Documente Academic
Documente Profesional
Documente Cultură
Java servlets are more efficient, easier to use, more powerful, more portable, safer, and cheaper than
Efficient
With traditional CGI, a new process is started for each HTTP request. If the CGI program itself is
relatively short, the overhead of starting the process can dominate the execution time. With servlets,
the Java Virtual Machine stays running and handles each request using a lightweight Java thread, not
a heavyweight operating system process. Similarly, in traditional CGI, if there are N simultaneous
requests to the same CGI program, the code for the CGI program is loaded into memory N times. With
servlets, however, there would be N threads but only a single copy of the servlet class. Finally, when a
CGI program finishes handling a request, the program terminates. This makes it difficult to cache
computations, keep database connections open, and perform other optimizations that rely on
persistent data. Servlets, however, remain in memory even after they complete a response, so it is
Convenient
Servlets have an extensive infrastructure for automatically parsing and decoding HTML form data,
reading and setting HTTP headers, handling cookies, tracking sessions, and many other such high-
level utilities. Besides, you already know the Java programming language. Why learn PERL too?
You’re already convinced that Java technology makes for more reliable and reusable code than does
Powerful
Servlets support several capabilities that are difficult or impossible to accomplish with regular CGI.
Servlets can talk directly to the Web server, whereas regular CGI programs cannot, at least not
without using a server-specific API. Communicating with the Web server makes it easier to translate
relative URLs into concrete path names, for instance. Multiple servlets can also share data, making it
easy to implement database connection pooling and similar resource-sharing optimizations. Servlets
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:2/203
can also maintain information from request to request, simplifying techniques like session tracking
Portable
Servlets are written in the Java programming language and follow a standard API. Consequently,
servlets written for, say, I-Planet Enterprise Server can run virtually unchanged on Apache, Microsoft
Internet Information Server (IIS), IBM WebSphere, or StarNine WebStar. For example, virtually all of
the servlets and JSP pages in this book were executed on Sun’s Java Web Server, Apache Tomcat
and Sun’s JavaServer Web Development Kit (JSWDK) with no changes whatsoever in the code. Many
were tested on BEA WebLogic and IBM WebSphere as well. In fact, servlets are supported directly or
by a plug-in on virtually every major Web server. They are now part of the Java 2 Platform, Enterprise
Edition (J2EE; see http://java.sun.com/j2ee/), so industry support for servlets is becoming even more
pervasive.
Secure
One of the main sources of vulnerabilities in traditional CGI programs stems from the fact that they are
often executed by general-purpose operating system shells. So the CGI programmer has to be very
careful to filter out characters such as backquotes and semicolons that are treated specially by the
shell. This is harder than one might think, and weaknesses stemming from this problem are constantly
being uncovered in widely used CGI libraries. A second source of problems is the fact that some CGI
programs are processed by languages that do not automatically check array or string bounds. For
example, in C and C++ it is perfectly legal to allocate a 100-element array then write into the 999th
“element,” which is really some random part of program memory. So programmers who forget to do
this check themselves open their system up to deliberate or accidental buffer overflow attacks.
Servlets suffer from neither of these problems. Even if a servlet executes a remote system call to
invoke a program on the local operating system, it does not use a shell to do so. And of course array
bounds checking and other memory protection features are a central part of the Java programming
language.
Inexpensive
There are a number of free or very inexpensive Web servers available that are good for “personal” use
or low-volume Web sites. However, with the major exception of Apache, which is free, most
commercial-quality Web servers are relatively expensive. Nevertheless, once you have a Web server,
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:3/203
no matter its cost, adding servlet support to it (if it doesn’t come preconfigured to support servlets)
costs very little extra. This is in contrast to many of the other CGI alternatives, which require a
JavaServer Pages
JavaServer Pages (JSP) technology enables you to mix regular, static HTML with dynamically
generated content from servlets. Many Web pages that are built by CGI programs are primarily static,
with the parts that change limited to a few small locations. For example, the initial page at most on-line
stores is the same for all visitors, except for a small welcome message giving the visitor’s name if it is
known. But most CGI variations, including servlets, make you generate the entire page via your
program, even though most of it is always the same. JSP lets you create the two parts separately.
Listing 1.1 gives an example. Most of the page consists of regular HTML, which is passed to the
visitor unchanged. Parts that are generated dynamically are marked with special HTML-like tags and
JSP has a number of advantages over many of its alternatives. Here are a few of them.
twofold. First, the dynamic part is written in Java, not VBScript or another
ASP-specific language, so it is more powerful and better suited to complex applications that require
reusable components. Second, JSP is portable to other operating systems and Web servers; you
aren’t locked into Windows NT/2000 and IIS. You could make the same argument when comparing
JSP to ColdFusion; with JSP you can use Java and are not tied to a particular server product.
Versus PHP
PHP is a free, open-source HTML-embedded scripting language that is somewhat similar to both ASP
and JSP. The advantage of JSP is that the dynamic part is written in Java, which you probably already
<HTML>
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:4/203
<BODY>
<SMALL>Welcome,
<A HREF="Account-Settings.html">here.</A></SMALL>
<P>
Regular HTML for all the rest of the on-line store’s Web page.
</BODY>
</HTML>
extensive API for networking, database access, distributed objects, and the like, whereas PHP
JSP doesn’t provide any capabilities that couldn’t in principle be accomplished with a servlet. In fact,
JSP documents are automatically translated into servlets behind the scenes. But it is more convenient
to write (and to modify!) regular HTML than to have a zillion println statements that generate the
HTML. Plus, by separating the presentation from the content, you can put different people on different
tasks: your Web page design experts can build the HTML using familiar tools and leave places for
SSI is a widely supported technology for inserting externally defined pieces into a static Web page.
JSP is better because you have a richer set of tools for building that external piece and have more
options regarding the stage of the HTTP response at which the piece actually gets inserted. Besides,
SSI is really intended only for simple inclusions, not for “real” programs that use form data, make
Versus JavaScript
JavaScript, which is completely distinct from the Java programming language, is normally used to
generate HTML dynamically on the client, building parts of the Web page as the browser loads the
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:5/203
document. This is a useful capability but only handles situations where the dynamic information is
based on the client’s environment. With the exception of cookies, the HTTP request data is not
available to client-side JavaScript routines. And, since JavaScript lacks routines for network
programming, JavaScript code on the client cannot access server-side resources like databases,
catalogs, pricing information, and the like. JavaScript can also be used on the server, most notably on
Netscape servers and as a scripting language for IIS. Java is far more powerful, flexible, reliable, and
portable.
Regular HTML, of course, cannot contain dynamic information, so static HTML pages cannot be based
upon user input or server-side data sources. JSP is so easy and convenient that it is quite reasonable
to augment HTML pages that only benefit slightly by the insertion of dynamic data. Previously, the
difficulty of using dynamic data precluded its use in all but the most valuable instances.
Before you can get started, you have to download the software you need and configure your system to
take advantage of it. Here’s an outline of the steps involved. Please note, however, that although your
servlet code will follow a standard API, there is no standard for downloading and configuring Web or
application servers. Thus, unlike most sections of this book, the methods described here vary
significantly from server to server, and the examples in this section should be taken only as
Your first step is to download software that implements the Java Servlet 2.1 or 2.2 and JavaServer
Pages 1.0 or 1.1 specifications. If you are using an up-to-date Web or application server, there is a
good chance that it already has everything you need. Check your server documentation or see the
Although you’ll eventually want to deploy in a commercial-quality server, when first learning it is useful
to have a free system that you can install on your desktop machine for development and testing
• Apache Tomcat.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:6/203
Tomcat is the official reference implementation of the servlet 2.2 and JSP 1.1 specifications. It can be
used as a small stand-alone server for testing servlets and JSP pages, or can be integrated into the
Apache Web server. However, many other servers have announced upcoming support, so these
specifications will be covered in detail throughout this book. Tomcat, like Apache itself, is free.
However, also like Apache (which is very fast, highly reliable, but a bit hard to configure and install),
Tomcat requires significantly more effort to set up than do the commercial servlet engines. For details,
see http://jakarta.apache.org/.
The JSWDK is the official reference implementation of the servlet 2.1 and JSP 1.0 specifications. It is
used as a small stand-alone server for testing servlets and JSP pages before they are deployed to a
full Web server that supports these technologies. It is free and reliable, but takes quite a bit of effort to
• Allaire JRun.
JRun is a servlet and JSP engine that can be plugged into Netscape Enterprise or FastTrack servers,
IIS, Microsoft Personal Web Server, older versions of Apache, O’Reilly’s WebSite, or StarNine
WebSTAR. A limited version that supports up to five simultaneous connections is available for free;
the commercial version removes this restriction and adds capabilities like a remote administration
ServletExec is a servlet and JSP engine that can be plugged into most popular Web servers for
Solaris, Windows, MacOS, HP-UX and Linux. You can download and use it for free, but many of the
advanced features and administration utilities are disabled until you purchase a license. For details,
see http://newatlanta.com/.
LWS is a small free Web server derived from Tomcat that supports servlets version 2.2 and JSP 1.1.
Gefion also has a free plug-in called WAICoolRunner that adds servlet 2.2 and JSP 1.1 support to
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:7/203
This server is written entirely in Java and was one of the first Web servers to fully support the servlet
2.1 and JSP 1.0 specifications. Although it is no longer under active development because Sun is
A JSP page is a text-based document that describes how to process a request to create aresponse.
The description intermixes template data with some dynamic actions and leverageson the Java
Platform. The features in the JSP technology support a number of different paradigms for authoring of
dynamic content; some of them are described in Section 1.6. The next couple of examples only
attempt to present the technical components of the JSP specification and are not prescribing “good” or
“bad” paradigms.
An simple example of a JSP page is shown in FIGURE 1-1. The example shows the response page,
which is intended to be a short list with the day of the month and year at the moment when the request
is received. The page itself contains fixed template text and additional elements described by the JSP
specification that are shown underlined in the figure. As the request reaches the page, the response is
created based on the template text. As the first element is reached, a server-side Bean object is
created with name clock and type calendar.jspCalendar. This object can be used and modified later in
the page. In particular, the next two elements access properties of the object and insert these values
FIGURE 1-2 is another example of a JSP page. This page uses custom actions to create the server-
side object and then to produce the response data. In the example, a taglib directive first makes
available into this page a tag library for data base queries. The directive indicates the tag library to use
and provides a prefix to use locally in this page to name those actions. Designing tag libraries is a
delicate effort, analogous to that of designing a language; we are making no special effort here to
define tags that are useful for any but pedagogical purposes. For the purposes of this example, we will
A queryBlock action introduces a data base connection; it can contain queryStatement actions and
queryCreateRow actions. The connData attribute refers to connection-specific data, like login and
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:8/203
password, that are to be defined elsewhere; see Appendix 5.8.3 for suggestions on where to place the
information.
statement; it will use the connection data defined in the enclosing queryBlock.
request
response
<html>
<jsp:useBean id=”clock”
class=”calendar.jspCalendar” />
<ul>
</ul>
</html>
iterate over the results of the last executed query and will generate up to as many rows as requested.
access the requested field from the current iteration in queryCreateRows and insert the value into the
out object.
In this example:
• The x:queryCreateRows action implicitly refers to the object created by the x:queryStatement
• The x:queryDisplay actions refer to the current row in the query result that is being iterated
over by x:queryCreateRows
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:9/203
• The code that locates a connection (perhaps from a connection pool), performs the JDBC™
API query, and navigates through the result of this query is hidden in the implementation of
the custom actions. This encourages division of labor and isolation from changes.
<html>
<x:queryBlock connData=”conData1”>
<x:queryStatement>
</x:queryStatement>
<table>
<tr><th>ACCOUNT</th><th>BALANCE</th></tr>
<td><x:queryDisplay field=”ACCOUNT”/></td>
<td><x:queryDisplay field=”BALANCE”/></td>
</x:queryCreateRows>
</table>
</x:queryBlock>
</html>
The JavaServer Pages technology builds on the Servlet standard extension. JavaServer Pages is a
Standard Extension that is defined extending the concepts in the Servlet Standard Extension. JSP 1.1
JSP pages and Servlet classes are collectively referred as Web Components. JSP pages are
delivered to a Container that provides the services indicated in the JSP Component Contract.
JSP 1.1 and Servlet 2.2 rely only on features in the Java Runtime Environment 1.1, although they are
compatible with, and can take advantage of, the Java 2 Runtime Environment.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:10/203
• Standard directives
• Standard actions
Most of the integration of JSP pages within the J2EE platform is inherited from the reliance on the
A JSP page is executed in a JSP container, which is installed on a Web server, or on a Web enabled
application server. The JSP container delivers requests from a client to a JSP page and responses
from the JSP page to the client. The semantic model underlying JSP pages is that of a servlet: a JSP
page describes how to create a response object from a request object for a given protocol, possibly
All JSP containers must support HTTP as a protocol for requests and responses, but a container may
also support additional request/response protocols. The default request and response objects are of
A JSP page may also indicate how some events are to be handled. In JSP 1.1 only init and destroy
events can be described: the first time a request is delivered to a JSP page a jspInit() method, if
present, will be called to prepare the page. Similarly, a JSP container can reclaim the resources used
by a JSP page at any time that a request is not being serviced by the JSP page by invoking first its
jspDestroy() method; this is the same life-cycle as that of Servlets. A JSP page is represented at
request-time by a JSP page implementation class that implements the javax.servlet.Servlet interface.
JSP pages are often implemented using a JSP page translation phase that is done only once, followed
by some request processing phase that is done once per request. The translation phase creates the
JSP page implementation class. If the JSP page is delivered to the JSP container in source form, the
translation of a JSP source page can occur at any time between initial deployment of the JSP page
into the runtime environment of a JSP container and the receipt and processing of a client request for
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:11/203
A JSP page contains some declarations, some fixed template data, some (perhaps nested) action
instances, and some scripting elements. When a request is delivered to a JSP page, all these pieces
are used to create a response object that is then returned to the client. Usually, the most important
JSP pages may be compiled into its JSP page implementation class plus some deployment
information. This enables the use of JSP page authoring tools and JSP tag libraries to author a
• Removal of the start-up lag that occurs when a JSP page delivered as source receives the
first request.
• Reduction of the footprint needed to run a JSP container, as the java compiler is not needed.
If a JSP page implementation class depends on some support classes in addition to the JSP 1.1 and
Servlet 2.2 classes, the support classes will have to be included in the packaged WAR so it will be
Appendix C contains two examples of packaging of JSP pages. One shows a JSP page that is
delivered in source form (probably the most common case) within a WAR. The other shows how a
JSP page is translated into a JSP page implementation class plus deployment information indicating
the classes needed and the mapping between the original URL that was directed to the JSP page and
Web Applications
• Client-side Java Applets, JavaBeans components, and arbitrary Java class files
• Java Runtime Environment(s) (downloadable via the Plugin) running in client(s) JSP 1.1
supports portable packaging and deployment of Web Applications through the Servlet 2.2
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:12/203
specification. The JavaServer Pages specification inherits from the Servlet specification the
Application Model
JSP pages can be used in combination with Servlets, HTTP, HTML, XML, Applets, JavaBeans
architecture(s) or models.
The simple 2-tier model (accessing a database in the example above) describes the cgi-bin
replacement architecture that the Servlet model first enabled. This allows a JSP (or a Servlet) to
directly access some external resource (such as a database or legacy application) to service a client’s
request. The advantage of such a scheme is that it is simple to program, and allows the page author to
easily generate dynamic content based upon the request and state of the resource(s). However this
architecture does not scale for a large number of simultaneous clients since each must establish/or
N-tier Application
In this model the application is composed of (n>=3) tiers, where the middle tier, the JSP, interacts with
the back end resources via an Enterprise JavaBeans component. The Enterprise JavaBeans server
and the EJB provide managed access to resources thus addressing the performance issues. An EJB
server will also support transactions and access to underlying security mechanisms to simplify
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:13/203
programming. This is the programming model supported by the Java2 Platform Enterprise Edition
(J2EE).
In this model we have two loosely coupled applications (either on the same Intranet, or over an
Extranet or the Internet). These applications may be peers, or act as client or server for the other. A
common example of this is supply chain applications between vendor enterprises. In such situations it
is important that each participant be isolated from changes in the implementation of it’s dependents. In
order to achieve this loose coupling the applications do not communicate using a fine grain imperative
interface contract like those provided for by RMI/IIOP or Java IDL. The applications communicate with
each other via HTTP, using either HTML or XML to/from a JSP page.
The JavaServer Pages technology is an ideal way to describe processing of XML input and output.
Simple XML generation can be done by just writing the XML as static template portions within the JSP
page. Dynamic generation will be done through JavaBeans components, Enterprise JavaBeans
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:14/203
Similarly, input XML can be received from POST or QUERY arguments and then sent directly to
the scripting. There are two attributes of the JSP technology that make it specially suited for describing
XML processing. One is that XML fragments can be described directly in the JSP page either as
templates for input into some XML-consuming component, or as templates for output to be extended
with some other XML fragments. Another attribute is that the tag extension mechanism enables the
creation of specific actions and directives that are targeted at useful XML manipulation operations.
Future versions of the JSP specification may include several standard actions that will support XML
manipulation, including the transformation of the XML produced by the given JSP page using
XTL/XSL.
Redirecting Requests
It is common that the data to be sent to the client varies significantly depending on properties of the
client that are either directly encoded in the request object or can be discovered based on some
user/client profile (e.g. stored in a login database). In this case it is very convenient to have the initial
JSP page determine details about the request, perhaps create and/or update some server-side
objects, and then, if necessary, redirect the request to a different JSP page. This programming model
is supported by the underlying Servlet APIs. The properties of the HTTP protocol are such that the
redirect cannot be done if the response stream has started being sent back to the client; this
characteristic makes the description of some common situations quite inconvenient. To address this,
the JSP specification by default indicates buffering on the output stream. The JSP page can redirect
Buffering is also very convenient for error page handling, since that is done by redirecting the request.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:15/203
In a slight variation of this model, the front component (a Servlet or a JSP) only creates and/ or
updates the server-side objects. In this organization, the front component does no presentation at all;
instead all presentation is done by a presentation component. Although the front component could be
written as a Servlet since it does no presentation, writing it as a JSP page enables the use of custom
actions for the creation and update of the server-side objects. The presentation component will almost
in all cases be a JSP page, and it will most likely access the server-side objects through custom
actions1.
1. Readers of the original JSP 0.92 draft will recognize the combination “front component is
servlet and presentation component is JSP” as the model 2 mentioned in that draft.
Including Requests
Another useful application model involves request includes. In this model, the request reaches an
initial JSP page. The page may start generating/composing some result but at some point it may want
to dynamically include the contents of some other page. These contents may be static but may also be
dynamically generated by some other JSP page, Servlet class, or some legacy mechanism like ASP.
most often used in the context of a presentation-independent content, like when the data generated is
actually XML (which may be converted later into some other format using, say, XSL).
This chapter provides details on the contracts between a JSP container and a JSP page. This chapter
is independent on the Scripting Language used in the JSP page. Chapter 4 provides the details
specific to when the language directive has “java” as its value. This chapter also presents the
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:16/203
JSP page implementation classes should use the JspFactory and PageContext classes so they will
As indicated in Section 1.4, “Overview of JSP Page Semantics”, a JSP page is executed by a JSP
container, which is installed on a Web Server or Web enabled Application Server. The JSP container
delivers requests from a client to a JSP page and responses from the JSP page to the client. The
semantic model underlying JSP pages is that of a Servlet: a JSP page describes how to create a
response object from a request object for a given protocol, possibly creating and/or using in the
process some other objects. A JSP page may also indicate how some events (in JSP 1.1 only init and
The entity that processes request objects creating response objects should behave as if it were a Java
technology-based class; in this specification we will simply assume it is so. This class must implement
the Servlet protocol. It is the role of the JSP container to first locate the appropriate instance of such a
class and then to deliver requests to it according to the Servlet protocol. As indicated elsewhere, a
JSP container may need to create such a class dynamically from the JSP page source before
Thus, Servlet defines the contract between the JSP container and the JSP page implementation class.
When the HTTP protocol is used, the contract is described by the HttpServlet class. Most pages use
the HTTP protocol, but other protocols are allowed by this specification.
The JSP specification also defines the contract between the JSP container and the JSP page author.
This is, what assumptions can an author make for the actions described in the JSP page. The main
portion of this contract is the _jspService() method that is generated automatically by the JSP
container from the JSP page. The details of this contract is provided in Chapter 4. The contract also
describes how a JSP author can indicate that some actions must be taken when the init() and
destroy() methods of the page implementation occur. In JSP 1.1 this is done by defining methods with
name jspInit() and jspDestroy() in a declaration scripting element in the JSP page. Before the first time
a request is delivered to a JSP page a jspInit() method, if present, will be called to prepare the page.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:17/203
Similarly, a JSP container can reclaim the resources used by a JSP page at any time that a request is
not being serviced by the JSP page by invoking first its jspDestroy() method, if present.
A JSP page author may not (re)define any of the Servlet methods through a declaration scripting
element. The JSP specification reserves the semantics of methods and variables starting with jsp,
_jsp, jspx and _jspx, in any combination of upper and lower case.
The enforcement of the contract between the JSP container and the JSP page author is aided by
requiring that the Servlet class corresponding to the JSP page must implement the HttpJspPage
The involved contracts are shown in FIGURE 3-1. We now revisit this whole process in more detail.
The JSP container creates a JSP page implementation class for each JSP page. The name of the JSP
The creation of the implementation class for a JSP page may be done solely by the JSP container, or
it may involve a superclass provided by the JSP page author through the use of the extends attribute
in the jsp directive. The extends mechanism is available for sophisticated users and it should be used
with extreme care as it restricts what some of the decisions that a JSP container can take, e.g. to
improve performance.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:18/203
The JSP page implementation class will implement Servlet and the Servlet protocol will be used to
A JSP page implementation class may depend on some support classes; if it does, and the JSP page
implementation class is packaged into a WAR, those classes will have to be included in the packaged
WAR so it will be portable across all JSP containers. A JSP page author writes a JSP page expecting
that the client and the server will communicate using a certain protocol. The JSP container must then
guarantee that requests from and responses to the page use that protocol. Most JSP pages use
HTTP, and their implementation classes must implement the HttpJspPage interface, which extends
JspPage. If the protocol is not HTTP, then the class will implement an interface that extends JspPage.
The contract between the JSP container and a Java class implementing a JSP page corresponds to
the Servlet interface; refer to the Servlet specification for details. The contract between the JSP
container and the JSP page author is described in TABLE 3-1. The responsibility for adhering to this
contract rests only on the JSP container implementation if the JSP page does not use the extends
attribute of the jsp directive; otherwise, the JSP page author guarantees that the superclass given in
Method is invoked when the JSP page is initialized. When method is called all the methods in servlet,
void jspInit()
void jspDestroy()
The JSP container automatically generates this method, based on the contents of the JSP page.
void _jspService(<ServletRequestSubtype>,
<ServletResponseSubtype>) throws
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:19/203
IOException, ServletException
EJB
Enterprise JavaBeans server-side components come in three fundamentally different types: entity,
session, and message-driven beans. Both session and entity beans are RMI-based server-side
components that are accessed using distributed object protocols. Message-driven beans process
messages from non-RMI systems like Java Message Service, legacy systems, and Web services. All
EJB servers must at least support a JMS-based message driven bean, but they may also support
A good rule of thumb is that entity beans model business concepts that can be expressed as nouns.
