(download as pdf)
Overview of dynamic website creation
Introduction
The internet and its development into the World Wide Web
eCommerce Development through Technology
Advantages of Web deployment
Security/Privacy
E-Commerce the way Forward
References
This paper seeks to provide an introduction into the use of client-server technologies and their impact on the internet and its users. An investigation into the technologies available to developers, and the way they have changed the way we shop, communicate, and ultimately live, this paper outlines a potted past, present and future of the internet, and how we use it to provide solutions bringing commercial enterprise into the homes of our customers.
Early History
While the internet in a commercially recognisable form did not appear until 1989 (Tim Berners-Lee, CERN laboratories), computers had been communicating with one another across networks for the previous 20 years (the first computer to computer login was between Stanford and UCLA on 21st November 1969). The internet by strict definition a Wide Area Network communicating over TCP/IP (Internet transmission control program), had also been in existence for over 10 years since its design in the late seventies. “Inter-networking” provided computer protocols to allow information to be exchanged, where the central server (host) was responsible for the reliability. The difference that Berners-Lee made to the technology was the idea and instigation of a worldwide web. Using existing technologies, his use of the hyper text language (which he originally prototyped in 1980 as an internal means of communication at CERN) over a wide area network allowed networks to communicate through generic browsers regardless of the operating system that supported them. The hyper text language was (and still is) further developed, in 1990 it was updated into the building brick of the modern internet – Hyper Text Mark up Language (HTML) which was incorporated as the standard of the world wide web consortium (W3C) in 1993. Over the last 15 years that development has continued into HTML 4.0 and the transition into XTML (eXtensive Text Mark up Language). The internet could be argued as the largest social change in the developed world since its conception affecting the way consumers shop, information is collated, and with the popularity rising for “web 2.0” communicate and socialise.
Considering the nation’s increasing usage of the internet (eCommerce the Way forward) as a purchasing channel it is important to understand how it evolved, and the technologies that supported such a rapid growth.
Database driven sites
The internet in its current state would not have been possible without the backbone provided by databases and their interaction with Active Server Pages (ASP) (ASP is a trademarked function of Microsoft, however for the purposes of this paper it will be used as a generic description regardless of the platform). The ability to produce dynamic content, to manage users and to aggregate data is all possible through this client-server interaction. Pages calling client side applications from what is intrinsically a passive front end (HTML pages only exist in their exact form and cannot communicate either with the server or the client machine), pass or return values dependant on the inputs they receive. This is made possible by embedding code (normally VBScript or JScript) into the page. In keeping with the initial spirit of the internet this allows computers running different operating systems to pass information from the generic browser to the client server through an interface such as Microsoft’s Internet Information Services (IIS). This model has been followed on many platforms enabling connectivity between browser and server regardless of the operating system.
Database management systems
Just as there are many client server standard applications, the database market is equally well represented. Hidden behind many websites, the choice of database application is down to a combination of budget, requirements and developer preferences. The table below compares three of the most popular commercial applications
Feature |
SQL Server 2000 |
Oracle 10g |
MySQL |
Independent Performance Benchmarks |
2nd Place |
1st Place |
Does not participate – intended for small to medium sized systems |
Independent Analysis of Price/Performance Ratio |
1st Place – licensing is 25% the cost of Oracle |
Unknown |
Does not participate – commercial licenses are cheaper than SQL Server |
Cross Platform Compatible |
No |
Yes |
Yes |
Fully Relational – affects data storage, retrieval and integrity |
Yes |
Yes |
Somewhat – does not support foreign key constraints |
Language |
Transact-SQL – considered easy to use and more powerful than MySQL Dialect |
PL/SQL – considered more powerful than Transact-SQL but more difficult to use |
MySQL Dialect – difficult to use with limited power |
Maintainability |
Easy |
Difficult |
Difficult |
Open Source |
No |
No |
Yes |
Source: promoteware, 2007
As the previous table shows, there are advantages and disadvantages to each of the models, and this is only compounded where considering the costs of utilising each application.
