last,
we propose hardware encryption for making the databases fully secured from the
attackers and other unauthorized persons.
4.5 FACT FINDING
Fact-finding used throughout the database application lifecycle. Crucial to the early
stages including database planning, system definition, and requirements collection and
analysis stages
Enables developer to learn about the terminology, problems, opportunities, Constraints,
requirements, and priorities of the organization and the users of the system
A database developer normally uses several fact-finding techniques during a single
database project including:
examining documentation
interviewing
observing the organization in operation
Research
Questionnaires
12
Examining documentation
Can be useful
To gain some insight as to how the need for a database arose.
To identify the part of the organization associated with the problem.
To understand the current system.
Interviewing
Most commonly used, and normally most useful, fact-finding technique, Enables
collection of information from individuals face-to-face.
Objectives include finding out facts, verifying facts, clarifying facts, generating
enthusiasm, getting the end-user involved, identifying requirements, and
gathering ideas and opinions.
Observing the Organization in Operation
An effective technique for understanding a system.
Possible to either participate in, or watch, a person performs activities to learn
about the system.
Useful when validity of data collected is in question or when the complexity of
certain aspects of the system prevents a clear explanation by the end-users.
Research
Useful to research the application and problem.
Use computer trade journals, reference books, and the Internet (including user
groups and bulletin boards).
Provide information on how others have solved similar problems, plus whether or
not software packages exist to solve or even partially solve the problem.
Questionnaires
Conduct surveys through questionnaires, which are special-purpose documents
that allow facts to be gathered from a large number of people while maintaining
some control over their responses.
There are two types of questions, namely free-format and fixed-format.
13
4.6 Feasibility Study
CRM feasibility study aims to kick start or accelerate your organization’s discussion in
CRM and customer related initiatives. The outcome of this study provides you with
clarity on the current issues relating to the overall CRM landscape in your organization
and facilitates your organization’s decision making process on whether to embark on a
CRM program to achieve specific organization goals and objectives.
Customer Capital Consulting can perform a high level reality check using our structured
framework to identify customer, marketing, selling and account management, contact
points (or channels), customer service and support-related issues etc and help you gain an
understanding of your customers, key stakeholders and the management’s perspectives
on how customer- centric your organization is.
Information has value. All kinds of business should have information systems for
Business growth. Software is used for business management and entrepreneurship
resource planning worldwide. However, its shortages turn out to be more and more
obvious in recent years. Software as a Service (SaaS) is thus regarded as one serious
alternative of software. Customer Relationship Management (CRM) is of vital
importance in today’s business. SaaS adoption for CRM then becomes a trend in Small
and Medium Businesses. Home delivery business operation in a small restart grant calls
for such adoption.
The purpose of this research was to demonstrate a CRM - oriented SaaS prototype for
home delivery business operation in a small restaurant. Another aim was to report the
feasibility of SaaS for CRM in this restaurant business operation.
Finally, the question that what kind of SaaS application for CRM might work in such
business operation was answered in this study.
Data was collected through experimental Drupal implementation of the Home Delivery
Customer Relationship Management system (HDCRM) and then analyzed against home
delivery business workflows and time spent for each activity in real life.
This study discovered that Software as a Service is adoptable for Small & Medium
Businesses. The results also indicated that home delivery business demands Customer
Relationship Management system. The principal conclusion was that the HDCRM
demonstrated in this paper meets home delivery business needs.
14
4.7 Overall Description
4.7.1 Product Perspective
At the present world of networking system, Cloud computing is one the most important
and developing concept for both the developers and the users. Persons who are
interrelated with the networking environment, cloud computing is a preferable platform
for them. Therefore in recent days providing security has become a major challenging
Issue in cloud computing.
Cloud computing can also categorized into service models.