For example, an entity bean might represent a customer, a piece of equipment, an item in inventory, or
even a place. In other words, entity beans model real-world objects; these objects are usually
persistent records in some kind of database. Our hypothetical cruise line will need entity beans that
Session beans are extensions of the client application that manage processes or tasks. A Ship bean
provides methods for doing things directly to a ship, but doesn't say anything about the context under
which those actions are taken. Booking passengers on the ship requires that we use a Ship bean, but
it also requires a lot of things that have nothing to do with the ship itself: we'll need to know about
passengers, ticket rates, schedules, and so on. A session bean is responsible for this kind of
coordination. Session beans tend to manage particular kinds of activities, such as the act of making a
reservation. They have a lot to do with the relationships between different entity beans. A TravelAgent
session bean, for example, might make use of a Cruise, a Cabin, and a Customer—all entity beans—
to make a reservation.
Similarly, message-driven beans coordinate tasks involving other session and entity beans. Message-
driven beans and session beans differ primarily in how they are accessed. While a session bean
provides a remote interface that defines which methods can be invoked, a message-driven bean
subscribes to or listens for messages. It responds by processing the message and managing the
actions that other beans take. For example, a ReservationProcessor message-driven bean would
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:20/203
coordinate the interactions of the Cruise, Cabin, and Customer beans to make a reservation.
The activity that a session or message-driven bean represents is fundamentally transient: you start
making a reservation, you do a bunch of work, and then it's finished. The session and message-driven
beans do not represent things in the database. Obviously, session and message-driven beans have
lots of side effects on the database; in the process of making a reservation, you might create a new
Reservation by assigning a Customer to a particular Cabin on a particular Ship. All of these changes
would be reflected in the database by actions on the respective entity beans. Session and message-
driven beans like TravelAgent and ReservationProcessor, which are responsible for making a
reservation on a cruise, can even access a database directly and perform reads, updates, and deletes
to data. But there's no TravelAgent or ReservationProcessor record in the database—once the bean
What makes the distinction between the different types of beans difficult to understand is that it's
extremely flexible. The relevant distinction for Enterprise JavaBeans is that an entity bean has
persistent state; session and message-driven beans model interactions but do not have persistent
state.
A good way to understand the design of enterprise beans is to look at how you'd go about
implementing one. To implement entity and session enterprise beans, you need to define the
1
component interfaces, a bean class, and a primary key:
Remote interface
The remote interface defines the bean's business methods which can be accessed from
applications outside the EJB container: the business methods a bean presents to the outside
world to do its work. The remote interface extends javax.ejb.EJBObject, which in turn extends
java.rmi.Remote. It is used by session and entity beans in conjunction with the remote home
interface.
1
There are basically three kinds of component interfaces: remote, local, and endpoint. The remote and local interfaces are
supported by both EJB 2.1 and 2.0, while the endpoint component interface is new in EJB 2.1 and is not supported by EJB
2.0.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:21/203
The home interface defines the bean's life-cycle methods which can be accessed from
applications outside the EJB container: the life-cycle methods for creating new beans,
removing beans, and finding beans. The home interface extends javax.ejb.EJBHome, which in
turn extends java.rmi.Remote. It is used by session and entity beans in conjunction with the
remote interface.
Local interface
The local interface for an enterprise bean defines business methods that can be used by
other beans in the same EJB container: the business methods a bean presents to other beans
running in the same JVM. It allows beans to interact without the overhead of a distributed
object protocol, which improves their performance. The local interface extends
javax.ejb.EJBLocalObject. It is used by session and entity beans in conjunction with the local
home interface.
The local home interface defines life-cycle methods that can be used by other beans in the
same EJB container; that is, the life-cycle methods a bean presents to other beans running in
the same JVM. It allows beans to interact without the overhead of a distributed object protocol,
javax.ejb.EJBLocalHome. It is used by session and entity beans in conjunction with the local
interface.
Endpoint interface
The endpoint interface defines business methods that can be accessed from applications
outside the EJB container via SOAP. The endpoint interface is based on JAX-RPC (Java API
for XML-RPC) and is designed to adhere to the SOAP and WSDL standards. The endpoint
interface extends java.rmi.Remote. It can be used only by stateless session beans. There is
Message interface
Message-driven beans implement the message interface, which defines the methods by which
messaging systems, such as Java Message Service, can deliver messages to the bean..
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:22/203
Bean class
The session and entity bean classes implement the bean's business and life-cycle methods.
Note that the bean class usually does not implement the remote or local component
interfaces, but it may implement the endpoint interface. However, the bean class must have
methods matching the signatures of the methods defined in the remote, local, and endpoint
interfaces, and must have methods corresponding to some of the methods in both the remote
and local home interfaces. If this sounds perfectly confusing, it is. in addition, an entity bean
onMessage()) defined in a message interface. The container calls these methods when a new
also supports message-driven beans that process messages from other types of messaging
systems with their own message interfaces. The MessageDrivenBean, like the EntityBean and
Primary key
The primary key is a class that provides a pointer into the database. Only entity beans need a
primary key. The only requirement for this class is that it implements java.io.Serializable.
Local interfaces provide a way for beans in the same container to interact efficiently. Calls to methods
in the local interface don't involve RMI; the methods in the local interfaces don't need to declare that
they throw RemoteException, and so on. An enterprise bean isn't required to provide a local interface
if you know when you're developing the bean that it will interact only with remote or Web service
clients. Likewise, an enterprise bean doesn't need to provide a remote or an endpoint interface if you
know it will be called only by enterprise beans in the same container. You can provide any
The complexity comes about because enterprise beans exist in the middle—between some kind of
client software and some kind of database. The client never interacts with a bean class directly; it
always uses the methods of the entity or session bean's component interfaces to do its work,
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:23/203
interacting with stubs that are generated automatically. (For that matter, a bean that needs the
services of another bean is just another client: it uses the same stubs, rather than interacting with the
bean class directly.) Although the local and local home interfaces do not involve RMI, they still
represent a stub or a proxy to the bean class. While there is no network, the stubs allow the container
to monitor the interactions between beans and to apply security and transactions as appropriate.
It's important to note that message-driven beans don't support remote, local, or endpoint component
interfaces, but they may become the client of other session or entity beans and interact with those
beans through their component interfaces. The entity and session beans with which the message-
driven bean interact may be located in the same container, in which case the message-driven bean
use their local component interfaces; or, they may be located in a different address space and EJB
container, in which case the remote or endpoint component interfaces are used.
There are also many interactions between an enterprise bean and its server. These interactions are
managed by a container, which presents a uniform interface between the bean and the server. (Many
people use the terms "container" and "server" interchangeably, which is understandable because the
difference between the terms isn't clearly defined.) The container is responsible for creating new
instances of beans, making sure they are stored properly by the server, and so on. Tools provided by
the container's vendor do a tremendous amount of work behind the scenes. At least one tool takes
care of creating the mapping between entity beans and records in the database. Other tools generate
code based on the component interfaces and the bean class itself. The code generated does things
Naming conventions
Before going on, let's establish some conventions. When we speak about an enterprise bean as a
whole—its component interfaces, bean class, and so forth—we will call it by its common business
name, followed by EJB. For example, an enterprise bean that is developed to model a cabin on a ship
will be called the Cabin EJB. Notice that we don't use a constant-width font for "Cabin,” because we
are referring to all the parts of the bean (the component interfaces, bean class, etc.) as a whole, not
just to one particular part, such as the remote interface or bean class. The term enterprise bean or
bean denotes any kind of bean, including entity, session, and message-driven beans. Entity bean
denotes an entity-type enterprise bean; session bean denotes a session-type enterprise bean; and
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:24/203
message-driven bean denotes a message driven-type enterprise bean. The acronym MDB is
We also use suffixes to distinguish between local, remote, and endpoint component interfaces. When
we are talking about the remote interface of the Cabin EJB, we will combine the common business
name with the word Remote. For example, the remote interface for the Cabin EJB is called the
CabinRemote interface. The local interface of the Cabin EJB would be the CabinLocal interface. The
endpoint interface for the Cabin EJB-based web service would be CabinWS (WS stands for Web
Service). The home interfaces add the word Home to the mix. The remote and local home interfaces
2
for the Cabin EJB would be CabinHomeRemote and CabinHomeLocal, respectively. The bean class
is always the common business name, followed by the word Bean. For example, the Cabin EJB's
These naming conventions are used for clarity; they are not prescriptive or even recommended for use
in production. Once you understand the differences between the component interfaces and the
different types of beans, you can use any naming strategy you wish.
Having introduced the machinery, let's look at how to build an entity bean with remote component
interfaces. In this section, we examine the Cabin EJB, an entity bean that models a cabin on a cruise
We'll define the remote interface for a Cabin bean using the CabinRemote interface, which defines
business methods for working with cabins. All remote interface types extend the javax.ejb.EJBObject
interface:
import java.rmi.RemoteException;
2
The endpoint interface does not have a corresponding home interface.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:25/203
These are methods for naming the cabin and setting the cabin's deck level; you can probably imagine
lots of other methods that you'd need, but this is enough to get started. All of these methods declare
that they throw RemoteException, which is required of all methods on remote component interfaces.
EJB requires the use of Java RMI-IIOP conventions with remote component interfaces, although the
underlying protocol can be CORBA IIOP, Java Remote Method Protocol (JRMP), or some other
protocol. Java RMI-IIOP will be discussed in more detail in the next chapter.
The remote home interface defines life-cycle methods used by clients of entity and session beans for
locating enterprise beans. The remote home interface extends javax.ejb.EJBHome. We'll call the
home interface for the Cabin bean CabinHomeRemote, and define it like this:
import java.rmi.RemoteException;
import javax.ejb.CreateException;
import javax.ejb.FinderException;
The create() method is responsible for initializing an instance of our bean. If your application needs
them, you can provide other create() methods with different arguments. For example, you could
provide a create() method that initialized the cabin’s deck and name.
The findByPrimaryKey() method, with a single Integer argument, is required, and allows you to look up
a particular Cabin given its primary key. You are free to define other methods that provide convenient
ways to look up Cabin beans—for example, you might want to define a method called findByShip()
that returns all the cabins on a particular ship. Find methods like these are used in entity beans but not
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:26/203
Now let's look at an actual entity bean. Here's the code for the CabinBean; it's a sparse
import javax.ejb.EntityContext;
setId(id);
return null;
// do nothing
// not implemented
// not implemented
// not implemented
// not implemented
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:27/203
// not implemented
// not implemented
// not implemented
Notice that the CabinBean class is abstract, as are several of the methods that access or update the
bean’s persistent state. Also notice that there are no instance fields to hold the state information these
methods access. The abstract methods (and the missing fields) are implemented by the container
system automatically. Container-managed entity beans are the only beans that are declared as
abstract with abstract accessor methods. You won't see abstract classes and methods in session or
message-driven beans.
The set and get methods for the cabin's name and deck level are the CabinBean's business methods;
they match the business methods defined by the EJB's remote interface, CabinRemote. The business
methods are the only methods visible to the client application; the other methods are visible only to the
EJB container or the bean class itself. For example, the setId()and getId() methods are defined in the
bean class but not in the remote interface, which means they cannot be called by the entity bean's
client. The other methods are required by the EJB component model and are not part of the bean
The ejbCreate() and ejbPostCreate() methods initialize the instance of the bean class when a new
cabin record is ready to be added to the database. The last seven methods in the CabinBean are
defined in the javax.ejb.EntityBean interface. These methods are life-cycle callback methods. The EJB
container invokes these callback methods on the bean class when important life-cycle events occur.
The ejbRemove() method, for example, notifies an entity bean that its data is about to be deleted from
the database. The ejbLoad() and ejbStore() methods notify the bean instance that its state is being
read or written to the database. The ejbActivate() and ejbPassivate() methods notify the bean instance
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:28/203
that it is about to be activated or deactivated, a process that conserves memory and other resources.
setEntityContext() enables the EJB container to give the bean information about itself and its
surroundings. unsetEntityContext() is called by the EJB container to notify the bean instance that it is
All these callback methods provide the bean class with notifications of when an action is about to be
taken, or was just taken, on the bean's behalf by the EJB server. These notifications simply inform the
bean of an event; the bean doesn't have to do anything about it. The callback notifications tell the
bean where it is during its life cycle, when it is about to be loaded, removed, deactivated, and so on.
Because the callback methods are defined in the javax.ejb.EntityBean interface, the entity bean class
must implement them, but it isn't required to do anything meaningful with the methods if it doesn't need
to. Our bean, the CabinBean, won't need to do anything when these callback methods are invoked, so
The primary key is a pointer that helps locate data that describes a unique record or entity in the
database; it is used in the findByPrimaryKey() method of the home interface to locate a specific entity.
Primary keys are defined by the bean developer and must be some type of serializable object. The
Cabin EJB uses a simple java.lang.Integer type as its primary key. It’s also possible to define custom
primary keys, called compound primary keys, which represent complex primary keys consisting of
CabinBean is an entity bean, but a session bean wouldn't be all that different. It would extend
SessionBean instead of EntityBean and would have an ejbCreate() method that would initialize the
bean's state, but no ejbPostCreate(). Session beans do not have ejbLoad() or ejbStore() methods,
because session beans are not persistent. While session beans have a setSessionContext() method,
they do not have an unsetSessionContext() method. Session beans have ejbActivate() and
ejbPassivate() methods, which are used by stateful session beans to manage conversational state.
Finally, session beans provide an ejbRemove() method, which notifies the bean that the client no
longer needs it. However, this method doesn’t tell the bean that its data is about to be removed from
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:29/203
Session beans don't have a primary key. That's because session beans are not persistent themselves,
Message-driven beans (MDBs) implement a message interface; they don’t implement remote, local,
endpoint, or home interfaces. The message-driven bean defines a few callback methods and one or
more message delivery methods. The callback methods include the ejbCreate() method, which is
called when the bean class is first created; the ejbRemove() method, called when the bean instance is
about to be discarded from the system (usually when the container doesn't need it any longer); and
the setMessageDrivenContext() method. The kind of message delivery methods implemented by the
MDB depend on the type of messaging service it supports. For example, a JMS-based MDB, which all
EJB containers must support, must implement the onMessage() method, which is called every time a
new asynchronous JMS message is delivered. The message-driven bean doesn't define the
Message-driven beans don't have a primary key, for the same reason that session beans don't. They
The interfaces and classes we have discussed don’t address how beans are managed at runtime. We
didn't talk about how beans interact with security, transactions, naming, and other services common to
distributed object systems. These types of primary services are handled automatically by the EJB
container; but that begs the question, “How does the EJB container know how to handle security,
transactions, and so on?” The EJB container gets this kind of runtime information from deployment
descriptors.
Deployment descriptors allow us to customize an EJB’s runtime behavior without having to change the
software itself. Deployment descriptors are also similar to the property sheets used in Visual Basic and
PowerBuilder. Where property sheets allow us to describe the runtime attributes of visual widgets
(background color, font size, etc.), deployment descriptors allow us to describe runtime attributes of
When a bean class and its interfaces have been defined, a deployment descriptor for the bean is
created and populated with data about the bean. Integrated development environments (IDEs) that
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:30/203
support development of Enterprise JavaBeans often allow developers to set up the deployment
descriptors they need using visual utilities like property sheets. After the developer has set all of the
bean’s properties, the deployment descriptor is saved to a file. Once the deployment descriptor is
completed and saved to a file, the bean can be packaged in a JAR file for deployment.
JAR (Java Archive) files are ZIP files that package Java classes and other resources that are ready to
be used in some type of application. JARs are used for packaging applets, Java applications,
JavaBeans, web applications (servlets and JSPs), and Enterprise JavaBeans. A JAR file containing
one or more enterprise beans includes the bean classes, component interfaces, and supporting
classes for each bean. It also contains one deployment descriptor, which is used for all the beans in
the JAR file. When a bean is deployed, the JAR file's location is given to the container's deployment
tools.
When the container opens the JAR file, it reads the deployment descriptor to learn about the bean and
how it should be managed at runtime. The deployment descriptor tells the deployment tools what kind
of beans are in the JAR file (session, entity, or message-driven), how they should be managed in
transactions, who has access to the beans at runtime, and other information. The person deploying
the bean can alter some of these settings, such as transactional and security access attributes, to
customize the bean for a particular application. Most container tools provide user-friendly property
sheets for reading and altering the deployment descriptor when the bean is deployed.
When Enterprise JavaBeans 1.0 was released, serializable classes were used for the deployment
descriptor. Starting with Enterprise JavaBeans 1.1, the serializable deployment descriptor classes
used in EJB 1.0 were dropped in favor of a more flexible file format based on the Extensible Markup
Language (XML). The XML deployment descriptors are text files structured according to a standard
schema (XML Schema in EJB 2.1 and Document Type Definition (DTD) in EJB 2.0) that can be
extended so the type of deployment information stored evolves as the specification evolves. The
The following descriptor might be used to describe the Cabin bean in EJB 2.1:
<ejb-jar xmlns=”http://java.sun.com/xml/ns/j2ee”
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:31/203
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd”
version=”2.1”>
<enterprise-beans>
<entity>
<ejb-name>CabinEJB</ejb-name>
<home>com.titan.CabinHomeRemote</home>
<remote>com.titan.CabinRemote</remote>
<ejb-class>com.titan.CabinBean </ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
<reentrant>False</reentrant>
</entity>
</enterprise-beans>
</ejb-jar>
The first element in an EJB 2.1 deployment descriptor declares the document to be an XML document
conformant with XML Version 1.0 and the character encoding, which normally UTF-8.
The root element is the ejb-jar element. It declares the namespace of the EJB 2.1 XML Schema as
well as the schema's location. In addition, the ejb-jar element declares the version of EJB supported,
The following descriptor might be used to describe the Cabin bean in EJB 2.0:
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD EnterpriseJavaBeans 2.0//EN"
"http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:32/203
<enterprise-beans>
<entity>
<ejb-name>CabinEJB</ejb-name>
<home>com.titan.CabinHomeRemote</home>
<remote>com.titan.CabinRemote</remote>
<ejb-class>com.titan.CabinBean </ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
<reentrant>False</reentrant>
</entity>
</enterprise-beans>
</ejb-jar>
The first element in an EJB 2.0 deployment descriptor is <!DOCTYPE>. This element describes the
organization that defined the DTD for the XML document, supplies the DTD's version, and provides a
URL for the DTD. The DTD describes how a particular XML document is structured.
Now, let’s look more closely at the information in the deployment descriptor. Note that the deployment
descriptor for a real bean would have a lot more information; this example simply illustrates the type of
information you'll find in a deployment descriptor. Here's what the individual elements mean:
<ejb-jar>
The root of the XML deployment descriptor. All other elements must be nested below this one.
It must contain one <enterprise-beans> element and may contain other optional elements.
<enterprise-beans>
Contains declarations for all the enterprise beans described by this XML document. It may
contain <entity>, <session>, or <message-driven> (EJB 2.0) elements, which describe entity,
<entity>
Describes an entity bean and its deployment information. There must be one of these
elements for every entity bean described by the XML deployment descriptor. While this
deployment descriptor describes a single entity bean, the <session> element is used in the
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:33/203
same way to describe a session bean. The <message-driven> element is different, as it does
<ejb-name>
The descriptive name of the enterprise bean. It is the name used for the enterprise bean in
<home>
The fully qualified class name of the remote home interface. This interface defines the life-
cycle behaviors (create, find, remove) of the enterprise bean to its clients outside the container
system.
<remote>
The fully qualified class name of the remote interface. This interface defines the enterprise
<ejb-class>
The fully qualified class name of the bean class. This class implements the business methods
of the bean.
<prim-key-class>
The fully qualified class name of the enterprise bean's primary key. The primary key is used to
The last two elements in the deployment descriptor, the <persistence-type> and <reentrant> elements,
express the persistence strategy and concurrency policies of the entity bean. These elements are
As you progress through this book, you will be introduced to the elements that describe concepts we
have not covered yet, so don't worry about knowing all of the elements you might find in a deployment
descriptor.
The entity and session beans both declare the component interfaces that their clients use to access
them. (Message-driven beans are a very different kind of animal). In EJB 2.0, clients outside the
container system always use the enterprise bean's remote component interfaces. In EJB 2.1, clients
outside the container system have the option of accessing stateless session beans as Web services.
For both EJB 2.1 and 2.0, clients within the same J2EE system (i.e., enterprise beans, Servlets, and
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:34/203
JSPs) can use local component interfaces to interact. This section explains how the component
Now that you have a basic understanding of some of an enterprise bean’s parts (component
interfaces, bean class, and deployment descriptor), it's time to talk more precisely about how these
parts come together inside an EJB container system. Unfortunately, we can't talk as precisely as we'd
like. There are a number of ways for an EJB container to implement these relationships; we'll show
some of the possibilities. Specifically, we'll talk about how the container implements the component
interface of entity and session beans, so that clients—either applications outside the container or other
co-located enterprise beans—can interact with and invoke methods on the bean class.
The two missing pieces are the EJB object itself and the EJB home. You will probably never see the
EJB home and EJB object classes because their class definitions are proprietary to the vendor's EJB
implementation and are generally not made public. This practice is useful because it represents a
separation of responsibilities along areas of expertise. As an application developer, you are intimately
familiar with how your business environment works and needs to be modeled, so you will focus on
creating the applications and beans that describe your business. System-level developers, the people
who write EJB servers, don't understand your business, but they do understand how to develop CTMs
and support distributed objects. It makes sense for system-level developers to apply their skills to the
mechanics of managing distributed objects, but leave the business logic to you, the application
developer. Let's talk briefly about the EJB object and the EJB home so the missing pieces in the big
This chapter has said a lot about a bean's remote and local interfaces, which extend the EJBObject
and the EJBLocalObject interfaces, respectively. Who implements these interfaces? Clearly, the stub
does: we understand that much. But what about the server side?
On the server side, an EJB object is an object that implements the remote and/or local interfaces of
the enterprise bean. The EJB object is generated by your EJB container and wraps the enterprise
bean instance—that is, an instance of the enterprise bean class you've created (in our example, the
CabinBean) on the server and expands its functionality to include javax.ejb.EJBObject and/or
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:35/203
javax.ejb.EJBLocalObject behavior. This object works with the container to apply transactions,
We’re forced to use "and/or" a lot when talking about which interface the EJB object implements.
That's because enterprise beans in EJB can declare the local interface, the remote interface, or both!
In EJB 2.1, stateless session beans can also implement an endpoint interface, which turns it into a
Web service. Regardless of which interfaces the bean implements, we can think of the EJB object as
implementing both. In reality, there may be a special EJB object for the remote interface and another
special EJB object for the local interface of each enterprise bean; that depends on the how the vendor
chooses to implement it. But that distinction, while it matters to EJB vendors, isn’t visible to EJB
developers.
