Lecture8 - University Of Worcester

Download Report

Transcript Lecture8 - University Of Worcester

COMP2121
Internet Technology
Richard Henson
University of Worcester
March 2011
Week 8 – Introduction to
Server-Scripting

Objectives of Session
Explain the limitations of clientscripting
Analyse a network infrastructure and
server platform to assess possibilities
for using server scripting
Implement server scripting across an
Intranet and through the Internet
Client-Server Systems

Server end:
 access control to the network and
its resources controlled by logon
service
server
 access to resources depends on
user rights – assessed by logon
data

Client-end:
 user who wishes to access
network resources
client
Requests and responses
Client requests information
Server processes the request, sends a response back
to the client
CLIENT
Client
Program
SERVER
REQUEST
RESPONSE
Send Request
Read Results
Server
Program
Process Request
Send Back Results
Bandwidth and Client/Server
processes

Messages transferred between client
and server via network
Bandwidth and Client/Server
processes

Data transfer: the faster the better…
 most effective on LANs - nowadays 1000
Mbits/sec or more
 between connected Internet computers bandwidth
needs to be as high as possible - 2 Mbits/sec
upwards

Slow connections…
 data takes longer to get through
 so longer time to get a response back
 server could even “time out”
More about HTTP and ClientServer Computing


Client and server systems work right up to
the application layer
To allow client-server interaction on the web,
Tim Berners-Lee designed HTTP to integrate
well with his basic web page formatting
language - HTML
 HTML language GET command instructs the
client process to get data for the server
 HTML POST command sends client data either
using an email protocol or using HTTP
Web Dynamic
Client-Server Model
In a typical web-
based client-server
application:
1. The HTML form
displayed on a web
browser at the client
end collects data
2. Using HTTP the form
data is sent to a web
server
Web Dynamic
Client-Server Model

The web server
processes the data
according to instructions
on a specified server
script

Using HTTP, the results
of processing generated
as specified by the script
are sent back to the client

The web browser on the
client machine displays
the results on a web page
in a specified position
Web Dynamic
Client-Server model

All this gets even
more complex
when a database,
and database
programming, are
also involved at
the server end…
Server-scripting and dynamic
pages on The Web

The following apply to ALL types of
scripting used on the web…
scripts need to use real programming code
» note: HTML is a FORMATTING language, NOT
a programming language
both client and server ends have
programming code:
» client end…embedded within a HTML page
» server end… could be embedded or separate
Languages used for
Server Scripting

Much has been tried since w3c launched HTML as an
interactive language in the early 1990s…
 use of an existing language in a completely separate file,
which is already compiled and ready to go:
» the original approach: .cgi
» any language could in theory be used
» in practice “C” was usually favoured
 use of an existing language embedded in a HTML file
» The Microsoft .asp approach, using embedded VB source code
» The Sun .jsp approach, using embedded Java (Script) source
 Invention of new scripting languages that are “HTML-like”
and easily embed with HTML
» Cold Fusion .cf
» Preprocessor Hypertext processing .php
Microsoft’s first attempt
at server scripting…

In 1996, Microsoft introduced active server pages
(asp)
 hugely successful (VB very popular…)
 soon became more popular than .cgi

However, in spite of the great success of asp, big
problems were emerging…
 by 2000, hackers were attacking Microsoft servers and
finding many security holes in IIS
» Microsoft only coped by offering hotfixes
 further problem: use of VB source code
» if server not secure, code could be copied or compromised
» Scripts could not be truly “object oriented”
Alternative Scripting Lanuguages
using the embedded approach
JSP
 PHP
 PERL
 Cold Fusion

JSPs (Java Script Pages)

Produced by Sun Microsystems
 extension of the JavaTM Servlet technology

According to Sun, Servlets:
 “fit seamlessly into a Web server framework
and can be used to extend the capabilities
of a Web server with minimal overhead,
maintenance, and support.”
»
»
»
»
»
»
platform-independent
100% pure Java
enhanced performance
separation of logic from display
ease of administration
extensibility into the enterprise
PERL




Invented by Larry Wall in 1987
Became popular as a web
programming language in the late
1990s
Features of C but an interpreted
language (like Java)
Not for programming novices…
Evolution into PHP (Hypertext
Pre-processor)

Started as just a collection of “free” PERL
scripts in 1995
 became popular as a rival to the asp approach for
programming code embedded in HTML
 then became very popular as Microsoft wrestled
with asp -> asp.net

Open source and integrates well with open
source databases
 e.g. MySQL
PHP scripts

Originally designed for Linux-based systems
 executed on a type of web server called Apache

Can now run happily on IIS
 now getting very popular with non-Linux platforms



Big improvements in performance with PHP v4
XML functionality with v5 (released 2005)
Can download the environment directly from the PHP
website:
 http://uk2.php.net/downloads.php
 XAMPP provides MySQL and Apache webserver
environment
Cold Fusion

Originally produced by Altair with its own
scripting language (CFML) for the Microsoft
platform
 arguably easier to use than asp

