COMP2121 COMP2121 Internet TechnologyInternet Technology

Richard HensonRichard Henson

University of WorcesterUniversity of Worcester

March 2011March 2011

Week 8 – Week 8 – Introduction to Introduction to

Server-ScriptingServer-Scripting Objectives of SessionObjectives of Session

Explain the limitations of client-Explain the limitations of client-scriptingscripting

Analyse a network infrastructure and Analyse a network infrastructure and server platform to assess possibilities server platform to assess possibilities for using server scriptingfor using server scripting

Implement server scripting across an Implement server scripting across an Intranet and through the Internet Intranet and through the Internet

Client-Server SystemsClient-Server Systems

Server end:Server end:

access control to the network and its resources controlled by logon service

access to resources depends on user rights – assessed by logon data

Client-end:Client-end:

user who wishes to access network resources

server

client

Requests and responsesRequests and responses

Client requests information

Server processes the request, sends a response back to the client

CLIENT SERVER

RESPONSE

Send RequestRead Results

Process RequestSend Back Results

ClientProgram

REQUEST

ServerProgram

Bandwidth and Client/Server Bandwidth and Client/Server processesprocesses

Messages transferred between client Messages transferred between client and server via networkand server via network

Bandwidth and Client/Server Bandwidth and Client/Server processesprocesses

Data transfer: the faster the better…Data transfer: the faster the better… most effective on LANs - nowadays 1000 most effective on LANs - nowadays 1000

Mbits/sec or moreMbits/sec or more between connected Internet computers bandwidth between connected Internet computers bandwidth

needs to be as high as possible - 2 Mbits/sec needs to be as high as possible - 2 Mbits/sec upwards upwards

Slow connections…Slow connections… data takes longer to get throughdata takes longer to get through so longer time to get a response backso longer time to get a response back server could even “time out”server could even “time out”

More about HTTP and Client-More about HTTP and Client-Server ComputingServer Computing

Client and server systems work right up to Client and server systems work right up to the application layerthe application layer

To allow client-server interaction on the web, To allow client-server interaction on the web, Tim Berners-Lee designed HTTP to integrate Tim Berners-Lee designed HTTP to integrate well with his basic web page formatting well with his basic web page formatting language - HTMLlanguage - HTML HTML language GET command instructs the HTML language GET command instructs the

client process to get data for the serverclient process to get data for the server HTML POST command sends client data either HTML POST command sends client data either

using an email protocol or using HTTPusing an email protocol or using HTTP

Web Dynamic Web Dynamic Client-Server ModelClient-Server Model

IIn a typical web-n a typical web-based client-server based client-server application:application:1.1. The HTML form The HTML form

displayed on a web displayed on a web browser at the client browser at the client end collects dataend collects data

2.2. Using HTTP the form Using HTTP the form data is sent to a web data is sent to a web serverserver

Web Dynamic Web Dynamic Client-Server ModelClient-Server Model

The web server The web server processes the data processes the data according to instructions according to instructions on a specified server on a specified server scriptscript

Using HTTP, the results Using HTTP, the results of processing generated of processing generated as specified by the script as specified by the script are sent back to the clientare sent back to the client

The web browser on the The web browser on the client machine displays client machine displays the results on a web page the results on a web page in a specified positionin a specified position

Web Dynamic Web Dynamic Client-Server modelClient-Server model

All this gets even All this gets even more complex more complex when a database, when a database, and database and database programming, are programming, are also involved at also involved at the server end…the server end…

Server-scripting and dynamic Server-scripting and dynamic pages on The Webpages on The Web

The following apply to ALL types of The following apply to ALL types of scripting used on the web…scripting used on the web…scripts need to use real programming codescripts need to use real programming code

» note: HTML is a FORMATTING language, NOT note: HTML is a FORMATTING language, NOT a programming languagea programming language

both client and server ends have both client and server ends have programming code:programming code:» client end…embedded within a HTML pageclient end…embedded within a HTML page» server end… could be embedded or separateserver end… could be embedded or separate

