Free Second Assignment of Web Application-For Aima Student

Posted by Praveen Gagan

FREE ASSIGNMENT OF PHP for AIMA STUDENT


SECTION A

1. (a)    Explain  the role of Web browser and Web server while using the web application at user end .         

 ANSWER 1(a)

 Web Browser And Web Server

 WEB BROWSER

 Web browsers, often referred to just as browsers, are software applications used to locate and display Web pages on the World Wide Web. While this is the most popular usage, browsers can also be used to access and view content  on a private or local network as well.  Most, but not all browsers are  graphical browsers, which means that they can display graphics as well as text. In addition, most modern browsers can present multimedia information, including sound and video, though they require plug-ins for some formats. For the purpose of this article, we'll be focusing on how browsers work to access the World Wide Web.

 

How Web Browsers Work

The World Wide Web is a system of Internet servers that support specially formatted documents. AWeb browsers are used to make it easy to access the World Wide Web.  Browsers are able to display Web pages largely in part to an underlying Web protocol called HyperText Transfer Protocol (HTTP). HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. It is what allows Web clients and Web servers to communicate with each other. When you enter a Web address (URL) in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page and display the information in your browser. All Web servers serving Web sites and pages support the HTTP protocol.

 

Example: The URL to reach the definition of browser is: http://www.praveengagan.com/about.html

 

Once you enter the URL "http://www.praveengagan.com/about.html" into your address line, the browser breaks that Web address down into three distinct parts.

 

The Protocol: "http"

The server name: "www.praveengagan.com"

The file name, which follows the server name: "about.html"

In order for your browser to actually connect to the Web server to retrieve the information you request, it communicates with a name server to translate the server name into an IP address. Your Web browser is then able to connect to the Web server at the resolved IP address on port 80. Once your browser has connected to the Web server using HTTP, the browser then reads the HyperText Markup Language (HTML), the authoring language used to create documents on the World Wide Web, and the data is then displayed in your Web browser.

 

Most Popular Web Browsers

A Web browser is actually a software application which runs on your Internet-connected computer. It allows you to view Web pages, as well as utilize other content and technologies such as video, graphics files, and digital certificates, to name a few. Some browsers will translate only text while others do support graphics and animation. Web browsers are not all created equal, and Web pages also will not be displayed the same in different browsers.

 

 

WEB SERVER

 

Web servers are computers on the internet that host websites, serving pages to viewers upon request. This service is referred to as web hosting.

 

Every web server has a unique address so that other computers connected to the internet know where to find it on the vast network. The IP (Internet Protocol) address looks something like this: 192.168.1.1.

 

Web hosts rent out space on their web servers to people or businesses to set up their own websites. The web server allocates a unique website address to each website it hosts.

 

When you connect to the internet, your personal computer also receives a unique IP address assigned by your ISP (internet service provider). This address identifies your computer's location on the network. When you click on a link to visit a website, like www.praveengagan.com, your browser sends out a request to the IP address. This request includes return information and functions like a postal letter sent across town, but in this case the information is transferred across a network.

 

When your request reaches its destination, the web server that hosts website sends the page in HTML code to your IP address. This return communiqué travels back through the network. Your computer receives the code and your browser interprets the HTML code then displays the page for you in graphic form.

 

The more powerful the server, the faster it can serve up website pages. Slower, smaller servers may result in frustrating lag time for viewers. High traffic can also slow servers that are not powerful enough to handle high volumes of data exchange. This lag time should be a concern if you are shopping for a web host. Most web hosts have a page dedicated to sharing technical information about their web server, including speed, capacity, network configuration and other details.

 

In theory, web servers stay connected to the Internet 24/7, 365 days a year. In truth they experience occasional downtime due to maintenance and technical problems. Web servers with consistent records of an uptime of 99.5% or better are considered reliable. 


 

(b)        In context of designing Web-application how you do session management for user application.

 

Answer 1 (b)

 

Session management for user application.