A vendor can use a number of strategies to implement the EJB object. Figure 2-1 illustrates three
possibilities using the CabinRemote interface. The same implementation strategies apply to the
In Figure 2-1(a), the EJB object is a classic wrapper because it holds a reference to the bean class
and delegates the requests to the bean. In Figure 2-1(b), the EJB object class actually extends the
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:36/203
bean class, adding functionality specific to the EJB container. In Figure 2-1(c), the bean class is no
longer included in the model. In this case, the EJB object has both the proprietary implementation
required by the EJB container and bean class method implementations that were copied from the
The EJB object design shown in Figure 2-1(a) is perhaps the most common. Throughout this book,
particularly in the next chapter, we will explain how EJB works with the assumption that the EJB object
wraps the bean class instance as depicted in Figure 2-1(a). But the other implementations are used; it
shouldn't make a difference which one your vendor has chosen. The bottom line is that you never
really know much about the EJB object: its implementation is up to the vendor. Knowing that the EJB
object exists answers a lot of questions about how enterprise beans are structured. But everything a
client (including other enterprise beans) needs to know about an enterprise bean is described by the
The EJB home is a lot like the EJB object. It's another class that's generated automatically when you
install an enterprise bean in a container. It implements all the methods defined by the home interfaces
(local and/or remote) and is responsible for helping the container manage the bean's life cycle. The
EJB home is responsible for locating, creating, and removing enterprise beans. These tasks may
involve working with the EJB server's resource managers, instance pooling, and persistence
For example, when a create method is invoked on a home interface, the EJB home creates an
instance of the EJB object that references a bean instance of the appropriate type. Once the bean
instance is associated with the EJB object, the instance's matching ejbCreate() method is called. In
the case of an entity bean, a new record is inserted into the database. With session beans, the
instance is simply initialized. Once the ejbCreate() method has completed, the EJB home returns a
remote or local reference (i.e., a stub) for the EJB object to the client. The client can then work with the
EJB object by invoking business methods. The stub relays the methods to the EJB object; in turn, the
How does the EJB home know which type of EJB object reference (local or remote) to return? It
depends on which home interface is being used. If the client invokes a create() method on the remote
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:37/203
home interface, the EJB home returns a remote interface reference. If the client is working with a local
home interface, the EJB home returns a reference implementing the local interface. EJB requires that
the return type of remote home interface methods be remote interfaces and that the return type of
throws CreateException;
throws FinderException;
Figure 2-2 illustrates the architecture of EJB with the EJB home and EJB object implementing the
home interface and remote or local interface. The bean class is wrapped by the EJB object.
Remember, though, that this is only an illustration. "EJB object" and "EJB home" are simply terms to
describe the EJB container's responsibilities for supporting the component interfaces. In reality, we
have no idea how the vendor chose to implement the EJB object and EJB home, since they are only
Deploying a bean
After the files that define the bean (the component interfaces and the bean classes) have been
packaged into a JAR file, the bean is ready to be deployed; that is, it can be added to an EJB
container so it can be accessed as a distributed component. During the deployment process, tools
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:38/203
provided by the EJB container vendor generate the EJB object and EJB home classes by examining
the deployment descriptor and the other interfaces and classes in the JAR file.
Let's look at how a client would use an enterprise bean to do something useful. We'll start with the
Cabin EJB defined earlier. A cabin is a thing or place with a description that is stored in a database. To
make the example a little more real, assume that there are other entity beans: Ship, Cruise, Ticket,
Imagine that a GUI client needs to display information about a particular cruise: the cruise name, the
ship name, and a list of cabins. Using the cruise ID obtained from a text field, we can use our beans to
textField2.setText(cruise.getName());
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:39/203
textField3.setText(ship.getName());
// to a list box.
while(cabinItr.hasNext())
listBox1.addItem(cabin.getName());
We start by getting a remote reference to the EJB home for an entity bean that represents a cruise.
We need a remote reference rather than a local one because the client is an application located
outside the EJB container. It's not shown in the example, but references to the EJB home are obtained
using JNDI. JNDI is a powerful API for locating resources, such as remote objects, on networks. JNDI
We read a cruise ID from a text field, use it to create a primary key, and use that primary key together
with the EJB home to get a CruiseRemote reference. This reference implements the bean’s business
methods. Once we have the appropriate Cruise EJB, we can ask the bean to give us a remote
reference to a Ship EJB that represents the ship used for the cruise. We can then call the
ship.getCabins() method to get a Collection of remote Cabin EJB references from the Ship EJB; and,
with the Cabin EJBs in hand, we can retrieve and display the names of the Cabin EJBs.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:40/203
Entity beans are useful for representing data and describing business concepts that can be
expressed as nouns, but they're not very good at representing a process or a task. A Ship bean
provides methods and behavior for doing things directly to a ship, but it does not define the context
under which these actions are taken. The previous example retrieved data about cruises and ships;
we could also have modified this data. With enough effort, we could have figured out how to book a
passengers maintained by the ship. We could try to shove methods for accepting payment and other
tasks related to booking into our GUI client application, or even into the Ship or Cabin EJBs, but that's
a contrived and inappropriate solution. We don't want business logic in the client application—that's
why we went to a multitier architecture in the first place. Similarly, we don't want this kind of logic in
our entity beans that represent ships and cabins. Booking passengers on a ship or scheduling a ship
for a cruise are the types of activities or functions of the business, not the Ship or the Cabin bean, and
Session beans act as agents that manage business processes or tasks for the client; they're the
appropriate place for business logic. A session bean is not persistent; nothing in a session bean maps
directly into a database or is stored between sessions. Session beans work with entity beans, data,
and other resources to control taskflow. Taskflow is the essence of any business system, because it
expresses how entities interact to model the actual business. Session beans control tasks and
The term "taskflow" was coined specifically for this book. It's derived from the term
processes that may span several days with lots of human intervention. In contrast to
workflow, the term taskflow is used in this book to describe the interactions of beans
The following code demonstrates how a session bean designed to make cruise-line reservations might
control the taskflow of other entity and session beans. Imagine that a piece of client software, in this
case a user interface, obtains a remote reference to a TravelAgent session bean. Using the
information entered into text fields by the user, the client application books a passenger on a cruise:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:41/203
travelAgent.setCabinID(cabinID);
travelAgent.setCruiseID(cruiseID);
This is a fairly coarse-grained abstraction of the process of booking a passenger: most of the details
are hidden from the client. Hiding the fine-grained details of taskflow is important because it provides
the system with flexibility as it evolves: we know that we will always want to book passengers, but the
The following listing shows some of the code for the TravelAgentBean. The bookPassage() method
works with three entity beans, the Customer, Cabin, and Cruise EJBs, and another session bean, the
ProcessPayment EJB. The ProcessPayment EJB provides several methods for making a payment,
including check, cash, and credit card. In this case, we use the ProcessPayment bean to make a
credit card payment. Once payment has been made, a serializable TicketDO object is returned to the
client.
customer =cust;
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:42/203
throws IncompleteConversationalState {
try {
getHome("ReservationHome",ReservationHomeRemote.class);
ReservationRemote reservation =
resHome.create(customer,cruise,cabin,price,new Date());
getHome("ProcessPaymentHome",ProcessPaymentHomeRemote.class);
process.byCredit(customer,card,price);
return ticket;
}catch(Exception e){
This example leaves out some details, but it demonstrates the difference in purpose between a
session bean and an entity bean. Entity beans represent the behavior and data of a business object,
while session beans model the taskflow. The client application uses the TravelAgent EJB to perform a
task using other beans. For example, the TravelAgent EJB uses a ProcessPayment EJB and a
Reservation EJB in the process of booking passage. The ProcessPayment EJB processes the credit
card, and the Reservation EJB records the actual reservation in the system. Session beans can also
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:43/203
be used to read, update, and delete data that can't be adequately captured in an entity bean. Session
beans don't represent records or data in the database, but they can access data.
All of the work performed by the TravelAgent session bean could have been coded in the client
application. Having the client interact directly with entity beans is a common but troublesome design
approach because it ties the client directly to the details of the business tasks. This is troublesome for
two reasons: any changes in the entity beans and their interaction require changes to the client, and
it's very difficult to reuse the code that models the taskflow.
Session beans allow clients to perform tasks without being concerned with the details that make up
the task. A developer can update the session bean, possibly changing the taskflow, without affecting
the client code. In addition, if the session bean is properly defined, other clients that perform the same
tasks can reuse it. The ProcessPayment session bean, for example, can be used in many areas
besides reservations, including retail and wholesale sales. For example, the ship's gift shop could use
the ProcessPayment EJB to process purchases. As a client of the ProcessPayment EJB, the
TravelAgent EJB doesn't care how ProcessPayment works; it's only interested in the ProcessPayment
Moving taskflow logic into a session bean also simplifies the client application and reduces network
traffic. Excessive network traffic is a common problem for distributed object systems: it can overwhelm
the server and clog the network, hurting response time and performance. Session beans, if used
properly, can reduce network traffic by limiting the number of requests needed to perform a task. The
user of session beans keeps the interaction between the beans involved in a taskflow on the server.
One method invocation on the client application results in many method invocations on the server, but
the network sees only the traffic produced by the client’s call to the session bean. In the TravelAgent
EJB, the client invokes bookPassage(); in turn, bookPassage() makes several method invocations on
other enterprise beans. Furthermore, the TravelAgent bean may be in the same container as the other
beans, and therefore can use the local interfaces, further reducing network traffic. For the network
cost of one method invocation, the client gets several method invocations.
In addition, session beans reduce the number of network connections that the client needs. The cost
of maintaining many network connections can be high, so reducing the number of connections each
client needs improves the performance of the system as a whole. Figure 2-3 compares the network
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:44/203
traffic and connections generated by a client that uses only entity beans to those generated by a client
Figure 2-3: Session beans reduce network traffic and thin down clients
Session beans also limit the number of stubs used on the client, which saves the client memory and
processing cycles. This may not seem like a big deal, but without the use of session beans, a client
might be expected to manage hundreds or even thousands of remote references at one time. In the
TravelAgent EJB, for example, the bookPassage() method works with several remote references, but
Session beans can be either stateful or stateless. Stateful session beans maintain conversational
state when used by a client. Conversational state is not written to a database; it's information that is
kept in memory while a client carries on a conversation with an enterprise bean, and is lost when the
conversation ends. For example, a client making a reservation through the TravelAgent bean may call
the methods that set cabin and cruise IDs. These IDs are part of the session’s conversational state,
and affect the behavior of subsequent method calls—for example, the call to bookPassage() that
makes the actual reservation. Conversational state is kept for only as long as the client application is
actively using the bean. Once the client shuts down or releases the TravelAgent EJB, the
conversational state is lost forever. Stateful session beans are not shared among clients; they are
dedicated to the same client for the life of the enterprise bean.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:45/203
Stateless session beans do not maintain any conversational state. Each method is completely
independent and uses only data passed in its parameters. The ProcessPayment EJB is a perfect
example of a stateless session bean: it doesn't need to maintain any conversational state from one
method invocation to the next. All the information needed to make a payment is passed into the
byCreditCard() method. Stateless session beans provide better performance and consume fewer
resources than entity and stateful session beans because a few stateless session bean instances can
Message-Driven Beans
Message-driven beans are integration points for other applications interested in working with EJB
applications. Java applications or legacy systems that need to access EJB applications can send
messages to message-driven beans via JMS. This bean processes those messages and performs the
required tasks using other entity and session beans. EJB 2.1 is not limited to JMS-based message-
driven beans: message-driven beans can support any messaging system that implements the correct
JCA 1.5 (J2EE Connector Architecture Version 1.5) contracts. However, support for JMS-based
message-driven beans (JMS-MDBs) in EJB 2.1 is mandatory, so JMS-MDBs are the type of message-
In many ways, JMS-MDBs fulfill the same role as session beans: they manage the taskflow of entity
and session beans. The task is initiated by an asynchronous message sent by an application using
JMS. Unlike session beans, which respond to business methods invoked on their component
interfaces, a JMS-MDB responds to messages delivered through its onMessage() method. Since the
messages are asynchronous, the client that sends them doesn't expect a reply. The messaging client
As an example, we can recast the TravelAgent EJB developed earlier as the ReservationProcessor
javax.jms.MessageListener {
try {
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:46/203
jndiContext.lookup("java:comp/env/ejb/ReservationHome");
ReservationLocal reservation =
resHome.create(customer,cruise,cabin,price,new Date());
PortableRemoteObject.narrow(ref,ProcessPaymentHomeRemote.class);
process.byCredit(customer,card,price);
} catch(Exception e) {
All the information about the reservation is obtained from the message delivered to the MDB. JMS
messages can take many forms; the javax.jms.MapMessage used in this example carries name-value
pairs. Once the information is gathered from the message and the enterprise bean references are
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:47/203
obtained, the reservation is processed in the same way as it was in the session bean. The only
difference is that a TicketDO is not returned to the caller; message-driven beans don't have to respond
to the caller.
Regardless of the messaging system, message-driven beans do not maintain any conversational
The environment that surrounds the beans on the EJB server is often called the container. The
container is more a concept than a physical construct. It acts as an intermediary between the bean
and the EJB server. It manages the EJB objects and EJB homes and helps these constructs to
manage bean resources and provide services such as transactions, security, concurrency, and
naming at runtime. The distinction between the container and the server is not clearly defined, but the
EJB specification defines the component model in terms of the container's responsibilities, so we will
Enterprise bean components interact with the EJB container through a well-defined component model.
The EntityBean, SessionBean, and MessageDrivenBean interfaces provide callback methods that
notify the bean class of life-cycle events. At runtime, the container invokes these methods on the bean
instance when relevant events occur. For example, when the container is about to write an entity bean
instance's state to the database, it first calls the bean instance's ejbStore() method. This call gives the
bean instance an opportunity to do cleanup on its state before it's written to the database. The
ejbLoad() method is called just after the bean's fields are populated from the database, providing the
bean developer with an opportunity to manage the bean's state before the first business method is
3
called. Other callback methods can be used by the bean class in a similar fashion. EJB defines when
these various callback methods are invoked and what can be done within their contexts.
While the bean interfaces require implementations of all the callback methods, those implementations
don’t have to be meaningful. The method body of any or all of the callback methods can be left empty,
and often is. Beans that implement callback methods usually access resources that aren’t managed by
the EJB system. Enterprise beans that wrap legacy systems often fall into this category.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:48/203
javax.ejb.EJBContext is an interface that is implemented by the container and is also part of the bean-
driven beans use the subclass javax.ejb.MessageDrivenContext. These EJBContext types provide the
bean with information about its environment: its container, the client using the enterprise bean, and the
bean itself. The bean can use this information while processing requests from clients and callback
An enterprise bean's interface with the container also includes a JNDI namespace, called the
environment naming context, which the bean can use to look up the resources it needs (including
other beans).
Summary
This chapter covered a lot of ground describing the basic architecture of an EJB system. At this point,
you should understand that beans are business object components. The home interfaces define
life-cycle methods for creating, finding, and destroying beans, and the remote and local interfaces
define the public business methods of the bean. Message-driven beans do not have component
interfaces. The bean class is where the state and behavior of the bean are implemented.
There are three basic kinds of beans: entity, session, and message-driven. Entity beans are persistent
and represent a person, place, or thing. Session beans are extensions of the client and embody a
process or a taskflow that defines how other beans interact. Session beans are not persistent: they
receive their state from the client, and they live only as long as the client needs them. Message-driven
beans are integration points that allow other applications to interact with EJB applications using JMS
or, in EJB 2.1, some other JCA 1.5–complaint resource. Message-driven beans, like stateless session
The EJB object and EJB home are conceptual constructs that delegate method invocations to session
and entity beans from the client and help the container to manage the enterprise bean at runtime. The
clients of entity and session beans do not interact with the instances of the bean class directly.
Instead, the client software interacts with stubs, which are connected to the EJB object and EJB home.
The EJB object implements the remote and/or local interface and expands the bean class's
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:49/203
functionality. The EJB home implements the home interface and works closely with the container to
Beans interact with their containers through the well-defined bean-container contract. This contract
provides callback methods, the EJBContext, and the JNDI environment-naming context. The callback
methods notify the bean class that it is involved in a life-cycle event. The EJBContext and JNDI
environment-naming context provide the bean instance with information about its environment.
J2EE
The J2EE platform uses a multitiered distributed application model. This means application logic is
divided into components according to function, and the various application components that make up
a J2EE application are installed on different machines depending on which tier in the multitiered J2EE
environment the application component belongs. Figure 1 shows two multitiered J2EE applications
divided into the tiers described in the bullet list below. The J2EE application parts shown in Figure 1
• Enterprise information system (EIS) tier software runs on the EIS server
While a J2EE application can consist of the three or four tiers shown in Figure 1, J2EE multitiered
applications are generally considered to be three-tiered applications because they are distributed over
three different locations: client machines, J2EE server machine, and the database or legacy machines
at the back-end. Three-tiered applications that run in this way extend the standard twotiered client and
server model by placing a multithreaded application server between the client application and back-
end storage.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:50/203
software unit that is assembled into a J2EE application with its related classes and files and
communicates with other components. The J2EE specification defines the following J2EE
components:
• Java Servlet and JavaServer Pages™ (JSP™) technology components are web components.
J2EE components are written in the Java programming language and compiled in the same way as
any program in the language. When you work with the J2EE platform, the difference is that J2EE
components are assembled into a J2EE application, verified that they are well-formed and in
compliance with the J2EE specification, and deployed to production where they are run and managed
Client Components
A J2EE application can be web-based or non-web-based. An application client executes on the client
machine for a non-web-based J2EE application, and a web browser downloads web pages and
Application Clients
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:51/203
An application client runs on a client machine and provides a way for users to handle tasks such as
J2EE system or application administration. It typically has a graphical user interface created from
Swing or Abstract Window Toolkit (AWT) APIs, but a command-line interface is certainly possible.
Application clients directly access enterprise beans running in the business tier. However, if the J2EE
application client requirements warrant it, an application client can open an HTTP connection to
Web Browsers
The user’s web browser downloads static or dynamic Hypertext Markup Language (HTML), Wireless
Markup Language (WML), or Extensible Markup Language (XML) web pages from the web tier.
Dynamic web pages are generated by servlets or pages created with JavaServer Pages (JSP)
Applets
A web page downloaded from the web tier can include an embedded applet. An applet is a small client
application written in the Java programming language that executes in the Java VM installed in the
web browser. However, client systems will likely need Java Plug-in and possibly a security policy file
so the applet can successfully execute in the web browser. JSP pages are the preferred API for
creating a web-based client program because no plug-ins or security policy files are needed on the
client systems. Also, JSP pages enable cleaner and more modular application design because they
provide a way to separate applications programming from web page design. This means personnel
involved in web page design do not need to understand Java programming language syntax to do
their jobs. Applets that run in other network-based systems such as handheld devices or car phones
can render Wireless Markup Language (WML) pages generated by a JSP page or servlet running on
the J2EE server. The WML page is delivered over Wireless Application Protocol (WAP) and the
network configuration requires a gateway to translate WAP to HTTP and back again. The gateway
translates the WAP request coming from the handheld device to an HTTP request for the J2EE server,
and then translates the HTTP server response and WML page to a WAP server response and WML
The client tier might also include a component based on the JavaBeans™ component architecture
(JavaBeans component) to manage the data flow between an application client or applet and
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:52/203
components running on the J2EE server. Java- Beans components are not considered J2EE
components by the J2EE specification. JavaBeans components written for the J2EE platform have
instance variables and get and set methods for accessing the data in the instance variables. Java-
Beans components used in this way are typically simple in design and implementation, but should
conform to the naming and design conventions outlined in the JavaBeans component architecture.
Figure 2 shows the various elements that can make up the client tier. The client communicates with
the business tier running on the J2EE server either directly, or as in the case of a client running in a
browser, by going through JSP pages or servlets running in the web tier.
Thin Clients
A thin client is a lightweight and typically browser-based interface to the application. Thin clients do not
do things like query databases, execute complex business rules, or connect to legacy applications.
When you use a thin client, heavyweight operations like these are off-loaded to web or enterprise
beans executing on the J2EE server where they can leverage the security, speed, services, and
reliability of J2EE server-side technologies. Your J2EE application uses a thin browser-based client or
thick application client. In deciding which one to use, you should be aware of the tradeoffs between
keeping functionality on the client and close to the user (thick client) and offloading as much
functionality as possible to the server (thin client). The more functionality you offload to the server, the
easier it is to distribute, deploy, and manage the application; however, keeping more functionality on
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:53/203
Web Components
J2EE web components can be either JSP pages or servlets. Servlets are Java programming language
classes that dynamically process requests and construct responses. JSP pages are text-based
documents that execute as servlets, but allow a more natural approach to creating static content.
Static HTML pages and applets are bundled with web components during application assembly, but
are not considered web components by the J2EE specification. Server-side utility classes can also be
bundled with web components, and like HTML pages, are not considered web components. Like the
client tier and as shown in Figure 3, the web tier might include a Java-Beans object to manage the
user input and send that input to enterprise beans running in the business tier for processing.
Business Components
Business code, which is logic that solves or meets the needs of a particular business domain such as
banking, retail, or finance, is handled by enterprise beans running in the business tier. Figure 4 shows
how an enterprise bean receives data from client programs, processes it (if necessary), and sends it to
the enterprise information system tier for storage. An enterprise bean also retrieves data from storage,
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:54/203
There are three kinds of enterprise beans: session beans, entity beans, and message-driven beans. A
session bean represents a transient conversation with a client. When the client finishes executing, the
session bean and its data are gone. In contrast, an entity bean represents persistent data stored in
one row of a database table. If the client terminates or if the server shuts down, the underlying
services ensure the entity bean data is saved. A message-driven bean combines features of a session
bean and a Java Message Service (JMS) message listener, allowing a business component to receive
JMS messages asynchronously. This tutorial describes entity beans and session beans. For
information on message-driven beans, see the Java Message Service Tutorial, which is online at:
The enterprise information system tier handles enterprise information system software, and includes
enterprise infrastructure systems such as enterprise resource planning (ERP), mainframe transaction
processing, database systems, and other legacy information systems. J2EE application components
might need access to enterprise information systems for database connectivity, for example.
J2EE Architecture
Normally, thin-client multitiered applications are hard to write because they involve many lines of
intricate code to handle transaction and state management, multithreading, resource pooling, and
other complex low-level details. The component- based and platform-independent J2EE architecture
makes J2EE applications easy to write because business logic is organized into reusable components
and the J2EE server provides underlying services in the form of a container for every component type.
Because you do not have to develop these services yourself, you are free to concentrate on solving
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:55/203
Containers are the interface between a component and the low-level platformspecific functionality that
supports the component. Before a web, enterprise bean, or application client component can be
executed, it must be assembled into a J2EE application and deployed into its container. The assembly
process involves specifying container settings for each component in the J2EE application and for the
J2EE application itself. Container settings customize the underlying support provided by the J2EE
server, which include services such as security, transaction management, Java Naming and Directory
Interface™ (JNDI) lookups, and remote connectivity. Here are some of the highlights:
• The J2EE security model lets you configure a web component or enterprise bean so system
• The J2EE transaction model lets you specify relationships among methods that make up a
single transaction so all methods in one transaction are treated as a single unit.
• JNDI lookup services provide a unified interface to multiple naming and directory services in
the enterprise so application components can access naming and directory services.
• The J2EE remote connectivity model manages low-level communications between clients and
The fact that the J2EE architecture provides configurable services means that application components
within the same J2EE application can behave differently based on where they are deployed. For
example, an enterprise bean can have security settings that allow it a certain level of access to
database data in one production environment and another level of database access in another
production environment.
The container also manages non-configurable services such as enterprise bean and servlet life cycles,
database connection resource pooling, data persistence, and access to the J2EE platform APIs
described in J2EE APIs (page 42). Although data persistence is a non-configurable service, the J2EE
architecture lets you override container-managed persistence by including the appropriate code in
your enterprise bean implementation when you want more control than the default container-managed
persistence provides. For example, you might use bean-managed persistence to implement your own
Container Types
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:56/203
The deployment process installs J2EE application components in the J2EE containers illustrated in
Figure 5.
• J2EE server—is the runtime portion of a J2EE product. A J2EE server provides EJB and web
containers.
• Enterprise JavaBeans (EJB) container—manages the execution of enterprise beans for J2EE
applications. Enterprise beans and their container run on the J2EE server.
• Web container—manages the execution of JSP page and servlet components for J2EE
applications. Web components and their container run on the J2EE server.
• Applet container—manages the execution of applets. Consists of a web browser and Java
Packaging
J2EE components are packaged separately and bundled into a J2EE application for deployment. Each
component, its related files such as GIF and HTML files or server-side utility classes, and a
deployment descriptor (DD), are assembled into a module and added to the J2EE application. A J2EE
application is composed of one or more enterprise bean, web, or application client component
modules. The final enterprise solution can use one J2EE application or be made up of two or more
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:57/203
J2EE applications depending on design requirements A J2EE application and each of its modules has
its own deployment descriptor. A deployment descriptor is an Extensible Markup Language (XML)
text-based file with an .xml extension that describes a component’s deployment settings.