Languages used for Languages used for Server ScriptingServer Scripting

Much has been tried since w3c launched HTML as an Much has been tried since w3c launched HTML as an interactive language in the early 1990s…interactive language in the early 1990s… use of an existing language in a completely separate file, use of an existing language in a completely separate file,

which is already compiled and ready to go:which is already compiled and ready to go:» the original approach: .cgithe original approach: .cgi» any language could in theory be usedany language could in theory be used» in practice “C” was usually favouredin practice “C” was usually favoured

use of an existing language embedded in a HTML fileuse of an existing language embedded in a HTML file» The Microsoft .asp approach, using embedded VB source codeThe Microsoft .asp approach, using embedded VB source code» The Sun .jsp approach, using embedded Java (Script) sourceThe Sun .jsp approach, using embedded Java (Script) source

Invention of new scripting languages that are “HTML-like” Invention of new scripting languages that are “HTML-like” and easily embed with HTMLand easily embed with HTML

» Cold Fusion .cfCold Fusion .cf» Preprocessor Hypertext processing .phpPreprocessor Hypertext processing .php

Microsoft’s first attempt Microsoft’s first attempt at server scripting…at server scripting…

In 1996, Microsoft introduced active server pages In 1996, Microsoft introduced active server pages (asp)(asp) hugely successful (VB very popular…)hugely successful (VB very popular…) soon became more popular than .cgisoon became more popular than .cgi

However, in spite of the great success of asp, big However, in spite of the great success of asp, big problems were emerging…problems were emerging… by 2000, hackers were attacking Microsoft servers and by 2000, hackers were attacking Microsoft servers and

finding many security holes in IISfinding many security holes in IIS» Microsoft only coped by offering hotfixesMicrosoft only coped by offering hotfixes

further problem: use of VB source codefurther problem: use of VB source code» if server not secure, code could be copied or compromisedif server not secure, code could be copied or compromised» Scripts could not be truly “object oriented”Scripts could not be truly “object oriented”

Alternative Scripting Lanuguages Alternative Scripting Lanuguages using the embedded approachusing the embedded approach

JSPJSP PHPPHP PERLPERL Cold FusionCold Fusion

JSPs (Java Script Pages) Produced by Sun Microsystems

extension of the JavaTM Servlet technology

According to Sun, Servlets:“fit seamlessly into a Web server framework

and can be used to extend the capabilities of a Web server with minimal overhead, maintenance, and support.”

» platform-independent» 100% pure Java» enhanced performance» separation of logic from display» ease of administration» extensibility into the enterprise

PERLPERL

Invented by Larry Wall in 1987Invented by Larry Wall in 1987 Became popular as a web programming Became popular as a web programming

language in the late 1990slanguage in the late 1990s Features of C but an interpreted Features of C but an interpreted

language (like Java)language (like Java) Not for programming novices…Not for programming novices…

Evolution into PHP Evolution into PHP (Hypertext Pre-processor)

Started as just a collection of Started as just a collection of “free” PERL PERL scripts in 1995scripts in 1995 became popular as a rival to the asp approach for became popular as a rival to the asp approach for

programming code embedded in HTMLprogramming code embedded in HTML then became very popular as Microsoft wrestled then became very popular as Microsoft wrestled

with asp -> asp.netwith asp -> asp.net Open source and integrates well with open Open source and integrates well with open

source databasessource databases e.g. MySQLe.g. MySQL

PHP scripts Originally designed for Linux-based systems

executed on a type of web server called Apache Can now run happily on IIS

now getting very popular with non-Linux platforms Big improvements in performance with PHP v4 XML functionality with v5 (released 2005) Can download the environment directly from the PHP

website: http://uk2.php.net/downloads.php XAMPP provides MySQL and Apache webserver

environment

Cold Fusion Originally produced by Altair with its own

scripting language (CFML) for the Microsoft platformarguably easier to use than asp

Purchased by Macromedia in 2003 (Dreamweaver, Flash, Director, etc.)Dreamweaver has good support for Cold Fusion

scripting Now also available for the Java environment Macromedia itself now part of Adobe

