1 web programming course sem iv mca 2010-11 dr. ram p rustagi [email protected]
TRANSCRIPT
2
Overview and Introduction• Objectives:
o Get high markso Knowledge growtho Be a productive web developer
Satisfying job prospects
• Approacho Interactiveo Practice/assignment orientedo Beyond the course contentso Each one to have own web server/home page
Demonstrate all the learningo Discussion time
3:30pm to 4:30pmo Attendance sheeto Lecture Notes (in Advance?)
2
3
Getting to Know • Myself
o Networking and technology domaino 29+ years of applications and systems development
• Studentso Backgroundo Expectations
• Prerequisiteso Programming aptitudeo Regular work practice
• Desirableo Knowledge of development/debug tools
o Wiresharko HTML editors, WYSIWYG tools (Amaya) et alo Web server logs - access.log, error.logo TCP/IP, telnet, wget, netcat etc.
o Linux exposure In addition to MS windows
3
4
Introduction• Course Organization
• Specified syllabus• Lab course
• PHP, MySql• Others
» Ruby, Railso Content break up in excel File
On dept website• Modules (lecture hours)
o Web Server, XHTML, CSS (14)o Javascript (5)o Dynamic documents using javascript (6)o XML(5)o Perl, CGI programming (9)o PHP (7)o Ruby, Rails (3)o Summary, revision (3)
4
5
References• Books
o Robert Sebesta - Programming WWWo Deitel, Deitel: Internet & WWW, How to Programo O’Reilly Books
o Head First series, Cookbooks etc.• Internet
• ftp://ftp.awl.com/cseng/authors/sebesta/www6e/o http://www.20thingsilearned.como http://www.scientificamerican.com/article.cfm?id=long-live-the-
webo RFC 1935 - What is Interneto RFC 3271 - Internet for Everyone : Vint Cerfo http://analytics.ncsu.edu/reports/www/www2010-cerf.pdfo Explore yourself
5
6
Web History• What is Internet
o Multiple views o Place to stay in touch, read news, shop, emails
Youtube, google , yahoo. local serviceo Local broadband providerso Connectivity with other computers
• Historyo Year 1974o Started with few computers. Today ??o DARPA fundedo TCP/IP was defined
Protocol for communication among computers Packets are exchanged Hides differences among devices
• Internet/Web in India
6
7
Web History...• BITNet, CSNet
– Late 70s and early 80s
– Email, FTP, etc
• NSFNet - 1986– Originally for non-DoD funded places
– Initially 5 super computers
– Replaced ARPANet by 1990
– Early 90s to all
– Eventually became internet• Excluding some research part
• Multitude of Protocols– Telnet, FTP, Usenet, SMTP, SNMP, Gopher
7
8
IP Addresses• IP Address Classes
– Class A : 1.x.x.x to 126.x.x.x
– Class B :128.x.x.x - 191.x.x.x
– Class C: 192.x.x.x - 223.x.x.x
– Class D(Multicast): 224.x.x.x - 239.x.x
– Class E(Experimental) : 240.x.x.x
• Public address for private use
– 10.x.x.x, 172.16.x.x, 192.168.[0-255].x
• Classes, Subnetting and CIDR
– /8, /16, 24, /n
• NAT (Network Address Translation), NAPT
• IPv6
8
9
Evolution to Web
• Solution to proliferation of multitude of protocols
• Origins
– Tim Berners-Lee at CERN
– Purpose: Access to Scientific Work
– Hypertext• Documents (Pages, Resources etc)
– Hypermedia• More than Text (Images, Sound, etc.)
– Protocol• HTTP, HTTPS
8
10
Internet and Web
• Difference between Internet and Web• User friendly system• Speed of access
o Available bandwidth Between two end points Enhanced by caching, proxies
o Server capacityoProgram execution
o Browser capabilityo Embedded URLs
o Images
10
11
Cloud Computing
• Cloud computingo Moving data online
Beyond home/office PC, data centers, NOCo Service Models
o Iaas, Paas, Saaso Vendors
oAmazon, Google, SalesForce, et aloPrivate, Public clouds
o Issues
11
12
Web Browsers and Servers• Browsers
– NCSA - Mosaic• 1993, First GUI• Web explosion
– Basically Clients• Initiate Requests
– Document Access, Program Execution• Servers
– Response to Requests– Connection Mgmt
• 1+ request/response (HTTP 1.1)– Original (CERN), next NCSA– Current
– Apache (leader), IIS• www.netcraft.com
10
13
Web Server Market Share
14
Web Structure
• End Usero You as a persono Read the contentso Provides the inputs
o Forms, clickso Response time expectation
• Browsero Renders the contentso Acts as interface between you and server
• Servero Serves the contentso Receives and processes inputs
14
15
URI, URL, URN• URI
– Classical view• Name: URN• Location: URL• Citation: URC
– Contemporary view• Namespace
– RFC 3505• http://tools.ietf.org/html/rfc3305
– Schemes• http://www.iana.org/assignments/uri-schemes.html
15
17
Web Apps
• What is web app?o Typically, smart programs focused on single taskso Browser provides the interfaceo Just one version(latest) available
No worries for upgrade Notorious software issues
o Safer Do not interfere with other tasks on your PC Protection from virus, malware, etc.
o Expected to be browser Agnostic Reality ?? Incompatibilities issues?