An enterprijse bean module deployment descriptor, for example, declares transaction attributes and
declarative, it can be changed without modifying the bean source code. At run time, the J2EE server
reads the deployment descriptor and acts upon the component accordingly.
A J2EE application with all of its modules is delivered in an Enterprise Archive (EAR) file. An EAR file
is a standard JAR file with an .ear extension. In the GUI version of the J2EE SDK application
deployment tool, you create an EAR file first and add JAR and WAR files to the EAR. If you use the
command line packager tools, however, you create the Java ARchive (JARs) and Web Archive (WAR)
files first and create the EAR. The J2EE SDK tools are described in Tools (page 45).
• Each EJB JAR file contains its deployment descriptor, related files, and the .class files for the
enterprise bean.
• Each application client JAR file contains its deployment descriptor, related files, and the .class
• Each WAR file contains its deployment descriptor, related files, and the .class files for the
Using modules and EAR files makes it possible to assemble a number of different J2EE applications
using some of the same components. No extra coding is needed; it is just a matter of assembling
Development Roles
Reusable modules make it possible to divide the application development and deployment process
into distinct roles so different people or companies can perform different parts of the process. The first
two roles involve purchasing and installing the J2EE product and tools. Once software is purchased
and installed, J2EE components can be developed by application component providers, assembled by
application assemblers, and d eployed by application deployers. In a large organization, each of these
roles might be executed by different individuals or teams. This division of labor works because each of
the earlier roles outputs a portable file that is the input for a subsequent role. For example, in the
application component development phase, an enterprise bean software developer delivers EJB JAR
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:58/203
files. In the application assembly role, another developer combines these EJB JAR files into a J2EE
application and saves it in an EAR file. In the application deployment role, a system administrator at
the customer site uses the EAR file to install the J2EE application into a J2EE server.
The different roles are not always executed by different people. If you work for a small company, for
example, or if you are prototyping a sample application, you might perform the tasks in every phase.
The J2EE product provider is the company that designs and makes available for purchase the J2EE
platform, APIs, and other features defined in the J2EE specification. Product providers are typically
operating system, database system, application server, or web server vendors who implement the
Tool Provider
The tool provider is the person or company who creates development, assembly, and packaging tools
used by component providers, assemblers, and deployers. See Tools (page 45) for information on the
The application component provider is the company or person who creates web components,
A software developer performs the following tasks to deliver an EJB JAR file that contains the
enterprise bean:
• Bundles the .class files and deployment descriptor into an EJB JAR file
A web designer (JSP pages) or software developer (servlets) performs the following tasks to deliver a
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:59/203
A software developer performs the following tasks to deliver a JAR file containingthe J2EE application
client.
• Bundles the .class files and deployment descriptor into the JAR file
Application Assembler
The application assembler is the company or person who gets application component JAR files from
component providers and assembles them into a J2EE application EAR file. The assembler or
deployer can edit the deployment descriptor directly or use tools that correctly add XML tags according
to interactive selections. A software developer performs the following tasks to deliver an EAR file
• Assembles EJB JAR and web components (WAR) files created in the previous phases into a
• Verifies that the contents of the EAR file are well-formed and comply with the J2EE
specification.
The company or person who configures and deploys the J2EE application, administers the computing
and networking infrastructure where J2EE applications run, and oversees the runtime environment.
Duties include such things as setting transaction controls and security attributes, and specifying
connections to databases.
During configuration, the deployer follows instructions supplied by the application component provider
to resolve external dependencies, specify security settings, and assign transaction attributes. During
installation, the deployer moves the application components to the server, and generates the
A deployer/system administrator performs the following tasks to install and configure a J2EE
application.
• Adds the J2EE application (EAR) file created in the preceding phase to the J2EE server.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:60/203
• Configures the J2EE application for the operational environment by modifying the deployment
• Verifies that the contents of the EAR file are well-formed and comply with the J2EE
specification.
• Deploys (installs) the J2EE application EAR file into the J2EE server.
The J2EE SDK is a non-commercial operational definition of the J2EE platform and specification made
freely available by Sun Microsystems for demonstrations, prototyping, and educational use. It comes
with the J2EE application server, web server, relational database, J2EE APIs, and complete set of
development and deployment tools. You can download the J2EE SDK from the web:
http://java.sun.com/j2ee/download.html#sdk
• Product providers use the J2EE SDK to determine what their implementations must do under
a given set of application conditions, and to run the J2EE Compatibility Test Suite to test that
• Application component developers run their J2EE applications on the J2EE SDK to verify that
applications are fully portable across all J2EE products and tools.
Web Server
The web server provides services to one or more web containers. For example, a web container
typically relies on a web server to provide HTTP message handling. A J2EE implementation is not
required to support a particular type of web server, which means the web server supported by different
Database Access
The relational database provides persistent storage for application data. A J2EE implementation is not
required to support a particular type of database which means the database supported by different
J2EE products can vary. See the Release Notes included with the J2EE SDK download for a list of the
J2EE APIs
The Java 2 Platform, Standard Edition (J2SE™) SDK is required to run the J2EE SDK and provides
core APIs for writing J2EE components, core development tools, and the Java virtual machine. The
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:61/203
An enterprise bean is a body of code with fields and methods to implement modules of business logic.
You can think of an enterprise bean as a building block that can be used alone or with other enterprise
There are three kinds of enterprise beans: session beans, entity beans, and message-driven beans as
described in Business Components (page 33). You do not have to write any SQL code or use the
JDBC™ API directly to perform database access operations with an entity bean. The EJB container
However, if you override the default container-managed persistence for any reason, you will need to
use the JDBC API. Also, if you choose to have a session bean access the database, you have to use
The JDBC API lets you invoke SQL commands from Java programing language methods. You use the
JDBC API in an enterprise bean when you override the default container-managed persistence or
have a session bean access the database. With container-managed persistence, database access
operations are handled by the container and your enterprise bean implementation contains no JDBC
code or SQL commands. You can also use the JDBC API from a servlet or JSP page to access the
The JDBC API has two parts: an application-level interface used by the application components to
access a database, and a service provider interface to attach a JDBC driver to the J2EE platform.
Java Servlet technology lets you define HTTP-specific servlet classes. A servlet class extends the
model. Although servlets can respond to any type of request, they are commonly used to extend the
JSP pages technology lets you put snippets of servlet code directly into a textbased document. A JSP
page is a text-based document that contains two types of text: static template data which can be
expressed in any text-based format such as HTML, WML, and XML, and JSP elements that determine
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:62/203
The JMS API is a messaging standard that allows J2EE application components to create, send,
receive, and read messages. It enables distributed communication that is loosely coupled, reliable,
and asynchronous. For more information on JMS see the online Java Message Service Tutorial:
http://java.sun.com/products/jms/tutorial/index.html
The JTA API provides a standard demarcation interface for demarcating transactions. The J2EE
architecture provides a default auto commit to handle transaction commits and roll backs. An auto
commit means any other applications viewing data will see the updated data after each database read
or write operation. However, if your application performs two separate database access operations
that depend on each other, you will want to use the JTA API to demarcate where the entire
Many Internet applications need to send email notifications so the J2EE platform includes the JavaMail
API with a JavaMail service provider that application components can use to send Internet mail. The
JavaMail API has two parts: an application-level interface used by the application components to send
The JavaBeans Activation Framework is included because JavaMail uses it. It provides standard
services to determine the type of an arbitrary piece of data, encapsulate access to it, discover the
operations available on it, and create the appropriate JavaBean component to perform those
operations.
XML is a language for representing and describing text-based data so the data can be read and
handled by any program or tool that uses XML APIs. Programs and tools can generate XML files that
For example, a J2EE application can use XML to produce reports, and different companies that
receive the reports can handle the data in a way that best suits their needs. One company might put
the XML data through a program to translate the XML to HTML so it can post the reports to the web,
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:63/203
another company might put the XML data through a tool to create a marketing presentation, and yet
another company might read the XML data into its J2EE application for processing.
The J2EE Connector Architecture is used by J2EE tools vendors and system integrators to create
resource adapters that support access to enterprise information systems that can be plugged into any
J2EE product. A resource adapter is a software component that allows J2EE application components
to access and interact with the underlying resource manager. Because a resource adapter is specific
to its resource manager, there is typically a different resource adapter for each type of database or
The Java Authentication and Authorization Service (JAAS) provides a way for a J2EE application to
JAAS is a Java programing language version of the standard Pluggable Authentication Module (PAM)
framework that extends the Java 2 platform security architecture to support user-based authorization.
The J2EE platform is a platform-independent and full systems integration solution that creates an open
marketplace in which every vendor can sell to every customer. Such a marketplace encourages
vendors to compete, not by trying to lock customers into their technologies, but by trying to outdo each
other by providing products and services that benefit customers such as better performance, better
tools, or better customer support. The J2EE APIs enable systems and applications integration as
follows:
• Simplified response and request mechanism with JSP pages and servlets.
• Enterprise application integration with message-driven beans and the JMS, JTS, and JNDI
APIs.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:64/203
You can learn more about using the J2EE platform to build integrated business systems by reading
Tools
The J2EE reference implementation provides an application deployment tool and an array of scripts
for assembling, verifying, and deploying J2EE applications and managing your development and
production environments. See J2EE™ SDK Tools (page 453) for a discussion of the tools.
The J2EE reference implementation provides an application deployment tool for assembling, verifying,
and deploying J2EE applications. There are two versions: command-line and GUI.
In addition, configuration information can be set for each component and module type in the tabbed
inspector panels.
Scripts
Table 1 lists the scripts included with the J2EE reference implementation that let you perform
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:65/203
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:66/203
ASP
Introduction
For any webmaster, once you have created a page with graphics and content, the next logical step is
to make it interactive. You can, of course, go to one of the remotely hosted scripting sites who will
provide you with a simple piece of code to put on your site, but there is a lot more flexibility if you can
create and install your own scripts which will do exactly what you want.
It's thought by many that this 'server-side scripting' (it is processed by the server and not the browser,
so unlike JavaScript the use of ASP doesn't depend on someone's browser supporting it) is very
difficult to learn, and this has come from the early languages like Perl, which are difficult to write and
even more difficult to debug. Over the past few years two new languages have emerged, PHP and
ASP. These are easy enough for even the novice webmaser to learn.
What Is ASP?
ASP stands for Active Server Pages. It is basically a server-side scripting language designed for the
Windows Platform, although it is available on Unix/Linux systems through new systems, although PHP
is the more popular choice for this platform. Active Server Pages is based around VBScript, a variant
of Visual Basic, which makes it very easy to use as the majority of the commands are plain English
As mentioned earlier, ASP is a server-side scripting language. Basically what this means is that if an
ASP page is requested, the web server will process it and run all the ASP code, before sending the
output to the browser. This has two major advantages over client-side (processed by the browser)
scripts like JavaScript. The first is that there are no compatibility problems. It doesn't matter if the user
is using the latest browser or the oldest, they will see the same output. The second is that your code is
hidden. Because code is executed on the server, users only ever see the output, so it is safe to put
What Do I Need?
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:67/203
ASP is a server-side language, so you will need to make sure that your web server has the correct
software for running it. The most common setup for running ASP scripts is on a Windows-based server
running IIS (Internet Information Server). It is possible to use Linux-based systems, though, but they
must have the Chillisoft ASP package installed. Most web hosts will publish whether they support
ASP, but if in doubt contact your systems administrator. If you need a free web host supporting ASP,
Once you have the server ready to accept scripts, running one is as easy as simply uploading and
running the file. You don't need to put it in any particular place on the server or change any settings.
ASP Code
When writing ASP you don't need to worry about changing all your HTML, you simply add ASP code
into your HTML pages where needed. YOu also don't need any special software on your computer, a
simple text editor will do. To begin an ASP page you will first need to tell it what language you have
written it in. The most common (and the one used in this tutorial) is VBScript. You should begin your
page with:
All this code does is tell the ASP system that you are writing your page in VBScript. You will notice that
the ASP code is enclosed in special tags. All ASP code should be enclosed in the 'percent sign tags' in
the form:
Code can be written over multiple lines, but any code not enclosed in the ASP tags will simply be
treated as HTML. Similarly and HTML inside these tags but not specifically sent as output by the code
Testing ASP
Before you start writing scripts it is a good idea to test whether ASP will run correctly on your server.
<html>
<head><title>Test Page</title></head>
<body>
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:68/203
</body>
</html>
and save it as test.asp. Then upload this to your server and access it with your browser. If it has
worked correctly, the page should display and you should only see the lines:
If the ASP appears in the page or the source of the page, something has gone wrong. Check the code
and also the settings on your server. No ASP should appear as it should have been processed by the
Introduction
In the last part I explained a little about how to write ASP and how to tell the server that you have ASP
code in your file and what language it is written in. In this part I will explain what is probably the most
It's always been a tradition of programming tutorials to begin by writing the simple 'Hello World'
program, so this one won't make an exception! Sending output is done using the ASP command:
Response.Write()
so to write 'Hello World' to the user's browser the complete code would be:
<%
Response.Write("Hello World")
%>
Again, this code begins by telling the system that you are writing in VBScript. Then comes the
Response.Write command. Basically this is made up of two parts. 'Response' tells the server that you
want to send information to the user. There are other types of command including: Request (which
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:69/203
gets information from the user), Session (for user session details), Server (for controlling the server)
and Application (for commands relating to the application). More about these later.
The second part, 'Write', tells the server that the type of response you would like to send is to write
information to the user's browser. This doesn't just have to be text, but can include variables, which
Variables
Probably the most important feature of a programming language is a variable. A variable is basically a
way of storing text, numbers or other data, so that it can be referenced later. For example, to change
<%
Response.Write(OutputText)
%>
The output of this code will be exactly the same as the first script, but it is fundementally different as it
This line sets up a variable called OutputText and stores in it the string of letters 'Hello World'. As this
is now stored in a variable, you can now reference this text you have stored in any part of your script,
Response.Write(OutputText)
tells the server that you are sending information to the browser, and that the information to be sent is
the contents of the variable called OutputText. Please note that the variable name is not enclosed in
quotation marks. If you did this the browser would simply output the title of the variable as text.
There is a second way of outputting the values of variables, other than using Response.Write. The
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:70/203
<%
=OutputText
%>
Variable Operations
The main benefits to storing information in variables is that you can use the text over and over again.
For example, once storing "Hello World" in the variable OutputText, I can then use it in various places
in my code:
<%
%>
This is my <% =OutputText %> script. The whole reason for it is to output the text <% =OutputText %>
to the browser.
This is my Hello World script. The whole reason for it is to output the text Hello World to the browser.
You can also do various operations on text stored in variables using len, left and right.
The len function simply tells you how many characters are in a string, so if you used the following
code:
The server would return to the browser the length of the text stored in OutputText, in this case "Hello
World", so the browser would display the number 11 on the screen. You could also assign this value to
a variable using:
which would set the value of the variable called StringLength to 11.
You can also use the functions left and right. These will display only part of the variable. For example:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:71/203
He
would display:
orld
Basically, these functions take the number of characters specififed from the left or right of the string, so
Part 3- If Statement
Introduction
Over the past two parts I have shown you the basics of text in ASP and how to store it as variables. In
this part of the tutorial I will show you how to use IF statements to make decisions in your scripts.
The Basics Of IF
If statements are used to compare two values and carry out different actions based on the results of
the test. If statements take the form IF, THEN, ELSE. Basically the IF part checks for a condition. If it
is true, the then statement is executed. If not, the else statement is executed.
IF Strucure
If something=somethingelse Then
Else
End If
Common Comparisons
The ASP IF statement construction is very much like plain text, but here is a quick example of a
common use of ASP. In this example the user has entered a password which has been stored in the
variable EnteredPassword. The idea of this script it to check whether the user has entered the correct
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:72/203
password:
<%
If EnteredPassword="password1" Then
Else
End If
%>
Other IF Options
There are many of different comparisions you can make with ASP, for example you can comapre two
variables:
If EnteredPassword=RealPassword Then
If Age>13 Then
which will check to see if the age entered by the user is greater than 13.
You can also place HTML etc. in IF statements, as the ASP will continue executing a THEN statement
until it reaches an Else or an End If, and will continue to execute Else statements until it reaches End
<%
If EnteredPassword="password1" Then
%>
<%
Else
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:73/203
%>
<%
End If
%>
Introduction
So far you have learned how to output text, use variables and execute conditional statements. Another
FOR/NEXT loops are used when you want to execute a piece of code a set number of times. If, for
example, you want to output the world 'Hello' 10 times, you could either code it manually or you could
use:
<%
For index = 1 to 10
Response.Write("Hello")
Next
%>
For index = 1 to 10
Repeat the following code until the variable 'index' is equal to 10, starting at 1 and going up 1 by 1.
Next
This tells the server to return to the beginning of the loop and increment the variable.
A loop isn't much use if it just does the same thing over and over again. It really offers no benefits over
a simple piece of code. The real power appears when you use the counter variable in your code. If, for
<%
For index = 1 to 10
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:74/203
Response.Write(index)
Next
&>
STEP
Step is an extra part you can add on to the end of the For line of the code to change the way it counts.
In the loop above, the code starts by setting index to 1, then when Next is reached it adds another 1
(2), the next time it adds another 1 (3) and so on. Using, STEP you can change this action. For
example:
<%
Response.Write(index)
Next
%>
Would output:
246810
While Loops
Another type of loop which can be used in ASP is the While loop. A While loop is written as:
<%
Do While thenumber<10
thenumber = thenumber + 1
Loop
%>
Do While thenumber<10
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:75/203
This code first checks if the variable thenumber has a value which is less than 10, then if it is executes
Loop
This tells the code to return to the Do line. Now, you may have noticed the problem here. If all the Do
line does is check whether thenumber has the value of less than 10, the loop will go on forever. This is
thenumber = thenumber + 1
has to be included. This increments the value of thenumber, so that it will eventually be more than 10,
and the loop will end. Of course, you aren't just limited to adding and subtracting as you are with a For
loop. You can make any changes to the variable you like in the code.
Until Loops
A third type of loop is the Until loop. This is almost exactly the same as the While loop:
<%
Do Until thenumber=10
thenumber = thenumber + 1
Loop
%>
The difference between this and a While loop is that the code will execute until the conditionin the Do
line is met, unlike a While loop where it will only execute while the condition is met. As with the While
PHP
A PHP file may contain text, HTML tags and scripts. Scripts in a PHP file are executed on the
server.
Before you continue you should have some basic understanding of the following:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:76/203
What is PHP?
What is MySQL?
PHP + MySQL
• PHP combined with MySQL are cross-platform (means that you can develop in Windows and
serve on a Unix platform)
Why PHP?
Where to Start?
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:77/203
If your server supports PHP - you don't need to do anything! You do not need to compile anything or
install any extra tools - just create some .php files in your web directory - and the server will parse
However, if your server does not support PHP, you must install PHP. Below is a link to a good tutorial
http://hotwired.lycos.com/webmonkey/00/44/index4a.html?tw=programming
Download PHP
You cannot view the PHP source code by selecting "View source" in the browser - you will only see
the output from the PHP file, which is plain HTML. This is because the scripts are executed on the
A PHP file normally contains HTML tags, just like an HTML file, and some PHP scripting code.Below,
we have an example of a simple PHP script which sends the text "Hello World" to the browser:
<html>
<body>
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:78/203
A PHP scripting block always starts with <?php and ends with ?>. A PHP scripting block can be
Each code line in PHP must end with a semicolon. The semicolon is a separator and is used to
There are two basic statements to output text with PHP: echo and print. In the example above we
have used the echo statement to output the text "Hello World".
Variables in PHP
All variables in PHP start with a $ sign symbol. Variables may contain strings, numbers, or arrays.
Below, the PHP script assigns the string "Hello World" to a variable called $txt:
<html>
<body>
<?php
$txt="Hello World";
echo $txt;
?>
</body>
</html>
To concatenate two or more variables together, use the dot (.) operator:
<html>
<body>
<?php
$txt1="Hello World";
$txt2="1234";
echo $txt1 . " " . $txt2 ;
?>
</body>
</html>
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:79/203
The output of the script above will be: "Hello World 1234".
Comments in PHP
In PHP, we use // to make a single-line comment or /* and */ to make a large comment block.
<html>
<body>
<?php
//This is a comment
/*
This is
a comment
block
*/
?>
</body>
</html>
PHP Operators
Arithmetic Operators
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:80/203
Assignment Operators
Comparison Operators
Logical Operators
Conditional statements in PHP are used to perform different actions based on different
conditions.
Conditional Statements
Very often when you write code, you want to perform different actions for different decisions. You can
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:81/203
• if (...else) statement - use this statement if you want to execute a set of code when a
• switch statement - use this statement if you want to select one of many sets of lines to
execute
The If Statement
If you want to execute some code if a condition is true and another code if a condition is false, use the
if....else statement.
Syntax
if (condition)
code to be executed if condition is true;
else
code to be executed if condition is false;
Example
The following example will output "Have a nice weekend!" if the current day is Friday, otherwise it will
<html>
<body>
<?php
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
else
echo "Have a nice day!";
?>
</body>
</html>
If more than one line should be executed when a condition is true, the lines should be enclosed within
curly braces:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:82/203
<html>
<body>
<?php
$x=10;
if ($x==10)
{
echo "Hello<br />";
echo "Good morning<br />";
}
?>
</body>
</html>
If you want to select one of many blocks of code to be executed, use the Switch statement.
Syntax
switch (expression)
{
case label1:
code to be executed if expression = label1;
break;
case label2:
code to be executed if expression = label2;
break;
default:
code to be executed
if expression is different
from both label1 and label2;
}
Example
This is how it works: First we have a single expression (most often a variable), that is evaluated once.
The value of the expression is then compared with the values for each case in the structure. If there is
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:83/203
a match, the block of code associated with that case is executed. Use break to prevent the code from
running into the next case automatically. The default statement is used if none of the cases are true.
<html>
<body>
<?php
switch ($x)
{
case 1:
echo "Number 1";
break;
case 2:
echo "Number 2";
break;
case 3:
echo "Number 3";
break;
default:
echo "No number between 1 and 3";
}
?>
</body>
</html>
Looping statements in PHP are used to execute the same block of code a specified number of
times.
Looping
Very often when you write code, you want the same block of code to run a number of times. You can
• while - loops through a block of code if and as long as a specified condition is true
• do...while - loops through a block of code once, and then repeats the loop as long as a
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:84/203
The while statement will execute a block of code if and as long as a condition is true.
Syntax
while (condition)
code to be executed;
Example
The following example demonstrates a loop that will continue to run as long as the variable i is less
<html>
<body>
<?php
$i=1;
while($i<=5)
{
echo "The number is " . $i . "<br />";
$i++;
}
?>
</body>
</html>
The do...while statement will execute a block of code at least once - it then will repeat the loop as
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:85/203
Syntax
do
{
code to be executed;
}
while (condition);
Example
The following example will increment the value of i at least once, and it will continue incrementing the
<html>
<body>
<?php
$i=0;
do
{
$i++;
echo "The number is " . $i . "<br />";
}
while ($i<5);
?>
</body>
</html>
The for statement is used when you know how many times you want to execute a statement or a list of
statements.
Syntax
Note: The for statement has three parameters. The first parameter is for initializing variables, the
second parameter holds the condition, and the third parameter contains any increments required to
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:86/203
implement the loop. If more than one variable is included in either the initialization or the increment
section, then they should be separated by commas. The condition must evaluate to true or false.
