360 likes | 518 Vues
Web Programming Course Sem IV MCA 2010-11. Dr. Ram P Rustagi rprustagi@pes.edu. Overview and Introduction. Objectives: Get high marks Knowledge growth Be a productive web developer Satisfying job prospects Approach Interactive Practice/assignment oriented Beyond the course contents
E N D
Web Programming CourseSem IV MCA 2010-11 Dr. Ram P Rustagi rprustagi@pes.edu
Overview and Introduction • Objectives: • Get high marks • Knowledge growth • Be a productive web developer • Satisfying job prospects • Approach • Interactive • Practice/assignment oriented • Beyond the course contents • Each one to have own web server/home page • Demonstrate all the learning • Discussion time • 3:30pm to 4:30pm • Attendance sheet • Lecture Notes (in Advance?) 2
Getting to Know • Myself • Networking and technology domain • 29+ years of applications and systems development • Students • Background • Expectations • Prerequisites • Programming aptitude • Regular work practice • Desirable • Knowledge of development/debug tools • Wireshark • HTML editors, WYSIWYG tools (Amaya) et al • Web server logs - access.log, error.log • TCP/IP, telnet, wget, netcat etc. • Linux exposure • In addition to MS windows 3
Introduction • Course Organization • Specified syllabus • Lab course • PHP, MySql • Others • Ruby, Rails • Content break up in excel File • On dept website • Modules (lecture hours) • Web Server, XHTML, CSS (14) • Javascript (5) • Dynamic documents using javascript (6) • XML(5) • Perl, CGI programming (9) • PHP (7) • Ruby, Rails (3) • Summary, revision (3) 4
References • Books • Robert Sebesta - Programming WWW • Deitel, Deitel: Internet & WWW, How to Program • O’Reilly Books • Head First series, Cookbooks etc. • Internet • ftp://ftp.awl.com/cseng/authors/sebesta/www6e/ • http://www.20thingsilearned.com • http://www.scientificamerican.com/article.cfm?id=long-live-the-web • RFC 1935 - What is Internet • RFC 3271 - Internet for Everyone : Vint Cerf • http://analytics.ncsu.edu/reports/www/www2010-cerf.pdf • Explore yourself 5
Web History • What is Internet • Multiple views • Place to stay in touch, read news, shop, emails • Youtube, google , yahoo. local service • Local broadband providers • Connectivity with other computers • History • Year 1974 • Started with few computers. Today ?? • DARPA funded • TCP/IP was defined • Protocol for communication among computers • Packets are exchanged • Hides differences among devices • Internet/Web in India 6
Web History... • BITNet, CSNet • Late 70s and early 80s • Email, FTP, etc • NSFNet - 1986 • Originally for non-DoD funded places • Initially 5 super computers • Replaced ARPANet by 1990 • Early 90s to all • Eventually became internet • Excluding some research part • Multitude of Protocols • Telnet, FTP, Usenet, SMTP, SNMP, Gopher 7
IP Addresses • IP Address Classes • Class A : 1.x.x.x to 126.x.x.x • Class B :128.x.x.x - 191.x.x.x • Class C: 192.x.x.x - 223.x.x.x • Class D(Multicast): 224.x.x.x - 239.x.x • Class E(Experimental) : 240.x.x.x • Public address for private use • 10.x.x.x, 172.16.x.x, 192.168.[0-255].x • Classes, Subnetting and CIDR • /8, /16, 24, /n • NAT (Network Address Translation), NAPT • IPv6 8
Evolution to Web • Solution to proliferation of multitude of protocols • Origins • Tim Berners-Lee at CERN • Purpose: Access to Scientific Work • Hypertext • Documents (Pages, Resources etc) • Hypermedia • More than Text (Images, Sound, etc.) • Protocol • HTTP, HTTPS 8
Internet and Web • Difference between Internet and Web • User friendly system • Speed of access • Available bandwidth • Between two end points • Enhanced by caching, proxies • Server capacity • Program execution • Browser capability • Embedded URLs • Images 10
Cloud Computing • Cloud computing • Moving data online • Beyond home/office PC, data centers, NOC • Service Models • Iaas, Paas, Saas • Vendors • Amazon, Google, SalesForce, et al • Private, Public clouds • Issues 11
Web Browsers and Servers • Browsers • NCSA - Mosaic • 1993, First GUI • Web explosion • Basically Clients • Initiate Requests • Document Access, Program Execution • Servers • Response to Requests • Connection Mgmt • 1+ request/response (HTTP 1.1) • Original (CERN), next NCSA • Current • Apache (leader), IIS • www.netcraft.com 10
Web Structure • End User • You as a person • Read the contents • Provides the inputs • Forms, clicks • Response time expectation • Browser • Renders the contents • Acts as interface between you and server • Server • Serves the contents • Receives and processes inputs 14
URI, URL, URN • URI • Classical view • Name: URN • Location: URL • Citation: URC • Contemporary view • Namespace • RFC 3505 • http://tools.ietf.org/html/rfc3305 • Schemes • http://www.iana.org/assignments/uri-schemes.html 15
Web Apps • What is web app? • Typically, smart programs focused on single tasks • Browser provides the interface • Just one version(latest) available • No worries for upgrade • Notorious software issues • Safer • Do not interfere with other tasks on your PC • Protection from virus, malware, etc. • Expected to be browser Agnostic • Reality ?? • Incompatibilities issues? • http://dowebsitesneedtolookexactlythesameineverybrowser.com/ 17
Web Programming Language • HTML • Tells browser to structure and present content • Basic building block for the web • Was simple for long time • Static page, links and images • Display after full page download • Web pages today • Concurrent display and downloading • Dynamic web pages • Map scrolling, game playing • Started with scripting language • Javascript • Different from JSP and Java • Real time interactive 18