 

The stateless nature of HTTP requires organisations and solution developers to find other methods of uniquely tracking a visitor through a web-base application. Various methods of managing a visitor’s session have been proposed and used, but the most popular method is through the use of unique session IDs. Unfortunately, in too many cases organisations have incorrectly applied session ID management techniques that have left their “secure” application open to abuse and possible hijacking. This document reviews the common assumptions and flaws organisations have made and proposes methods to make their session management more secure and robust.

 

Session management

  • Applications maintain state
  • Distributed applications may maintain state in each distributed component
  • Web applications are expected to maintain state
  • Typical Web application: shopping cart, where the server is expected to keep a list of items in the cart, and present this list on demand
  • Web support for state is poor

Stateful server

In a client-server application, the server may keep state information.



Stateless server

In a client-server application, the server may be stateless, with the client keeping state



 

Taking the Example of Web Application [As According to the Question]

Web Applications

  • State must be maintained across CGI applications
  • Requires the browser to maintain state information
  • The browser cannot keep all of the server state - typically it keeps and returns a key for the server
  • The key should not contain sensitive information such as credit card numbers


 

2. (a)    Define SQL with examples. Discussed different level of SQL attacks while extracting data from the from the database 

 

ANSWER 2(a)

 

SQL is short for Structured Query Language and is a widely used database language, providing means of data manipulation (store, retrieve, update, delete) and database creation.

Almost all modern Relational Database Management Systems like MS SQL Server, Microsoft Access, MSDE, Oracle, DB2, Sybase, MySQL, Postgres and Informix use SQL as standard database language. Now a word of warning here, although all those RDBMS use SQL, they use different SQL dialects. For example MS SQL Server specific version of the SQL is called T-SQL, Oracle version of SQL is called PL/SQL, MS Access version of SQL is called JET SQL, etc.

SQL works with relational databases. A relational database stores data in tables (relations). A database is a collection of tables.

EXAMPLE—A table consists a list of records - each record in a table has the same structure, each has a fixed number of "fields" of a given type.

CIATable

name

region

area

population

gdp

India

Asia

527970

14728474

23400000000

Zaire

Africa

2345410

44060636

18800000000

Zambia

Africa

752610

9445723

7900000000

Zimbabwe

Africa

390580

11139961

17400000000

In CIATABLE each record is a row representing a country. There are five fields some fields are of type string, some are of type integer.

Eg1  This simple query shows the population and GDP of India

SQL for this:

SELECT population, gdp FROM ciaTable WHERE name='India'

Result:    14728474    2340000000

 

SQL also has commands to create tables, to add records, to delete records and to change the value of fields of existing records; you can specify read and write permissions for other users; you can commit and roll back transactions; you can add and delete fields from existing tables, specify indexes and create view

 

 

 

(b)         Define regular expressions. How regular expressions are used for searching utilities for web applications.

 

Answer 2 (b)

 

DEFINITION

A regular expression (sometimes abbreviated to "regex") is a way for a computer user or programmer to express how a computer program should look for a specified pattern in textand then what the program is to do when each pattern match is found. For example, a regular expression could tell a program to search for all text lines that contain the word "Windows 95" and then to print out each line in which a match is found or substitute another text sequence (for example, just "Windows") where any match occurs.

 

Search & Replace has extensive support for Regular Expressions for advanced search &/or replace, where the search string follows a rule and is not always exactly the same. Regular Expressions use "special character operators," which are symbols that control the search, and "an expression," which is a combination of characters and operators that specifies a pattern. Regular Expressions can be used in replacements, they can be case sensitive, and they can use Binary Characters or special operators such as Counters, Insert Path & File Name, & environment variables.

 

Example of REGEX [*] for search utilities for web application

 

Operator

Description

*

Matches zero or more expressions enclosed in ( ) or [ ]* may be used by itself, although it is intended to be used around strings. If the * operator is entered alone it will match all characters from the start of the line to the end of the line. You can match characters between two or more strings up to the maximum regular expression size by specifying a range after the * operator. Entering several expressions in a row containing * should be done carefully to avoid overlapping matches which may produce unpredictable results.