Example
The following example prints the text "Hello World!" five times:
<html>
<body>
<?php
for ($i=1; $i<=5; $i++)
{
echo "Hello World!<br />";
}
?>
</body>
</html>
Loops over the array given by the parameter. On each loop, the value of the current element is
assigned to $value and the array pointer is advanced by one - so on the next loop, you'll be looking at
Syntax
Example
The following example demonstrates a loop that will print the values of the given array:
<html>
<body>
<?php
$arr=array("one", "two", "three");
foreach ($arr as $value)
{
echo "Value: " . $value . "<br />";
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:87/203
}
?>
</body>
</html>
PHP Functions
PHP Information
This function is useful for trouble shooting, providing the version of PHP, and how it is configured.
Name Description
INFO_GENERAL The configuration line, php.ini location, build date, Web Server,
System and more
INFO_CREDITS PHP 4 credits
INFO_CONFIGURATION Local and master values for php directives
INFO_MODULES Loaded modules
INFO_ENVIRONMENT Environment variable information
INFO_VARIABLES All predefined variables from EGPCS (Environment, GET, POST,
Cookie, Server)
INFO_LICENSE PHP license information
INFO_ALL Shows all of the above. This is the default value
Example
<html>
<body>
<?php
// Show all PHP information
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:88/203
phpinfo();
?>
<?php
// Show only the general information
phpinfo(INFO_GENERAL);
?>
</body>
</html>
All servers hold information such as which URL the user came from, what's the user's browser, and
In PHP, the $_SERVER is a reserved variable that contains all server information. The $_SERVER is
a global variable - which means that it's available in all scopes of a PHP script.
Example
The following example will output which URL the user came from, the user's browser, and the user's
IP address:
<html>
<body>
<?php
echo "Referer: " . $_SERVER["HTTP_REFERER"] . "<br />";
echo "Browser: " . $_SERVER["HTTP_USER_AGENT"] . "<br />";
echo "User's IP address: " . $_SERVER["REMOTE_ADDR"];
?>
</body>
</html>
The header() function is used to send raw HTTP headers over the HTTP protocol.
Note: This function must be called before anything is written to the page!
Example
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:89/203
The following example will redirect the browser to the following URL: http://www.bitdurg.org/:
<?php
//Redirect browser
header("Location: http://www.bitdurg.org/");
?>
<html>
<body>
......
</body>
</html>
Note: This function also takes a second parameter - an optional value of true or false to determine if
However, if you pass in FALSE as the second argument you can FORCE multiple headers of the
same type.
Example
<?php
header("WWW-Authenticate: Negotiate");
header("WWW-Authenticate: NTLM", FALSE);
?>
<html>
<body>
......
</body>
</html>
Opening a File
The first parameter of this function contains the name of the file to be opened and the second
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:90/203
<html>
<body>
<?php
$f=fopen("welcome.txt","r");
?>
</body>
</html>
w Write only. Truncates the file (overwriting it). If the file doesn't exist, fopen() will try
w+ Read/Write. Truncates the file (overwriting it). If the file doesn't exist, fopen() will
a Append. File pointer at the end of the file. If the file doesn't exist, fopen() will try to
Read/Append. File pointer at the end of the file. If the file doesn't exist, fopen()
a+
will try to create the file
x Create and open for write only. File pointer at the beginning of the file. If the file
already exists, the fopen() call will fail and generate an error. If the file does not
x+ Create and open for read/write. File pointer at the beginning of the file. If the file
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:91/203
already exists, the fopen() call will fail and generate an error. If the file does not
Note: If the fopen() function is unable to open the specified file, it returns 0 (false).
Example
The following example generates a message if the fopen() function is unable to open the specified file:
<html>
<body>
<?php
if (!($f=fopen("welcome.txt","r")))
?>
</body>
</html>
Closing a File
fclose($f);
if (feof($f))
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:92/203
Reading a Character
Note: After a call to this function the file pointer has moved to the next character.
Example
The example below reads a file character by character, until the end of file is true:
<?php
if (!($f=fopen("welcome.txt","r")))
while (!feof($f))
$x=fgetc($f);
echo $x;
fclose($f);
?>
The most important thing to notice when dealing with HTML forms and PHP is that any form element
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:93/203
<html>
<body>
</form>
</body>
</html>
The example HTML page above contains two input fields and a submit button. When the user fills in
this form and hits the submit button, the "welcome.php" file is called.
<html>
<body>
</body>
</html>
Welcome John.
Here is how it works: The $_POST["name"] and $_POST["age"] variables are automatically set for you
Note: If the method attribute of the form is GET, then the form information will be set in $_GET instead
of $_POST
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:94/203
What is a Cookie?
A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's
computer. Each time the same computer requests for a page with a browser, it will send the cookie
too. With PHP, you can both create and retrieve cookie values.
Note: The setcookie() function must appear BEFORE the <html> tag.
Syntax
Example
The following example sets a cookie named "uname" - that expires after ten hours.
<?php
?>
<html>
<body>
<p>
A cookie was set on this page! The cookie will be active when
</p>
</body>
</html>
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:95/203
Tip: Use the isset() function to find out if a cookie has been set.
Example
The following example tests if the uname cookie has been set, and prints an appropriate message.
<html>
<body>
<?php
if (isset($_COOKIE["uname"]))
else
?>
</body>
</html>
Server Side Includes (SSI) are used to create functions, headers, footers, or elements that will
You can insert the content of one file into another file before the server executes it, with the require()
function. The require() function is used to create functions, headers, footers, or elements that will be
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:96/203
This can save the developer a considerable amount of time. If all of the pages on your site have a
similar header, you can include a single file containing the header into your pages. When the header
needs updating, you only update the one page, which is included in all of the pages that use the
header.
Example
The following example includes a header that should be used on all pages:
<html>
<body>
<p>
Some text
</p>
<p>
Some text
</p>
</body>
</html>
Syntax
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:97/203
Date Formats
The table below shows the characters that may be used in the format string:
Character Description
a "am" or "pm"
A "AM" or "PM"
r An RFC 822 formatted date (e.g. "Tue, 10 Apr 2005 18:34:07 +0300")
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:98/203
S The English ordinal suffix for the day of the month (st, nd, rd or th)
U The number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT)
Examples
<?php
echo date("l");
?>
ODBC is an Application Programming Interface (API) that allows you to connect to a data
With an ODBC connection, you can connect to any database, on any computer in your network, as
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:99/203
8. Click OK.
Note that this configuration has to be done on the computer where your web site is located. If you are
running Internet Information Server (IIS) on your own computer, the instructions above will work, but if
your web site is located on a remote server, you have to have physical access to that server, or ask
Connecting to an ODBC
The odbc_connect() function is used to connect to an ODBC data source. The function takes four
parameters: the data source name, username, password, and an optional cursor type.
Example
The following example creates a connection to a DSN called northwind, with no username and no
$conn=odbc_connect('northwind','','');
$rs=odbc_exec($conn,$sql);
Retrieving Records
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:100/203
The odbc_fetch_rows() function is used to return records from the result-set. This function returns true
The function takes two parameters: the ODBC result identifier and an optional row number:
odbc_fetch_row($rs)
The odbc_result() function is used to read fields from a record. This function takes two parameters: the
The code line below returns the value of the first field from the record:
$compname=odbc_result($rs,1);
The code line below returns the value of a field called "CompanyName":
$compname=odbc_result($rs,"CompanyName");
odbc_close($conn);
An ODBC Example
The following example shows how to first create a database connection, then a result-set, and then
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:101/203
<html>
<body>
<?php
$conn=odbc_connect('northwind','','');
if (!$conn)
$rs=odbc_exec($conn,$sql);
if (!$rs)
exit("Error in SQL");
echo "<table><tr>";
echo "<th>Companyname</th>";
echo "<th>Contactname</th></tr>";
while (odbc_fetch_row($rs))
$compname=odbc_result($rs,"CompanyName");
$conname=odbc_result($rs,"ContactName");
echo "<tr><td>$compname</td>";
echo "<td>$conname</td></tr>";
odbc_close($conn);
echo "</table>";
?>
</body>
</html>
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:102/203
U-IV
Internet Security:
Security threats goes on emerging in Internet world due to mobile codes (software agents or rogue
Mobile codes is software agent which have ability to move from one computer to other and also have
Security threats arise when downloaded data is passes through local interpreter on client machine
without users knowledge. Client threats arises mostly due to malicious code refers to viruses like
Trojan horse, worms rabbits, chameleon, ordinary software bombs, timed software bombs and logical
software bombs
Threats to Server:
2. Unauthorized modification of incoming data packets by exploiting the bug in server software
3. Server can be attacked by denial of service where intruder make system unusable by
Most common form of denial of service attacks is service overloading and message overloading
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:103/203
Service Overloading:
Servers are vulnerable to service overloading for ex we can easily overload www server by writing
small loop that send request continuously for a particular file to server. Server tries to respond as it
assumes the request is genuine one Hence while providing services to all the request a stage will
reach when server is not able to satisfy the need or request so it deny for providing services to the
request i.e. Denial of service will occur due to overloading of the server
Message Overloading:
Message overloading will occur when someone sends a very large file to the message box of sever at
every few seconds. Due to of which message box grows in size and begins to occupy the hard disk
space and increases they no of receiving processes on recipient machine and thereby causes disk
crash
Virus: -
the permission or knowledge of the user. A virus must execute and replicate itself.
• A program or piece of code that is loaded onto your computer without your knowledge and
runs against your wishes. Viruses can also replicate themselves. All computer viruses are
manmade.
• A computer program written by a smart person who chooses to be an idiot. (e-mail signature
file)
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:104/203
• Computer “Viruses” and related programs have the ability to replicate themselves on an ever
increasing number of computers. They originally spread by people sharing floppy disks. Now
• Other “Malicious Programs” may be installed by hand on a single machine. They may also be
built into widely distributed commercial software packages. These are very hard to detect
before the payload activates (Trojan Horses, Trap Doors, and Logic Bombs).
7 Types of Viruses
• Multi-partite viruses
• Macro viruses
• Script viruses
• Companion viruses
• Can infect other files when infected program is run from floppy, hard
drive, or network.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:105/203
• Once in memory, all non-write protected floppy disks will become infected when accessed.
• Similar to boot sector virus except viral code is located in different area.
Multi-Partite Viruses
• Difficult to repair.
• Boot area and files must both be cleaned of virus or re-infection will occur.
• Macro Viruses
• Infect data files – word, excel, power point and access files.
• Use another program’s internal programming language which was created to allow users to
• Script Viruses
• Infect various script languages such as DOS, Java Script, and Visual Basic Script.
Companion Viruses
• Execute through operating system rather than directly infecting programs or boot sectors.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:106/203
• When you execute the command ‘ABC’, ABC.COM executes before ABC.EXE Thus, a
companion virus could place its code in a COM file with its first name matching that of an
existing EXE file. When the user next executed the ‘ABC’ command, the virus’ ABC.COM
• Executable Viruses - These are viruses hidden within executable files or posing as
executable files.
• Visual Basic Script Viruses - Visual Basic Script (VBS) is a powerful programming
language built into Windows. VBS viruses can send emails, delete files, rename files etc.
• Boot Sector Virus - resides in the boot sector of a hard disk or floppy. The boot sector is
that portion of a disk that gives it its identity. After a given number of boots, the virus
• Stealth Virus - Can be any one of the previously mentioned types, but were designed to
defeat anti-viral scanning and other anti-viral detection software and methods.
• Macro Viruses – These are very common and make use of the macro functionality in
Microsoft Office. Macros are mini-programs that allow users to automate various commands
Worm
• Self-replicating program that are self contained and doesn’t require host program. It creates
copies of itself and executes them and generally it utilizes the network services to propagate
to other host system. They will consume all resources on network and affects response time
• A program or algorithm at replicates itself over a computer network and usually performs
malicious actions, such as using up the computer's resources and possibly shutting the
system down.
• A virus that spreads by creating duplicates of itself on other drives, systems, or networks.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:107/203
Rabbits
• Rabbits are similar to worms they too are full programs. However as soon as they are executed
they are replicating themselves on the disk until its capacity is exhausted this process is then
• Rabbits are less harmful as compared to worms since they are easily detected.
Trojan Horse
• Program which appears to be harmless but has piece of code which is very harmful . Trojan horse
is derived from the greek mythology Trojan horse here means to fool the common users , Hence
• The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to
their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside
their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates,
• One of the most insidious types of Trojan horse is a program that claims to rid your computer of
S/w bombs are the piece of code segment, which “explodes” as soon as it executed without any
Similar to ordinary software bomb except that it becomes active only at specific time or frequency
Similar to ordinary software bomb , except its activated only if the logical condition is satisfied(e.g.
Delete employees master data when gross salary exceeds say 10,000)
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:108/203
Chameleon:
Are similar to Trojan horses It normally seems like a useful and correct program and throws a logon
screen to collect all the valid user names and passwords and then display a message system shut
Backdoor
• Also called a trapdoor. An undocumented way of gaining access to a program, online service
or an entire computer system. The backdoor is written by the programmer who creates the
code for the program. It is often only known by the programmer. A backdoor is a potential
security risk.
Malware
• Short for malicious software. Software designed specifically to damage or disrupt a system,
Spyware
• Also called adware, spyware is any software that covertly gathers user information through the
user's Internet connection without his or her knowledge, usually for advertising purposes.
• Once installed, the spyware monitors user activity on the Internet and transmits that
• Spyware can also gather information about e-mail addresses and even passwords and credit
card numbers.
• Spyware is similar to a Trojan horse in that users unwittingly install the product when they
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:109/203
• Aside from the questions of ethics and privacy, spyware steals from the user by using the
computer's memory resources and also by eating bandwidth as it sends information back to
• Because spyware is using memory and system resources, the applications running in the
• W32/Nimda-D
Klez
http://www.virus.uga.edu/klezalrt.html
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:110/203
– The Klez virus propagates by taking a randomly picked e-mail address from web pages, ICQ
databases or Windows Address Books and inserts it as the From: address before sending out
its payload to the rest of your address book. When you receive an e-mail from someone
whose computer is infected, it may appear to come from an entirely different person.
Klez
– This means that the e-mail address in the From: field of the infected e-mail you receive is
probably not infected with the virus. The From: e-mail address happens to be in the infected
Klez
– The virus can infect personal documents and send them out to others and, therefore, possibly
Sircam
http://www.virus.uga.edu/scalrt.html
– Sircam is a mass mailing e-mail worm with the ability of spreading through Windows Network
shares. It sends e-mails with variable user names and subject fields, and attaches user
– Since the worm can pick any of the user's personal documents it might send out confidential
information.
– When a Sircam-infected e-mail attachment is opened it shows the document it picked up from
the sender’s machine. The file is displayed with the appropriate program according to its
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:111/203
– The worm uses Windows Address Book, which is used by both the Outlook and Outlook
Express e-mail clients to collect e-mail addresses. The worm also tries to look for e-mail
addresses in the \Windows\Temporary Internet Files\ folder, which is where Internet Explorer
and other programs store temporary copies of downloaded web pages and other Internet files.
Nimda
http://www.f-secure.com/v-descs/nimda.shtml
– Nimda is a complex virus with a mass mailing worm component which spreads itself in
attachments named README.EXE. If affects Windows 95, Windows 98, Windows Me,
– It uses normal end user machines to scan for vulnerable web sites. It is looking for the
– The actual lifecycle of Nimda can be split to four parts: 1) Infecting files, 2) Mass mailing, 3)
– Infecting files
• Nimda locates EXE files from the local machine and infects them. These files then spread the
Nimda
– Mass mailing
• It then locates e-mail addresses from your e-mail client as well as searching local HTML files
for additional addresses. Then it sends one e-mail to each address. These mails contain an
– Web worm
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:112/203
• Nimda starts to scan the internet, trying to locate web servers. Once a web server is found,
the worm tries to infect it by using several known security holes. If this succeeds, the worm will
modify random web pages on the site, which if viewed may infect the web surfer’s computer.
Hybris
http://www.fsecure.com/v-descs/hybris.shtml
• Infect all ZIP and RAR archives on all available drives. The worm renames EXE files in
archive with .EX$ extension and add its copy with .EXE extension to the archive.
• Infect DOS and Windows executable files (*.exe) files. The worm changes them so that they
become droppers. When run, they copy worm's EXE file to TEMP directory and execute it.
• Depending on system date and time, a "spiral" effect is shown on the Windows Desktop.
– The worm intercepts Windows functions that establishes network connections, including those
to the Internet. It reads the data that is sent and received, looking for e-mail addresses. When
an address is found, the worm waits and then sends an infected message to each person.
Magistr
http://www.fsecure.com/v-descs/magistr.shtml
– Magistr is a very dangerous memory resident worm combined with virus infection routines.
– The virus has an extremely dangerous payload, and depending on different conditions it
erases hard drive data, CMOS memory and Flash Bios contents.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:113/203
– When the virus is run (from infected message for example, if a user clicks on it installs itself to
the Windows memory, then runs in background, sleeps for a few minutes and run its routines:
Magistr
– Depending on its internal counters the virus manifests itself: it gets access to Windows
desktop and does not allow access to icons on the desktop by mouse. When mouse cursor is
moved to an icon, the virus moves the icon out of the cursor. It looks like desktop icons try to
– Magistr virus spreads via Internet with infected emails, infects Windows executable files on a
infected machine (local machine) and is able to spread itself over a local network.
• Mass mailing:
– To send infected emails, the virus reads the settings of installed e-mail client settings--Outlook
– The virus then scans email database files of those clients, gets e-mail addresses from there and
- The attachment name is variable, it can have an EXE or SCR extension. The virus looks on
the system for an EXE file, infects it and attaches it to the message.
– The Subject and Body are randomly constructed from words and sentences that are found in
.DOC and .TXT files in the system (the virus also scans local drives for these files and get texts
from there).
YES!!!
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:114/203
• The number of known viruses surpassed 50,000 in August 2000. According to the anti-virus
vendor, Sophos the number of new viruses discovered every month continues to rise.
• Virus trends between 1999 and 2001 illustrate the threat to an e-mail system.
• In 1999, 1 in 1400 e-mails contained a virus. In 2000, it was 1 in 700, and 1 in 300 this year.
Message Labs, an anti-virus vendor that specializes in scanning e-mail, predicts that if trends
• There are 808 viruses listed on the May 2002 WildList and Supplemental list.
• For a virus to be considered “in the wild”, it must be spreading as a result of normal day-to-day
Methods of Attack
• E-Mail Attachments
• Web Pages
• Floppy Disks
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:115/203
• Be paranoid.
• In computing, this is not as far from the truth as you might hope.
• Make sure you have an up to date anti-virus package installed on your computer.
• EITS currently provides the F-Secure Anti-Virus package for UGA student, faculty, and staff
use.
method of transmission because often people will open attachments that have been sent by
acquaintances, co-workers, or friends, only to find that the attachment is in fact a virus.
• There are viruses that exploit 'holes' or vulnerabilities in operating systems and applications.
Anti-virus programs are generally able to protect you from this kind of 'malware' even if you
• It is recommended that you visit your software manufacturer's Web site regularly to download
• From http://online.securityfocus.com/infocus/1288
• Always scan floppy disks and CDs for viruses before using them
• Despite the fact that approximately 85% of all registered cases of computer infection are
transmitted through e-mail, we should not ignore the traditional transport for malware: the
• Users should always check these external media for viruses before using it on their
• From http://online.securityfocus.com/infocus/1288
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:116/203
• It is not just pirated software that may be infectious. Sometimes even licensed CDs with
software from well-established, credible vendors may contain viruses. Also, software
• Another source of infection may be a computer that has been taken in for maintenance that
may be returned to its owner with a hard drive that is infected with a virus.
• From http://online.securityfocus.com/infocus/1288
• Create a virus-free start-up disk for your computer and keep it in a safe place.
• Sometimes an infected computer cannot be started. This does not mean that a virus has
deleted data from your hard drive; it only means that your operating system cannot be loaded
any more.
• To solve this problem, you should use a virus-free start-up diskette containing an anti-virus
program that has been developed for your operating system. This diskette will help you to start
• From http://online.securityfocus.com/infocus/1288
• Although this rule will not protect against virus infection, it will allow you to protect your
valuable data in case your computer becomes infected (or, as an added bonus, if you have
• It is advisable to back up your most valuable data using external media, such as diskettes, MO
disks, magnetic tapes, CDs, etc. In this case, whatever might happen, you will always be
prepared.
• From http://online.securityfocus.com/infocus/1288
• It is safe to run non-executable file content, such as JPGs, MPGs, GIFs, WAVs, etc. You just
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:117/203
• Most Windows versions will hide known file extensions. Thus, a seemingly innocuously named
file, PICTURE.JPG, may be PICTURE.JPG.EXE. In Windows Explorer, look for the file
• From http://security.oreilly.com/news/maliciouscode_0801.html
• Don't share your hard drive (disable file sharing on your hard drive).
• If you do need to provide some file and print sharing, don't give the keys to the kingdom; use
a password, and ONLY give the minimum that you have to a directory (folder) is much better
than giving all of the C:\, read only is better than full access. If you have to give a C:\
administrative share, limit the number of people who can use it.
• There is a very simple way for Windows users to eliminate the threat of "accidentally"
• By doing the following steps, if you ever "accidentally" click on a worm or virus written in
[4] Scroll down until you see the .vbs file type.
[5] For each of them, highlight the entry and select "Edit."
[7] Change the "application use to perform action" from "wscript.exe" to the path name for where
"C:WINNTnotepad.exe." You can use the file find feature to locate the proper path.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:118/203
• Norton Antivirus
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:119/203
FIREWALL
Every time corporate connects its Intranet to Internet and it faces potential danger, Due to the
openness of Internet there is a possibility of attack by the hackers and Intruders to cause the harm to
Solution for all such types of threats and many more to build a firewall to protect Intranet.
What is a firewall?
• A firewall is any mechanism that acts to restrict access to a network according to a set of
defined rules.
• A device able to monitor each packet to determine whether to forward it toward its destination
• A device able to evaluates packets with the objective to Control, Modify and Filter network
traffic
Advantages
• application/content-level filtering
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:120/203
Disadvantages
• introduce vulnerabilities
• By inspecting traffic that travels across/through them according to the policy that’s been set.
• All traffic between external and internal networks must go through the firewall
• Firewall has opportunity to ensure that only suitable traffic goes back and forth
Firewall Architecture’s
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:121/203
Bastion
Host
Internet
Intrane
t
Inner Outer
Barrier Barrier
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:122/203
Requisites are totally depends on security requirements however one should check some attributes
• Firewall system should be able to support or deny services except those are specifically
permitted
• Firewall system should posses flexibility i.e. it must have ability to new changes based on
company’s policy
Firewalls Rules
• Questions to ask:
• Is there any trusted external hosts to which you want to give network access?
• TCP and UDP: src/dest port, flags, SYN and ACK bits
• Interface name (FW may have more than one incoming/outgoing link
• Source and destination IP address: this includes broadcast and multicast addresses
• ICMP
• More restricted rules comes first to avoid rules conflict and shadow
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:123/203
IP packet fitering firewall examines each and every incoming and outgoing packet flowing through it by
examining the specific field in IP datagram headers, Firewall decides whether to allow the packet to
• Source Ip headers
• Destination IP headers
o protocol field
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:124/203
IP Packet
screening
router
Server
Filtering/Scr
eening rules
Usenet e-mail Client
As shown in above fig firewall router filters incoming and outgoing Packets based on the security rules
that are set at the time of configuring the firewall host based on the company’s policies
e.g. If company doesn’t offer FTP services to outsiders then firewall is configured to reject the request
Objective: allow a network application (based on sockets), to be accessible by hosts outside your local
LAN:
• The software is made by a main process that receive connection requests on port 999.