Dynamic Web Pages • Partial page update • Maps, emails,video etc • Faster/responsive rendering • CSS • Easy, efficient way to define layout • Beautify web pages • Colors, borders, animation • Ajax • Combinations of • Javascript • XHR (XML HTTP Request) • CSS • Other web technologies 19
HTML5 • Latest version of HTML • Provides capabilities for next gen of online applications • Provides video support; <video> tag • Currently video is via plug-ins • Supports offline capabilities • Even when no internet connectivity • Drag and drop capabilities • Still evolving 20
Newer Applications • 3D graphics and animation • Hard to deliver in past • Lighting, shadows, reflection, real life textures • Requires lots and lots of data • Need more bandwidth • Need more computing power locally to render • Thus hard to deliver in past • Today • Have local computing power, high bandwidth • Still need better web technology • WebGL, 3D CSS • Plug-ins not needed • Share, collaborate and personalize 21
Browser Conundrums? • Old browsers • Vulnerable to attacks • Lacks security fixes and updates • Can lead to stolen passwords, malicious codes • Does not support newer upcoming applications • Need new browsers • Mozilla Firefox 3.6 • Apple Safari 5 • MS Internet Explorer 8 • Opera 10.6x • Google Chrome 7 • Check your browser • www.whatbrowser.org 22
Plug-Ins • Why • Early HTML limitations • E.g. video, animations • Interactivity • What it is • Additional software to process specific content • Example: • Adobe Flash Player • Operation • Independent full space within browser • Free to do whatever • Browser has no control • Makes PC vulnerable to attacks 23
Browser Extensions • Adds new features to browsers • Add-on buttons • Examples • Email notifier (runs in the background) • Units converter • Highlight, scribble notes • Implemented by adding more code • Initially, more like C/C++ • Today, HTML, javascript, CSS etc 24
Browser Synchronization • Synchronization • Information to be saved • Bookmarks • Extensions • Preferences • Chrome • Via google account • Firefox • Enables usage across multiple computers • Information saved on cloud 25
Cookies • What it is • Small text sent by website to browser • Not portable across browser on same PC • Keeps information about your website visit • Past interaction • Shopping cart information • Online advertising • Advts catering to user interest ? • ?? username/passwords • Makes interaction more personalized • Types of cookies • Session cookies • Permanent cookies • Browser provides control to manage cookies 26
Web Privacy and Security • Analogy to your home • Security: bolts, locks, alarms • Privacy: curtains, blinds, sunscreens • Browser privacy • Control over browsing data stored on shared PC • Password storage • Browsing history • "Privacy" / "incognito" mode • e.g. on chrome • Once closed, no history is available • Conflicting requirement with efficiency 27
Web Privacy and Security... • Communication security issues • Privacy • Integrity • Authentication • Non-repudiation • Basic support tool • Encryption • Encryption keys • Same key • Receiving a big issue for receiver • Public/private key • By Diffie and Hellman, 1976 • One (public) key to encrypt, other (private) key to decrypt • Virtually impossible to derive one key from other 28
Web Privacy and Security... • Security Issues • RSA most widely used algorithm • Rivest, Shamir, dAleman - 1978 • Involves 3 steps • Key generation, Data encryption, Data decryption • Key generation • Take two distinct prime numbers p, q • Compute n = pq • Compute φ(n) = (p − 1)(q − 1) • Choose e such that 1<e<φ(n), and gcd(e, φ(n)) = 1 • Compute d=e−1(mod φ(n)) i.e. de = 1 (mod φ(n)) • e,d is public,private key pair. 29
Key Generation Example • Two prime number • p = 61 and q = 53 • Compute n • n = 61*53 = 3233 • Compute φ(n) = (p − 1)(q − 1) • φ(3233) = (61 − 1)(53 − 1) = 3120 • Choose e • Let e = 17 (co-prime to 3120 i.e. Not a divisor of 3120) • Compute d = e− 1(mod φ(n)) i.e. ed = 1 (mod φ(n)) • d is 2753 • Exercise: Find another d and e • source: http://en.wikipedia.org/wiki/RSA 30
Browser Security • Security Risks • Malware • Software installed on your PC w/o knowledge • Example • Antivirus software (actually a virus itself) • Once installed, difficult to remove • Steals personal info - passwords, credit cards • Phising • Masquerade as someone else • Fake website • Tricking personal information • My first experience: • Login screen on dept unix systems 31
Protection • Up to date browsers • Maintains list of phising sites • Warns when it detects malafide info • Checks and update new fixes/patches • Automatic/on-demand • Sandbox protection • prevents interaction with local system • e.g. Installing software on PC 32
HTTPS Sites • Verify certificates • Verifies what you say you are • Hostname • Validity period • Issuing authority • Analogy • Driving license • Valid if issued by govt • Invalid if issued by unknown (e.g. myself) • Certificate issuing authorities • Verisign, Thawte, GoDaddy, ... 33
Web Working • What happens when URL is invoked • DNS server role • Proxy server roles • Role of caching • Role of cookies • GUI browsers • IE, Firefox, Opera, Safari, Chrome • Browsers on Phone • Non-GUI Browsers • Voice browsers • URLs • scheme hostname path 34
Evolution to Next Stage • HTML5, CSS3, WebGL • <video> tag • Faster javascript processing engine • pre DNS resolution • Pre-fetch of links to be clicked • Superior video compress • WebM - standard under development • Expectation: • Clicking should be as fast as flipping a book page 35
Helper tools • wireshark • www.wireshark.org • Provides full details on what transpired • Very helpful debug tool • wget • Netcat (or nc) • telnet • View source in browser • Log analyzers • Access logs, error logs 36