Chapter 8: Application Design and DevelopmentSlide 2User Interfaces and ToolsThe World Wide WebA formatted reportWeb Interfaces to DatabasesWeb Interfaces to Database (Cont.)Uniform Resources LocatorsSample HTML Source TextDisplay of Sample HTML SourceClient Side Scripting and AppletsClient Side Scripting and SecurityWeb ServersThree-Tier Web ArchitectureTwo-Tier Web ArchitectureHTTP and SessionsSessions and CookiesServer-Side ScriptingExample PHPImproving Web Server PerformanceAuthorization in SQL (see kss 4.3 & ds 12)Authorization (Cont.)Authorization and ViewsGranting of PrivilegesAuthorization Grant GraphSecurity Specification in SQLPrivileges in SQLPrivilege To Grant PrivilegesRolesRevoking Authorization in SQLRevoking Authorization in SQL (Cont.)Limitations of SQL AuthorizationAudit TrailsApplication SecurityEncryption (Cont.)AuthenticationDigital CertificatesEnd of ChapterDatabase System Concepts©Silberschatz, Korth and SudarshanSee www.db-book.com for conditions on re-use ©Silberschatz, Korth and SudarshanDatabase System ConceptsChapter 8: Application Design and Chapter 8: Application Design and Development Development©Silberschatz, Korth and Sudarshan8.2Database System Concepts - 5th Edition, Oct 23, 2006.Chapter 8: Application Design and Development Chapter 8: Application Design and Development User Interfaces and ToolsWeb Interfaces to DatabasesWeb FundamentalsServlets and JSPBuilding Large Web ApplicationsAuthorization in SQLApplication Security©Silberschatz, Korth and Sudarshan8.3Database System Concepts - 5th Edition, Oct 23, 2006.User Interfaces and ToolsUser Interfaces and ToolsMost database users do not use a query language like SQL.FormsGraphical user interfacesReport generatorsData analysis tools (see Chapter 18)Many interfaces are Web-basedBack-end (Web server) uses such technologies asJava servletsJava Server Pages (JSP)Active Server Pages (ASP)PHP: Hypertext Preprocessor (PHP)©Silberschatz, Korth and Sudarshan8.4Database System Concepts - 5th Edition, Oct 23, 2006.The World Wide WebThe World Wide WebThe Web is a based on HyperText Markup Language (HTML) documentsHTML documents containtext with formatting instructionshypertext links to other documentsImagesActive data such as flash moviesforms, enabling users to enter data which can then be sent back to the Web serverHTTP (HyperText Transfer Protocol) is describes how data is transferred©Silberschatz, Korth and Sudarshan8.5Database System Concepts - 5th Edition, Oct 23, 2006.A formatted reportA formatted report©Silberschatz, Korth and Sudarshan8.6Database System Concepts - 5th Edition, Oct 23, 2006.Web Interfaces to DatabasesWeb Interfaces to Databases1. Web browsers have become the de-facto standard user interface to databasesEnable large numbers of users to access databases from anywhereAvoid the need for downloading/installing specialized code, while providing a good graphical user interfaceExamples: banks, airline and rental car reservations, university course registration and grading, and statistics.©Silberschatz, Korth and Sudarshan8.7Database System Concepts - 5th Edition, Oct 23, 2006.Web Interfaces to Database (Cont.)Web Interfaces to Database (Cont.)2. Dynamic generation of documentsLimitations of static HTML documentsCannot customize for individual users.Problematic to update Web documents, especially if multiple Web documents replicate data.Solution: Generate Web documents dynamically from data stored in a database. Can tailor the display based on user information stored in the database.–E.g. tailored ads, tailored weather and local news, …Displayed information is up-to-date, unlike the static Web pages–E.g. stock market information, ..©Silberschatz, Korth and Sudarshan8.8Database System Concepts - 5th Edition, Oct 23, 2006.Uniform Resources LocatorsUniform Resources LocatorsIn the Web, functionality of pointers is provided by Uniform Resource Locators (URLs).URL example: http://www.db-book.com/The first part indicates how the document is to be accessed “http” indicates that the document is to be accessed using the Hyper Text Transfer Protocol.The second part gives the unique name of a machine on the Internet.The rest of the URL identifies the document within the machine.The local identification can be:The path name of a file on the machine, orA program plus arguments to be passed to the program–E.g. http://www.google.com/search?q=silberschatzA fragment identifier (follows #)©Silberschatz, Korth and Sudarshan8.9Database System Concepts - 5th Edition, Oct 23, 2006.Sample HTML Source TextSample HTML Source Text <html> <body><table border cols = 3> <tr> <td> A-101 </td> <td> Downtown </td> <td> 500 </td> </tr> …</table><center> The <i>account</i> relation </center> <form action=“BankQuery” method=get> Select account/loan and enter number <br> <select name=“type”> <option value=“account” selected> Account <option> value=“Loan”> Loan </select> <input type=text size=5 name=“number”> <input type=submit value=“submit”></form></body> </html>©Silberschatz, Korth and Sudarshan8.10Database System Concepts - 5th Edition, Oct 23, 2006.Display of Sample HTML SourceDisplay of Sample HTML Source©Silberschatz, Korth and Sudarshan8.11Database System Concepts - 5th Edition, Oct 23, 2006.Client Side Scripting and AppletsClient Side Scripting and AppletsBrowsers can fetch certain scripts (client-side scripts) or programs along with documents, and execute them in “safe mode” at the client siteJavascriptMacromedia Flash and Shockwave for animation/gamesAJAXAppletsClient-side scripts/programs allow documents to be activeE.g., animation by executing programs at the local siteE.g. ensure that values entered by users satisfy some correctness checksPermit flexible interaction with the user.Asynchronous downloads speed up interaction by avoiding many round trips to server©Silberschatz, Korth and Sudarshan8.12Database System Concepts - 5th Edition, Oct 23, 2006.Client Side Scripting and SecurityClient Side Scripting and SecuritySecurity mechanisms needed to ensure that malicious scripts do not cause damage to the client machineEasy for limited capability scripting languages, harder for general purpose programming languages like JavaE.g. Java’s security system ensures