Cloud Software as a Service (SaaS). The capability provided to the consumer is
to use the provider’s applications running on a cloud infrastructure The
applications are accessible from various client devices through a thin client
interface such as a web browser (e g , web-based email) The consumer does not
manage or control the underlying cloud infrastructure including network, servers,
operating systems, storage, or even individual application capabilities, with the
possible exception of limited user-specific application configuration settings
Cloud Platform as a Service (PaaS) The capability provided to the consumer is
the ability to deploy onto the cloud infrastructure consumer-created or acquired
applications created using programming languages and tools supported by the
provider The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, or storage, but has
control over the deployed applications and possibly application hosting
environment configurations
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer
is to provision processing, storage, networks, and other fundamental computing
resources where the consumer is able to deploy and run arbitrary software, which
can include operating systems and applications The consumer does not manage
or control the underlying cloud infrastructure but has control over operating
systems, storage, deployed applications, and possibly limited control of select
networking components
In the cloud environment, resources are shared among all of the servers, users and
individuals. As a result files or data stored in the cloud become open to all. Therefore,
data or files of an individual can be handled by all other users of the cloud.
.
15
In this project we have proposed new security architecture for cloud computing platform.
This ensures secure communication system and hiding information from others. File
encryption system and asynchronous key system for exchanging information or data is
included in this model. This structure can be easily applied with main cloud computing
features, e.g. PaaS, SaaS and IaaS. This model also includes onetime password system for
user authentication process. Our work mainly deals with the security system of the whole
cloud computing platform.
In this we have proposed new security architecture for cloud computing platform. In this
model high ranked security algorithms are used for giving secured communication
process. Here files are encrypted with AES (Advanced Encryption Standard) algorithm
in which keys are generated randomly by the system. In our proposed model distributive
server concept is used, thus ensuring higher security
4.7.2 Product Features
At present ensuring security in cloud computing platform has become one of the most significant
concerns for the researchers. We have undertaken these problems in our research, to provide
some solution correlated with security. We have proposed the following security model for cloud
computing data storage shown in Figure.
16
4.8 System Features
At present ensuring security in cloud computing platform has become one of the most
significant concerns for the researchers. We have undertaken these problems in our
research, to provide some solution correlated with security.
As per our proposed scheme four different network entities can be identified as follows:
o User: users, who have data to be stored in the cloud and rely on the cloud for
data computation and also rely on admin for authentication of users.
4.8.1 System Feature 1
Description and Priority
Encryption / Decryption algorithm: High Priority
System document work flow: Medium Priority
Stimulus/Response Sequences
Sales person prepare customer master
Sales person place customer documents inside system
(Pre-qualification documents)
4.8.2 System Feature 2 (and so on)
In the proposed model AES encryption algorithm is used for Encryption.
After connecting with the system a user can upload or download the file(s). For
the first time when connected with the system the user can only upload file(s).
After that users can both upload and download their files. When a file is uploaded
by a user the system server encrypts the file using AES encryption algorithm. In
the proposed security model 128 bit key is used for AES encryption. 192 bit or
256 bit can also be used for this purpose. Here the 128 bit key is generated
randomly by the system server. A single key is used only once. That particular
key is used for encrypting and decrypting a file of a user for that instance. This
key is not further used in any instance later.
17
Login into the main system is compulsory when a user wants to download a
previously stored file. When the user selects a file to download, the system
automatically retrieves the key for the requested file from the main system server.
The system matches user account name saved in its database table with that saved
in the storage server the path of the encrypted file from the storage server is found
by using the user account name.
In this model, the encryption key for a particular file of a particular user is only
known to the main system server. The path of the encrypted file is only known to
the storage server which is only known to the main server. For this, the key as
well as the encrypted file is hidden from the unauthorized persons. In this
communication system when a file is sent from the main system server to the
storage server it is already in its fully encrypted form. That’s why there is no need
to provide security in this communication channel. At last, we propose hardware
encryption for making the databases fully secured from the attackers and other
unauthorized persons.
An algorithm is developed, which is used for inserting the file in the main server
(System), and in the database table where the encrypted file is kept. This is
saturated from the system server for the cloud computing platform. In the system
server, the file is inserted by maintaining the sequence. In file saving server, the
file is inserted in a random order which becomes the output of the algorithm. The
relations between the system server table and database server tables can be
thought as disjoint sets. The pseudo code of the algorithm used is described in
table.