      

*(is) will match zero or more strings such as: is, crisis

Windows *[0-9] will match Windows 95
 

This operator can also be used to match all characters between two strings, e.g.,

Win*95 will match Windows 1995Win 95Windows 95

*(is) will match zero or more strings such as: isisis
 

Note: Using the * operator at the beginning of the line will match all characters from the start of the line and at the end, to the end of the line. You can match characters between two or more strings up to 32767 characters (32K) apart by specifying a range after the * operator, e.g.,

Windows*[]95 will match up to 32767 characters (on several lines) between Windows and 95

Windows*[\0-ÿ] will also accomplish the same match (older syntax)
 

Note: When * is combined with a numeric range and the %n> or %n>starting value> replacement operators, the search expression above, Windows *[0-9], would be part of a Regular Expression Counter Operation.

 

 

 

 

 

 

 

 

3. (a)    Discuss in details the role of cookies and session management in Web application   . 

 

ANSWER 3 (a)  

 

Cookies

  • Cookie are passed at the HTTP layer
  • HTTP format is Set-Cookie: cookie-value
  • Cookies are sent from the server to browser and returned from browser to server
  • Cookies have
    • a lifetime
    • a domain
    • a flag to return on secure or non-secure channels

Passing cookies from server to browser

  • Cookies will be passed on the wire in the HTTP header
  • Cookies may be passed from an HTML document to the HTTP layer by

·                ...

·               HTTP-EQUIV="Set-Cookie: ..."

·               

     

  • Cookies may be passed in a Perl CGI object by e.g.

·               $cookie = $query->cookie(-name=>'sessionID',

·                                           -value=>'xyzzy',

·                                           -expires=>'+1h',

·                                           -path=>'/cgi-bin/database',

·                                           -domain=>'.capricorn.org',

·                                           -secure=>1);

     

  •  

Retrieving cookie from browser

  • The cookie value can be retrieved by e.g. Perl code

·               $cookie = $query->cookie(name=>'sessionID');

     

Problems with cookies

  • Some users turn off cookies for privacy reasons
  • Cookies expire after a while

 

 

 

 

(b)        List out various advantages using XML for developing Web application over other Web applications Languages.

 

ANSWER 3 (b)

 

XML's set of tools allows developers to create web pages - and much more. XML allows developers to set standards defining the information that should appear in a document, and in what sequence. XML, in combination with other standards, makes it possible to define the content of a document separately from its formatting, making it easy to reuse that content in other applications or for other presentation environments. Most important, XML provides a basic syntax that can be used to share information between different kinds of computers, different applications, and different organizations without needing to pass through many layers of conversion.

Web developers are the initial target audience, but database developers, document managers, desktop publishers, programmers, scientists, and other academics are all getting involved. XML provides a simple format that is flexible enough to accommodate wildly diverse needs. Even developers performing tasks on different types of applications with different interfaces and different data structures can share XML formats and tools for parsing those formats into data structures that applications can use. XML offers its users many advantages, including:

  • Simplicity
  • Extensibility
  • Interoperability
  • Openness
  • A core of experienced professionals

Advantages of XML

Uses of XML

XML has a variety of uses, including:

  • Web publishing: XML allows you to create interactive pages, allows the customer to customize those pages, and makes creating e-commerce applications more intuitive. With XML, you store the data once and then render that content for different viewers or devices based on style sheet processing using an XSL/XSLT processor.
  • Web searching and automating Web tasks: XML defines the type of information contained in a document, making it easier to return useful results when searching the Web:
    • For example, using HTML to search for books authored by Tom Wolf is likely to return instances of the term 'wolf' outside of the context of author. Using XML restricts the search to the proper context (say, the information contained in the tag) and returns only the desired type of information. Using XML, Web agents and robots (programs that automate Web searches or other tasks) will be more efficient and produce more useful results.
  • General applications: XML provides a standard method to access information, making it easier for applications and devices of all kinds to use, store, transmit, and display data.
  • e-business applications: XML implementations make electronic data interchange (EDI) more accessible for information interchange, business-to-business transactions, and business-to-consumer transactions.
  • Metadata applications: XML makes is easier to express metadata (Unified Modeling Language design models or user interface properties, for example) in a portable, reusable format.
  • Pervasive computing: XML provides portable and structured information types for display on pervasive (wireless) computing devices such as PDAs, cellular phones, and others.
    • For example, WML (Wireless Markup Language) and VoiceXML are currently evolving standards for describing visual and speech-driven wireless device interface