• Then the main process create a new process for each new connection. New processes waits
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:125/203
• The main process send a reply to the client (in the payload of an UDP packet) with port to use
• The client receive the packet, read the port (ex:40001) and send the next packet to port 40001
• With a stateless firewall, if you want to allow your server to work properly with hosts outside
o Statfull firewall associate a packet to a state and can make decision base on:
3. If TCP /UDP packet filtering is not implemented fully , it can lead to security hole
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:126/203
successfully
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:127/203
In such type of firewall remote host or network can interact only with proxy server (proxy application
gateway) proxy server is responsible for hiding the details of the Internal network ie Intranet. If the
remote host is interested to avail the facilities placed inside the company in that case first proxy
authenticates remote host/user then it creates the session between application gateway and the
Internal host and allows the transmission of packet as well maintain the log details of user too.
As shown in fig. Proxy application gateway is special server which runs on firewall machine
and user ie inside or outside if they have to share the data in that case they have to divert the
request to the proxy server proxy applies the security policy by authenticating the user and
Gopher: Is as server application that allows you to browse huge amount of information by performing
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:128/203
3. Cost effectiveness
Hardened firewall hosts are similar to proxy application gateways and are configured for increased
security . This type of firewall requires inside or outside user to connect to some trusted application
running on firewall machine before getting connected furthur. These firewalls are configured to protect
• Remove all users account except those are necessary for the operation of firewall machine
• Remove all noncrucial files and executables especially network server programs and client
• Exten the feature of traffic logging and monitoring to check remote access
Advantages:
• Concentration of security
Drawbacks:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:129/203
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:130/203
AAA Security:
AAA Security
Intranet Internet
AAA Security works similar to Proxy application gateway in this too user must have to get himself
authenticated by security system for availing the facilities that are kept inside or outside of the
company ,ie its an compulsion over clients to get themselves logged on Security system and then only
they would be authorized for availing facilities based on the policies set on the security system, after
giving the authorization AAA system will maintain the details data packet transaction for the purpose
of further accounting/auditing
Problems:
– Firewalls as filters can be considered for most part to be infallible... but as a security
• Conclusions
– People don’t just put up a thick front door for their sensitive belongings, you shouldn’t
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:131/203
– Care must be taken to construct an appropriate set of rules that will enforce your
policy.
A Block Cipher: It takes given length of data as input and produces a different length of
encrypted data
A Stream Cipher:It converts plain text to encrypted or ciphertext one bit at a time
Symmetric Encryption:
Symmetric encryption is also termed as secret key encryption because secret key is shared between
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:132/203
Asymmetric encryption:
Asymmetric encryption was developed in 1970. Two keys are involved in asymmetric encryption first
key (the public key) is published and is used by entities intending to send data securely to key owner.
Second key is private key known only to the owner and interesting thing is that two keys are
reversible ie private key can be used to encrypt data that can be decrypted only by using the public
key and vice versa and this capability directly leads to the digital signatures
public
Private Key
Senders Senders
Pribvate Key public key
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:133/203
Digital Signatures:
It provides means for the contents of message and the identity of sender to be verified . A digital
signature is implemented by using asymmetric encryption and hash function. Digital signature
depends on the fact that asymmetric encryption ciphers are reversible. Digital signature also depends
on fact that orignal message signature and key pair are related so that changing any one will result in
Data to be Data
sent Received
Digital Digital
Messag Signature Signature Messag
e Digest e Digest
Algorith Algorith
Public Public
Message Key Key
Digest Cipher Cipher
Senders
Private Message Message
Key Digest Digest
Two
M.D.
Equals
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:134/203
Sender prepares message digest this message digest is then encrypted with senders private key the
recipient receives message and decrypt the message digest by using senders public key
A digital code that can be attached to an electronically transmitted message that uniquely identifies the
sender called digital signature. Like written signature , the purpose of digital signature is to gurantee
that the individual sending message really is who he or she claims to be. Digital signatures are
especially important for electronic commerce and are key component of most authentication schemes,
to be effective, digital signature must be unforgettable there are number of encryption technique to
1. Planning: Setting goals specifying contents, organizing content and setting user interface to
navigate content
2. Implementation: Creating content, implementing navigation, user interface and coding site
3. Testing: User browser and system testing (ie same page may appear differently on different
4. Domain Registration & Hosting: Based on the importance of site register for unique or sub
5. Website Promotion: Promote your site by registering it on search engines and indexes to
6. Maintenance: Maintaining and updating the site, questioning the old goals and returning to
planning phase
Website Planning: For executing any work in proper/systematic way planning is must e.g. plan for
traveling in which we would do advance reservations ad other things, plan to watch movie, plan to
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:135/203
Before you begin to create your Web site, spend some time planning what the purpose of the site will
be, what content it will contain, and how to structure it. Planning before you begin helps you create a
Web site that has a unified look and a well-designed structure. Putting your business on the Web will
require new ways of thinking. To help evaluate your needs look at various perspectives for your
• Information Distributor – Determine your information relationship with your customer. What do
you need to tell the customer, or prospective customer? What format best suits your product
What information do you need from them? Include a feedback form on your web site.
• Marketing versus Sales – Is the site going to be a promotional tool or a selling platform. Will
• Customer Quantity versus Quality – Will the website increase the number of customers that
you can reach? Will it expand your business to a new demographic of customer?
• Satisfaction Measurement – Ensure that you monitor the statistics to determine whether the
site is effective. What are the number of hits? Has it extended the reach of the customers?
Has it reduced print and postage costs? Has it reduced sales and distribution costs?
• Revenue – Examine new markets and revenue streams that can be generated from your
website.
So before developing the site there is need of proper planning so that it would become
Developing look and feel related with representation of color, graphics etc
Target audience:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:136/203
In order to convey the proper message to proper peoples there is need to identify the right peoples so
at the time of planning first identify to whom you want to convey the message? Without this information
you will miss the intended mark of message. So consider following points while identifying audiences
We can achieve above mentioned things by doing survey either traditional or e-survey and in that you
Gender
Financial status
Educational background
Geographical Location
Material status
You should be clear with your motive of creating website it might be among the following
To inform
To promote a product
So your vision of creating website needs to be well defined and acceptable to management, if you
are working in organization. So once goals are defined, organize all your material. Put together
any existing documents and pictures you want to work with. For example, if it is a company’s site
you may want to assemble logos, company information and product descriptions also think about
the message you want to convey to fulfill your mission and which type of images or text might be
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:137/203
appropriate. If your site’s goal suggests fun and light heartedness, then use informal language and
whimsical graphics
Web page lay outing selection is totally depends on the clarity and expressiveness of
concerned scheme so at the time of selecting lay outing scheme you must have to check the
possibility of confusion and expressiveness of concerned scheme following are the major web page
1. Tree Structure:
Big Company
depth structure
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:138/203
Depth Vs Breadth
Pure Linear
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:139/203
Mixed Hierarchy
Pure Web
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:140/203
Grid Layout
Grid
Pure Web
Expressive ness
Linear Hierarchy
Possibility of confusion
If you think site will contain files, which are small in size and large in number, then store all of them just
in directory. But if the site is going to be very large and complex, then you will need to organize files
into separate directories and subdirectories. Developing a logical directory structure is an essential
part of planning your website. You can have a subdirectory of images or pictures. Similarly
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:141/203
The following questions will help you determine your content. Answer them and
2. Who is your audience? What do they know? What do they need to know? What kind of network
3. What do you want your students to learn from your Web site?
4. What subsections would you divide your content into so the flow of information is clear, logical, and
Since a Web site can be developed to offer a “Web-enhanced” course, here are some
other considerations:
5. How will the Web site support the educational objectives of the course?
7. Does your textbook have companion Web site that you can link to?
8. Will the course Web site offer links to other resources on the Web?
Tip: When linking to online resources outside your site, be specific about why you have linked to a
particular site. Don't link to sites just because they happen to mention the subject you are teaching.
9. Will all the materials be posted on the Web at the beginning of a course? Or, updated regularly
during a semester?
Tip: At the beginning of your course, explain to your students the purpose
and contents of the Course Web site and how often they should visit it.
Implemetation :At the time of actual keying/coding you must have to consider following points
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:142/203
Above all else you must ensure that your website looks professional to give a good ‘first impression’.
Navigation - Many visitors will arrive at your home page; make sure that your visitors can get a
general idea of what’s on your site and can easily access the different pages. You can do this with the
However, keep in mind that not all of your visitors arrive at your home page first. For this reason, it’s a
good idea to make it easy to return to your home page from other pages in your site, by including a
link to the home page. Your material should be organised so that your visitors understand it. You will
need to lead your visitor through your site so that their eye flows from one element to the next. Don't
put pictures next to unrelated text. You might know what you mean, but your visitors sure won't.
Positioning - A few more tips for positioning words and pictures on your new site. Most of us are
used to reading English and other European languages from left to right and top to bottom. Our eyes
are used to going to the top left corner of a page - so place the information that you want people to
see first up there and arrange other elements to flow across and down the page in decreasing order of
importance. Don't put too many distracting links to other pages or topics all over the place.
Graphics & photos - Don’t get carried away with graphics, photos or typefaces. You should be
conscious of the download time as you don’t want your visitors to go off as your page takes too long to
view. ZyWeb produces optimised graphics and photos which are a high quality resolution, whilst be
Style - Try to keep a similar style throughout your pages. Colour will make your page look great.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:143/203
Colours will make it distinctive and memorable and colours also have strong psychological effects that
can set moods or convey feelings. Most web sites are set in a theme colour throughout. A small vivid
splash on the graphics will have a great effect to highlight something but vivid splashes everywhere
will be overwhelming. You should, ideally, use only 2 colours with shades of those colours.
Colors - Legibility is vital - your page needs to be read! So adequate contrast is the answer; light type,
dark background, dark type, light background. Obviously black and white give the maximum contrast,
but that's boring. Color contrast creates powerful effects. Cool colors, greens, blues, tend to calm,
while warm colours, reds, yellows tend to excite. Dark colours can convey heavy and oppressive
Here are a few sure-fire color combinations. Stick to light coloured backgrounds, white or light grey,
tan, light blue, light green or pale yellow. Use black or dark coloured text on these backgrounds. Avoid
bright text colors on light backgrounds. Large, bold text can be coloured in strong colors – try bright
red, orange or blue, but don't overdo it. Use light type on dark backgrounds in small areas where you
Interactive - Make the site interactive to retain the concentration of the visitor for the maximum
amount of time. Ideally, build interactivity into the opening home page screen with the use of clickable
navigational buttons. The wording of the label on the link should prompt the visitor to take action.
Highlight buttons to take visitors to special areas and always put the more important ones at the top.
A Domain nam e can contain the num ber s 0-9, the letters a-z and the h yphen
character ("-"). Note however t hat Domain names cannot begin or end with a hyphen.
You can use UPPERCASE or lowercase letters when registering a Dom ain nam e, but
you ma y occasionally run into problems if you mix cASes, depending on the exact
configur ation of the web ser ver that will be hosting your website.
The easiest way to mak e sure your Domain name will not cause you any problems
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:144/203
A Dom ain name can contain up to 67 char acter s, although som e Domain registrars
have still not reconfigured their ser vices to accommodate these longer Domain names
This 67 char acter limit includes the "." (dot) and the top level Domain. So in the case
of a ".com" name, for instance, you'll be able to specif y up to 63 characters your self.
Some top Domains from specific countries have additional limitations on length and
on the number of c har acters in a Domain. Some even specify a minim um length for a
There are man y differ ent wa ys to resear ch Domain names and to find inspirat ion for
new Dom ain names to register. The way you research Dom ain names will be color ed
to a large extent b y the intended use for t he Domain nam e i.e. is it being register ed
brand or trademark .
Start by not ing down what the site will be about, in a paragraph or two. Then boil
down this descr iption into a maximum of 2 sentences. Don't worr y about covering all
the details - just mak e sure you'r e addr essing the es sentials of what the site will be
about.
Now tak e your short description, and under line all the "k ey" words that descr ibe your
"Our website will be the leading source of infor mation on weaving and k nitting,
selecting and caring for loom s, and a store for people t o bu y wool, yarn and book s."
Now try to come up with a Domain name that either addr es ses the one fundamental
concept of the site, or that marr ies two or m ore k ey concepts in a single name.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:145/203
Once you've drawn up a short- list of Domain names to "test" for availability, it's time
If you're having difficult y coming up with useful Domain name combinations from your
k eywords, tr y a single k eyword and add pr efixes or suffixes. Not all prefixes and
suffixes are appropriate in all situations - use your judgment when deciding which to
add.
e, e-, m y, i, i-, the, online, net, web, inter net, hot, cool, our, your
Common Suffixes
world, link s, site, web, net, resour ce, business, compan y, corp, inc,
In the case that you're look ing to bu y a Domain name for a website that is alread y up
and running, your options will be more limited than if you'r e starting from scratch.
First, have you already been operating the site under a clear ly-recognizable "name"
or "title"? Even if your site is hosted on cheap space at an ISP, or on a free host, you
ma y have given it a short title in large letter s (or in a logo). This is the obvious place
If your site' s name (as given in its title) is ver y generic, you ma y well find one (or
man y) other sites already using it - and the corresponding Domain name( s) long since
gone. In that case, you have to decide whether you will m ak e a bid t o bu y the Domain
name you want from its current owner, look for an alter nat ive extension or use the
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:146/203
brainstor ming trick s outlined earlier in this article to find a suitable alternative. You
can also consult the guide to choosing t he r ight Dom ain name for more help.
cybersp ace
flower s.com and ess ay. com. Companies have gone on to cr eate
names or for goods or ser vices. A whole industr y has sprung up ar ound
the resale of domain names, with dom ain brok ers acting as middlemen
enor mous compar ed to the original value of the name, s ince some
domains have sold for over $1 million - and cost under $100 to r egister!
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:147/203
email address
Many companies will set you up with email forwarding, where messages sent to
@yourdomain.com will be redirected to your existing mailbox as provided by your ISP. This
lets you choose a truly unique email address and keep the same email address regardless
search engines
Although the rules b y which search engines "rank " sites when returning
search results change often, some search engines have recently been
favoring sites with their own domain nam es over sites that do not have a
domain name of their own. Some sear ch engines even give increased
relevancy to domain names that contain "k eywor ds" that people search
for. For example, a s earch engine m ight rate a site wit h the domain
name "freestuffguide.com" more highly than a site with the domain name
"freebieguide.com" for the sear ch "free stuff" since the for mer domain
Step 1
To register Domain Names on this website, use the Domain s ear ch box
In the Domain, sear ch box on the home page enter the Domain Nam e
you want, select an extension for your Domain Nam e and start your
Step 2
The result page will show you whether the Domain is available or not. If
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:148/203
selecting the check box against the Dom ain Name you want along with
If the Dom ain is not av ailable then you will have to r esume your search
again.
Step 3
Enter your UserName and P assword in User Login window. In case, you
are a New User, click on Register! W hich will lead you to a New User
is absolutel y free of cost. Once you are registered member you can use
your member ship for availing all the services and products available
here.
Step 4
Fill in the Domain Registration F orm and Submit. Kindly ensure t hat you
Step 5
Once you have confir m ed the order you will get an or der code along
After receipt of your paym ent , you will receive an ack nowledgem ent for
the same. You will also receive a confirmation of your Domain Name
Kindly note that it tak es about 48 hrs, for the Regis tr y database to
update a new Registr ation and r eflect it on the 'W hois Sear ch'.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:149/203
Make it easy for your customers to find you on the Internet with your own unique domain name
(alsoknown as an Internet address or URL) for example www.bit.ac.in or bitdurg.org Having your own
domain name also makes your email address consistent and meaningful, eg dpmishra@bitdurg.org
dpmishra@bit.ac.in and it means that you don’t have to change it when you change ISP Thousands of
domains are being registered every day so we strongly recommend that you register your domain
name now, otherwise you may find your company name already taken.
How well do you know the company where u host your site:
The answer you should be looking for is that they backup every night. You should also keep a up to
2. What sort of equipment and software are in place to ensure that my site is up?
Most Internet Hosting Companies use some combination of equipment and software to ensure that the
servers are up and working. You want to make sure that the server is hooked up to an UPS
(uninterrupted Power Supply). The UPS is just a big battery that will provide the server with power for
30 minutes to several hours. Also most Hosting Companies have software and equipment that
monitors the servers and restarts them if they quit serving pages. You will also want to know if this
fails, does the company have a way to restart the server manually.
If you have 2 domain names, say joestools.com and cooltools.com, and wanted them to both go to the
same site, would they charge you extra for the domain names or since it all goes to one site will you
be charged just for one. If you plan on hosing several sites to see which ones will be successful, you
might want to ask for a volume discount or ask if they have a reseller package.
You need to find out who to contact if you have a problem with billing and what is the process for
resolving problems.
You want to know if you will have 24 hour FTP access. Some hosting companies restrict how you can
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:150/203
Hosting companies usually do one or the other, either provide you with the raw logs for you account or
provide you with some sort of online statistics. You will want to make sure that the logs contain
information from search engines on the words and phrases used, how long the visitor stayed at the
site, entry page, number of page visits, broken links and errors, and exit page.
Nearly every hosting company will provide atleast a basic form of this. You will want to know if there
are any limitations on the size of the form. Also you might want to ask if there is a way to encrypt the
form. If so you could use this for an ecommerce solution until you are ready for a shopping cart.
You want to know what the features of the account are, but you also want to know if you need them to
Before choosing a hosting company call them up or email them with a question and see how quickly
One of the biggest pains about having a web site is changing web hosts. I ought to know, I've changed
over half a dozen times in the last three years. Each time has been a step up and with each move it
In many cases, your web site is the first and only thing that your customer sees (besides, hopefully,
your product after they make a purchase). This is especially true if your company does not have a
real-world presence such as a store or office. Thus it is important that your web site be available to
your visitors (and customers if your site is commercial) twenty-four hours a day, seven days a week,
Not only must it be available, but your web site must load quickly. If your host computer is too slow, it
doesn't matter how much you optimize your graphics and HTML, cut down page sizes and perform
other actions.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:151/203
Other features must work properly. These include CGI routines, autoresponders, PHP, ASP and SSI
scripts, and, very importantly, shopping carts and credit card services.
All of this is so important that you must keep an eye on your site. I use two services: alertsite and
internetseer. Both of these ping my site occasionally to determine if it is up. Any errors are reported to
my email inbox. Why do I do this? Two reasons: (a) it's critical that my site be online all of the time,
and (b) these services provide a third-party record of any downtime, which is useful when attempting
These two services also measure response time, which is very useful to determine how well your site
responds to your users browsing requests. These two factors, uptime and response time, are the most
critical measures of web site performance. A consistently bad number in either measure is more than
Of course, if your CGI routines stop working mysteriously or your autoresponders stop responding,
then by all means shoot off a trouble ticket to your host. You have a right to expect these types of
issues to be quickly and politely fixed. If they are not and the errors continue, then consider moving to
another host.
There are a number of tasks that you should be performing on a regular basis. You see, you cannot
predict when you might have to change web hosts. It could be that they are suddenly sold and their
level of service drops, or they upgrade their computers which causes a series of new problems. You
can be sure that you will only find out about these things when your web site stops working or
becomes unstable.
Another reason to be performing regular maintenance tasks is the possibility of disasters. A hacker
could deface or even destroy your web site. Your credit card could be closed, which might cause your
host to close down your site until you pay. Any number of other disasters could occur, which make it
very imperative that you have a continual set of procedures in place to be prepared for anything.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:152/203
Monitor your site - As I stated earlier, be sure you use a site monitoring service to keep an eye on your
web site. That way you will know immediately if something happens.
Backup your site - You should perform all edits to your pages on your own computer and upload them
to your site. Never edit your site pages directly. This, by it's very nature, ensures that a copy of your
However, you may also have databases stored on your web site which do not originate from your
computer. These might include mailing lists, demographic data, links and other similar things. These
items must all be copied to your own hard drive on a regular basis.
You can set up your favorite FTP program to do scheduled downloads of selected databases, or you
In addition, your web host should be backing your site up daily. In many instances, these backups are
available to your as downloadable zip files. Be sure and copy these down to your system once in a
Don't forget about such things as autoresponders, CGI routines and anything else which you may
enter at your site control panel. You must ensure that you have a backup of everything.
Keep a log - Be sure you know everything that you've done to your site. You should list all of your
autoresponders and their names, track any subdomains which you have set up, and anything else
which you may do. This way if you have to change you can recreate your site quickly and efficiently.
Only use a domain name - Always reference your site via a domain name which you have purchased
and control. Never, ever use the URL provided by your web host, as tempting as this can be at times. I
ran into a situation where my web host URL was somehow entered into a number of search engines,
and I discovered I was getting tens of thousands of hits from these URLs. This forced me to keep
paying for the old site after I switched hosts, just to be able to redirect the traffic to my new site.
Make sure you register your domain elsewhere - The first time I registered a domain name, it seemed
so convenient to just use my web hosts domain registration service. What I didn't know is they became
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:153/203
the registrar, and it was a nightmare getting the domain transferred to a different one. By registering
the domain at a different company, you will most likely get a better price, and you will gain
Scope out a few hosts in advance - Even if you are completely happy with your current web host, at
least take a few minutes and have a few names ready just in case. This way if you are forced to move,
If you are lucky, you get to make the choice about moving. In that case, you can simply upload your
new site, get it all working, then transfer the domain and cancel the old site. This gives you a large
amount of control, because you don't have to transfer the domain and cancel until you are happy with
If for some reason your web host has cut off access to your site, then you have to move fast. This is
where the monitoring services come in handy - you know immediately when your site fails.
1) Determine that a change is necessary. Ideally you are the one making this determination. Of
course, if your web host decides for you, then you have to perform the rest of these steps very quickly
2) Find a new hosting company. Read all of the information on the internet that I can find. I also
learned something the hard way - check the hosting companies own forums for customer complaints.
There were several times that I would have avoided trouble had I followed this advice.
3) Review the features of the hosting company to be sure they offer what you need. If you have any
4) If you need a storefront, shopping cart and/or merchant status, be sure you resolve any issues you
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:154/203
5) Sign up for the hosting company with the right size package, but the minimum amount of time (one
to three months). This gives you some time to check them out without laying out too much money up
front.
7) Modify any scripts as necessary. Test all of them to be sure they work.
10) Of course, set up any databases. If your other site is still active, then just load the databases on
the new site with data from the most recent backup - you just want the data for testing purposes. If it's
not active, then load the databases with the most recent values you have.
11) Set up your storefront, merchant services and credit card processing, if necessary. Test as
12) Once everything works and is tested, transfer the domain to the new host.
13) If you have the option, freeze your databases on the old site about 12 hours after transferring the
domain. Disable all activity to the old databases, then copy to the new site.
14) Once the domain transfers (usually a day or two) test thoroughly again. Unfreeze the databases as
16) Depending upon the circumstances of the move, demand a partial or full refund. It does not matter
what the hosting companies policies are - presumably you moved because they were not fulfilling their
contract. This means they are in breach of contract, so demand your money back.
17) If they will not give it back (and they probably won't), check with your credit card company to see
what your options are - if you've paid within 60 days via credit card, you may be able to get the credit
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:155/203
card company to get your money back for you. This is where your monitoring logs come in very handy
(assuming downtime or response time was the reason you left) - you can prove your case using third
party data.
18) Why the focus on getting a refund? Because the hosting company did not provide contracted
services - and no one should be rewarded for failure to fulfill their contract. The only real weapon you
19) Once you've moved, be sure and practice the maintenance steps mentioned earlier in this article.
You may have to move your site again, and you want to be prepared.
