your 1st custom essay order

15discount is your discount code
Order now
 Best Custom Writing Service
  • We’ll write an essay from scratch according to your instructions

  • All papers are plagiarism free

  • Placing an order takes 3 minutes

  • Prices start from only 12.99/page

Contact Us Live Chat Order Now

Target Archery Shop TARGET SYSTEM TABLE OF CONTENTS I. Case Paper 3-12 II. Sources Cited 13 This Case Paper discusses the design and implementation of a Web based database system for Target Archery Shop, capable of handling on-line data processes. The goal in designing the system is to provide a simple, user-friendly interface and a secure on-line database for the submission, retrieval, and sharing of application data through the Internet. This paper chose to base on the Web for various reasons including user familiarity, broad availability, low distribution cost, and minimal development time. This paper, too, describes some design challenges of a Web based database application, such as Authentication, Access control, and Security issues, and how this paper intends to address these challenges and build the system efficiently and speed up the data process. SYSTEM OVERVIEW Majority of the Web applications are built on the Three-Tier Model which facilitates the perceived need to separate business logic from the Graphical User Interface (GUI) and the backend database. According to the model, three separate well-defined processes, or modules, run on different layers: o Client tier: End user application, normally, Web Browser. o Middle tier: Mediating information servers, that run with Web server and that actually process the data request. o Resource tier: Information resources that stores and manipulate the data at the backend. The expansion of the use of Web browser and strong demand for supplying interactive and dynamic information through the internet rather than the static HTML page makes the three-tier applications popular as well as practical. For transaction-oriented applications on line data processing, middleware is typically required between the network servers and the back-end system to ensure proper interoperability. Common Gateway Interface as the first solution to deploy dynamic Web application, is one of the most popular tools and is supported by almost all Web servers. CGI defines the specification for transferring information between a Web server and information resources. A CGI program accepts parameters from a HTTP request passed by theWeb server, then generates and returns a HTML page as if it was a pre-stored one. (CGI Specification) Even with its simplicity, the biggest drawback of CGI approach is that theWeb server needs to throw a separate CGI process for processing each request received. This is time consuming and expensive in terms of server’s memory and other system resources. Java Servlet is a Java program (class) that runs on a Java enabled Web server and resembles a conventional CGI program. However, Servlet is designed to overcome the drawback of CGI and is an increasingly attractive alternative to CGI program. Unlike a CGI program, a Servlet is persistent once it is started. It remains in memory and can therefore be used to handle multiple requests. In general, a Servlet is faster and cleaner than a corresponding CGI script. Although a Servlet runs in the same address space as theWeb server does, it is safer than CGI because of the protection mechanism obtained from the Java virtual machine. Servlets can be embedded in many different servers because the servlet API, which programmers use to write servlets, assumes nothing about the server’s environment or protocol.

(C. Bloch / S. Bodoff) Overview of the Target Archery (TARGET) System There are already many on-line systems available aiming for speed up the online data process. The work on Target System for the Target Archery Shop was motivated by the fact that many of the systems mainly target collecting information for the business, while provide few feedback or assistance for the customers. Among the objectives of the TARGET system is to: o Build an Integrated Application Environment (IAE) for different class of users, including a centralized database, unified GUI and standard processing sequence, hence to efficiently exchange the application data. o Allow a customer to trace his/her own account status based on a predefined processing sequence. The TARGET project is composed of two chief components: o a dedicated library that encapsulates the database access o details of user and customer data, and a collection of programs that drive the generation of output of HTML pages. In a typical session, the client’s browser sends a request to the Web server, which passes it to the processing program. For those pages that include dynamic content, such as a registered user’s account, the processing program calls the appropriate library for accessing data from the database and delivers formatted data to the HTML page generator. Lastly, the HTML page generator assembles the complete HTML page, and ships it to the client browser. The architecture of TARGET is illustrated below. From the user’s perspective, TARGET system is designed for four user categories: o A customer can submit application information on line by filling in a pre-designed form. Then the collected data will be stored into the centralized database. Additionally, a customer can check his/her account status periodically. o A supporting staff is responsible for the routine work of handling accounts, such as sending out marketing packages, updating client’s status, responding to special queries, and generating statistics and reports. o Target Archery Shop is mainly interested in the data provided by customers. o The system administrator will focus on manipulation user accounts, such as creating new user account, modifying access control level, resetting user password, or deleting useless database records, and others. DESIGN AND IMPLEMENTATION In order for TARGET system to be effective, development must be configured to implement certain policies and guidelines. Some of these are common and applicable to any project, whereas some differ from project to project. The following section will discuss important issues in the design and implementation of the system. Development Platform and Tools TARGET is primarily developed on MySQL and PHP, both being open source projects distributed under GNU general public license. MySQL is an efficient, multi-threaded, multi-user, and robust SQL database server. Features provided by MySQL are far more sufficient for manipulating the centralized application dataset. (MySQL Manual) As a server-side HTML-embedded scripting language, PHP differs from CGI in the sense that a CGI script usually involves using other programming languages, such as C or Perl, to generate and output HTML scripts, whereas a PHP script is embedded inside of an HTML page.

