Target Archery Shop TARGET SYSTEM Completed by: YOUR name University of TABLE OF CONTENTS I. Abstract ……………………………………………………………………………………………………………………………2 II. System overview ………………………………………………………………………………………………….2-6 III. Designing Effective Input and Output …………………………………………6-10 IV. Designing Databases ……………………………………………………………………………………10-14 V. Designing User Interfaces ……………………………………………………………………14-16 VI. Quality Assurance & Software Engineering ……………………………16-17 VII. System Implementation ………………………………………………………………………………17-18 VIII. Works Cited ……………………………………………………………………………………………………………19 Abstract This paper discusses the design and implementation of a Web based database system for Target Archery Shop, capable of handling on-line data processes. The goal in designing the system is to provide a simple, user-friendly interface and a secure on-line database for the submission, retrieval, and sharing of application data through the Internet. This paper is based on the Web application for various reasons such as user familiarity, broad availability, low distribution cost, and minimal development time. This work also describes some design challenges of a Web based database application, such as Authentication, Access control, and Security issues. Finally, in this paper we attempt to address the above challenges and build the efficient system to speed up the data process. SYSTEM OVERVIEW Majority of the Web applications are built on the Three-Tier Model which facilitates the perceived need to separate business logic from the Graphical User Interface (GUI) and the backend database. According to the model, three separate well-defined processes, or modules, run on different layers: o Client tier: End user application, normally, Web Browser. o Middle tier: Mediating information servers, that run with Web server and that actually process the data request. o Resource tier: Information resources that stores and manipulate the data at the backend. The expansion of the use of Web browser and strong demand for supplying interactive and dynamic information through the internet rather than the static HTML page makes the three-tier applications popular as well as practical. For transaction-oriented applications on line data processing, middleware is typically required between the network servers and the back-end system to ensure proper interoperability. Common Gateway Interface as the first solution to deploy dynamic Web application, is one of the most popular tools and is supported by almost all Web servers. 1. CGI defines the specification for transferring information between a Web server and information resources. A CGI program accepts parameters from a HTTP request passed by the Web server, then generates and returns a HTML page as if it was a pre-stored one. (CGI Specification) a. Even with its simplicity, the biggest drawback of CGI approach is that the Web server needs to throw a separate CGI process for processing each request received. This is time consuming and expensive in terms of server’s memory and other system resources. 2. Java Servlet is a Java program (class) that runs on a Java enabled Web server and resembles a conventional CGI program. However, Servlet is designed to overcome the drawback of CGI and is an increasingly attractive alternative to CGI program. Unlike a CGI program, a Servlet is persistent once it is started. It remains in memory and can therefore be used to handle multiple requests. a. Servlet is faster and cleaner than a corresponding CGI script. Although a Servlet runs in the same address space as the Web server does, it is safer than CGI because of the protection mechanism obtained from the Java virtual machine. Servlets can be embedded in many different servers because the servlet API, which programmers use to write servlets, assumes nothing about the server’s environment or protocol. (Bloch 12; Bodoff 33) Overview of the Target Archery (TARGET) System There are already many on-line systems available aiming for speed up the online data process. The work on Target System for the Target Archery Shop was motivated by the fact that many of the systems mainly target collecting information for the business, while provide few feedback or assistance for the customers. Among the objectives of the TARGET system is to: o Build an Integrated Application Environment (IAE) for different class of users, including a centralized database, unified GUI and standard processing sequence, hence to efficiently exchange the application data. o Allow a customer to trace his/her own account status based on a predefined processing sequence. The TARGET project is composed of two chief components: o a dedicated library that encapsulates the database access o details of user and customer data, and a collection of programs that drive the generation of output of HTML pages. In a typical session, the client’s browser sends a request to the Web server, which passes it to the processing program. For those pages that include dynamic