4.9 System Requirements Engineering
4.9.1 User Classes and Characteristics
List of users
Sales person: CRM work flow
Agent: CRM Work Flow
Admin: CRM Work Flow
Client: CRM Work Flow
18
4.9.2 Operating Environment
Software
1. Operating system: window XP, Window 7 or Updated Microsoft OS
2. .Net Framework: .Net framework 4.0
3. Reporting tool: Crystal Report 12.0
4. Web server: IIS6.0 or updated web server
Hardware
1. Processors: 2.0 GHZ or higher
2. RAM 1 GB or above
3. Disk space 20 GB or above
4.9.3 Design and Implementation Constraints
Development tools
Visual studio: Microsoft visual studio 2010
Crystal Report: Crystal report for visual studio 2010
Development language: C#
Server side programming: Asp.Net
4.9.4 Assumptions and Dependencies
1. Web services for algorithm of encryption and decryption
4.9.5 External Interface Requirements
4.9.5.1 Hardware Interfaces
1. Intel dual core 3.0 GHZ Processor
2. 2GB of physical memory
3. 500 GB of HDD
4.9.5.2 Software Interfaces
1. Web design : HTML , CSS
2. Web development: ASP.Net
19
3. Client side scripting: JQuery
4. Development language : C#
4.9.6 Communications Interfaces
1. Communication standard web based standard protocol : http
4.9.7 Other Nonfunctional Requirements
Performance Requirements
The selected benchmarks are intended to treat (i) Memory IO; (ii) CPU; (iii) Disk IO; (iv)
Application; (v) Network. This offers a relationship both to existing literature and reports
on Cloud performance, and also keys in to the major categories presented by Cloud
Harmony. There are numerous alternatives available, and reasons for and against
selection of just about any individual benchmark
Memory IO
The rate at which the processor can interact with memory offers one potential system
bottleneck. Server specifications often cite a maximum potential bandwidth, for example
the cited maximum for one of our Open Stack Sun Fire x4250s is 21GB/s, (with a 6MB
L2 cache).
STREAM
STREAM [23] is regarded as a standard synthetic benchmark for the measurement of
memory bandwidth. From the perspective u b
of applications, the benchmark attempts to determine a sustainable “realistic” memory
bandwidth, which is unlikely to be the same as the theoretical peak.
CPU
There are various measures to determine CPU capabilities. We might get a sense of the
speed (GHz) of the processor from the provider.
20
4.10 Safety Requirements
The Existence of Super-user
For the enterprise providing cloud computing services, they have the right to carry out the
management and maintenance of data, the existence of super-users to greatly simplify the
data management function, but it is a serious threat to user privacy.
Consistency of Data
Cloud environment is a dynamic environment, where the user's data transmits from the
data centre to the user's client. For the system, the user's data is changing all the time.
Read and write data relating to the identity of the user authentication and permission
issues. In a virtual machine, there may be different users’ data which must be strict
managed.
4.11 Security Requirements
Security Problem Drive from VM
The traditional data center security measures on the edge of the hardware platform, while
cloud computing may be a server in a number of virtual servers, the virtual server may
belong to different logical server group, virtual server, therefore there is the possibility of
attacking each other ,which brings virtual servers a lot of security threats.
4.12 Software Quality Attributes
Requirement Of Security
The client authentication requirements in login: The vast majority of cloud computing
through a browser client, such as IE, and the user’s identity as a cloud computing
applications demand for the primary needs.
4.13 Other Requirements
Following modules we are going to develop for above proposed model.
