Planning a Web Application Neil Morgan [email_address] (Part time student on PGMPC) Administrative Computing Section

Planning a Web Application Information Services Library & Media Services Admin Computing Learning Technologies Desktop Systems Network Services Remit: Maintain and administer corporate systems

Planning a Web Application Points to consider Infrastructure - New or Existing Network Technologies - Hardware and Software Issues Security - Authentication, Encryption, Attack Presentation - Style, Navigation, Multimedia Assume an Existing Network

Infrastructure - New or Existing Network

Technologies - Hardware and Software Issues

Security - Authentication, Encryption, Attack

Presentation - Style, Navigation, Multimedia

Infrastructure - Existing Technology F ault Management C onfiguration A dministration / A ccounting P erformance S ecurity Planning a Web Application LAN WAN Dial-Up Connection

F ault Management

C onfiguration

A dministration / A ccounting

P erformance

S ecurity

LAN

WAN

Dial-Up Connection

Infrastructure - Existing Technology F ault Management Can Network Cope? Increased Load on Network - Extra Users Increased Load on Network - Extra Processing Increased Monitoring - More of your time Planning a Web Application

Can Network Cope?

Increased Load on Network - Extra Users

Increased Load on Network - Extra Processing

Increased Monitoring - More of your time

Infrastructure - Existing Technology Can existing infrastructure cope with application? C onfiguration Servers (Appropriate resources) Networking (Hubs, Switches, Repeaters,Cabling) Clients (Capable of running application) Suitable Software (TCP/IP, Web Server, PKI) New Resources Required? Costly Scalable Planning a Web Application

Can existing infrastructure cope with application?

Servers (Appropriate resources)

Networking (Hubs, Switches, Repeaters,Cabling)

Clients (Capable of running application)

Suitable Software (TCP/IP, Web Server, PKI)

New Resources Required?

Costly

Scalable

Infrastructure - Existing Technology How is it being used? Graphics / Multimedia - Bandwidth Considerations Applets - Client Resources A dministration / A ccounting Administer The Accounting! Accounting files may grow much faster Backups, Hard Copy Purge Regularly Planning a Web Application

How is it being used?

Graphics / Multimedia - Bandwidth Considerations

Applets - Client Resources

Administer The Accounting!

Accounting files may grow much faster

Backups, Hard Copy

Purge Regularly

Infrastructure - Existing Technology A dministration / A ccounting Regular Backups On-line? What about Availability? UPS Disaster Recovery / Failover Off-line? Planning a Web Application

Regular Backups

On-line?

What about Availability?

UPS

Disaster Recovery / Failover

Off-line?

Infrastructure - Existing Technology Can it cope with the perceived demand? Bandwidth Considerations Scalability P erformance Server Resources Client Resources Application Resources Planning a Web Application

Can it cope with the perceived demand?

Bandwidth Considerations

Scalability

Server Resources

Client Resources

Application Resources

Infrastructure - Existing Technology Authentication Anti-virus S ecurity Expose and counter threats LDAP / Active Directory Firewall / Proxy Encryption Secret Key Infrastructure Public Key Infrastructure Planning a Web Application

Authentication

Anti-virus

Expose and counter threats

LDAP / Active Directory

Firewall / Proxy

Encryption

Secret Key Infrastructure

Public Key Infrastructure

Web Technologies - “Choosing the best” Web Servers Markup Languages and Scripting Client side v Server side programming Design tools Browsers Planning a Web Application Open Source ‘v’ Proprietary

Web Servers

Markup Languages and Scripting

Client side v Server side programming

Design tools

Browsers

Open Source ‘v’ Proprietary

Web Technologies - Web Servers Apache Internet Information Server iPlanet Planning a Web Application

Apache

Internet Information Server

iPlanet

Web Technologies - Web Servers Apache Free - Open Source (Source Code available) Highly Customizable Secure Planning a Web Application 3rd party applications plentiful

Apache

Free - Open Source (Source Code available)