content, such as a registered user’s account, the processing program calls the appropriate library for accessing data from the database and delivers formatted data to the HTML page generator. Lastly, the HTML page generator assembles the complete HTML page, and ships it to the client browser. The architecture of TARGET is illustrated below. From the user’s perspective, TARGET system is designed for four user categories: o A customer can submit application information on line by filling in a pre-designed form. Then the collected data will be stored into the centralized database. Additionally, a customer can check his/her account status periodically. o A supporting staff is responsible for the routine work of handling accounts, such as sending out marketing packages, updating client’s status, responding to special queries, and generating statistics and reports. o Target Archery Shop is mainly interested in the data provided by customers. o The system administrator will focus on manipulation user accounts, such as creating new user account, modifying access control level, resetting user password, or deleting useless database records, and others. II. DESIGNING EFECTIVE INPUT AND OUTPUT In order for TARGET system to be effective, proper input and output system have to be designed and implemented. Some of these are common and applicable to any project, whereas some differ from project to project. What is more, we have to develop a system that can be used by the handicapped users also. The following section will discuss important issues in the designing this effective input and output system. 1. As an introduction, it has to be noted that with respect to the cutaneous senses, augmented graphical user interfaces (GUIs) with haptic feedback have been around since the early 1990s. Akamatsu and Sato (1994) conducted the first research with a haptic mouse that produced haptic feedback via fingertips and force feedback via controlled friction. Later it was found that directional two-degrees of freedom force feedback improved speed and error rates in a targeting task. a. The strength of perceptual user interfaces comes from the ability of designers to combine an understanding of natural human capabilities with computer input-output devices, and machine perception and reasoning (Turk & Robertson, 2000). General examples of how capabilities can be combined with technology include speech and sound recognition and generation, computer vision, graphic animation, touch-based sensing and feedback, and user modeling (Turk & Robertson, 2000).
2. From an applied research standpoint, the concepts of perceptual interfaces are housed within multimedia and multimodal interfaces. Both multimedia and multimodal interfaces offer increased accessibility to technologies for individuals with perceptual impairments. Distinctions can be drawn between perceptual, multimedia, and multimodal interfaces. Perceptual interfaces prescribe humanlike perceptual capabilities to the computer. Multimedia and multimodal interfaces can be considered applied extensions of this concept. a. Multimedia interfaces elicit perceptual and cognitive skills to interpret information presented to the user, whereas multimodal interfaces use multiple modalities for human-computer interaction. Multimedia interfaces focus on the media, whereas multimodal interfaces focus on the human perceptual channels (Turk & Robertson, 2000). The strength and capabilities of multimedia and multimodal interfaces with respect to individuals with perceptual impairments are described in more depth in the next two sections. Multimedia Interfaces 1. Multimedia interfaces have grown from the need to display diverse forms of information in a flexible and interactive way. Multimedia can be simply defined as computer-controlled interactive presentations. The broadness of this definition directly corresponds to the broadness of the field of multimedia research. There are three approaches to multimedia: performance, presentation, and document (Chignell & Waterworth, 1997). 2. In the performance approach, multimedia is a kind of theatrical play that is conveyed through “actors. ” The timing of the actors' performances is orchestrated in an effort to entertain and educate (Chignell & Waterworth, 1997). Presentation multimedia is a modern version of slide shows in which video clips and animation enhance a sequence of slides. The goal of the presentation approach is to convey ideas to the user (Chignell & Waterworth, 1997). Lastly, the document approach focuses on text and ideas. It can be thought of as an enhanced document that elaborates ideas in the text. All of these approaches provide additional opportunities to convey perceptual information to the user. Multimodal Interfaces 1. Multimodal interfaces are interfaces that support a wide range of perceptual capabilities (i.e., auditory, speech, and visual) as a means to facilitate human interaction with computers. With the growing complexity of technology and applications, a single modality no longer permits users to interact effectively across all tasks and environments. 