1 User authentication / authorization
2 CRM Document Management
3 File security algorithm ( as per above discussion)
4 Encryption / Decryption of file in CRM work flow
21
CHAPTER 5
System Design
5.1 Use Case Diagram
5.1.1 Use case diagram for user creation process, login process
32
5.5 Data Dictionary:
5.5.1 Login Master
5.5.2 Registration master
Field Name Field Type Constraint Description ID Varchar(50) Primary Key User Identification
username Varchar(20) Not null Username
Password Varchar(50) Not null Password
Field Name Field Type Constraint Description
ID int Primary Key Register ID
Full Name Varchar(256) Full Name
Address Varchar(50) Not null Address
Gender Varchar(10) Not null Gender
dateofbirth Varchar(50) Not null Birthdate of User
MobileNo Varchar(100) Not null Contact Number
Email Datetime Not null Email Id
Department Varchar(50) Not null Department
Designation Varchar(100) Not null Designation
DateOfJoin Varchar(50) Not null Joining Date
UserName Varchar(50) Not null User name
Password Varchar(50) Not null Password
33
5.5.3 Customer Master
Field Name Field Type Constraint Description ID Int Primary Key Company ID
CompanyCode Varchar(50)
CompanyName Varchar(50) Not null Company Name
Address Varchar(500) Not null Address
Website Varchar(40) Null Company Website
Faxno Varchar(20) Null Fax Number
Country Varchar(50) Not Null Country
Notes Varchar(500) Notes
FileName Varchar(256) File Name(Visiting
card)
FilePath Varchar(256) Path Of File
Status Varchar(10) Status
Createdby Varchar(50) Foreign key Reference to
userID(userMaster)
Creation_date Datetime Not null Contact Creation Date
ModifiedBy Varchar(100) Modified By
ModfiedDate Varchar(50) Modified Date
5.5.4Customer Contact Person
Field Name Field Type Constraint Description CustomerCode Varchar(10) Foreign Key Company ID
ID int Primary key Contact Person ID
Personname Varchar(100) Not null Contact Person name
Designation Varchar(50) Not null
Mobileno Varchar(50) Null Mobile Number
Email Varchar(256) Not null Email address
34
5.5.5 Customer Visiting Card
5.5.6 Agent Master
Field Name Field Type Constraint Description ID Int Primary Key Company ID
AgentCode Varchar(50)
AgentName Varchar(50) Not null Company Name
Address Varchar(500) Not null Address
Faxno Varchar(20) Null Fax Number
Country Varchar(50) Not Null Country
Notes Varchar(500) Notes
FileName Varchar(500) File Name(Visiting
card)
FilePath Varchar(256) Path Of File
Status Varchar(10) Status
Createdby Varchar(50) Foreign key Reference to
userID(userMaster)
Creation_date Varchar(50) Not null Contact Creation Date
ModifiedBy Varchar(50) Modified By
ModfiedDate Varchar(50) Modified Date
Field Name Field Type Constraint Description
ID bigint Primary key Visiting Card ID
ParentID bigint Not null Parent ID of Directory
ImageName Varchar(256) Not null
ImagePath Varchar(256) Null Image Path
UploadBy Varchar(256) Not null Uploaded By
UploadDate Varchar(50) Upload Date
35
5.5.7AgentContactPrson
5.5.8AgentVisitingCard
5.5.9 Sales Lead
Field Name Field Type Constraint Description
AgentCode Varchar(10) Foreign Key Company ID
ID int Primary key Contact Person ID
Personname Varchar(100) Not null Contact Person name
Designation Varchar(50) Not null
Mobileno Varchar(50) Null Mobile Number
Email Varchar(256) Not null Email address
Field Name Field Type Constraint Description
ID bigint Primary key Visiting Card ID
ParentID bigint Not null Parent ID of Directory
ImageName Varchar(256) Not null
ImagePath Varchar(256) Null Image Path
UploadBy Varchar(256) Not null Uploaded By
UploadDate Varchar(50) Upload Date
Field Name Field Type Constraint Description ID int Primary Key ID
CustomerCode Varchar(50) Foreign key Company ID
PersonID Bigint Not null
Item Varchar(50) Not null
LeadDescription Varchar(500) Not null
FileName Varchar(256) Not null
FilePath Varchar(256) Not null
Status Varchar(10) Not null
CreatedBy Varchar(50) Not null
CreatedDate Varchar(50) Not null
36
5.5.10 Sales Lead Follow-up
Field Name Field Type Constraint Description
Id Int Primary Key Follow up ID
parentId Int Foreign key Reference to sales Id
(sales_lead_master)
Typeoffollowup Varchar(50) Varchar(50) Type of follow up for
e.g. by phone, email,
fax
Followupby Varchar(50) Foreign key Reference to UserID
(User_master)
Followupdesc Varchar(100) Not null Follow up description
Next_follow_date Datetime Not null Next Follow up date
Status Varchar(20) Not null Lead status
FileName Varchar(256) Not null File name
FilePath Varchar(256) Not null File Path
CreatedBy Varchar(50) Not null Followup Created By
CreatedDate Varchar(50) Not null Followup Created
Date
37
CHAPTER 6
Implementation Details
6.1 SYSTEM ARCHITECTURE
Systems Architecture is a generic discipline to handle objects (existing or to be created)
called "systems", in a way that supports reasoning about the structural properties of these
objects.
Each one differs in the environment in which they are tested and you will lose control
over the environment in which application you are testing, while you move from
desktop to web applications.