• http://dowebsitesneedtolookexactlythesameineverybrowser.com/
17
18
Web Programming Language
• HTMLo Tells browser to structure and present contento Basic building block for the webo Was simple for long time
Static page, links and images Display after full page download
• Web pages todayo Concurrent display and downloading o Dynamic web pages
Map scrolling, game playing Started with scripting language
Javascript Different from JSP and Java
Real time interactive18
19
Dynamic Web Pages
• Partial page updateo Maps, emails,video etco Faster/responsive rendering
• CSSo Easy, efficient way to define layout o Beautify web pages
Colors, borders, animation• Ajax
o Combinations of Javascript XHR (XML HTTP Request) CSS Other web technologies
19
20
HTML5
• Latest version of HTMLo Provides capabilities for next gen of online applicationso Provides video support; <video> tag
Currently video is via plug-ins o Supports offline capabilities
Even when no internet connectivityo Drag and drop capabilitieso Still evolving o
20
21
Newer Applications• 3D graphics and animation
o Hard to deliver in past Lighting, shadows, reflection, real life textures Requires lots and lots of data Need more bandwidth Need more computing power locally to render Thus hard to deliver in past
o Today Have local computing power, high bandwidth Still need better web technology
WebGL, 3D CSS Plug-ins not needed
• Share, collaborate and personalize
21
22
Browser Conundrums?• Old browsers
o Vulnerable to attackso Lacks security fixes and updates o Can lead to stolen passwords, malicious codeso Does not support newer upcoming applications
• Need new browserso Mozilla Firefox 3.6o Apple Safari 5o MS Internet Explorer 8o Opera 10.6xo Google Chrome 7o Check your browser
www.whatbrowser.org
22
23
Plug-Ins
• Whyo Early HTML limitations
E.g. video, animations Interactivity
• What it iso Additional software to process specific contento Example:
Adobe Flash Player• Operation
o Independent full space within browsero Free to do whatever
Browser has no controlo Makes PC vulnerable to attacks
23
24
Browser Extensions
• Adds new features to browserso Add-on buttonso Examples
Email notifier (runs in the background) Units converter Highlight, scribble notes
o Implemented by adding more code Initially, more like C/C++ Today, HTML, javascript, CSS etc
24
25
Browser Synchronization
• Synchronizationo Information to be saved
Bookmarks Extensions Preferences
o Chrome Via google account
o Firefox o Enables usage across multiple computerso Information saved on cloud
25
26
Cookies
• What it iso Small text sent by website to browser
Not portable across browser on same PCo Keeps information about your website visit
Past interaction Shopping cart information Online advertising Advts catering to user interest ? ?? username/passwords
o Makes interaction more personalized• Types of cookies
o Session cookieso Permanent cookies
• Browser provides control to manage cookies
26
27
Web Privacy and Security
• Analogy to your homeo Security: bolts, locks, alarmso Privacy: curtains, blinds, sunscreens
• Browser privacyo Control over browsing data stored on shared PC o Password storageo Browsing historyo "Privacy" / "incognito" mode
e.g. on chrome Once closed, no history is available
o Conflicting requirement with efficiency
27
28
Web Privacy and Security...
• Communication security issues• Privacy• Integrity• Authentication• Non-repudiation
• Basic support tool• Encryption
• Encryption keys• Same key
– Receiving a big issue for receiver
– Public/private key» By Diffie and Hellman, 1976
– One (public) key to encrypt, other (private) key to decrypt– Virtually impossible to derive one key from other
28
29
Web Privacy and Security...
• Security Issues– RSA most widely used algorithm
• Rivest, Shamir, dAleman - 1978
– Involves 3 steps• Key generation, Data encryption, Data decryption
– Key generation• Take two distinct prime numbers p, q• Compute n = pq• Compute φ(n) = (p − 1)(q − 1)• Choose e such that 1<e<φ(n), and gcd(e, φ(n)) = 1• Compute d=e−1(mod φ(n)) i.e. de = 1 (mod φ(n))
– e,d is public,private key pair.
29
30
Key Generation Example
– Two prime number• p = 61 and q = 53
– Compute n• n = 61*53 = 3233
– Compute φ(n) = (p − 1)(q − 1)• φ(3233) = (61 − 1)(53 − 1) = 3120
– Choose e• Let e = 17 (co-prime to 3120 i.e. Not a divisor of 3120)
– Compute d = e − 1(mod φ(n)) i.e. ed = 1 (mod φ(n))• d is 2753
• Exercise: Find another d and e• source: http://en.wikipedia.org/wiki/RSA
30
31
Browser Security
• Security Riskso Malware
Software installed on your PC w/o knowledge Example
Antivirus software (actually a virus itself) Once installed, difficult to remove Steals personal info - passwords, credit cards
o Phising Masquerade as someone else Fake website
Tricking personal information My first experience:
» Login screen on dept unix systems
31
32
Protection
• Up to date browserso Maintains list of phising siteso Warns when it detects malafide infoo Checks and update new fixes/patches
Automatic/on-demando Sandbox protection
prevents interaction with local system e.g. Installing software on PC
32
33
HTTPS Sites
• Verify certificates• Verifies what you say you areoHostnameoValidity periodo Issuing authority
• AnalogyoDriving license Valid if issued by govt Invalid if issued by unknown (e.g. myself)
• Certificate issuing authorities• Verisign, Thawte, GoDaddy, ...
33
34
Web Working
• What happens when URL is invoked o DNS server roleo Proxy server roleso Role of cachingo Role of cookies
• GUI browserso IE, Firefox, Opera, Safari, Chromeo Browsers on Phone
• Non-GUI Browserso Voice browsers
• URLso scheme hostname path
34
35
Evolution to Next Stage
• HTML5, CSS3, WebGL• <video> tag• Faster javascript processing engine• pre DNS resolution• Pre-fetch of links to be clicked • Superior video compress
o WebM - standard under development• Expectation:
o Clicking should be as fast as flipping a book page
35
36
Helper tools
• wiresharko www.wireshark.orgo Provides full details on what transpiredo Very helpful debug tool
o wgeto Netcat (or nc)o telnet• View source in browser• Log analyzers
• Access logs, error logs
36