2. The strength of a multimodal design is its ability to allow users the freedom to use a combination of modalities or the best modality for their needs. These interfaces make the most effective use of the variety of human sensory channels, alone and in combination. Ultimately, multimodal interfaces offer expanded accessibility of computing and promote new forms of computing that were not previously available to individuals with perceptual impairments. 3. Another common approach to converting visual information in a non-visual way is through the use of the speech modality. Speech-recognition systems serve as an alternative modality for users and computers to interact. These systems recognize human speech and translate it into commands or words understood by the computer. This type of technology-driven design allows for applications to be suited to a wide variety of individuals with disabilities. For instance, individuals with visual impairments can use a computer solely by voice activation. 4. Speech recognition systems are traditionally associated with the concept of dictation. Products such as Dragon Naturally Speaking (Scansoft) offers speech recognition products for dictation. Some specific packages are geared toward particular professions, such as medical and legal. Other common dictation systems are IBM ViaVoice, and SRI International Eduspeak offer continuous speech recognition technology. Microsoft's Voicenet VRS provides speaker independent speech recognition with online adaptation, noise robustness, and dynamic vocabularies and grammars (Huang et al., 1996). a. Nuance Communications Nuance 8 is another popular natural speech interface software that facilitates access to information, transactions, and services over the telephone. Speech-driven menu navigation systems, such as IN CUBE Voice Command (Command Corp.) for window navigation, have also been developed. 5. TARGET is primarily developed on MySQL and PHP, both being open source projects distributed under GNU general public license. MySQL is an efficient, multi-threaded, multi-user, and robust SQL database server. Features provided by MySQL are far more sufficient for manipulating the centralized application dataset. (MySQL Manual) a. As a server-side HTML-embedded scripting language, PHP differs from CGI in the sense that a CGI script usually involves using other programming languages, such as C or Perl, to generate and output HTML scripts, whereas a PHP script is embedded inside of an HTML page. In other words, a piece of PHP code is enclosed in a pair of special tags - start and end - that allows control to jump into and out of PHP mode. b. A programmer can configure a Web server to process all HTML files incorporated with a PHP server for handling PHP code and generating dynamic content. Normally, the PHP server will be installed as a Web server module for the reason of performance efficiency. Comparing with other scripting languages, such as Perl, PHP is specially designed for Web scripting with less confusing and stricter grammar which is perfect for a programmer without Perl background. (PHP Manual) III. Designing Databases Designing the database includes identifying the needed data and organizing it in the way required by the database software. 1. First, identify what information belongs in the database. In the case of Target Archery, the application will include a task that collects information from the user. This will require balancing the urge to collect all the potentially useful information that you can think of against your users’ reluctance to give out personal information--as well as their avoidance of forms that are time consuming. 2. One compromise is to ask for some optional information. Users who object to enter information can leave it blank. Another possibility is to offer an incentive. For this application, Target Archery customers search the online catalog for information on products that they might want to buy. We want customers to see information that will motivate them to buy a product. Among the priority information are: o Name of a particular product o Description of the product o Picture/s of the product o The cost/price of the product o The projected output of the particular product In the Members Only section, we want to store information about registered members. The information that needs to be stored in the database are: o Member name o Member address o Member phone number o Member fax number o Member e-mail address Additionally, we need to take the time to develop a comprehensive list of the information that needs to be stored in Target Archery database. Although we can change and add information to the database after it is developed, putting in all the necessary information from the beginning is much easier. Organizing the data MySQL is a Relational Database Management System (RDBMS), which means that the data is organized into tables.