Desktop application runs on personal computers and work stations, so when you test the
desktop application you are focusing on a specific environment. You will test complete
application broadly in categories like GUI, functionality, Load, and backend i.e DB.
In client server application you have two different components to test. Application is
loaded on server machine while the application exe on every client machine. You will
test broadly in categories like, GUI on both sides, functionality, Load, client-server
interaction, backend. This environment is mostly used in Intranet networks. You
are aware of number of clients and servers and their locations in the test scenario.
Web application is a bit different and complex to test as tester don’t have that much
control over the application. Application is loaded on the server whose location may or
may not be known and no exe is installed on the client machine, you have to test it on
different web browsers. Web applications are supposed to be tested on different
browsers and OS platforms so broadly Web application is tested mainly for browser
compatibility and operating system compatibility, error handling, static pages,
backend testing and load testing.
In two-tier client/server architecture, the client communicates directly with the database
server. The application or business logic either resides on the client or on the database
server in the form of stored procedures.
A two-tier (C/S) model first began to emerge with the applications developed for local
area networks in the late eighties & early nineties, and was primarily based upon
simple file sharing techniques implemented by X-base style products (dBase,
FoxPro, Clipper, Paradox, etc.).
38
6.2 CODING STANDARDS
In database all tables are having names according their data content.
Tables and their fields name are having identification character. For ex: fields of table
user are uid, name, email, address etc.
All functions are using pass by value type of parameter passing.
All global variables are stored in session.
Each modules are having specifications for functionality which it perform, environmental
effects and error conditions listed in APIs.
Comments are written at each looping code for estimated iterations.
Constant values are assigned in capital variable names. ex: MAX = 10
Reusable codes are separated and called dynamically.
Allocated memory is released using coding only to increase system performance.
Code optimization is taken care at sub revision coding update part.
Event handling is done based on subroutines on operation on objects of components.
6.3 SOURCE CODE: MASTER PAGE:
<%@ Master Language="C#" AutoEventWireup="true"
CodeFile="MasterPage.master.cs" Inherits="MasterPage" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<asp:ContentPlaceHolder ID="head" runat="server">
</asp:ContentPlaceHolder>
<title>Customer Relationship Management</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<style type="text/css">
.newtextbox
{
width: 200px;
color: Black;
border-radius: 3px;
height: 25px;
}
.newtextarea
{
39
width: 200px;
resize: none;
color: Black;
border-radius: 3px;
}
.modalBackground
{
background-color: Gray;
filter: alpha(opacity=80);
opacity: 0.8;
z-index: 10000;
}
</style>
</head>
<body>
<div id="header">
<a href="#">
<img src="images/logo.png" title="Affiliate Promo logo"
id="logo" alt="Logo" /></a>
<ul id="navBar">
<li class="current"><a
href="emp_welcome.aspx">Home</a></li>
<li><a href="search_customer.aspx">Customer</a></li>
<li><a href="search_agent.aspx">Agent</a></li>
<li><a href="saleslead.aspx">Sales Lead</a></li>
<li><a href="change_password.aspx">Change
Password</a></li>
<li><a href="logout.aspx">Log out</a></li>
</ul>
</div>
<div id="welcomeMessage">
<h1>
WELCOME TO CUSTOMER RELATIONSHIP MANAGEMENT</h1>
<p>
Customer Relationship Management (CRM) is a model for
managing a company’s interactions
with current and future customers. It involves using
technology to organize, automate,
and synchronize sales, marketing, customer service.</p>
40
</div>
<div id="wrapper">
<div id="secWrapper">
<div id="container" class="clearfix">
<form id="form1" runat="server">
<asp:UpdatePanel ID="up1" runat="server">
<ContentTemplate>
<div id="mainCol" class="clearfix"
align="center" style="background-image: url('images/bg2.jpg');">
<div>
<asp:ScriptManager ID="sc1"
runat="server">
</asp:ScriptManager>
<asp:ContentPlaceHolder
ID="ContentPlaceHolder1" runat="server">
</asp:ContentPlaceHolder>
</form>
</div>
</div>
</ContentTemplate>
</asp:UpdatePanel>
</form>
</div>
</div>
</div>
<div id="footer">
<p>
Copyrights © 2013 CRM, All Rights Reserved</p>
</div>
</body>
</html>
41
CHAPTER 7
Screen Layouts
Register Page
For New user Registration .It takes all the information of the user and Creates New Accounts
42
Login
Login Page Provides the Facility to Logged in the user to the System. It also takes Cookies from
the Client Side
44
User Home
After successfully logged in into the system. System Redirected to this page. This page shows
the Info of the Company or Sales Person
46
Customer Master
This Page provides Facility to maintain the customers of the Company or agent.