In other words, a piece of PHP code is enclosed in a pair of special tags - start and end - that allows control to jump into and out of PHP mode. Therefore, a programmer can configure a Web server to process all HTML files incorporated with a PHP server for handling PHP code and generating dynamic content. Normally, the PHP server will be installed as a Web server module for the reason of performance efficiency. Comparing with other scripting languages, such as Perl, PHP is specially designed for Web scripting with less confusing and stricter grammar which is perfect for a programmer without Perl background. (PHP Manual) Interactivity and User Interface User Interface is a critical part of a Web-based application. It implements special effect on the degree of the interactivity a Web-based application could bring. For this case, several different technologies were used, such as Java script and Cascading Style Sheets supported by current Web browsers, this in an attempt to break the restriction brought by the limited capability of HTML. The GUI for TARGET primarily depends on the HTML Form to provide a set of standard interactive components which a Web browser is responsible for presenting in order to share a same or similar UI look and feel cross different platforms. To improve the control on the way how a Web browser presents the HTML page cross platforms, we resort to Cascading Style Sheets specification to guarantee that the HTML page is provided exactly in the way we want by various browser vendors. To reduce the server-side computation workload and improve the UI responsiveness, we set up client-side script language, Javascript, for checking the common input availability, or popping up confirming or warning windows to prevent side effects from unintentional operations. Even though we could use PHP script to generate all the HTML pages within the TARGET integrated application environment, we particularly avoid doing so because it would be better to provide them in a plain HTML page for easier maintenance work. Access Control and Authentication Excluding static ones for general instruction purpose, authentication is required to access the system Web pages, as it is the process that establishes the identity of a user. In order to register a user account, the customer must provide an available email address and an unoccupied pair of username and password. By clicking “submit”, a confirmation email will be automatically send out, and the user account will be activated. Before being able to access the protected services, a user must go through a login interface, and after successful password validation, the user will be directed to the store homepage with respect to the user’s access level. In terms of the use of system resource, access control process is regulated according to a security policy and is permitted by only authorized entities. Conventional access control models are broadly categorized as Discretionary Access Control and Mandatory Access Control models. New models such as Role-based Access Control models have been proposed to address the security requirement of wider range applications.