Relationships can be established between the tables in the database. (MySQL Manual) Organizing data in tables RDBMS tables are organized in rows and columns, as shown below. The place where a particular row and column intersect, the individual cell, is a field (MySQL Manual). Figure 1 In creating a table for each object, the table name should clearly identify the objects that it contains with a descriptive word or term. The name must be a character string with no spaces in it. The table name can contain letters, numbers, underscores, or dollar signs. In database lingo, an object is an entity, and this unit has special characteristics (MySQL Manual). In the table presented above, each row is designed to illustrate an entity, and the columns cover the characteristics of each entity. For instance, in a table of clients, each row shows information for a single client. Some of the characteristics contained in the columns hve to be: first name, last name, phone number, age, etc. Below are the concrete steps for organizing data into tables: 1. Database Name: allocate a name to the database for our application. For example, a database having information about archery products for kids can be named ArcheryChildren. 2. Objects Recognition: analyze the list of information that needs to be stored in the database. Investigate the list and identify the objects. 3. Define and name a table for these objects: For example, the ArcheryChildren database has to have a table called ChildInfo and a table called HouseholdInfo. 4. Identify the characteristics for these objects: examine the information list and find the attributes that need to be stored for each object. Break the information to be kept in the database into its smallest reasonable pieces. (MySQL Manual). 5. Describe and name columns for each separate characteristic identified in Step 4: it is desirable to then give each column a title that clearly identifies the information in that column. The column titles should be one word, with no spaces. 6. Identify the main key: Each row in a table has to have a unique identifier. No two rows in a table should be precisely the same. In designing a table, we have to settle on which column holds the unique identifier, called the main key. In the table below, the main key is the cust_id field because each customer has a unique ID number. (Figure 2) 7. Name the defaults: we have to provide examples of a default that MySQL will assign to a field when no data is entered into the field. A default is not always essential but is often useful. (MySQL Manual. If the application keeps an address that includes a country, specify US as the default. If the user does not choose a country, US will be entered. 8. Classify columns with required data: identify that certain columns are not allowed to be empty (also called NULL). The column having the main key can not be empty. This means that MySQL will not generate the row if no value is stored in the column. 9. Specify and determine output: based on your projections and data available specify the output that is expected in the future. The output projection entry is one of the most important aspects of the whole process since it allows the user to actually see how much resources and labor is needed for each particular project. The module class header contains information relating to the creation of the module and its modification history, its place in the kind-of and part-of hierarchies, and the names of any diagrams or figures relevant to the module class that should be displayed by the DKB browser. The declaration : universalBeam declares the typical name variable of the module, B, which is used to refer to the module relative to its parts or in describing its position relative to other objects and is similar in many respects to the notion of 'self' in object oriented programming languages. The next section declares the module's parameters, variables, and constants. Parameters describe some property of the designed artifact such as its size, shape, or the material of which it is made. The set of parameters can be viewed as properties of the object for which values need to be determined in order to form a description of the object that is sufficient to consider this part of the design complete. Variables are properties of the design that relate the parameters of its description, and may change during the operation of the designed object, such as its speed or power output. Constants are symbols that will appear in the constraints and for which no substitution of numerical values will be performed. Examples of these are symbols denoting things like 'aluminium' or 'pi.' Each subsection consists of zero or more entries declaring a parameter, variable or constant, one per line. Each declaration consists of the name of the parameter, variable or constant followed by its type, dimension, and an identifier consisting of a '#' and an integer (used by