It provides the facility to Create Customer, Search Customer.
47
Create Customer
If company or Sales Person wants to create a new customer then this page provides to store the
customer Information. It also takes the Visiting card or any other file or authorized documents
from the user.
48
Edit Agent
On agent edit detail form we can able to edit the information of the agent. And we can also and
the more than one contact person to the agent. If we upload the document for the once then
upload button function is disabled and only download button enables. We can download
document more then on time. At the time of uploading the document will be encrypted with the
AES and at the time of downloading encrypted file is decrypted with the AES algorithm
49
Edit Contact Person Detail
This form is used to change the selected contact person detail. We select the edit button for
specific customer button then one popup window will be opened. In that popup we can update
the info of the contact person.
50
Sales Lead
If Sales Person Wants to Create the Sales Lead then This page provides the facility to Create the
Sales lead for specific Product or Service.
52
CHAPTER 8
Software Testing
Software testing is a process of executing a program with objective of finding an error. Software
quality should be a primary concern in software development efforts. Software testing and
evaluation are traditional method of checking software quality. It consists of putting together
various coded pieces of a design, testing them and correcting the parts of the code or the design
that is not correct. At this stage some errors are introduced purposely to test whether the program
will spot them.
8.1 COMPONET TESTING:
Unit testing: In unit testing individual components are tested independent of other
system components. I have tested each form independently to check their proper
functionalities.
Module testing: A module is a collection of different components such as object class
and abstract data types or some procedures and functions. I have tested two modules like
Master File data manipulation, Transaction File data manipulation.
INTEGRATING TESTING:
It involves testing collection of modules that which have been integrated into a system.
White Box Testing (WBT): WBT is related with the structure of the program to test the
logic of the program various test case are designed which takes care of following
Every statement in a program was executed at least once. Path analysis was performed
with every statements of the program.
Advantage of white box testing
As the knowledge of internal coding structure is prerequisite, it becomes very easy to find
out which type of input/data can help in testing the application effectively.
The other advantage of white box testing is that it helps in optimizing the code
It helps in removing the extra lines of code, which can bring in hidden defects.
53
8.2 Unit Testing:
Module Name: Admin
Page Name Data Expected Result Result Generated
Admin Login Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Pending Customer Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Search Customer Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
54
Module Name: Agent
Page Name Data Expected Result Result Generated
Agent Master Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Customer Master Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Agent Home Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Sales Lead Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
All controls are loads
well and generates
All controls are loads
well and generates
55
run time for correct
result
correct result at
runtime
correct result at
runtime
Open Sales Lead Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Sales Lead Follow-up Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Search Agent Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
Controls - Check all
controls at load and at
run time for correct
result
All controls are loads
well and generates
correct result at
runtime
All controls are loads
well and generates
correct result at
runtime
Search Customer Loading of page –
check if it loads with
correct format
All controls are
correctly displayed
with their default
values
All controls are
correctly displayed
with their default
values
Link- Check all links
for correct redirection
All links are working
well
All links are working
well
56
CHAPTER 9
Tools and Technology
9.1 NET Framework
The .NET Framework is a technology that supports building and running the next generation of
applications and Web services. The .NET Framework consists of the common language runtime
(CLR) and the .NET Framework class library, which includes ADO.NET, ASP.NET, Windows
Forms, and Windows Presentation Foundation (WPF). The .NET Framework provides a
managed execution environment, simplified development and deployment, and integration with a
wide variety of programming languages.
The .NET Framework is an integral Windows component that supports building and running the
next generation of applications and XML Web services. The .NET Framework is designed to
fulfill the following objectives:
To provide a consistent object-oriented programming environment whether object code is
stored and executed locally, executed locally but Internet-distributed, or executed
remotely.
To provide a code-execution environment that minimizes software deployment and
versioning conflicts.
To provide a code-execution environment that promotes safe execution of code, including
code created by an unknown or semi-trusted third party.
