Travel-Net Features - Department of Computer Science and

Download Report

Transcript Travel-Net Features - Department of Computer Science and

LYU9901 Travel-Net
Supervisor:
Members:
Prof. Michael R. Lyu
Ho Chi Ho Malcolm
Lau Chi Ho Arthur
Outline
•
•
•
•
•
•
Introduction
Travel-Net features
System overview
Security issues
Future works
Q&A
Introduction
• Nowadays e-commerce: A new way to do
business and earn money. (Amazon, CDNow)
• Due to its great potential and popularity among
the internet, it is worthy for us to practice it.
• Travel-Net is an e-commerce application
providing travel related services.
E-commerce model
Clients
(user interface)
Middle-Ware/
Application server
(application logic)
Service Servers
(Database/Payment)
•Client: Web browser, PDA or any device supported by the application Serve
•Middle-Ware: handle all application operations between the base computer and
company back-end business application and database.
•Service servers: provide data or information according to request from middleware. Process some requests (update database, payment transaction)
•3-Tier client/server: A special type of client/server architecture consisting of
three well-defined and separate processes, each running on a different platform
Travel-Net Features
• To provide travel related service
• Flight Search & Reservation
• Travel Accessories Shop
• Travel Guides
Flight Search & Reservation
• Type of Search
• One way flight
• Round trip
• Multi-cities route
Flight Search & Reservation(2)
• Basic Search Criteria based on
•
•
•
•
Departure City
Destination
Class(first class, business, economy)
Departure date and time
Flight Search & Reservation(3)
• Additional Search Criteria based on
• Airline
• Result(all possible result, lowest price)
Flight Search & Reservation(4)
Flight Search & Reservation(5)
• Database coverage:
• Each Airline has its own database for its
flight
• To minimize the complexity and the large
size of data, the DB only covers for some
major Asian cities
Flight Search & Reservation(6)
• Difficulties encountered:
• Simulation of airline databases
– unable to obtain the actual database of airlines
– construct the structure of the database by hypothesis
on the data from some travel web site
– get flight data from these travel web site manually
– Tedious work!!!
Travel Accessories Shop
• selling of travel accessories:
• different types of luggages
• travel maps
• travel guide books
• other stuffs that is convenient &
portable for travel
Travel Accessories Shop(2)
• provides pictures and description of
products
• users add the item they want to buy in a
shopping basket
• system keep the content of basket until
they pay for it
• on-site delivery after paying the bill
Travel Accessories Shop(3)
Travel Guides
• provides information on Cities that covered by
Travel-Net
• Information includes:
–
–
–
–
City map
Famous spot
Currency
Necessary equipment and procedure on visit the
city
– other information
System Overview
•
•
•
•
Architecture Overview
Server System
Software tools
Client requirement
System Architecture
Web Browser
Host Machine:
Java enable web Server
User Profile
Database
Foreign
Inventory
Database
Authorized
companies
providing their
inventory data
HTTP Req/Resp
Inventory
Stock
Database
Servlets
Company
DB Mngr
Payment
Manager
Bank
Account
Database
Bank handling
payments
Foreign
Inventory
Database
Company
DB Mngr
Server System
Server machine: PIII 500Mhz, 128MB Memory
Operating system: NT workstation/ Server
Web Server: Internet Information Server 4.0(IIS)
Servlet Engine: ServletExec 2.2
DBMS: Oracle 8i (CSE Dept.)
Server System(2)
• Reasons that not using UNIX Apache in the
department
– Unable to use security feature (SSL)
– Unable to install a Sevrlet Engine
• Reasons on choosing Microsoft IIS
–
–
–
–
Free of charge
Easy to install and configure
Support of SSL
Can plug-in Servlet Engine
Server System(3)
Database System:
• Reasons that not using Sybase
– JConnect (a JDBC product) is not a free extension of Sybase
– JConnect is unavailable in our department
• Reason for using Oracle
– Oracle JDBC driver is shipped with Oracle, which is free for
us to use .
Server System(4)
• The choice on Servlet Engine
– ServletExec: light weight, easy installation, FREE for trial
and relatively less restriction on trial version
– Drawbacks of other trial vesions of Servlet Engine
• E.g. JRUN and WebSphere: Large in size, difficult to
install and configure and too many unnecessary features
Software Tools
• What is Java Servlet and Servlet Engine?
• Servlet
– Written in pure Java
– Handle any request/response protocol. (mainly HTTP)
– Run on Server side (Server side applet w/o GUI)
• Servlet Engine
– It is a Java VM running as background job
– Allow the invocation of Java Servlet
Advantages: Servlet over CGI
• Performance:
– Servlets start a new thread (rather than a new process) with
each request.
• Security:
– Cannot execute commands on server by tricks.
• Portability:
– Java is platform independent.
• Development & Growth
– Object Oriented approach can obtain higher scalability
– Much easier to detect error
Route of Servlets
• Servlets take the role of CGI
– To handle the HTTP resquests
(HTTP POST, HTTP GET, HTTP SERVICE)
– Process order, query and generating dynamic pages
• It behaves like the middle-ware in a 3-tier
client/server system.
• It will corporate with CORBA.
Client Software Requirement
• A web browser with no additional add-on.
E.g. I.E 4+ or Netscape 3.0+ compatible
• Security protocol (SSL) supported web
browser is advised.
Security
• A major concern on every e-commerce
system
• Useful feature especially on transferring
confidential data like credit card details
during payment
• Common solution: Encryption
Security(2)
• Parts that require encryption in the system:
Client
(browser)
Travel Agent
Server
: credit card detail / user password
: transaction reference
Payment
Gateway
Security(3)
• Our concern:
– Encryption/Decryption of data requires computation
power at both clients & servers
– No problem for servers communication
– But difficult to control the computation at client
– Solution: use of Java Applet
– Drawbacks on Applet: Increase download time, extra
Java plug-in needed, inefficient to develop just for
security.
Security(4)
• Our approach:
– Use of browser build-in capability for security
– Advantage: do not require user to install extra
plug-in
– Disadvantage: need the browser to support
– Use of SSL which is supported by major
browsers(Netscape / Internet Explorer)
Security(5) - SSL
• Brief introduction of SSL:
– developed by Netscape
– support of different encryption algorithm(e.g. RSA)
– use of symmetric key called session key for data
encryption & decryption
– session key is generated using information of server
certificate which should be signed by a trusted CA
– common key length used is 40bits, 56bits and
128bits(US only)
Security(6) - SSL
• Brief procedures of SSL connection:
– Authenticate the server to the client.
– Allow the client and server to select the cryptographic
algorithms, or ciphers, that they both support.
– Optionally authenticate the client to the server.
– Use public-key encryption techniques to generate
shared secrets.
– Establish an encrypted SSL connection.
Security(7)
• What do we need to do?
• Get a server certificate & install it
(a free server cert is available for CUHK hosts at:
http://www.cuhk.edu.hk/ca)
• Use https in browser for SSL connection
• More detail of SSL is available here
- http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
- http://developer.netscape.com/tech/security/ssl/howitworks.html
Future Works
• implement the payment method suggested by a
post-graduate
• implement CORBA in our system
• add the part Hotel Reservation for features
• evaluate the possibility of using Agent techniques
in database negotiation
• add other interesting stuffs if time allows
Q&A
• You are welcome to raise
questions on our project