the system to uniquely identify the parameter variable or constant). The remainder of the line, up to the 'double hash' (##) (symbol, is treated as a comment and ignored by the system for the purposes of inferencing. The '$' symbol is an operator used to create references to the parameters or variables of a particular named instance of a module class from the instance name and the declared name of the parameter or variable. The format of the constraint declarations is similar to that for parameters, variables, and constants. Each constraint consists of an expression containing parameters, variables or constants, followed by a relational oper ator, an expression (involving other parameters, variables or constants) or value, followed by a constraint number and a comment. Tables are viewed as a special kind of constraint, relating a 'dependent variable' (a parameter or variable) to one or more 'independent variables.' Each table is introduced by the functionTable or catalogueTable keyword, followed by the name of the table, its dimension, the type of interpolation to be used by the table engine and the independent and dependent variables in order. The system contains a syntax checker and translator that converts this human-readable form of the module class definition into an internal form used by EDS. We assume that the designer begins by creating a named instance of the module class UB001. This results in EDS constructing, in the DDD, a uniquely identified instance of UB001 using the knowledge declared in the module class definition. This is done using the following user instruction: USER: assume [b1] : universalBeam, which says create in the DDD an instance of the module class UB001 called b1. The inner workings of the system can be viewed in one of the EDS output windows, and looks like the following: EDS: NEW › N 1: [b1] : universalBeam NEW › J 0: assumption NEW › K 0: findSuperClass (126) NEW › K 1: findDirectParts (122) NEW › K 2: findDirectConstraints (121) NEW › K 3: declareLabels (124) NEW › K 4: declareDirectAttributes (123) NEW › J 1: findSuperClass RIP › K 0: findSuperClass (125) NEW › N 2: Declaration of b1 as a label NEW › J 2: declareLabels RIP › K 3: declareLabels (124) NEW › N 3: Declaration of g$b1 as a parameter NEW › N 4: Declaration of py$b1 as a parameter . . . NEW › N 26: Declaration of e$b1 as a constant NEW › J 3: declareDirectAttributes RIP › K 4: declareDirectAttributes (123) NEW › J 4: findDirectParts RIP › K 1: findDirectParts (122) NEW › N 27: wif$b1 = 1.
Before being able to access the protected services, a user must go through a login interface, and after successful password validation, the user will be directed to the store homepage with respect to the user’s access level. V. QUALITY ASSURANCE AND SOFTWARE ENGINEERING In terms of the use of system resource, access control process is regulated according to a security policy and is permitted by only authorized entities. Conventional access control models are broadly categorized as Discretionary Access Control and Mandatory Access Control models. New models such as Role-based Access Control models have been proposed to address the security requirement of wider range applications. (CACM Vol. 44 No. 2) Comprehensive Testing 1. Methodically checking a web application for SQL injection vulnerability takes effort more than one might guess. It is very easy to overlook a perfectly vulnerable script if one doesn’t pay attention to details. Each parameter of every script on the server should always be checked. Developers and development teams can be awfully inconsistent. Even if a whole web application is conceived, designed, coded and tested by a single programmer, there might be only one vulnerable parameter in one script out of thousands of other parameters in millions of other scripts. (MySQL Manual) 2. SECURITY a. Not the least among the issue of implementation is the issue on security. Security issues are critical as Internet becomes more widespread. Security in Web application includes protecting a Web site, restricting access to a Web site, and the degree of safety of data transfer between the server and the client. b. Considering access restriction to the TARGET site, the system provides a Role-based verification mechanism. Essentially, separating Web pages supply distinct system services to the user. 3. Two variables are defined for the purpose of providing a flexible way to let different group of users to share the same service. One is an array variable which includes all access level values allowed to access this page; another is a singular value which represents a minimum access level value on demand. Values above the minimum value will automatically get the access right it belongs to the required access group or not. a. Each page can set its own access restriction policy by simply assign these variables. Actual verification is done by a security checking function with respect to these setting. VI. SYSTEM IMPLMENTATION After having developed a plan listing the tasks that the application is going to perform, and having developed a database design, we are now ready to create the application. First, we build the database. Then, we write the PHP programs. Thus, we are now moments away from a working Web database application. 