Highly Customizable

Secure

3rd party applications plentiful

Web Technologies - Web Servers IIS Free - Proprietary - Packaged with Windows Platform Easy to Customize Security loopholes - patches weekly Planning a Web Application 3rd party applications plentiful

IIS

Free - Proprietary - Packaged with Windows Platform

Easy to Customize

Security loopholes - patches weekly

3rd party applications plentiful

Web Technologies - Web Servers iPlanet Costly - Proprietary Customizable Secure Planning a Web Application 3rd party applications plentiful Full suite of servers Web Server Portal Server Application Server Etc, etc, etc...

iPlanet

Costly - Proprietary

Customizable

Secure

3rd party applications plentiful

Full suite of servers

Web Server

Portal Server

Application Server

Etc, etc, etc...

Web Technologies - Markup HTML 4.0 - Good for layman Presentation Universal - all web browsers Planning a Web Application Forgiving of errors XHTML 1.0 - Webmaster, Web Developer Presentation Later versions of browsers Rigorous - XML Conforming

HTML 4.0 - Good for layman

Presentation

Universal - all web browsers

Forgiving of errors

XHTML 1.0 - Webmaster, Web Developer

Presentation

Later versions of browsers

Rigorous - XML Conforming

Web Technologies - Scripting JavaScript (JScript) Cross-browser compatibility Client & Server side Planning a Web Application VBScript Only available on Internet Explorer Client & Server side ActiveX LiveConnect (for Java) or ActiveX

JavaScript (JScript)

Cross-browser compatibility

Client & Server side

VBScript

Only available on Internet Explorer

Client & Server side

ActiveX

LiveConnect (for Java) or ActiveX

Web Technologies - Programming Client side e.g. Java Powerful No need for browser DOM Planning a Web Application Multiple platforms Uses client resources Slow - Bytecode interpreter - JVM Security model gets in way of DBMS applications Memory Middleware

Client side e.g. Java

Powerful

No need for browser DOM

Multiple platforms

Uses client resources

Slow - Bytecode interpreter - JVM

Security model gets in way of DBMS applications

Memory

Middleware

Web Technologies - Programming Planning a Web Application Server side Uses server resources Plain HTML sent to client CGI Java Servlets & JSP ASP PHP

Server side

Uses server resources

Plain HTML sent to client

CGI

Java Servlets & JSP

ASP

PHP

Web Technologies - Programming Planning a Web Application CGI First for dynamic content Executes programs or scripts in real time Use any popular programming or scripting language Simple to use No memory or thread management Does not scale well

CGI

First for dynamic content

Executes programs or scripts in real time

Use any popular programming or scripting language

Simple to use

No memory or thread management

Does not scale well

Web Technologies - Programming Planning a Web Application Java Servlets Component based Platform independent Java goodies without problems of security model Scales well - multithreading Still slow - JVM JSP Direct competitor to ASP Compiled and run as Servlet

Java Servlets

Component based

Platform independent

Java goodies without problems of security model

Scales well - multithreading

Still slow - JVM

JSP

Direct competitor to ASP

Compiled and run as Servlet

Web Technologies - Programming Planning a Web Application ASP Microsoft - complements IIS / PWS VBScript or JavaScript Access ActiveX controls Scales well - memory management & multithreading Only available on IIS

ASP

Microsoft - complements IIS / PWS

VBScript or JavaScript

Access ActiveX controls

Scales well - memory management & multithreading

Only available on IIS

Web Technologies - Programming Planning a Web Application PHP Project of the Apache Foundation Open Source CGI or Apache/IIS Module execution Pre-defined functionality Excellent competitor to other technologies Scales well only as Apache/IIS Module

PHP

Project of the Apache Foundation

Open Source

CGI or Apache/IIS Module execution

Pre-defined functionality

Excellent competitor to other technologies

Scales well only as Apache/IIS Module

Web Technologies - Design Tools Planning a Web Application Great selection available (chargeable & free downloads) Choose one that looks easy to use Choose one that would most suit the application GUI interface: Dreamweaver or equivalent Plain HTML: HTML-Kit (from www.Chami.com) Choose one that supports both HTML and XHTML HTML-Kit does, but Dreamweaver does not

Great selection available (chargeable & free downloads)

Choose one that looks easy to use

Choose one that would most suit the application

GUI interface: Dreamweaver or equivalent

Plain HTML: HTML-Kit (from www.Chami.com)

Choose one that supports both HTML and XHTML

HTML-Kit does, but Dreamweaver does not

Security Planning a Web Application Fundamental to any computer system Even more important to web based application Wide audience Public & private areas How to tell who is who?