ASP becomes ASP.NETASP becomes ASP.NET

Microsoft’s new approach to server scripting for the Microsoft’s new approach to server scripting for the new millennium…new millennium… building on asp principlesbuilding on asp principles new system that used “intermediate language”, rather than new system that used “intermediate language”, rather than

source code on the serversource code on the server much more difficult to hackmuch more difficult to hack

Problem was… they had to scrap the .asp Problem was… they had to scrap the .asp environment, and adopt a new architecture…environment, and adopt a new architecture… known as the .net frameworkknown as the .net framework as many developers were accustomed to .asp this took as many developers were accustomed to .asp this took

awhile to catch on!awhile to catch on! many people still confuse asp and asp.net…many people still confuse asp and asp.net…

Evolution of .net framework Evolution of .net framework (2001)(2001)

Version 1.1Version 1.1 intermediate languageintermediate language run-time environment for scriptsrun-time environment for scripts

» compiled code can’t easily be hackedcompiled code can’t easily be hacked Programming Code can be separated from HTML; Programming Code can be separated from HTML;

» as with cgi…as with cgi…» but without degradation in performancebut without degradation in performance

Web controls introduced by drag-and-drop for Web controls introduced by drag-and-drop for ease of developmentease of development

XML can replace HTML code…XML can replace HTML code…

Evolution of .net framework Evolution of .net framework (2005)(2005)

Version 2.0Version 2.0more and better controlsmore and better controlssome Integration with Active Directorysome Integration with Active DirectoryVisual Web Developer 2005 introducedVisual Web Developer 2005 introduced

» based on Visual Studiobased on Visual Studio user friendly development environmentuser friendly development environment

» easy use of master pages and CSSeasy use of master pages and CSS» simulated web server for ease of testingsimulated web server for ease of testing

Evolution of .net framework Evolution of .net framework (2008, 2010)(2008, 2010)

Version 3.5Version 3.5further enhancement to controlsfurther enhancement to controlsgreater integration with Active Directorygreater integration with Active DirectoryVisual Web Developer 2008 provided more Visual Web Developer 2008 provided more

controls, more wizards, and better controls, more wizards, and better formatting toolsformatting tools

Version 4.0Version 4.0as above. Generally regarded as easier to as above. Generally regarded as easier to

use than VWD 2008use than VWD 2008

PHPs & asp.net today PHPs attractive for serious programmers who

dislike the Microsoft approach… integration of cut-and-paste code still needs an

environment like Dreamweaver Industry view (post-millenium)

Unix-based Servers running PHPs considered to be more secure against hackers than Windows 2000/IIS running asp

asp.net running on Windows 2003/IIS v6/7 later accepted as being a very stable platform

Both widely in use today…

Platforms for Development Dreamweaver excellent for asp, .net.

php & ColdFusion until Creative Studio From CS1 onwards (2005ish):

no support for .net developmentsolid support for php & Cold Fusion

Visual Web Developer 2005, 2008, 2010gradually took away Dreamweaver

customers using asp.net

When to use Server Scripting (1)

Whenever programming logic is Whenever programming logic is required that needs to be shared via required that needs to be shared via Internet browsers!Internet browsers!

Good for securityGood for securityif web server properly configured…if web server properly configured…

And accountabilityAnd accountabilityclients can be forced to log onclients can be forced to log on

When to use Server Scripting (2)When to use Server Scripting (2)

When client end lacks storage & processing When client end lacks storage & processing powerpower fits well with the thin client model for web & fits well with the thin client model for web &

network computingnetwork computing very popular for massively multiplayer gamesvery popular for massively multiplayer games

Client just sends the requests and asks the Client just sends the requests and asks the questionsquestions server does the processing and provides the web server does the processing and provides the web

pages with answers/responses to requestspages with answers/responses to requests

When to use Server Scripting (3)When to use Server Scripting (3)

Whenever centralised data storage & Whenever centralised data storage & processing is needed to support processing is needed to support activities of a websiteactivities of a websiteessential for security of sensitive dataessential for security of sensitive datawaste of space and resources to store & waste of space and resources to store &

process databases locallyprocess databases locally

(4) Securing of Sensitive Data (4) Securing of Sensitive Data between Client and Serverbetween Client and Server