Q3. (a) Discuss in details the role of cookies and session management in Web application   .     
Q3 Answer (a)

Cookies Management

Cookies are often used to store application state in a web browser. As with data sent with the GET or POST methods, cookies are sent with HTTP requests made by a browser. A cookie is a named piece of information that is stored in a web browser. A browser can create a cookie using JavaScript, but a cookie is usually sent from the web server to the client in the Set-Cookie header field as part of an HTTP response. Consider an example HTTP response:

HTTP/1.0 200
Content-Length: 1276
Content-Type: text/html
Date: Tue, 06 Nov 2001 04:12:49 GMT
Expires: Tue, 06 Nov 2001 04:12:59 GMT
Server: simwebs/3.1.6
Set-Cookie: animal=egg-laying-mammal
 
...
The web browser that receives this response remembers the cookie and includes it as the header field Cookie in subsequent HTTP requests to the same web server. For example, if a browser receives the response just shown, a subsequent request has the following format:

GET /duck/bill.php HTTP/1.0
Connection: Keep-Alive
Cookie: animal=egg-laying-mammal
Host: www.hellophp.com
Referer: http://www.hellophp.com/

Example: Setting a cookie using PHP

 
// See if the HTTP request has set $count as the 
// result of a Cookie called "count"
if(!isset($count)) {
 // No cookie called count, set the counter to zero  
 $count = 0;
 
 // .. and set a cookie with the "start" time
 // of this stateful interaction
 $start = time(  );
 setcookie("start", $start, time(  )+600, "/", "", 0);
 
} else {
 $count++;
}
 
// Set a cookie "count" with the current value
setcookie("count", $count, time(  )+600, "/", "", 0);
 
?>
 
 
 

This page comes with cookies: Enjoy! 

 
count = .
 
start = .
 

This session has lasted 

 
 $duration = time(  ) - $start; 
 echo "$duration"; 
 ?> 
 seconds.
 



Session Management in PHP

Session management is one of the features that sets PHP apart from other languages which happen to be used on the web. It is easy enough to understand how to use $_SESSION, but many programmers seem to learn how to use it and nothing more.

$_SESSION serves a single, useful purpose. It makes variables available across multiple pageviews. It can keep objects across multiple pages. The best comparison to it I can think of is a plain-old Module in Visual Basic versions 1-6. There’s only one instance of $_SESSION per visitor. It can store practically anything. It’s almost always available. And it’s generally much more convenient than dumping data to hidden variables on a page.

During PHP version 3’s lifetime, SESSION took some work to use. Since the superglobal variable $_SESSION was not available, you worked with normal variables but called a special function to make them into session variables. PHP version 4.2 was the revision which effectively mandated holding session variables in the $_SESSION superglobal array. Depending on the server’s configuration, it may or may not be necessary to call session_start(). Most well formed code will explicitly call it, and it’s practically required if you’re using any kind of user-defined classes. But let’s start more basically:

session_start();
if (array_key_exists ("counter", $_SESSION)) {
$_SESSION["counter"]++;
} else {
$_SESSION["counter"] = 0;
}

This code establishes a variable called counter and increments each starting on the second and subsequent visits to pages which contain it. But how does it work?