To provide a code execution environment that eliminates the performance problems of
scripted or interpreted environments.
To make the developer experience consistent across widely varying types of applications,
such as Windows-based applications and Web-based applications.
.
57
Use the Microsoft .NET Framework 3.5
The .NET Framework enables the rapid construction of connected applications that provide
outstanding end-user experiences by providing the building blocks for solving common
programming tasks. Connected applications built on the .NET Framework model business
processes effectively and facilitate the integration of systems in heterogeneous environments
.Together Visual Studio and the .NET Framework reduce the need for common plumbing
code, reducing development time and enabling developers to concentrate on solving business
problems. The .NET Framework 3.5 builds incrementally on the .NET Framework
3.0.Enhancements have been made to feature areas including the base class library, Windows
Workflow Foundation, Windows Communication Foundation, Windows Presentation
Foundation, and Windows Card Space
. The Common Language Runtime (CLR)
CLR manages the execution of .NET code, including memory allocation and garbage
collection (which helps avoid memory leaks), security (including applying differing trust
levels to code from different sources), thread management, enforcing type safety, and many
other tasks. The CLR works with every language available for the .NET Framework, so there
is no need to have a separate runtime for each language. Code developed in a .NET language
is compiled by the individual language compiler (such as the Visual Basic .NET compiler)
into an intermediate format called (appropriately enough) Intermediate Language (IL). At
runtime, this IL code generated by the compiler is just-in-time (JIT) compiled by the CLR
into native code for the processor type the CLR is running on. This compilation provides the
flexibility of being able to develop with multiple languages and target multiple processor
types while still retaining the performance of native code at execution time.
ASP.NET
ASP.NET is Microsoft's latest technology for building web-based applications and services, a
successor to Active Server Pages (ASP) that draws on the power of the.NET Framework
development platform and the Visual Studio .NET developer tool set. To better understand
ASP.NET, it is important to understand some key concepts of Examination System NET
development platform. It is also helpful to grasp object-oriented development (OOD), which
is at the very heart of the .NET Framework that provides the foundation for ASP.NET
development. At the core of Microsoft's .NET platform initiative is a new set of technologies
known collectively as the .NET Framework, which we'll refer to commonly as the
Framework. The Framework provides a platform for simplified rapid development of both
web-based and Windows-based applications. The Framework has two primary components,
the Common Language Runtime (CLR) and the Framework Class Library (FCL).
58
Microsoft SQL server 2008
Plug-in model for SMS. SSMS 2005 also had a plug-in model, but it was not published,
so the few developers that braved that environment were flying blind. Apparently for
2008, the plug-in model will be published and a thousand add-ins will bloom.
Inline variable assignment. I often wondered why, as a language, SQL languishes
behind the times. I mean, it has barely any modern syntactic sugar. Well, in this version,
they are at least scratching the the tip of the iceberg.
Instead of:
DECLARE @my Variant
SET @my Var = 5
You can do it in one line:
DECLARE @my Variant = 5
C like math syntax. SET @i += 5. Enough said. They finally let a C# developer on the
SQL team.
Auditing. It's a 10 dollar word for storing changes to your data for later review,
debugging or in response to regulatory laws. It's a thankless and a mundane task and no
one is ever excited by the prospect of writing triggers to handle it. SQL Server 2008
introduces automatic auditing, so we can now check one thing off our to do list.
59
Compression. You may think that this feature is a waste of time, but it's not what it
sounds like. The release will offer row-level and page-level compression. The
compression mostly takes place on the metadata. For instance, page compression will
store common data for affected rows in a single place.
The metadata storage for variable length fields is going to be completely crazy: they are
pushing things into bits (instead of bytes). For instance, length of the varchar will be
stored in 3 bits.
Filtered Indexes. This is another feature that sounds great - will have to see how it plays
out. Anyway, it allows you to create an index while specifying what rows are not to be in
the index. For example, index all rows where Status! = null. Theoretically, it'll get rid of
all the dead weight in the index, allowing for faster queries.
Resource governor. All I can say is FINALLY. Sybase has had it since version 12 (that's
last millennium, people). Basically it allows the DBA to specify how much resources
(e.g. CPU/RAM) each user is entitled to. At the very least, it'll prevent people, with
sparse SQL knowledge from shooting off a query with a Cartesian product and bringing
down the box.