So basically, moving to a new host is always a traumatic, time consuming event. You should take
To see a list of article available for reprint, you can send an email to: mailto:article-list@internet-
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net/ - Visit
our website any time to read over 1,000 complete FREE articles about how to improve your internet
Yes, there are hundreds of free hosts, as far as not having to pay any money. Generally they either
cost you in time, hosting restrictions, or modifying your web pages by adding popups or other adverts.
When looking for free web hosting (especially on search engines), you should beware that there are
also a large number of commercial web hosts that claim to offer free hosting, but those have a catch,
such as paying an excessive amount for a domain name or other service, and therefore aren't really
free.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:156/203
The free hosts often make money in other ways, such as putting banners, popups, or popunders on
your site. Some free hosting companies do not put ads on your site, but require you as the webmaster
to click on banners in their control panel or signup process, or just display banners in the file manager
in hopes you will click them. Some lure visitors with free hosting in hopes you will upgrade and pay for
advanced features. A few send you occasional emails with ads, or may even sell your email address.
Generally no, although there may be a few exceptions. If the host is making money from banner ads or
other revenue sources directly from the free hosting, then they likely will stay in business, provided
someone doesn't abuse their hosting with spam, hacking, etc., as often happens to new free web
hosting companies with liberal signup policies. If the host accepts just anyone, especially with an
automated instant activation and it offers features such as PHP or CGI, then some users invariably try
to find ways to abuse it which can cause the host to have a lot of downtime or the server to be slow. It
is best if you choose a very selective free host which only accepts quality sites (assuming you have
one).
Free web hosting is not recommended for businesses unless you can get domain hosting from an ad-
(http://www.fairmount.nu/). Other reasons for using free hosting would be to learn the basics of
website hosting, have a personal website with pictures of your family or whatever, a doorway page to
another website of yours, or to try scripts you have written on different hosting environments.
The best place to search for free webhosting is on a free webspace directory website (i.e. a site which
specializes in listing only free web hosting providers). There are some which add new free hosts pretty
much every week (and if it is updated often, has usually had to delete about as many). There are also
many which almost never update their site, and a huge percent of their links and info are outdated.
Unfortunately that includes most of the directories that were the best several years ago. The problem
is free hosts change so often, and most fold up in less than a year (often even after only a day or two),
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:157/203
that it is hard to keep such a directory up-to-date. The most recommended directory is Free Webspace
(http://www.free-webhosts.com/), which has a detailed list of over 900 free web hosting providers with
user reviews, ratings, forums, and searchable database. It is updated daily, and the advanced free
web hosting search has 42 options, helping you to find the free hosting package with all the features
you need, such as CGI, PHP, MySQL, ASP, SSI, and FrontPage extensions.
For a smaller, more selective list of the best free hosts, there is also:
Other (usually less useful) resources include subcategories of freebies sites, search engines and
directories, and forums. Your ISP might also supply you with free webhosting.
Generally it is best not to choose a free hosting package with more features than you need, and also
check to see if the company somehow receives revenue from the free hosting itself to keep it in
business. As already mentioned, it is best to try to get accepted to a more selective free host if
possible. Look at other sites hosted there to see what kind of ads are on your site, and the server
speed (keep in mind newer hosts will be faster at first). Read the Terms of Service (TOS) and host
features to make sure it has enough bandwidth for your site, large webspace and file size limit, and
any scripting options you might need. Read free webspace reviews and ratings by other users on free
hosting directories. If you don't have your own domain name, you might want to use a free URL
It would be awfully hard to recommend any host and someone not like it, as different people need
different hosting features and have different priorities, and the hosting quality may change over time.
Also some people want free domain hosting (you own the domain), and others might not be able to
buy a domain. Here are some of the most recommended free web hosts, and their main features.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:158/203
no forced ads on your site, FTP and/or browser upload, CGI and Perl, PHP, MySQL database, SSI,
and FrontPage Extensions, as well as a collection of other pre-installed scripts. It has great support
and a generous bandwidth limit of 6 GB/month. There is also CPanel 7 control panel with most if not
all the options you would find on a paid host: web-based Email and forwarding, statistics, custom error
pages, SSL, Cron, and much more. What is the catch? You must click on a certain number of banners
and SSI, MySQL database, guestbook and forum script, and unmetered bandwidth. You can upload
via a file manger or FTP import. Only English websites are accepted, and there is a text link at the top
of your pages. It has about the best support of any free host, and in fact, maybe better than any paid
Yahoo Geocities (http://geocities.yahoo.com/home/) is controversial. Many people hate the ads they
put on your site or its other limitations, but it is one of the oldest and most reliable free web hosts. Your
URL looks like http://www.geocities.com/you . They give you 15 MB webspace, file manager and
editor, web-based Email, and statistics. The bandwidth limit is 3 GB/month, and the file size limit is 5
MB. You can upload several file types such as RealAudio, RealVideo, Flash, MP3, and Java, but other
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:159/203
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:160/203
- Autoresponders
Free web hosts are great for hosting a personal web site,
but not recommended for a business site. If you're really
serious about your business and want to establish your
Internet presence, I highly recommend Host4Profit. They
provide you with exactly what you need to develop a
profitable Internet business at a very reasonable price.
http://www.web-source.net/cgi-bin/t.cgi?l=h4p
HOSTINGYOUR WEBSITE
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:161/203
The term 'Hosting' refers to the housing of a website, email or domain on a server connected to the
internet.All domains need to be hosted somewhere and many require specialist services to be
available such as database or scripting support, frontpage extensions, password protection and
Your Internet Service Provider (“ISP”) – ie. the company you use toconnect to the Internet, may well
offer to host your Web site as part of the services provided. However, this has the major
disadvantages because you generally cannot use your own domain name as your Internet address will
capabilities you need may not be not available. There are specialist Web “hosting” companies which
take the collection of Web pages which make up your Web site, store them on their computers which
Shopping around is necessary and some of the things to be taken into account in deciding upon a host
• Reliability - It is essential that the host is reliable and that your Web site will be available day and
• Security - Your chosen host needs to provide a high level of security. There are many ways people
can illegally access your site and damage your business, whether by hacking into your customers’
• Speed - If your site's performance is slow or unpredictable, it won't matter how good your product is,
• Space - Hosts store your Web site on computers called servers. When you enter into a hosting
agreement, you pay for a certain amount of space on these servers (A basic professional site might
require 5 – 20MB (megabytes), whereas a fully e- commerce enabled, content rich site could require
100MB or more). Elements like email and images take more space than text. Make sure you ask what
getting. Once you have a domain name and a Web site designed, the next step is to have your Web
site stored on a computer where the world can access it (called a “host” computer).
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:162/203
EXAMPLE PACKAGE
• Scalability - Hopefully, your Web site will attract more and more traffic in which case you will want to
add options such as e-commerce facilities. Make sure you understand the options to increase your
hosting arrangement.
• Email capabilities - Most hosting providers will also provide email addresses such as
• Support - If you have a large site with a lot of traffic, you may require 24-hour technical support. The
level of support provided by the host vendor varies and is an important consideration.
• How much does it cost - Costs will obviously vary from provider to provider and will be dependent
on your requirements. Most vendors will charge an initial set up fee then an ongoing charge each
month.
The following is an example of package elements and indicative costs for an SME hosting package:
• 20 email boxes
• five extra passwords beyond the master password for accessing or editing the site
• Support for CGI scripts, Active Server Pages (ASP) and Microsoft Access database.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:163/203
These features and costs may vary, so we recommend you shop around for the latest prices and most
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:164/203
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:165/203
A failing with many web sites is that they are not kept up to date. You should edit your site frequently
to add or remove information, products or pictures. Tell the world about a new special deal on a
product. Visitors are more likely to keep on coming back if they see something new every time! Here
• Change the designs or the colours but you must ensure that you retain your identity brand.
• Scrolling text. Use moving messages catch the attention of the visitor and use it to announce
news.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:166/203
• News – ensure that you keep your news up to date. Provide interesting news to your Visitors.
Your primary objective with your website is to attract and retain visitors, both new prospective
Customers and existing customers. You want to convert the prospects into actual customers and you
need to retain existing customers. You can become a reference point or ‘portal’ to extend the length of
time that visitors are on your site so that you can also gain revenues by selling advertising or
Relevant articles - If you are a lawyer specializing in Employment law then have some articles on
some of the regulations, health & safety requirements, etc. Become known as a reference site on
those specialist topics. Not only will it attract and retain visitors but it will also show you to be an
industry expert.
Forums or newsgroups – Initiate some forums or newsgroups so that your customers and prospects
can communicate amongst themselves. Many companies use forums for support and it is very often
Links to other sites – provide links to other sites that are of interest, in the case of the lawyer they
would like to relevant government sites, Health and Safety information, etc.
Prize Draws and Competitions – you could run a competition and have a form on your website for the
CRM (customer relationship Marketing). Use your website to build a relationship with your visitors and
customers. There are various different uses when you put a form on your website and have the results
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:167/203
Part 1 - Preparations
Introduction
Today the internet is very different to it used to be. Several years ago, if you made a website you were
assured of visitors as there were so few sites on the internet. Now, with several hosting companies
having over half a million web sites on their servers it is much harder to get the visitors. Just recently,
the search engine Google announced it had information on over 2 billion web pages.
Luckily it is not all bad news. Today there are over 200 million people on the internet and thousands of
people are getting connected every day. The main problem you will face is getting your site noticed
above all the others because, even if you have the best site ever, nobody will know that until they visit
it.
Where To Start
There are thousands of places and ways to publicize your site. Basically, you must think to yourself,
"How do I find sites?" The first thing you are likely to think of is Search Engines. They are the first
place you should publicize your site. Secondly, you probably follow links from other pages. This is a
To publicize your site well, all you need to do is follow this tutorial. We cannot guarantee that your site
will be very popular after this but you should certainly get enough visitors to make your site worthwhile.
Preparations
Something a lot of people don't do right when publicizing their site is that they don't prepare properly.
Anyone can submit their site to a search engine but there is a lot to do before you do this.
First of all, make sure that you know what your website is about. Although this sounds silly, a lot of
people find that they don't really know a category their website could fit in (for example Webmaster
Resources). You will need this once you start submitting to directories and link sites. If your site has
The second thing you should write is a description of your site. This should be short, about 20-30
words. There are several things that are quite important about your description:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:168/203
• Never write anything like "The best site on the internet" or "The coolest site around" because it
• Write your description in the 3rd person. For example don't write "We offer several free
services to help your business." Instead write "Here you can get several free services to help
your business."
Once you have written your description, save it in a text file somewhere. You will need it later. Next
you will need to come up with some keywords. These are the words which people will use when
searching for your site. You should have about 20-40 of these. Type them into a text file separating
them with commas. For example a site offering credit card processing for small businesses might have
keywords like:
credit, card, small, business, low, cost, new, startups, processing, creditcard, company, companies,
businesses
• Put your 5 most important keywords first. It hasn't been proved to increase your search engine
ranking but some search engines have a limit to the number of keywords you use so you can
• Never repeat a keyword. Search engines will consider this spamming and will not index your
site
• Try to think of alternatives to some words. For example, in the keywords above, both the
• Include plurals of words in your keywords but don't take out separate ones for them. For
example, you wouldn't take out the keyword company so that you could include the word
businesses
Save your keywords to a file as you will need them very soon.
Finally you should make sure you have a descriptive title for your site. An example of this is, instead of
calling a site:
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:169/203
Football World
This will help your search engine ranking and help people to understand what your site is about.
Meta Tags
The next thing you will need to do is create meta tags. These are a bit of code which goes at the top of
your site. It will tell any search engines the description of your site and the keywords.
Creating your meta tags is easy. You can use our very own Meta Tag Creator (see related links). All
you need to do is paste the description and keywords you wrote into the appropriate boxes. It will
display your meta tags on screen and e-mail them to you for future reference. It will also tell you how
What Now?
Now you are ready to start publicizing your site. In the next part we will show you how to submit your
Introduction
In part 1 I showed you how to prepare for promoting your site. This involved writing a description and
keywords for your site and changing them into META tags which you could add to your site so that be
able to pick them up. This week I will show you site to the main search engines and how to try and
engine ranking.
Many years ago, when the Internet was just, starting to become popular, search engines did exactly
what they were designed to do. They provided a place where you could search all the sites on the
internet and get a list of all the best ones in your browser. Unfortunately, millions of sites have been
submitted, some of them have no useful information at all. This means that, if you search for a subject
of interest on a search engine you will get hundreds of thousands of results, and only about half of
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:170/203
This, of course, causes even bigger problems for webmasters. Unless you are listed within the first
100 results for a search term, very few people will ever visit your site. This means that hundreds of
web sites have been set up just to explain how to get a good rating on a search engine. But not
everyone can be in the top 100 so don't expect too much traffic from the search engines. If you are
higly rated you will get a lot of visitors (some people get 40%-60% of their vistiors from the search
engines).
I have found that, especially if a lot of sites have the same subject as you, you are very unlikely to get
in the top 100 for a major search term, so try concentrating on a different, less popular one. Here is an
example:
On Free Webmaster Help there is a tutorial explaining how to use PHP and MySQL together. Free
Webmaster Help has no chance of being in the top 100 for search terms such as 'webmaster
resources' or 'how to build a site' but does very well on searches for 'php mysql tutorial', and I have
found that a great many of my visitors enter the site through the PHP/MySQL tutorial. This niche
A common mistake people make is to get Search Engines mixed up with Web Directores. Web
Directories are collections of sites which are organised into catagories. They are usually submitted and
Search engines alre just a huge database of sites, descriptions and keywords which can be searched.
They are collected by 'Spiders'. These are pieces of software which visit a website and 'spider it'. This
means that, they take the information from the META tags and then follow all the links on the page to
find more pages. When you submit to a search engine you are asking the spider to vist your site
This is one of the easiest things to do badly but actually submitting your site to a search engine and
gett,ing a good ranking is completely different. Your META tags play and important part here but so
does the actual text of your page. Before you submit your site you might want to do the following as it
Add keywords to your page. What this is is when you use the keywords from your Keywords and
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:171/203
Description: Web Design International offer competitively priced web design for medim and small
businesses around the globe. You can have your page designed, hosted and a domain name set up
and you can even have your web site in multiple languages
Keywords: web, design, site, make, international, translation, low cost, world, host, hosting, domain
Firstly you would start your page using something very like your description. Then you would follow
this with more information about your business. Several times in this you should include your major
keywords like 'web design' 'low cost' 'competitively priced' 'hosting' and 'domain name'. Don't be
tempted to keep repeating these words over and over again, though. Search engines will reject your
site if they think you are trying to get a higher ranking this way.
Next you should make sure that you have a lot of links to the other parts of your site from the front
page. This will help the search engine spiders to easily get to the rest of your site. On most search
engines every single page on your site will appear if the correct keywords are searched for.
Now you have prepared your site for the search engines it is time to start submitting it. The more
search engines you submit to the better. The most important, though, is Google. This is because
Google now provide the web page matches for Yahoo! and this is the most popular site on the web.
Yahoo! is an extremely important place to publicize your site. Because of this there is a complete
You should submit to all the main search engines such as Google and AltaVista but if there are any
specific search engines for your site then your should also submit your site to them (for instance music
If the search engine you are submitting to asks for your description and keywords, check that it is
actually a search engine and not a directory (especially if it asks for a catagory). Some do ask for
these, though. You can get them from the files you created last week and paste them into the form.
Part 3 - Directories
In the next part I will show you how to submit your site to the many web directories and give you some
tips on how to get your site listed on Yahoo!, the biggest directory of them all.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:172/203
Introduction
In the last part I explained the difference between search engines and directories and how to add your
site to a search engine effectively. In this part I will explain how to get your site listed in a directory and
Like search engines, directories have their problems. In the past, when the internet was small,
directories were very effective at their job. As an example, Yahoo, the most popular site on the
internet, started as two students' list of their favorite sites. They published it on the internet and it was
extremely popular.
Even now, a directory is a much better place to find what you want than a search engine. This is
because, usually, every single site on a directory has been visited by a human. They check that a site
is good quality and that it is being submitted to the correct category. This is excellent for users but it
This is mainly because there are so many sites listed it can take weeks to get your site added - or, in
the case of Yahoo, sometimes never. People have tried to overcome this by trying to get normal
people to sign up as a 'guide' or something similar, which means that you get to review the sites
coming in. The most famous of these is the Open Directory Project. This can give a webmaster an
Another problem with having human edited directories is that your site needs to be of a very high
standard to be accepted. If it isn't, the extremely busy reviewer will just take one quick look and then
Submitting your site to a directory is nearly as easy as submitting to a search engine. You just click
'Add my Site' and choose the category for it (more about this later). Then you usually give them your
URL, e-mail address, and a description of your site. Keywords are rarely needed. Sometimes they will
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:173/203
Most major search engines have a directory as well (although most are provided by the Open
Directory Project). There are also hundreds of specialist directories for different subjects (like 123
Webmaster.com for webmaster sites). If you would like to find one for your subject, take a look in the
Yahoo directory.
Getting listed on Yahoo is probably the best form of website promotion any webmaster can do. Being
the most popular website on the internet, every single site which is listed gets hundreds of visits from
it. If you are listed on Yahoo you can be quite sure that your site is going to get visitors.
Unfortunately Yahoo is nearly impossible to get into. Thousands of sites every day submit to be added
and most of them are completely useless sites. Yahoo only have a limited staff and it will take months
to get listed (if you actually get listed at all). So how can you increase your chances?
First of all don't bother with all the spam and adverts that tell you that for 'just' $150 they will tell you
As an example, once a newsletter for webmasters I read mentioned a 'secret e-mail address which
you can use to get your site listed if you have tried several times'. The next week the same newsletter
revealed that this e-mail address didn't exist and that they had made it up completely as an
experiment. The experiment showed that these companies' schemes don't work as, over the week, the
newsletter's editor had received several pieces of spam trying to sell him his own idea!
You can increase your chances of being reviewed, though, by following these guidelines (which also
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:174/203
• Find EXACTLY the right category for you. Smaller categories will give your site more chance
of being clicked on and there will be less sites being submitted so you have more chance of
being reviewed.
Although it won't work on Yahoo, you can try the following to get your site listed on some directories.
Go to the directory and apply to become a 'guide' or 'editor' for your section. If you get accepted you
Introduction
In part 3 I explained about directories and Yahoo! In this part I am going to focus on FFA Links pages.
These are Free For All Links Pages, sites where anyone can add a link for free.
Some webmasters claim that FFA Links Pages are no use and that their bad points outweigh their
good ones but I do not agree. I will show you why I think that it is worth submitting your site to them.
The first good point of being on a FFA Links Page is, of course, that there is a chance that someone
will click on the link on the page to your site. Unfortunately, there are so many thousands of sites, big
and small, who are submitting to these pages that your site has a very low chance of being clicked on,
in fact some FFA Links Pages only keep links for a few weeks before deleting them as they have so
many submissions.
There is one time, though, when your link has an extremely good chance of being clicked on.
Sometimes only for a day, your link will be listed as a new link on the main page (or a major page) and
at the top of your category. Most of the FFA Links pages are very popular and get thousands of
visitors every day. In your first week you will get nearly all of your clicks and most of these will be in
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:175/203
The main reason why you should add your site to these pages is that Google includes the number of
sites who link to you in its calculation of how high your site appears in the rankings. If you are listed on
a FFA Links Page you will have another site linking to you, and your ranking will rise.
One major disadvantage of the FFA Links Pages is that they have realized that it is good for a
webmaster to have a link on their page as they have so many visitors. Because of this they can
request your e-mail address before you submit your site. They will then send you what is effectively
spam (unsolicited e-mail). Although you can have your name removed from their mailing lists it is
Submitting your site to a Free For All Links Page is a little more complex than adding your site to a
directory or search engine. Unlike for search engines this is where mass submission tools become
very useful.
Before you start, though, there is something very important you must do. Go to a free e-mail provider
like Hotmail or Yahoo and set up a free e-mail account. This is very important because you do not
want to use your main e-mail address when signing up because of the amount of e-mail you will
Next go and find a good site submission tool. There will be links on many major webmaster sites (try
our directory) or you can do a search. Try to find ones which offer the largest number of sites (usually
over 1000) as you need to get into as many as possible to get a good number of hits. Don't pay any
attention to the search engines it says it will submit your site to. They don't usually work and, if you
have been following this tutorial, you will already have submitted your site.
Now you must fill in the form it provides with your sites name and URL and the e-mail address you set
up. You may also need to provide a description or keywords, for which you should use your standard
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:176/203
Other Sites
There are some FFA Links Pages which are not usually included in the site submission tools. These
are usually of a slightly higher quality and they sometimes require to look at your site or a linkback
from your site to add you. Some ones you should submit personally to are:
• Free.com
• FreebiesPlanet.com
• FreakyFreddies.com
• iFreebies.com
Now you are on some FFA Links Pages you should start getting some extra traffic to your site but,
as I mentioned earlier, you will soon go down in the rankings and some sites will even drop your
site. I would suggest that, at least once a month, you resubmit your site (possibly even using a
different submission tool) so that you are back at the top again. Some FFA Links Pages will not
allow this but it will all be automated and will not make any difference to the submission process.
Introduction
In the last part I explained how to use Free For All Links Pages. In this part I will tell you about one of
the most powerful ways of promoting your site. This one will require you to do some hard work but will
How To Start
Before making some reciprocal links you should understand what they are. A reciprocal link is when
you make a link to another website and they make a link back to your site. In this way you will each be
There is no 'reciprocal linking Yahoo' (although there are some links pages and directories who require
a link back to them). You will actually have to find the sites to link to and contact the webmaster
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:177/203
Before you start making links, though, you must be prepared. You should have at least one 468x60
pixel banner, one 88x31 pixel button and a short text link about your site, for example:
Or something similar. It will be different depending on your site, for example someone selling
You should make a page on your website which has these links and the code used to add them to
someone else's site (you can copy it from your WYSIWYG editor's HTML code window if you are using
one). You must test this before putting it on the internet and make sure the code will point to your
Write a little paragraph on this page inviting people to exchange links with you and give them an e-mail
You might also want to set up a 'Links' section of your site for you to put all your return links on.
Finding Partners
This is where the real work is. You have now got to go out and find link partners. To get the most out
of link exchanges you must target the right sites. There are three things you should look for:
1. Similar but not identical content. For example, if you sell CDs you will want to exchange links
with some bands and entertainment sites but don't exchange links with another CD shop.
2. About the same size of site. For example, if your CD shop gets 10 visitors a week you should
not try to exchange links with huge entertainment sites getting 10,000 visitors a day.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:178/203
3. Sites which have other adverts and links on them. For example there would be no point in
your CD shop trying to exchange links with a guitar manufacturer who have no banners or
One excellent way to find sites is to search on the search engines for something to do with your site.
Then start visiting the pages until you find one which looks like it fits all the criteria above. Now you
Exchanging Links
The first thing you should look for is a section on this site like the one on your site which asks for link
exchanges (it could be called 'Link To Us'. If you find it then choose one of the links and copy the
code. Paste it into your site and then upload it. You have now linked to their site. Now you must
contact them.
If they provide a form on the website to fill in then just fill it in and submit it. More often than not,
though, you will need to e-mail the webmaster. This is an art in itself as you want to give the
webmaster the right attitude. If they like the look of a link exchange they are more likely to put your link
Dear <Name> (Try and find out the webmaster's real name. Personal e-mails work better)
I have just visited your site and I think that the information about <information> would be of interest to
my visitors. (Put something about their site in here so that they realize it isn't just a generic e-mail. If
I have placed a link to your site at <link location> and I would appreciate it if you would link back to my
<insert code>
(For this section include the URL of the page where they can find the link to your site. The URL of your
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:179/203
site so that the webmaster can look at it and the code for the equivalent link to the one you have
placed on your site. For example if you placed a text link to the site then offer the code for your text
link.)