Assuming your visitor allows cookies, session_start grabs the session ID from a cookie which is managed by PHP. It then looks up a session data file in a temporary directory by that ID. It reads in that data and populates the array. It also arranges to send a cookie back out to refer back to that session data. As your script runs, it mutilates the $_SESSION array. Finally, when your script finishes, it writes the contents of the array back out to the temporary file.




Q3 (b) List out various advantages using XML for developing Web application over other Web applications Languages.
Answer 3 (b)

Advantages of XML

It supports Unicode, allowing almost any information in any written human language to be communicated.
It can represent common computer science data structures: records, lists and trees.
Its self-documenting format describes structure and field names as well as specific values.
The strict syntax and parsing requirements make the necessary parsing algorithms extremely simple, efficient, and consistent.
XML is heavily used as a format for document storage and processing, both online and offline.
It is based on international standards.
It can be updated incrementally.
It allows validation using schema languages such as XSD and Schematron, which makes effective unit-testing, firewalls, acceptance testing, contractual specification and software construction easier.
The hierarchical structure is suitable for most (but not all) types of documents.
It is platform-independent, thus relatively immune to changes in technology.
Forward and backward compatibility are relatively easy to maintain despite changes in DTD or Schema.
Its predecessor, SGML, has been in use since 1986, so there is extensive experience and software available.



4. (a) Discussed following:-
(a) Shopping cart application
(b) Blogging engine application    

Answer 4 (a)

Shopping Cart Application

What is a shopping cart? 

In a basic definition, it's a series of scripts that keep track of items a visitor picks to buy from your site until they proceed to the "checkout". 

A popular misconception is that shopping carts handle the whole financial transaction, but they only really act as a front end which passes information via a secure connection (another service) to a payment gateway - a separate service altogether. 

The payment gateway service then channels the requests and transfers throughout relevant financial networks, including the Internet merchant account with your bank. It then sends back confirmation or denial back to the shopping cart software. For further information on the "back-end" aspects of ecommerce; read our guide to payment gateways and merchant accounts.

The good news is that there are literally hundreds of shopping cart packages available. The bad news is the same as the good. Sometimes, too many choices make it very difficult to make a decision - especially when all companies claim to have the superior product. After having worked with or examined over a hundred different shopping cart applications over the years.


Answer 4 (b)

Blogging Engine Application


While often regarded as a platform for people to share their personal stories, a blog can also be used to tell the story of an organization. Whether showcasing your work, offering behind-the-scenes glimpse into your nonprofit, highlighting the people you serve, or advocating a particular point of view, a blog can be a powerful — and influential — communication and public-relations tool for your organization.

So how do you create a blog? Let's say that you've already spent time reading other blogs and articles on how to successfully maintain and promote your blog. (More Resources at the end of this article will help you get started.) You've defined your goals, your target audience, and the type of content you’ll provide. Your next challenge is to pick the blogging tool that offers the right features for you.

There are a number of good blogging tools, but choosing among them can be confusing. In this report, we’ll take a detailed look at the top blogging tools out there and outline key considerations for selecting a blogging platform, including the skills required to set it up; the ease with which you can post to it; whether you can upload images, video, or audio to it; its ability to moderate comments and prevent spam; how closely you can tailor its design to match the look and feel of your organization’s Web site and other collateral; and tools you can use to track who’s reading it..

Features and Functions

Blogging tools are designed to be easy to use. They generally don’t provide all the advanced features of a complex content management system, but rather do one task — publishing a blog — very well. To this end, they can help you:

Create posts. Since the purpose of a blog is to be able to post new text or information to the site frequently, creating posts should be quick and easy.
Upload pictures and multimedia. Many blogs go beyond text to include photos, video, or audio.
Display posts to visitors. A blogging platform can make it easy for readers to view your posts and to comment on them.
Moderate. While it's typical to allow visitors to post comments to a blog, different platforms provide varying levels of help to weed out inappropriate contributions.
Publish RSS feeds. RSS feeds allow more Internet-savvy users to subscribe to your blog.
Configure the appearance and layout. Tools vary widely in the degree to which they allow you to configure your blog, and the methods they offer to do this.
Find support. Not every blogging tool offers the same degree of support: while some offer personalized assistance, others have forums where you can find answers to your questions.
Host your blog. While some blogging software lives on your own server, others are hosted by the vendor.
Get stats on your blog. Reporting features will help you see how many people are visiting your blog, and which posts are most popular.