Actually Sybase is still ahead of MS on this feature. Its ASE server allows you to
prioritize one user over another - a feature that I found immensely useful.
Plan freezing. This is a solution to my personal pet peeve. Sometimes SQL Server
decides to change its plan on you (in response to data changes, etc...). If you've achieved
your optimal query plan, now you can stick with it. Yeah, I know, hints are evil, but
there are situations when you want to take a hammer to SQL Server - well, this is the
chill pill.
Processing of delimited strings. This is awesome and I could have used this
feature...well, always. Currently, we pass in delimited strings in the following manner:
9.2 APPLICATION DATABASE
MySQL. The Main Features of MySQL:
Internals and Portability
Security
Scalability and Limits
60
Connectivity
Localisation
Clients and Tools
9.3 SERVER MANAGER
Internet Information Services (IIS) – formerly called Internet Information Server – is
a web server software application and set of feature extension modules created
by Microsoft for use with Microsoft windows. IIS7.5
supports HTTP, HTTPS, FTP, FTPS, SMTP .It is an integral part of the Windows
Server family of products (and their client counterparts in the cases of Windows NT
4.0 and Windows 2000), as well as certain editions of Windows XP, Windows
Vista and Windows 7. IIS is not turned on by default when Windows is installed. The IIS
Manager is accessed through the Microsoft Management Console or Administrative Tool
sincontrolpanel.
9.4 CSS
CSS saves time
Pages load faster
Easy maintenance
Superior styles to HTML
9.5 JS
Java script is executed on the client side
Java script is a relatively easy language
Java script is relatively fast to the end user
Extended functionality to web pages
9.6 AJAX
XML Http Request - It is used for making requests to the non-Ajax pages. It
supports all kind of HTTP request type.
I Frame - It can make requests using both POST and GET methods. It supports
every modern browser. It supports asynchronous file uploads
Cookies - In spite of implementation difference among browsers it supports large
number of browsers
The interface is much responsive, instead of the whole page a section of the page
is transferred at a time.
Waiting time is reduced
61
9.7 JQuery
Ease of use
Large library
Strong open source community. (Several jQuery plugins available)
Great documentation and tutorials
Ajax support
9.8 JSP
Advantages of JSP:
JSP are translated and compiled into JAVA servlets but are easier to develop
than JAVA servlets.
JSP uses simplified scripting language based syntax for embedding HTML into
JSP.
JSP containers provide easy way for accessing standard objects and actions.
JSP use HTTP as default request/response communication paradigm and thus
make JSP ideal as Web Enabling Technology.
62
CHAPTER 10
Advantages and Disadvantages
9.1 Advantages:
Realism: the model accurately reflects the iterative nature of software development on
projects with unclear requirements
Flexible: incorporates the advantages of the waterfall and evolutionary methods
Comprehensive model decreases risk
Good project visibility.
9.2 Disadvantages:
Needs technical expertise in risk analysis and risk management to work well.
Model is poorly understood by non-technical management, hence not so widely used
Complicated model needs competent professional management. High administrative
overhead.
63
CHAPTER 11
Future Enhancements
FUTURE ENHANCEMENTS
System will be able to be used by mobile user.
Employee can generate reports from mobile device.
Integration of mobile application with existing system.
Employee can be notified via SMS sent from GSM server integrated with System.
64
CHAPTER 12
Conclusion
Conclusion:
This project is the result of many dedicated minds. The major goal is to provide computerized
‘Video and Image Sharing’. The effort has been towards computerizing the manually handled
database system of the ‘Video and Image Sharing’. At the time of practically executing our
knowledge we were fortunate to have very cooperative and supportive project guide and
colleagues. Their attitude toward us was very helpful. Initially, when we started developing the
system and as and when the requirements poured in, it was really exciting for us to know that the
things which initially look simple can include so many features, and developing it was a
knowledgeable experience for us. Finally, we would like to conclude the nothing is perfect and
so isn’t this project, but we have tried to put in our efforts to the maximum possible for this
project.
65
CHAPTER 13
Bibliography
Refer Related Links:
WWW.Wikipedia.com
WWW.StackOverflow.com
WWW.Google.com
WWW.Quickstart.asp.net
Refer Related Book
ASP.net Black Book