Chapter 8: Application Design and DevelopmentSlide 2User Interfaces and ToolsThe World Wide WebA formatted reportWeb Interfaces to DatabasesWeb Interfaces to Database (Cont.)Uniform Resources LocatorsSample HTML Source TextDisplay of Sample HTML SourceClient Side Scripting and AppletsClient Side Scripting and SecurityWeb ServersThree-Tier Web ArchitectureTwo-Tier Web ArchitectureHTTP and SessionsSessions and CookiesServer-Side ScriptingExample PHPImproving Web Server PerformanceAuthorization in SQL (see kss 4.3 & ds 12)Authorization (Cont.)Authorization and ViewsGranting of PrivilegesAuthorization Grant GraphSecurity Specification in SQLPrivileges in SQLPrivilege To Grant PrivilegesRolesRevoking Authorization in SQLRevoking Authorization in SQL (Cont.)Limitations of SQL AuthorizationAudit TrailsApplication SecurityEncryption (Cont.)AuthenticationDigital CertificatesEnd of ChapterDatabase System Concepts©Silberschatz, Korth and SudarshanSee www.db-book.com for conditions on re-use ©Silberschatz, Korth and SudarshanDatabase System ConceptsChapter 8: Application Design and Chapter 8: Application Design and Development Development©Silberschatz, Korth and Sudarshan8.2Database System Concepts - 5th Edition, Oct 23, 2006.Chapter 8: Application Design and Development Chapter 8: Application Design and Development User Interfaces and ToolsWeb Interfaces to DatabasesWeb FundamentalsServlets and JSPBuilding Large Web ApplicationsAuthorization in SQLApplication Security©Silberschatz, Korth and Sudarshan8.3Database System Concepts - 5th Edition, Oct 23, 2006.User Interfaces and ToolsUser Interfaces and ToolsMost database users do not use a query language like SQL.FormsGraphical user interfacesReport generatorsData analysis tools (see Chapter 18)Many interfaces are Web-basedBack-end (Web server) uses such technologies asJava servletsJava Server Pages (JSP)Active Server Pages (ASP)PHP: Hypertext Preprocessor (PHP)©Silberschatz, Korth and Sudarshan8.4Database System Concepts - 5th Edition, Oct 23, 2006.The World Wide WebThe World Wide WebThe Web is a based on HyperText Markup Language (HTML) documentsHTML documents containtext with formatting instructionshypertext links to other documentsImagesActive data such as flash moviesforms, enabling users to enter data which can then be sent back to the Web serverHTTP (HyperText Transfer Protocol) is describes how data is transferred©Silberschatz, Korth and Sudarshan8.5Database System Concepts - 5th Edition, Oct 23, 2006.A formatted reportA formatted report©Silberschatz, Korth and Sudarshan8.6Database System Concepts - 5th Edition, Oct 23, 2006.Web Interfaces to DatabasesWeb Interfaces to Databases1. Web browsers have become the de-facto standard user interface to databasesEnable large numbers of users to access databases from anywhereAvoid the need for downloading/installing specialized code, while providing a good graphical user interfaceExamples: banks, airline and rental car reservations, university course registration and grading, and statistics.©Silberschatz, Korth and Sudarshan8.7Database System Concepts - 5th Edition, Oct 23, 2006.Web Interfaces to Database (Cont.)Web Interfaces to Database (Cont.)2. Dynamic generation of documentsLimitations of static HTML documentsCannot customize for individual users.Problematic to update Web documents, especially if multiple Web documents replicate data.Solution: Generate Web documents dynamically from data stored in a database. Can tailor the display based on user information stored in the database.–E.g. tailored ads, tailored weather and local news, …Displayed information is up-to-date, unlike the static Web pages–E.g. stock market information, ..©Silberschatz, Korth and Sudarshan8.8Database System Concepts - 5th Edition, Oct 23, 2006.Uniform Resources LocatorsUniform Resources LocatorsIn the Web, functionality of pointers is provided by Uniform Resource Locators (URLs).URL example: http://www.db-book.com/The first part indicates how the document is to be accessed “http” indicates that the document is to be accessed using the Hyper Text Transfer Protocol.The second part gives the unique name of a machine on the Internet.The rest of the URL identifies the document within the machine.The local identification can be:The path name of a file on the machine, orA program plus arguments to be passed to the program–E.g. http://www.google.com/search?q=silberschatzA fragment identifier (follows #)©Silberschatz, Korth and Sudarshan8.9Database System Concepts - 5th Edition, Oct 23, 2006.Sample HTML Source TextSample HTML Source Text <html> <body><table border cols = 3> <tr> <td> A-101 </td> <td> Downtown </td> <td> 500 </td> </tr> …</table><center> The <i>account</i> relation </center> <form action=“BankQuery” method=get> Select account/loan and enter number <br> <select name=“type”> <option value=“account” selected> Account <option> value=“Loan”> Loan </select> <input type=text size=5 name=“number”> <input type=submit value=“submit”></form></body> </html>©Silberschatz, Korth and Sudarshan8.10Database System Concepts - 5th Edition, Oct 23, 2006.Display of Sample HTML SourceDisplay of Sample HTML Source©Silberschatz, Korth and Sudarshan8.11Database System Concepts - 5th Edition, Oct 23, 2006.Client Side Scripting and AppletsClient Side Scripting and AppletsBrowsers can fetch certain scripts (client-side scripts) or programs along with documents, and execute them in “safe mode” at the client siteJavascriptMacromedia Flash and Shockwave for animation/gamesAJAXAppletsClient-side scripts/programs allow documents to be activeE.g., animation by executing programs at the local siteE.g. ensure that values entered by users satisfy some correctness checksPermit flexible interaction with the user.Asynchronous downloads speed up interaction by avoiding many round trips to server©Silberschatz, Korth and Sudarshan8.12Database System Concepts - 5th Edition, Oct 23, 2006.Client Side Scripting and SecurityClient Side Scripting and SecuritySecurity mechanisms needed to ensure that malicious scripts do not cause damage to the client machineEasy for limited capability scripting languages, harder for general purpose programming languages like JavaE.g. Java’s security system ensures
View Full Document