 Affiliate Program

You are About to Start Earning with EssaysProfessors

Tell your friends about our service and earn bonuses from their orders

Earn Now

(CACM Vol. 44 No. 2) Comprehensive Testing Methodically checking a web application for SQL injection vulnerability takes effort more than one might guess. It is very easy to overlook a perfectly vulnerable script if one doesn’t pay attention to details. Each parameter of every script on the server should always be checked. Developers and development teams can be awfully inconsistent. Even if a whole web application is conceived, designed, coded and tested by a single programmer, there might be only one vulnerable parameter in one script out of thousands of other parameters in millions of other scripts. (MySQL Manual) Evaluating results If a database server error message of some kind back is received, injection was definitely successful. On the other hand, the database error messages aren’t always noticeable. Again, one should look in every possible place for evidence of successful injection. The first thing that must be done is search through the entire source of the returned page for phrases like “ODBC”, “Syntax”, “SQL Server”, etc. Other details on the nature of the error can be in hidden input, comments, etc. Make sure to check the headers also. (MySQL Manual) Another thing to look out for is a 302 page redirect, as one may be whisked away from the database error message page before he even get a chance to notice it. It must be noted that SQL injection can be successful even if one does not get an ODBC error messages back. Some web applications are built so that in the event of an error of any kind, the client is returned to the site’s main page. If one receives a 500 Error page back, chances are that the injection is occurring. (MySQL Manual) SECURITY Finally, but definitely not the least among the issue of implementation is the issue on security. Security issues are critical as Internet becomes more widespread. Security in Web application includes protecting a Web site, restricting access to a Web site, and the degree of safety of data transfer between the server and the client. Considering access restriction to the TARGET site, the system provides a Role-based verification mechanism. Essentially, separating Web pages supply distinct system services to the user. Two variables are defined for the purpose of providing a flexible way to let different group of users to share the same service. One is an array variable which includes all access level values allowed to access this page; another is a singular value which represents a minimum access level value on demand. Values above the minimum value will automatically get the access right it belongs to the required access group or not. Thus, each page can set its own access restriction policy by simply assign these variables. Actual verification is done by a security checking function with respect to these setting. By means of using a cookie to store a user identification token permits a Web site to remember visitors between sessions. Still, it is possible that a user might try to modify his/her cookie in order to log in as another user. Usually, when Web servers use cookies to identify users and their status, there are three types of security threats to cookies: network threats, end-system threats, and cookie harvesting threats.

Don't wait until tomorrow!

You can use our chat service now for more immediate answers. Contact us anytime to discuss the details of the order

Place an order

(J. Park / R. Sandhu) TARGET is primarily concerned about the end-system threats. Once the cookie is stored in browser’s side in the form of plain text, its content can be trivially altered by users and easily copied from one computer to another computer, without notification of the user whose computer the cookie was originally stored. The ability to alter and copy cookies lets attackers easily forge cookies’ content and impersonate other users. Thus, concepts of confidentiality and integrity in deploying cookie for system authentication are vital. Confidentiality is the property that information is not made available or disclosed to unauthorized individuals; while integrity is the property that information has not been modified or destroyed in an unauthorized manner. In the case of TAGET, we use cryptographic technologies to enforce cookies’ confidentiality and use an integrity verification function to check the cookie’s owner and protect the system against unauthorized modification of the cookie. To achieve this, TARGET deploys the secret-key cryptography by using a message digest algorithm. After a user having successfully logged in, the system generates a message digest form the username and a system secret key, then puts the signature into the cookie together with the character string of user name. When the user makes later visits to the system, the browser sends the secure cookies to the system. TARGET verifies the signature in this secure cookie using the same cookie-issuing policy in the authentication stage. CONCLUSION The objective of the TARGET system is to offer a simple, user-friendly interface and a secure on-line database for the submission, retrieval, and data access on internet. The TARGET system incorporates the World Wide Web and distributed computing technologies to permit users sharing a centralized database, data processing via standard Web browsers. Authentication capability is supplied by the username and password verification mechanism. Access restriction to TARGET system is implemented by enforcing a role based access control policy. Future improvements include adding a XML message layer to expand TARGET customer layer to be independent of the underlying database API. Based on the experience, this paper’s author believe that the combination of PHP and MySQL under three-tier model is a good, practical environment for developing multi-user distributed applications that utilize World Wide Web infrastructure, consequently speeding up online data process.

Free extras: you save total: $80
  • Include FREE Plagiarism Report (on demand)

  • Include FREE Bibliography/Reference Page

  • Include FREE Revision on demand

  • Include FREE E-mail Delivery

  • Include FREE Formatting

  • Include FREE Outline


Need more Computer Technologies Essay Examples?

Related essays

  1. Target Archery Shop
  2. Windows XP vs Macintosh OS X