Introduction
Introduction
to
Web Programming Models
Jim Fawcett
CSE691 – Comparative Platforms
Summer 2007
References
Our website
www.ecs.syr.edu/faculty/fawcett/handouts/webpages/webdev.htm
The Web
Original Goals of the Web
Universal readership
– When content is available it should be accessible from any
type of computer, anywhere.
Universal
Decentralized
Modular
Extensible
Scalable
Accessible
Forward/backwards compatibility
Basic Concepts
Universal Addressing
– TCP/IP, DNS
Client/Server Model
Servers on the Internet
Request:
http://www.msn.com/default.asp
Network TCP/IP
Response:
<html>…</html>
http://www.dopl2.syr.edu[:80][/path/xyz.htm]
protocol
http, https, ftp, gopher, ... name of machine first level
to connect domain name,
a university
second level
domain name,
one specific university
Some Interesting Views of the Internet
http://www.caida.org
http://www.caida.org/tools/visualization/walrus/gallery1/
http://www.caida.org/tools/visualization/plankton/Images/
Networks
Networks
HTTP HTTP
TCP TCP
IP IP
Ethernet Ethernet
Networks - Transport Layer
UDP
– Connectionless, unreliable
Communication Between Networks
Can last for only one session (until browser is closed) or can
persist across sessions
<!--TOOLBAR_START-->
<!--TOOLBAR_EXEMPT-->
<!--TOOLBAR_END-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD> message body
<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/">
<TITLE>Microsoft Corporation -- Where Do You Want to Go Today?</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<FONT FACE="Verdana, Arial, Helvetica" SIZE=2>
If your browser can't handle redirect, please click <a href="/">here</a>
</FONT>
</BODY>
</HTML>
Typical HTTP Transaction
Blank line
Data – none for GET
Multipurpose Internet Mail Extensions
(MIME)
HTTP/1.0 200 OK
Date: Sun, 21 Apr 1996 02:20:42 GMT
Server: Microsoft-Internet-Information-Server/5.0
Connection: keep-alive
Content-Type: text/html Data
Last-Modified: Thu, 18 Apr 1996 17:39:05 GMT
Content-Length: 2543
200 OK Classes:
201 Created
202 Accepted 1xx: Informational - not used, reserved for future
204 No Content
301 Moved Permanently 2xx: Success - action was successfully received, understood,
302 Moved Temporarily and accepted
304 Not Modified
400 Bad Request 3xx: Redirection - further action needed to complete request
401 Unauthorized
4xx: Client Error - request contains bad syntax or cannot be
403 Forbidden
fulfilled
404 Not Found
500 Internal Server Error 5xx: Server Error - server failed to fulfill an apparently valid request
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
Programming the Web
Programming the Web
Client-Side Programming
– JavaScript
– Dynamic HTML
– .Net controls
Server-Side Programming
– ASP script
– Server components
– C# code-behind
– ADO
– Web controls used on ASPX pages
– Web services
Web Processing Models
Client Tier
– Presentation layer
– Client UI, client-side scripts, client specific application logic
Server Tier
– Application logic, server-side scripts, form handling, data requests
Data Tier
– Data storage and access
HTML File
Client Computer
Internet
Information
Server
Files of any
FTP Client FTP FTP Server Type
HyperText Markup Language (HTML)
Client Side
Server Side
Cascading
ActiveX HTML
JavaScript Style
Controls Controls
C# Sheets
WebForms JavaScript
VBScript
XHTML
Programming Paradigms
Event-Based Programming
Events provide a way for you to hook in your own code into the
operation of another system
Event = callback
window
Application Object
– Data sharing and locking across clients
Request Object
– Extracts client data and cookies from HTTP request
Reponse Object
– Send cookies or call Write method to place string in HTML output
Server Object
– Provides utility methods
Session Object
– If browser supports cookies, will maintain data between page
loads, as long as session lasts.
Server Side Programming with ASP
Clients Applications
Assembly
– Logical unit of deployment
– Contains Manifest, Metadata, MSIL and resources
Manifest
– Metadata about the components in an assembly (version,
types, dependencies, etc.)
Type Metadata
– Completely describes all types defined in
an assembly: properties, methods, arguments, return values,
attributes, base classes, …
Common Language Runtime
Services
Configurable policies
XCOPY/FTP deployment
Threats
– Data integrity
• code that deletes or modifies data
– Privacy
• code that copies confidential data and makes it available to
others
– Denial of service
• code that consumes all of CPU time or disk memory.
– Elevation of privilege
• Code that attempts to gain administrative access
Protections
Least privilege rule:
– Use the technology with the fewest capabilities that gets the job
done.
Digital signing
– Who are you?
Security zones
– Trusted and untrusted sites
Encryption
Areas of Exploration
request line
request methods:
headers DELETE, GET, HEAD, POST, PUT, TRACE
blank line
body
HTTP/1.1 200 OK
status line Date: Tue, 08 Oct 2002 00:31:35 GMT
Server: Apache/1.3.27 tomcat/1.0
headers Last-Modified: 7Oct2002 23:40:01 GMT
ETag: "20f-6c4b-3da21b51"
Accept-Ranges: bytes
blank line
Content-Length: 27723
Keep-Alive: timeout=5, max=300
body Connection: Keep-Alive
Content-Type: text/html
Headers
Body Body
Headers