|
MySQL |
Microsoft |
Sybase |
IBM |
Oracle |
Product Line |
MySQL Enterprise |
Microsoft SQL Server 2005 |
Sybase ASE 15 |
IBM DB2 v9 |
Oracle 10g |
Product Edition |
Gold |
Enterprise Edition |
Enterprise Edition |
Enterprise Edition |
Enterprise Edition |
Pricing Model |
Per Server |
Per CPU |
Per CPU |
Per CPU |
Per CPU |
Software License (Per Unit) |
$0 |
$24,999 |
$24,995 |
$36,400 |
$40,000 |
Annual Subscription, Support & Maintenance (Per Unit) |
$2,995 |
$5,000 |
$4,999 |
$7,280 |
$8,000 |
Source: MySQL, 2007
The table above was taken from the MySQL website, and as such should be considered as sales literature; however it does show the variance in cost for each of the models. Every organisation, developer, application and budget will have a best in class choice for the application they use, although from the end-user’s point of view it is largely irrelevant.
Standard Query Language (SQL)
SQL is the standardised language of database applications. As differentiated as the products above may be, they all follow this standard (introduced in 1987, controlled by an ISO standard from 1989). As with the early development of the internet, SQL has been around since the 70s. Based on relational algebra and tuple relational calculus, SQL enables relational databases to be queried and updated using mathematical principles. The standardisation across platforms means that proficiency in one product allows a developer to migrate from one product to another with simple syntax changes.
Database Driven Website
The figure below demonstrates the typical process followed by a database driven website. While this model shows PHP and MySQL as the software components, these could be substituted as discussed in the next section (Advantages of Web Deployment).
A user requests a page through their browser(1) this is received by the hosting server, the server interprets the page and runs a script as required by the webpage. This script (2) connects to a database on the web server, and retrieves the appropriate set of data from it. The script then (3) formats the retrieved data into XHTML, and presents it back to the user (4). This process produces the dynamic pages that we now use on a daily basis .
Source: University of Aberdeen, 2004
By deploying an application over an internet (either internally on a Local Area Network, or externally over the World Wide Web) a developer can centralise functionality for multiple concurrent users in one application. The sections below outline the advantages provided by such an application
Scalability
Once an application has been designed and built, the potential number of concurrent users is limited only by the client server. Database applications are designed at their core to supply multiple users with access to data, presented specifically to their needs. The design rooted in these applications controls the provision of access, multiple edits of a single table, with updates strictly ordered to prevent any bad data or contentious inputs.
Cross-Platform Functionality
Through the presentation of html pages, sites can be shown through generic browsers on any machine, anywhere in the world (subject to access restrictions programmed at source). This compatibility for both the html and the database provides cross-platform functionality unmatched by any other environment.
Portability
The standardisation of both html and SQL, allow (with small compatibility changes) the movement of an application from one platform to another. This portability enables organisations to provide online services, the hardware and operating systems changing with the requirements of the applications that they support. A small application, hosted externally on a rented server space using an Access or MySQL backend, can easily be ported to an in-house SQL server 2005 system without too much disruption to the flow of the code or the database that provides it.
Reliability
Once an application is deployed on sufficient hardware, it is inherently stable. Web hosting companies now boast uptimes of 100% (eUKHost, 2007) with Service Level Guarantees supporting this figure (albeit a refund of the rental of the downtime) at a fee of £19.99 per month. It is this reliability when supported by a stringent design process that allows the 24/7 performance required for most online applications
Standardisation
The standardisations of technologies provide benefits to the developer, owner and user of a web application. Users know what to expect if normal web heuristics are applied (e.g. underlined links), developers can utilise skills learnt on most applications in the environment presented, and owners can reap the benefits of cost savings and additional customers as a consequence.
In order to provide a sound base for any application, it is imperative to consider the needs of the users and their privacy and security. While there is always a risk that a misplaced password or terminal left logged in could compromise an internally deployed system, the risk is minimised by the physical location of that access. When an application is issued over the web, this is no longer an attribute that can be relied on. Systems are open to attack from all over the world. It is the responsibility of the organisation to ensure that all personal data stored is secure, and confidential. In designing the hardware for any system, consideration should be made to the access levels granted to each interface. The Active server pages accessing the database should perform discreet transactions, creating pure web pages without any uncontrolled access to the actual database itself. Breaches to security on any web application can be disastrous to the organisation that holds the information, as well as the individuals whose information is stored within. An example of this recently in the news was a compromise at TK Max: -
“Already one of the world's largest incidents of corporate data theft, has so far seen US-based retailer TJX admit that 45.7 million credit and debit cards was stolen from the company in a computer data security breach over an 18-month period. The firm also confirmed that as well as financial data, thieves were able to copy customer's personal information - including names, addresses driving licence and other identification data - belonging to approximately 451,000 people who had returned goods to stores without a receipt..”
