web databases

Web DatabasesWeb Databases

CS263 Lecture 13

2

The Internet environmentThe Internet environment

Following Fig. Shows the basic environment needed to set up both Intranet and Internet database-enabled connectivity

Network that connects client workstations, Web server, and database server follows TCP (Transmission Control Protocol)/IP (Internet Protocol) protocols. Both protocols are required for Internet transmission to occur

Firewalls are used to limit external access to the data and limit movement of the data outside the boundaries

A proxy server controls the passage of messages or files through to the network. It can improve a site’s performance by caching frequently requested pages

Database-enabled intranet-Internet environment

Communications technologyCommunications technology IP Address - 4 numbers that identify a node on the Internet, e.g. 131.247.152.18.

Each is mapped to a unique domain name that has more meaning and is easier to remember (such as www.surrey.ac.uk). Domain name servers maintain an index of IP addresses and their matching domain names

Hypertext Transfer Protocol (HTTP) – is a communication protocol used to transfer pages from Web server to browser. HTTPS is a more secure version

Uniform Resource Locator (URL)- is a mnemonic Web address corresponding with IP address of Web server. It also includes folder location and html file name

http://www.surrey.ac.uk/

5

Communications technologyCommunications technology

Static Web pages – Web pages whose content is established at the time they are written. The same information is displayed whenever the page is accessed

Dynamic Web pages – Web pages that display the data requested or input by the client station. Generally require that a database be attached to the page by an ODBC connection

6

Server-side extensionsServer-side extensions

Basic Web servers only understand HTML So we need programs that interact directly with Web servers to

handle requests, e.g. database-request handling middleware (such as Coldfusion or ASP)

Initially (following Fig.), a request for information is submitted from a browser via the Web to a Web server

The SQL query will be included in the script, but cannot be directly interpreted by the Web server

The middleware identifies the query and prepares it to be passed to the DBMS

Result set returned is then converted by middleware so that it will display correctly on browser

Web-to-database middleware

8

Web server interfacesWeb server interfaces

Dynamic Web pages determine some of their content at the time a client browser requests a page, so communication is needed between the Web server and the client or the database

Two common Web server interfaces are: Common Gateway Interface (CGI) which specifies the

transfer of information between a Web server and a CGI program. May be written in many languages

CGI scripts are stored on the Web server and must be executed each time a user makes a request that uses a CGI script (slow if many users)

9

Web server interfacesWeb server interfaces

Java servlets are an alternative to CGI Allow a client program to upload additional program code

to a server, where it executes Since they are small and cross-platform compatible, ideal

for small Internet applications accessible from a browser Persistent – once started they remain in memory and can

fulfill multiple requests (CGI closes after it runs) – so more efficient

Web serversWeb servers Provide HTTP service, Serve many clients at once,

accomplished using multithreading and multiprocessing Popular websites receive more hits than can be managed by a

single server, therefore load balancing approaches are needed. Some use Domain Name Server (DNS) balancing, where

multiple copies of the site are placed on separate servers, i.e. one DNS = multiple IP addresses. Does not guarantee load on servers will be balanced

Software and hardware balancing – distributes requests more evenly. Request at one IP address is distributed to multiple servers. Resources can be allocated dynamically

Reverse proxying intercepts client request and caches response

Web-to-database toolsWeb-to-database tools Active Server Pages (ASP) consist of text files containing text,

HTML and scripting language commands (JavaScript, VBScript)

Because these files are executed on the server, programmer need not be concerned about client platform

Interface to databases in MS Windows-based Web servers

A global.asa file for an ASP application

ASP applications include HTML extensions and additional scripting (usually in VBScript, or in JavaScript)

ASP code embedded in <% %> tags are executed on the server, instead of the client. This is how dynamic Web pages can be created

Sample ASP CodeSample ASP Code <%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>