SECTION B

CASE STUDY



ANSWER REGARDING CASE STUDY


Three Tier Architecture
Three tier client server architecture is also known as multi-tier architecture and signals the introduction of a middle tier to mediate between clients and servers. The middle tier exists between the user interface on the client side and database management system (DBMS) on the server side. This third layer executes process management, which includes implementation of business logic and rules. The three tier models can accommodate hundreds of users. It hides the complexity of process distribution from the user, while being able to complete complex tasks through message queuing, application implementation, and data staging or the storage of data before being uploaded to the data warehouse.

Sponsored Links


As in two tiered architectures, the top level is the user system interface (client) and the bottom level is performs database management. The database management level ensures data consistency by using features like data locking and replication. Data locking is also referred to as file or record locking. This is a first-come, first-serve DBMS feature used to manage data and updates in a multi-user environment. The first user to access a file or record denies any other user access or “locks it”. It opens up again and becomes accessible to other users once the update is complete.

The middle tier is also called the application server. It contains a centralized processing logic, which facilitates management and administration. Localizing system functionality in the middle tier makes it possible for processing changes and updates to be made once and be distributed throughout the network available to both clients and servers. Sometimes the middle tier is divided into two or more units with different functions. This makes it a multi-layer model.

For example, in web applications, the client side is usually written in HTML meanwhile the application servers are usually written in C++ or Java. By using a scripting language embedded in HTML, web servers act as translation layers that allow for communication between the client and server layers.

This layer receives requests from clients and generates HTML responses after requesting it from database servers. Popular scripting languages include JavaScript, ASP (Active Server Page), JSP (JavaScript Pages), PHP (Hypertext Preprocessor), Perl (Practical Extraction and Reporting Language), and Python. One of the major benefits of three tier architecture is the ability to partition software and “drag and drop” modules onto different computers in a network.

Types of Three Tier Architecture
On of the most basic ways of configuring the middle layer in three tier architecture is through TP (transaction process) monitoring. Here, the middle layer takes care of processing through a system of prioritizing messages, queuing messages, scheduling transactions. This allows the user to connect to the TP monitor and then work on other things while the TP monitor manages the transaction until it is complete. TP monitoring allows multiple DBMSs to be updated in a single transaction. It also provides connectivity to a variety of data sources and can attach priorities to transactions.

Messaging servers also provide a middle layer in three tier client-server architectures. They also prioritize messages. The messages contain priority information, addresses and identification numbers to locate requested data on relational DBMSs and other data sources. However, in this context, the intelligent information is found in the content of the message and headings. In TP monitors, intelligence is located in the monitor itself.

In three tier application server architecture, most application functions run on a shared host. This makes them more secure and scalable since it lessens the burden of software placed on the client-side. Application servers are also less expensive to install since it is installed on a single server and not on every desktop in the network.

ORB (Object Request Broker) architecture in a three tiered model increases interoperability. Technologies like CORBA (Common Object Request Broker Architecture) and COM/DCOM (Common Object Model/Distributed Common Object Model) support distributed objects and allow requests to be processed across platforms and across programming languages.

Finally, distributed/collaborative enterprise architecture is based on ORB, but advances CORBA. Developed in 1993, it shares and reuses not just objects, but also business models on an enterprise-wide scale. Enterprise, here, refers to as an organization’s multiple business systems that must all work together. Distributed/collaborative enterprise architecture increases flexibility and efficiency operationally. The limitations of this model include a lack of commercial object-oriented analysis and design tools to work with applications.

| Labels: , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

News Mania - Delhi

Loading...

News Update- by click on below keywords

Loading...