Source: ITPro, 2007
In order to prevent such an event happening, all firewalls (hardware and software), proxy servers and database permissions (controlled at a table level) should be carefully designed and implemented before the application is released. The move to a WAN should be from the outset designed as securely as possible and all financial information (at a minimum) collected via a secure and encrypted (https) internet connection. All sensitive information should be protected by that encryption for transactions, and the database server itself hidden from prying eyes both inside and outside of the organisation. This is not only best practice but a requirement under the Data Protection Act 1998 (and the Safe Harbour agreement if financial information). The obligations of data controllers to their customers and staff are summarised below.
Data must be……
- Fairly and lawfully processed
- Processed for specified purposes
- Adequate, relevant and not excessive
- Accurate and, where necessary, kept up to date
- Kept for no longer than necessary
- Processed in line with the rights of the individual
- Kept secure
- Not transferred to countries outside the European Economic Area unless there is adequate protection for the information
Source: Information Commissioner’s Office, 2007
Security within a business can be considered within three categories: -
- Confidentiality – ensuring that the information is accessible only to those authorised to access it
- Integrity – safeguarding the accuracy and completeness of the information and its processing
- Availability – ensuring that users can get access to information and any associated assets when required
Source: Wheatcroft, 2007
Points 2 and 3 can be ensured through the database design; however point 1 must be considered within the planning and distribution of the system. Information available to only those requiring access to it (this must include the access levels of staff) and its security, both internally through inappropriate staff access, and externally from intentional compromise must be considered as a business risk outside of the actual application design.
The internet in commercial applications
With the internet’s growth in the UK, the commercial applications have increased to match the demand. According to the Office of National Statistics (2007), over 60% of households (15 million) in the UK have access to the internet, further research shows that the most popular use of those households is to find information on goods or services - 86% of all users within a 3 month period, and over 41% of all adults purchasing something over the same timeframe. With its prevalence in modern life, an internet presence is a must for the majority of business, for an organisation that can sell or market its goods via this medium – a necessity.
An evolution of the direct marketing industry, e-commerce has evolved into a thriving and continually expanding market. Large companies have increased their spend and presence on the internet immensely over the past 10 years, this move is shown clearly in the chart below.
Source: Digital Strategy Consulting, 2006
The internet has stood up to all the criticism levelled at it through the boom and crash, and come out the other side healthier than ever, firmly established as a medium for all reaches of UK commercialism.
This trend is set to continue, ever more consumers are online, and businesses that can benefit from this audience are offering more to consumers in order to attract their custom. eCommerce is the way forward and providing an effective site to match the trend is the goal of any web solution provider.
promoteware, (2007), ‘SQL Server Comparison Chart’, 2007[Online],
Available: http://www.promoteware.com/Module/Article/ArticleView.aspx?id=23
MySQL, (2007), ‘MySQL TCO Savings Calculator’, 2007[Online],
Available: http://www.mysql.com/why-mysql/tco.html
University of Aberdeen (2004), ‘How can I link my web pages to a database?’, 2007[Online],
Available: http://www.abdn.ac.uk/webpack/factsheet19.shtml
eUKHost, (2007), ‘Business Web-Hosting’, 2007[Online],
Available: http://www.eukhost.com/business-web-hosting.php
ITPro, (2007), ‘TK Maxx data theft: UK shoppers at risk’, 2007[Online],
Available: http://www.itpro.co.uk/security/news/109208/tk-maxx-data-theft-uk-shoppers-at-risk.html
Information Commissioner’s Office, (2007), ‘Data Protection the Basics ‘, 2007[Online],
Available: http://www.ico.gov.uk/what_we_cover/data_protection/the_basics.aspx
Wheatcroft, P. (2007), ‘World Class IT Service Delivery’, 1st Ed., p129
Office National Statistics, (2007), ‘Internet Access 2007, Households and individuals’, 2007[Online], Available: http://www.statistics.gov.uk/pdfdir/inta0807.pdf
Digital Strategy Consultancy, (2006), ‘Digital Europe, Tracking the growth of online marketing spend’, 2007[Online],
Available: http://www.digitalstrategyconsulting.com/documents/DSC_DI_Digital_Europe_2006-01.pdf
|