Extended Internet infrastructure designed Extended Internet infrastructure designed around the webserver modelaround the webserver model organisation can get an authentication certificate organisation can get an authentication certificate

(SSL certificate), and make it available through (SSL certificate), and make it available through their webservertheir webserver

» client can view server certificateclient can view server certificate

Client can access sensitive data at server end by Client can access sensitive data at server end by authenticating themselves (log in)authenticating themselves (log in)

data encrypted and sent using https protocoldata encrypted and sent using https protocol

Platforms for developing a website Platforms for developing a website running server-scriptsrunning server-scripts

Computer capable of supporting Windows Computer capable of supporting Windows XP/2003/Vista/7 or an equivalent Unix-based XP/2003/Vista/7 or an equivalent Unix-based operating systemoperating system

TCP/IP protocol stack running on serverTCP/IP protocol stack running on server Web Server software such as:Web Server software such as:

Internet Information ServerInternet Information Server ApacheApache

Broadband connection to the InternetBroadband connection to the Internet

Typical Infrastructure for putting Typical Infrastructure for putting Server Scripting online Server Scripting online

Make sure the internal “client-server” Make sure the internal “client-server” computer network is securecomputer network is secure

EITHER use the firewall/proxy server as a EITHER use the firewall/proxy server as a router to separate the internal (local) network router to separate the internal (local) network from the External (i.e. Internet) network from the External (i.e. Internet) network

OR, if OSI level 3-4 protocol conversion OR, if OSI level 3-4 protocol conversion needed, use a gatewayneeded, use a gateway converts data into appropriate protocol and diverts converts data into appropriate protocol and diverts

it between the Internet and the local networkit between the Internet and the local network can be used to link networks running different can be used to link networks running different

protocolsprotocols

Putting the Putting the Secured network on-lineSecured network on-line

A digital connection with plenty of A digital connection with plenty of bandwidth is needed between the bandwidth is needed between the router/gateway and a computer router/gateway and a computer connected to the Internetconnected to the Internet

Regular monitoring of the network is Regular monitoring of the network is essential to ensure that unauthorised essential to ensure that unauthorised users are not trying to gain accessusers are not trying to gain access

Web Hosting and ISPs Web Hosting and ISPs (Internet Service Providers)(Internet Service Providers)

Only the largest corporate enterprises Only the largest corporate enterprises are likely to be part of the Internetare likely to be part of the Internet

Most businesses need to find a partner Most businesses need to find a partner who will provide a link between the who will provide a link between the connection medium and the Internet connection medium and the Internet that meets their needsthat meets their needsMany Internet service providers availableMany Internet service providers availableThe problem is usually “which to choose”, The problem is usually “which to choose”,

rather than finding a partner…rather than finding a partner…

Web HostingWeb Hosting Two possibilities:Two possibilities:

ISP provides hosting and web space, ISP provides hosting and web space, organisation manages websiteorganisation manages website

ISP provides hosting AND manages websiteISP provides hosting AND manages website ISP will also provide:ISP will also provide:

the all important IP address that will allow a the all important IP address that will allow a presence on the Internetpresence on the Internet

the domain name that will allow other the domain name that will allow other Internet users to find the websiteInternet users to find the website

Criteria for choosing a Criteria for choosing a web host (apart from cost!)web host (apart from cost!)

Amount of web space?Amount of web space? Bandwidth availability?Bandwidth availability? Hardware & OS?Hardware & OS? Uploading techniques?Uploading techniques? Protocols supported?Protocols supported? URL available?URL available? type of server scripts supported?type of server scripts supported? Site management tools?Site management tools? Databases supported?Databases supported?

Exercise for Next WeekExercise for Next Week

Search Google for web hostsSearch Google for web hosts How many available?How many available? How could you choose?How could you choose?

Use the following URL to compare web Use the following URL to compare web hosts and their offerings:hosts and their offerings: http://www.hostindex.com/voteresults.shtmhttp://www.hostindex.com/voteresults.shtm