1. Building the database a. Building the database requires turning the paper database design into a workable and running database. Building the database is independent of the PHP programs that the application uses to interact with the database. The database can be accessed using programming languages other than PHP, such as Perl, C, or Java. b. The database stands on its own to hold the data. The database should first be built before writing the PHP programs. The PHP programs are written to move data in and out of the database, so developing and testing them cannot be done until the database is available. (MySQL Manual). 2. Writing the programs a. Programs carry out the tasks for the Web database application, and create the display that the user sees in the browser window. Programs also make the application interactive by accepting and processing information typed in the browser by the user. Programs store information in the database and get information out of the database. Thus, the database is useless unless data can be moved in and out of it. 3. Finally, and worth noting is the PHP language, which was specifically developed to write interactive Web applications. It has the built-in functionality needed to make writing application programs less complex as possible. It has methods that were included in the language specifically to access data from forms. It has methods to put data into a MySQL database and methods to get data from a MySQL database (MySQL Manual). 4. The objective of the TARGET system is to offer a simple, user-friendly interface and a secure on-line database for the submission, retrieval, and data access on internet. The TARGET system incorporates the World Wide Web and distributed computing technologies to permit users sharing a centralized database, data processing via standard Web browsers. Authentication capability is supplied by the username and password verification mechanism. Access restriction to TARGET system is implemented by enforcing a role based access control policy. 5. Future improvements include adding a XML message layer to expand TARGET customer layer to be independent of the underlying database API. Based on the experience, this paper’s author believe that the combination of PHP and MySQL under three-tier model is a good, practical environment for developing multi-user distributed applications that utilize World Wide Web infrastructure, consequently speeding up online data process. WORKS CITED Akamatsu, M., & Sato, S. “A multi-modal mouse with tactile and force feedback”. International Journal of Human-Computer Studies, 40, (1994): 443–453. Bloch, C. and S. Bodoff. The JavaTM Tutorial - Servlet. Accessed January 2006 at: http://java.sun.com/docs/books/tutorial/servlets/ CGI Specification. NCSA for Supercomputing Applications, Available at: http://hoohoo.ncsa.uiuc.edu/cgi Chignell, M., & Waterworth, J. “Multimedia”. In G. Salvendy (Ed.), Handbook of human factors and ergonomic, (pp. 1808–1861). New York: Wiley, 1997. FrickeJ., & Baehring, H. “Displaying laterally moving tactile information”. In W. L. Zagler, G. Busby, & R. R. Wagner (Eds.), Computers for handicapped persons. Proceedings for the 4th International Conference (ICCHP′94),(pp. 461–468). Vienna: Springer-Verlag, 1994. Huang, X., Acero, A., Adcock, J., Hon, H., Goldsmith, J., Liu, J., & Plumpe, M. “Whistler: A trainable text-to-speech system”. International Conference of Spoken Language Processing, Philadelphia, PA (pp. 2387–2390). Piscataway: IEEE, 1996. Joshi, J., W. Aref, A. Ghafoor, & E. Spafford. Security Models for Web-based Applications. CACM Vol. 44, No. 2, February 2001. MySQL Online Manual. Accessed January 2006 at: http://www.mysql.com/documentation/mysql/ MySQL. MySQL Manual. Accessed January 2006 at: http://dev.mysql.com/doc/refman/5.0/en/column-types.html MySQL Words. MySQL Reserved Words. Accessed January 2006 at: http://dev.mysql.com/doc/refman/5.0/en/%20Reserved_words.html MySQL 5.0 Column Types. Online Reference Manual. Accessed January 2006 at: http://dev.mysql.com/doc/refman/5.0/en/column-types.html Nielsen, Jakob. Jakob Nielsen’s Website. Useit.com. Accessed January 2006 at: http://www.useit.com Park, J. and R. Sandhu. Secure Cookies on the Web. IEEE Internet Computing. Los Alamitos, CA. July 2000. PHP Manual. Official Website. Accessed January 2006 at: http://www.php.net/manual/ Tiller, Eugene W. & Green, Phillip. Web Navigation: How to make your Web site fast and usable. AMS Center for Advanced Technologies. Accessed January 2006 at: http://zing.ncsl.nist.gov/hfweb/proceedings/tiller-green/ Turk, M., & Robertson, G. “ Perceptual user interfaces”. Communications of the ACM, 43(3), (2000): 32–34.