<TABLE><%REM Display the list of finishesWhile not rsRes.EOF%>

<TR><TD align=center valign=top>

<%=rsRes(“Product Finish”>)%></TD><TD>

<FORM method=post action=“line.asp”><INPUT type=Hidden name=line

value=“<%=rsRes(“Product_Finish”))%><INPUT type=submit Value=GO!>

</TD></TR>

<%rsRes.MoveNext

Wend%></TABLE>







</TD></TR>

<%rsRes.MoveNext

Wend%></TABLE>

Code is within the <% %> tags are executed on the server, not the client…these are interacting with the database and creating dynamic Web content







</TD></TR>

<%rsRes.MoveNext

Wend%></TABLE>

These lines are executing a query on the database server using a middleware called Active Data Objects (ADO). The concon variable is a connection to the database, which was established in the code of Box C. The rsResrsRes variable contains the result set of the query (the rows returned from the query)







</TD></TR>

<%rsRes.MoveNext

Wend%></TABLE>

These lines of code cause the ASP application to loop through the rows returned by the query until they reach the end







</TD></TR>

<%rsRes.MoveNext

Wend%></TABLE>

These lines of code are retrieving the values of the specified field from the current row of the query result

Sample ASP CodeSample ASP Code

<%REM Get list of FinishesstrSQL = “SELECT Product_Finish FROM PRODUCT_t GROUP BY Product_Finish;”Set rsRes = con.Execute(strSQL)%>






</TD></TR>

<%rsRes.MoveNext

Wend%></TABLE>

The Web page is being dynamically created, with one HTML table row for each record obtained from the query. Also, each Web table row includes a button that will link to another ASP page

19

Web-to-database toolsWeb-to-database tools

ColdFusion uses special server-side markup language CFML (modelled after HTML)

When a client browser requests a *.cfm page page from the Web server, it is passed to the ColdFusion application server, where the script is executed, the result formatted in HTML and returned to the Web server, which returns the result to the client where it is displayed

20


Embedded SQL is another alternative Previously we have looked at the interactive (direct) form

of SQL, where one command is entered and executed at a time

SQL can be embedded in 3GL programs (Cobol, C etc.) SQL commands placed at appropriate locations in the

programs Provides easier more flexible interface than standard SQL

21


Can improve performance compared to interactive variant as using interactive SQL requires that each query be converted to machine code each time the query is processed

Improves database security, as additional GRANT and REVOKE permissions can be invoked in the embedded code

Need a separate pre-compiler for each host language used Following Fig. Shows processing an embedded SQL

program

Processing an embedded SQL program

Embedded SQL statement begins with EXEC SQL

Precompiler translates embedded SQL into host program language

Compiler and linker generate executable code

Managing website dataManaging website data

Web Security Issues - prevent unauthorized access and malicious destruction

Privacy Issues - protect users’ privacy rights Internet Technology Rate-of-Change Issues - deal with

rapid advances in technology

Website securityWebsite security

Network Level Security– Web server and DB server on separate LAN from other

business systems– Minimize sharing of hard disks among network servers– Regular monitoring of network and firewall logs– Install probe-monitor software

Website security Website security

Operating System Level Security– Patch all known OS vulnerabilities– Install anti-virus software with boot-time, file

download time, and email reception time virus detection

– Monitor server logs for unauthorized activity– Disable unrequired services to reduce risk of

unauthorized access

Web security Web security

Web Server Security– Restrict number of users on Web server– Restrict access (minimize number of open ports)

http and https only, if possible– Remove unneeded programs

Restrict CGI scripts to one subdirectory– For Unix, only install minimum software for Web

server

Website security Website security

FirewallFirewall – hardware/software security component that limits external access to company’s data

Proxy serverProxy server – firewall component that manages Internet traffic to and from a LAN

RouterRouter – intermediate device that transmits message packets to correct destination over most efficient pathway

Intrusion detection system (IDS)Intrusion detection system (IDS) – system that identifies attempt to hack or break into a system

Establishing Internet security

Firewall to limit external access to data

Routers to transmit message packets to correct destination

IDS to monitor and recognize security breach attempts

web databases

Documents

ip address of web server

database server

web serverthe middleware

extensionsbasic web

web databasescs263 lecture

web serverthe sql query

odbc connection server

boundariesa proxy server