Purchased by Macromedia in 2003
(Dreamweaver, Flash, Director, etc.)
 Dreamweaver has good support for Cold Fusion
scripting


Now also available for the Java environment
Macromedia itself now part of Adobe
ASP becomes ASP.NET

Microsoft’s new approach to server scripting for the
new millennium…
 building on asp principles
 new system that used “intermediate language”, rather than
source code on the server
 much more difficult to hack

Problem was… they had to scrap the .asp
environment, and adopt a new architecture…
 known as the .net framework
 as many developers were accustomed to .asp this took
awhile to catch on!
 many people still confuse asp and asp.net…
Evolution of .net framework
(2001)

Version 1.1
 intermediate language
 run-time environment for scripts
» compiled code can’t easily be hacked
 Programming Code can be separated from HTML;
» as with cgi…
» but without degradation in performance
 Web controls introduced by drag-and-drop for
ease of development
 XML can replace HTML code…
Evolution of .net framework
(2005)

Version 2.0
more and better controls
some Integration with Active Directory
Visual Web Developer 2005 introduced
» based on Visual Studio

user friendly development environment
» easy use of master pages and CSS
» simulated web server for ease of testing
Evolution of .net framework
(2008, 2010)

Version 3.5
further enhancement to controls
greater integration with Active Directory
Visual Web Developer 2008 provided more
controls, more wizards, and better
formatting tools

Version 4.0
as above. Generally regarded as easier to
use than VWD 2008
PHPs & asp.net today

PHPs attractive for serious programmers who
dislike the Microsoft approach…
 integration of cut-and-paste code still needs an
environment like Dreamweaver

Industry view (post-millenium)
 Unix-based Servers running PHPs considered to
be more secure against hackers than Windows
2000/IIS running asp
 asp.net running on Windows 2003/IIS v6/7 later
accepted as being a very stable platform

Both widely in use today…
Platforms for Development
Dreamweaver excellent for asp, .net.
php & ColdFusion until Creative Studio
 From CS1 onwards (2005ish):

no support for .net development
solid support for php & Cold Fusion

Visual Web Developer 2005, 2008,
2010
gradually took away Dreamweaver
customers using asp.net
When to use Server Scripting (1)
Whenever programming logic is
required that needs to be shared via
Internet browsers!
 Good for security

if web server properly configured…

And accountability
clients can be forced to log on
When to use Server Scripting (2)

When client end lacks storage & processing
power
 fits well with the thin client model for web &
network computing
 very popular for massively multiplayer games

Client just sends the requests and asks the
questions
 server does the processing and provides the web
pages with answers/responses to requests
When to use Server Scripting (3)

Whenever centralised data storage &
processing is needed to support
activities of a website
essential for security of sensitive data
waste of space and resources to store &
process databases locally
(4) Securing of Sensitive Data
between Client and Server

Extended Internet infrastructure designed
around the webserver model
 organisation can get an authentication certificate
(SSL certificate), and make it available through
their webserver
» client can view server certificate
 Client can access sensitive data at server end by
authenticating themselves (log in)
 data encrypted and sent using https protocol
Platforms for developing a website
running server-scripts



Computer capable of supporting Windows
XP/2003/Vista/7 or an equivalent Unix-based
operating system
TCP/IP protocol stack running on server
Web Server software such as:
 Internet Information Server
 Apache

Broadband connection to the Internet
Typical Infrastructure for putting
Server Scripting online


Make sure the internal “client-server”
computer network is secure
EITHER use the firewall/proxy server as a
router to separate the internal (local) network
from the External (i.e. Internet) network
OR, if OSI level 3-4 protocol conversion
needed, use a gateway
 converts data into appropriate protocol and diverts
it between the Internet and the local network
 can be used to link networks running different
protocols
Putting the
Secured network on-line

A digital connection with plenty of
bandwidth is needed between the
router/gateway and a computer
connected to the Internet

Regular monitoring of the network is
essential to ensure that unauthorised
users are not trying to gain access
Web Hosting and ISPs
(Internet Service Providers)
Only the largest corporate enterprises
are likely to be part of the Internet
 Most businesses need to find a partner
who will provide a link between the
connection medium and the Internet
that meets their needs

Many Internet service providers available
The problem is usually “which to choose”,
rather than finding a partner…
Web Hosting

Two possibilities:
ISP provides hosting and web space,
organisation manages website
ISP provides hosting AND manages website

ISP will also provide:
the all important IP address that will allow a
presence on the Internet
the domain name that will allow other
Internet users to find the website
Criteria for choosing a
web host (apart from cost!)









Amount of web space?
Bandwidth availability?
Hardware & OS?
Uploading techniques?
Protocols supported?
URL available?
type of server scripts supported?
Site management tools?
Databases supported?
Exercise for Next Week

Search Google for web hosts
 How many available?
 How could you choose?

Use the following URL to compare web
hosts and their offerings:
 http://www.hostindex.com/voteresults.shtm