Fundamental to any computer system

Even more important to web based application

Wide audience

Public & private areas

How to tell who is who?

Security - Authentication Planning a Web Application Username and Password Will it remain secret? Will it be stored at a known location? Will each system need a user/password combination?

Username and Password

Will it remain secret?

Will it be stored at a known location?

Will each system need a user/password combination?

Security - Authentication Planning a Web Application LDAP - Lightweight Directory Access Protocol Central repository for user information Optimized for reading, browsing and searching Simple, fast operations Uses tree-like structure Still have problem of secrecy

LDAP - Lightweight Directory Access Protocol

Central repository for user information

Optimized for reading, browsing and searching

Simple, fast operations

Uses tree-like structure

Still have problem of secrecy

Security - Encryption Planning a Web Application Secret Key Cryptography One key to encrypt and decrypt Costly Infrastructure required to manually obtain key

Secret Key Cryptography

One key to encrypt and decrypt

Costly

Infrastructure required to manually obtain key

Security - Encryption Planning a Web Application Public Key Cryptography One key to encrypt One key to decrypt Publicly available on key server Key cannot decrypt Key kept private Key cannot encrypt

Public Key Cryptography

One key to encrypt

One key to decrypt

Publicly available on key server

Key cannot decrypt

Key kept private

Key cannot encrypt

Security - Encryption Planning a Web Application Public Key Cryptography “ Guarantees” Security Very expensive to adopt a PKI solution Publicly available on key server Easy to deploy keys (Certificates and Signatures) Applications must be modified O/S & Networks must be modified Ideal for web-based applications Tried and tested (around 30+ years)

Public Key Cryptography

“ Guarantees” Security

Very expensive to adopt a PKI solution

Publicly available on key server

Easy to deploy keys (Certificates and Signatures)

Applications must be modified

O/S & Networks must be modified

Ideal for web-based applications

Tried and tested (around 30+ years)

Security - Attack Planning a Web Application Malicious Human Attack - Hacking New University Website hacked within 45 minutes Computer Crime on increase Malicious Computer Attack - Viruses Prolific & Growing e.g. recent Nimda Worm

Malicious Human Attack - Hacking

New University Website hacked within 45 minutes

Computer Crime on increase

Malicious Computer Attack - Viruses

Prolific & Growing

e.g. recent Nimda Worm

Security - Attack Planning a Web Application Firewall Between trusted and untrusted network Inspect communication in both directions Proxy Specialized HTTP server Resides on firewall server Extra level of security Cache web pages

Firewall

Between trusted and untrusted network

Inspect communication in both directions

Proxy

Specialized HTTP server

Resides on firewall server

Extra level of security

Cache web pages

Presentation - Style Planning a Web Application Style Guide Define standards for presentation Overall standards can be refined Aim for coherency and consistency What do the users want?

Style Guide

Define standards for presentation

Overall standards can be refined

Aim for coherency and consistency

What do the users want?

Presentation - Navigation Planning a Web Application Accessibility Structure information Information elements contain relationships Use hyperlinks effectively to mimic relationship structure Linear Hierarchical Network Matrix

Accessibility

Structure information

Information elements contain relationships

Use hyperlinks effectively to mimic relationship structure

Linear

Hierarchical

Network

Matrix

Presentation - Multimedia Planning a Web Application Accessibility Wider audience Take into account disabilities Blindness - use audio Deafness - use text, video and graphics Use all to best effect but: Remember previous considerations

Accessibility

Wider audience

Take into account disabilities

Blindness - use audio

Deafness - use text, video and graphics

Use all to best effect but:

Remember previous considerations