Thank You
<Your Name>
<Your E-mail>
This e-mail is just a sample and you should adapt it depending on the site you are linking to.
Reciprocal linking requires a bit of thought. It's not as easy as submitting to a search engine.
It is a good idea to visit the sites you have exchanged links with occasionally. There are two reasons
for this. Firstly you should make sure that your link is still being displayed and if it isn't e-mail the
webmaster and ask why. Secondly it is sometimes a good idea to sign the guestbook or post a
message in the other websites message board. This is not really essential but if you remember that a
webmaster who likes you will place your link higher. Webmasters like feedback and message board
If you have a lot of links it might be a good idea to make a database or spreadsheet listing them all.
Include on it the URL of the site you have exchanged links with, the type of link and any other
information. Every few months all you have to do is run through this database and check all the links
etc.
In the next part I will show you how you can increase you visitor numbers by posting messages on
newsgroups and message boards, writing articles and using e-mail signatures
Introduction
In part 5 I showed you how to exchange links with other webmasters to increase your site's popularity.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:180/203
In this part I will show you how to promote your site in more subtle ways. Basically, you can increase
E-Mail Signatures
E-mail is the main reason most people use the internet. Knowing this is very important as it provides a
whole new way of promoting your site. Before explaining how to get visitors through e-mail I will make
something very clear: NEVER SPAM! Sending spam (unsolicited e-mail) is a very bad idea. You will
never have a popular website if you do it and you are more likely to create a bad impression than get
extra visitors.
You can, though, benefit from e-mail by including an 'advert' for your site in every single e-mail you
send. Think about that for a minute, most people send many, many e-mails every week and if every e-
mail you send has an advert on it you are certainly going to get some extra visitors.
An example of this in action is Microsoft's Hotmail. It is the most popular free e-mail provider on the
internet with tens of millions of users. How did they do it? Signatures. Every single e-mail sent from
Hotmail has:
at the bottom of it. This caused thousands of people who received these messages to sign up. With no
You can do your own version of this, too. It is called adding an e-mail signature. This is a few lines
after your name to give information to the reader. You can include your e-mail address, website
address, ICQ/AIM number, or anything you like (in fact a lot of people have amusing signatures). For
D. P. Mishra
webmaster@bitdurg.org
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:181/203
As you can see from this, I provide all my contact information and a quick summary of what my
website is about. This is sent on every e-mail I write (although I have several variations of it) and,
You could just type all this out every time but there is an easier way. Most e-mail programs offer a
signature option. This allows you to define one or more signatures which you can add to your
• Don't try to make pictures out of keyboard characters, they will not display properly on all
programs
• Include the http:// in front of your web address. This will make a clickable link in most e-mail
software.
There are two ways to promote your site through newsgroups and forums (message boards). Both
Firstly, you can promote your website by contributing to the discussions and including your e-mail
signature on the posting. This will have the same effect as sending an e-mail except there could be
hundreds, if not thousands, of people reading each message. This is an effective way of promoting
your site.
Another way you can get extra visitors by using a newsgroups or forum is by referring people to your
website for more information. This only works with some websites (mainly ones providing
information/tutorials etc.). You must be careful, though, not to make the mistake of spamming the
newsgroup or forum. This is when you post a message just to promote your website (or an advert for a
product etc.) with no real purpose. This is nearly as bad as spamming by e-mail.
You should try to get well known in one or two forums or newsgroups. Don't only promote your site in
postings but try to reply to some with information, not just giving a URL for your site. This will increase
your credibility and make people more likely to visit your site.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:182/203
One important thing to remember, though is that you should never just reply to a message with a URL.
Include even a small bit of text. For example instead of just using a URL put a minimum of something
like:
SITE URL
Try to point users to the exact page for the information they are looking for. They will be much more
likely to visit if they think that they can get the information they want without having to search through
your site.
Writing Articles
A very good way of promoting your site, and one which is not widely used, is writing articles for other
websites and newsletters. Newsletters are actually the best place to do this and it is a totally free way
Firstly, you will need to find a newsletter which is about the same subject as your site and that you can
write a short article for. Sign up to this newsletter and read it for a few issues to get an idea of what
Next you will need to write your article. You should try and write it in the same style as is used by the
newsletter you are submitting to. To increase your chance of being included you should format your
article correctly. Write it in plain text and place an enter at the end of each line. Lines should be shorter
than 75 characters.
A good idea when writing articles is to try not to promote your site directly in the article. People will like
and trust you more if it looks like you are writing the article to help them, not to promote your site.
So where do you get the free promotion from then? Well, if you provide an article to a newsletter (or
website) for free then you will get a byline in return. This is a few lines after the article which credit it to
The next thing you have to do is send an e-mail to the newsletter editor (or the newsletter's contact
address) with your article and byline attached (either in the e-mail or as a text file). Tell them that you
are offering this article for them to use and that they can use it for free if they include your byline.
If you get an article placed in a major newsletter you will certainly get some extra visitors. Some
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:183/203
newsletters are sent to tens of thousands of people and, if you have a good byline, you should get
In the final part I will show you how you can increase your site's popularity using banner and button
exchanges.
Introduction
In part 6 I showed you how to promote your site by writing e-mails and articles. In this, the final part, I
will show you how you can benefit from banner and button exchanges.
What Is An Exchange?
The most common type of exchange is a banner exchange so I will concentrate on this first. Basically
a banner exchange is a large system where you can have your banner displayed on other sites.
You sign up to the exchange and give them the URL of your banner. Then you receive some code to
put on your site. This code will display another banner from the exchange on the site and log the view.
You will have an account where all the times a banner is viewed on your site is logged. These are
For every impression you earn you will be given a number of impressions on another site. This is
usually done at a ratio of something like 2:1 (for every 2 banner impressions you display on your site
you receive 1 impression of your banner on another site). This sounds a bit unfair but the site running
the exchange needs a lot of bandwidth and resources and the spare impressions are used to display
advertising banners. You may find rates as good as 10:9, though, where only 1 in 10 banners are
Some people wonder why a banner exchange is worthwhile if you only receive 1 banner impression
for every 2 you display. You could be using this space on your website for paid advertising, making
you money.
The main reason for doing an exchange, though, is that you are getting for free what could cost you a
lot of money, advertising on another website. You are almost sure to benefit from an exchange,
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:184/203
Another reason for joining an exchange is that you do not always have do give up your banner or
prime advertising space. It is because of this that many new exchanges have been set up dealing in
button and box advertising. These are much smaller and can be placed in navigation bars or just at
With all the different options for exchanges, what are they all. Banners are the standard 468x60 pixel
images you see at the top and bottom of most websites. They are by far the most popular way of
Buttons are 88x31 pixel images. Being very small, they are usually found under navigation bars or in
clusters at the bottom of pages. They are becoming more popular as a method of advertising.
Boxes are usually 120 pixels wide and can vary in height. They are usually found in navigation bars or
next to the banner at the top of a page. They are not particularly popular way of having an exchange
Exchange Tips
There are literally hundreds of exchange programs on the web, going from large networks, with
millions of member websites, right down to tiny exchanges with a few members. Their display ratios
Finding the right exchange program for your website can be difficult but it is usually better to go for a
specific exchange which is related to your website because you are likely to get a much higher click
through rate (the chances of your banner being clicked on (usually around 1%)). With the big
exchanges, although you are categorized, you have less of a chance of having your banner clicked
on.
Another useful tip is to get as many impressions as possible. Even if you think that your advertising
space is too valuable to give up you are never going to get a decent amount of visitors through the
exchange unless you get a lot of impressions. Put the code on every page of your site so that you get
as many as possible.
If you don't have one already, you should get a counter or tracker which tells you the referring URL of
your visitors (the site they have come from). Sitemeter is an excellent option. Although, this will allow
you to see where your visitors have come from it will not tell you if they came through the banner
exchange. If a site appears that you don't think you have a link on, visit it. If you see a banner or
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:185/203
button from the exchange you are a member of then the visitor probably came through the exchange.
Most exchanges also offer statistics that will tell you the number of impressions and clicks you have
received.
Finding Exchanges
Finding exchanges is actually the easiest part of using an exchange effectively. You can just do a
search on a search engine. Another way of finding them is by looking at the banners and buttons on
other people's sites. These will sometimes have a link under them to the exchange. You can also
move your mouse over the button. The URL displayed in the status bar will tell you where you can find
the exchange.
What Now?
After these 7 parts of the promotion tutorial you should have a very good idea of how to promote your
site. Now you should just continue the promotion process, as if you stop your visitor numbers will fall. If
You must not forget, though, to keep developing your site and adding new content to make visitors
Success
The content is in your hands. You have achieved success for your web site if it:
You've invested the time, energy and money into building a great website, one that you believe will
drive traffic and create opportunities for your business. Web-wise, you're done, and you can sit back
and reap the rewards of your Internet presence, right? Not exactly. There's no denying that creating a
website and placing yourself in the online sphere is the first (and a very essential) part of effectively
marketing your business. Proper Internet marketing is not a one-step process, however. Like any good
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:186/203
marketing tool, a website is only effective if it's relevant; having an outdated site is arguably more
detrimental than having no site at all. Not convinced? Put yourself in a user's (and potential
customer's) position. Who wants to trust a source that is "stagnant" or out of date? Regardless of what
they are consuming, customers want to believe that what you are offering them is available (who
hasn't been excited by the lure of a special offer, and equally frustrated when told that the offer no
longer exists?). Consumers also need to feel that they won't be able to find an improved version of
Beyond the practical reasons for an updated website are less obvious but equally important
indication of sloppiness or indifference on the part of the distributor; both indications are likely to breed
distrust among customers. (If a business can't be bothered to update their website, perhaps they can't
be bothered to do other potentially vital things.) So you know that website maintenance is an important
part of your online strategy. But how do you know how much website maintenance is enough, and
what type of maintenance is right for your website? Before delving into any specific details, try to
Information Type
Put more simply, what are you trying to sell? Is it a tangible product, some form of skill or knowledge,
or something different? The way you maintain your site, and how often you maintain it, will naturally
"Season".
Can you identify a time of year (be it a quarter, a month, or even a week) when business opportunities
are at their biggest and you want your website promotion to really go the distance? Clearly, this is not
always an easy question to answer (unless you run a website advertising Halloween costumes or
holiday trinkets). Most businesses have loosely defined ebbs and flows in their output, which make the
"season" parameter hard to define. But if you can come up with a target time frame, based up on
experience and research, when you believe your business can really extend its potential, then you can
Audience.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:187/203
Who is going to be looking at your site? Remember that maintenance plans with lots of "bells and
whistles" may be a waste of time and money for businesses marketing to a more low-tech audience,
Depending on the size of your website, and the frequency with which you make changes, anywhere
from one to ten hours per month should suffice. Most website design firms offer maintenance
packages whereby the more hours you sign up for, the less the cost per hour.
Treat your website maintenance plans as you would any other business plan-one that involves
afterthoughtsomething to be taken care of as time allows and with whatever budget is remaining.
Make this mistake, and you'll be playing catch-up for the duration of your site's existence.
Planning
Before your first web page is created or redesigned you should consider the following questions:
While this may seem like an obvious question it is one that is all too often neglected.
This is an important question to ask, as it will help you to shape your content and measure you
business, you may have a product or service you wish to market. In the case of a Chesapeake Bay
Gateways site your motivation may be to increase travel to your site or even to sell you products.
Deciding why you are developing or redeveloping a website should help you determine
your goals (e.g. educate, inform, attract visitors, entertain, sales, etc.). Your goals determine your
audience, content, function, and the site's look and feel.You should develop specific and measurable
Knowing who your users are helps you efficiently address their needs. After all your website will exist
solely to serve the users - without the users you would not
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:188/203
require a site. It is important to realize that your users may not always be who you think they are. If
you have an existing website an analysis of the log files may shed some light on the composition of
your users. You may find that you have several types of users (k-12 student, college students, general
public, etc.). Creating user profiles or personas may help you to identify the needs of your users.
• What tasks do your users need to accomplish? Different types of users will likely visit your site for
various reasons. Think of the tasks that various users might want to accomplish on your site, this will
Technology
Once you have determined the purpose, goals and user needs you will be ready to begin thinking
• What are technology requirements? Websites can be quite simply in nature or very complex. To
determine the technological needs of your website it is important to know your goals, objectives and
user needs. Working with a web professional you can determine what technologies will be needed to
• Avoid using “bleeding edge technologies”. The term “bleeding edge technology” is used to
describe the latest, often unproven technology. While the latest technologies may offer solutions to
problems you have encountered, using unproven and new technologies is not recommended. It is
important to remember that while you may have cutting edge equipment and a super high speed
Content
The most important aspect of your website is the content. The content of your site is what will attract
• Keep content fresh. Since content is the most important aspect of your website it is necessary to
• Spelling and grammar are important. Mistakes in spelling or grammar degrade the credibility of
your website.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:189/203
While a website may share many similarities with other types of media (TV, radio, and print) it is
• Use interactive content (games, puzzles and contests). Interactive content engages the user with
• Follow writing for the web guidelines. Did you know that people read 25-50% slower from a
computer screen than they do paper? In order to be effective text for the web should be concise,
Usability/Accessibility
Websites are designed to be used and therefore should be easy to use. Your website user’s needs
• Know the attributes of a usable site. A usable site should be easy to learn, efficient to use, easy to
• Conduct user test on your site early and often. You can begin user testing your website even
before the first web page is coded by using methods such as paper prototyping. Following an iterative
design process can help address usability problems before a final product is launched.
• Follow a user-centered design approach. Users are the reason your site exists. You site should
While many in the web design community mistakenly assume that accessibility issues only affect
disabled users this is not the case. Users can have functional and/or
situation limitations that affect their ability to use your website. Having a site that is accessible to all
Design
While content is the most important aspect of your website it is the design that facilitates the ability of
users to access the content. A successfully designed website is able to get users quickly and
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:190/203
• Efficient and consistent navigation. Navigation is the most critical design element when
developing a website. Navigation should be easy to use and consistent across your site
• Consistent look and feel. Many websites in the early days of the Internet had a different look and
feel to virtually every page.This not only makes the site seem non-cohesive but can hinder the user
experience.
• Web has potential to be great equalizer. Whether a small organization or large, the web gives you
• Graphics should be simple and meaningful. Although many users now have high-speed
broadband Internet connections many still connect through low speed modem connections. Graphics
can greatly increase page download times and affect user satisfaction.
Marketing
• Choosing a proper domain name. Your domain name is often the first contact a user will have with
your site. Domain names should be short and meaningful. Your URL should be no more than 75
characters.
• Monitor and evaluate your site. It is important to continually evaluate your site in terms of your
goals. Are you reaching your target audience? Is your site easy to use?
In order to be successful users must be able to find your site. Making sure your site has what it takes
Are there other sites that might want to link to your site, perhaps state travel, chamber of commerce or
• Put your web address on everything. Include your URL in stationary, business cards, brochures,
• Create an e-mail mailing list. Publish an e-mail newsletter with links to your site. This is a great way
• Add URL to signature line of employee e-mail. Another simple way to spread your URL.
• Conduct contest tied to the website. This is a great way to engage your user and encourage them
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:191/203
• Advertise your site on TV and radio. Use other forms of media to promote your website. Include
Quick Tips
Things to Do:
• No splash page!
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:192/203
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:193/203
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:194/203
Internet permits to download files from vast selection of sample application like digital arts and music
and may other offerings. Software companies promote their product by maintaining sites where their
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:195/203
customers can obtain samples of updated and related information. Entertainment companies may
supply sound and video files of movies and video games too.
Shareware: Software that is distributed freely (sometimes in limited or list format) on trial basis if you
like software and want to continue the use then you must have to register for it
Software that reminds you to register all the times is often called Nagware
http://www.tucows.com
http://hyperarchive.lcs.mit.edu
Napster is free windows program available to any one over Internet, but heaviest users are students
who are enjoying high speed connectivity of Internet. The fast connection enables napster to
download computer coded music file in as little as 10 seconds. Anyone running napster over Internet
connection can enter in online music community populated at any time by thousands of other users .
Introduction to FTP
Introduction
FTP is an essential part of the internet, not only for people building web sites but also for people
downloading files. FTP stands for File Transfer Protocol and is the best way of sending files from one
Software
Depending on what you are planning to do with your FTP software you should pick different ones.
There are hundreds of free pieces of software so there is a very good choice. The three software
• Cute FTP
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:196/203
• FTP Explorer
• Elite FTP
Cute FTP used to be the best shareware FTP program around. It is easy to use and has many
functions. Unfortunately, because it has become so popular, the latest version only allows you to
transfer one file at a time unless you register. If you can find a copy of version 2.6.* it is an excellent
FTP Explorer is not such a good program as Cute FTP but it is freeware so there are no annoying
Elite FTP is not such a good program for uploading standard files but I think it works better if you are
working with CGI as you can send commands to the server by typing them in. I would only suggest
this for CGI as it does not work with some servers properly and for some reason can't rename files!
Downloading Files
One good reason to use FTP is to download files. FTP is much faster than standard HTTP downloads
(through your browser). The two ways to download via FTP are quite easy. One is to find the file you
want on the internet and then copy the shortcut to the file. After doing this open your FTP program and
paste it into the Quick Connect dialog box. Click OK and the program will connect to the file and begin
to download it.
The second way to download a file via FTP is to connect to a download site through the software and
then navigate through it to find the files you want. Follow the instructions below to connect. Usually
these sites allow you to log in using anonymous FTP. This means that you either do not enter a user
name and password or use anonymous as your user name and your e- mail address as your
password. Two servers you can use to download files are ftp.download.com and ftp.cdrom.com.
Connecting To A Server
Because there are so many FTP programs you could use I will show you how to use FTP Explorer.
Most of them look the same, though, and this technique will work with most of them.
When you open the FTP program a connection dialog box will appear (if it doesn't you should run the
This is the screen where you need to enter all the information for a connection you want to set up. This
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:197/203
will be saved so you only need to enter it once. The following may appear on this screen. Some of the
Setting Description
A name for the profile you have just created on your computer. This is just a name for
Profile Name
you to remember the connection by.
This is the server the computer will connect to (like ftp.download.com). It will be given
Host Address
to you by your web host or download site.
This is the port on the remote computer the software will connect to. It does not
Port
normally need to be changed.
Your user name. If you do not have one put in anonymous (and select the anonymous
Login
or anonymous login option)
Password Your password. For anonymous login either use your e-mail address or leave blank.
The first directory which will be opened on the remote computer. This is normally not
Initial Path
used.
This is the number of times the computer will try to download (or upload) a file if it is
Attempts
interrupted.
Download
The directory on your computer where files will be downloaded to.
Path
An area where you can put notes for yourself which will be stored with the connection
Description
information.
What Now?
Now you are connected to an FTP site. If you want to you can now go on and download or upload files
(it is quite easy to get the hang of). If you aren't sure what to do then read on. In the next part we will
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:198/203
Introduction
Once you have connected to the FTP server you will want to upload and download files. First of all I
will cover how to download a file to your computer and then how to upload a file to a remote server.
Downloading
As in the last part, I will use Cute FTP to demonstrate how to download a file from the archives at
The first thing you need to do is to set up a profile for the connection. Click Add Site and call it
cdrom.com
You don't need a user name and password so choose anonymous login or type anonymous as your
user name.
You can leave the rest of the variables and click OK. Now double click the connection to connect to
the site.
You should get a view like this on the screen. The left pane shows files on your computer and the right
pane shows files on the remote computer. To find a file to download use the right pane as you would
Once you are there right click on a file and choose Download from the menu. It will be transferred to
your hard disk. This is how to download any file from an FTP site.
Uploading Files
A major use of FTP is to upload files to a server. This is mainly used when creating websites. If you
would like to try uploading a file you will first of all need a web host with FTP access. You can find a
Once you have got the FTP server information from the host, set up a new profile as you would for
downloading (you will need a user name and password this time) and connect to the server.
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:199/203
The screen will appear the same as it did before. Now you will want to find the file to upload. In the left
pane navigate to the folder which holds the file (or files) on your computer. Now navigate to the folder
you want on the right hand pane (on the server). If you would like to create a folder right click in the
To upload a file choose it in the left hand pane and right click it. Click Upload. The file will be uploaded
to the server. Now use a web browser to check that the file exists on the server.
• If you have the choice, download by FTP, not via the browser as it is much faster.
• You can sometimes use an FTP site for normal download sites by adding ftp. to their address,
• Upload and download large files when there is not too much web traffic (during the night
Anonymous: Anonymous server is the most common FTP server. The Internet FTP sites that
allows anonymous type of FTP do not require a password for access. You can log on
Non Anonymous: In this you must have to get yourself logged on by specifying username
and password .ie its compulsion to check your authenticity in case of Non Anonymous type of
FTP servers
FTP Clients:
FTP runs on client/server model so in order to use it you must have to run it on your machine. To start
FTP session first we have to run FTP client to contact with server and FTP client talks with FTP server
FTP client uses TCP to communicate and create session between the two host
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
File On Internet
Disc Users
Remote
Internet & Web Technology Page No:200/203
FTP daemon continuously runs on FTP server and is responsible for handling all the FTP request’s or
transactions. When FTP client contacts FTP Server, the daemon will ask for account number or name
and password and then lets to perform desired task or operations. Suppose you want to change
directories on FTP server your client software sends instructions to FTP daemon by using command
link to perform respective operation in response daemon returns output over same link eg listing of
files and directories that you have changed is visible on your client machine and whenever you want to
Whenever we issue a command to download file , a second connection is opened up called the data
2. Binary mode: Used for sending binary files and lets files unchanged
ftp hostname
above command opens an ftp session with the remote host and following table shows major ftp
Command Description
Bell This command toggles the bell on or off. The bell is off by default if turned on
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:201/203
Telnet
Telent stand for telecommunication network, it is virtual terminal protocol which allows user to log on to
The most remarkable feature of Internet is it allows us to use the resources of remote
computer from any where as an example its possible to access the resources or files of office’s
computer just by sitting on home PC this is possible by means of Telnet. Telnet follows client server
model which means that you have to run a piece of software on your local computer to access the
resources of distant/host computer. Host computer allows many clients to access its resources at
same time ie host computer is not bounded to provide service to specific client
Working Of Telnet
Client Server
Server waiting
for Request
Client
perform
telnet
Internet
Telnet follows client server methodology when user on local computer decides to log on to remote
computer user invokes a local application program for the remote login service and enter the name of
remote computer to contact and in response server sends same login prompt used in case of
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:202/203
conventional terminals. Once connection is established between client & server software allows user
Server Daemon
Server daemon is Unix program that continuously runs on server machine and is waiting for some
requests from client its responsible for providing services to clients based on their request and these
Daemon manages all types of tasks, including mail management, networking Internet services, FTP
sessions, and NFS services. Some daemons are triggered automatically by events to perform their
work. Other daemon operate at set time intervals because they spend most of their inactive, waiting
Terminal Emulation
A personal computer can connect via modem to a large computer and run a terminal emulation
program. The most common terminal emulation is VT100. The computer works like a dumb terminal,
Many terminal emulation programs can emulate DEC terminals, including the VT52 and
VT200 series terminal ex tty is Unix command that displays pathname of your terminals device file
$ tty [option]
option Description
-s Causes tty not to print any output but set the exit status to 0 if standard input
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
Internet & Web Technology Page No:203/203
A virtual room where a chat session takes place is called chat room. If two computers are connected
through Internet the Internet Relay Chat (IRC) application provides a platform for the users to chat.
Technically, a chat room is really a channel, but the term room is used to promote the chat metaphore.
A worldwide bulletin board system that can be accessed through the Internet or through many online
services is called? Usenet service. The Usenet contains more than 14,000 forums, called newsgroup,
that cover every imaginable interest group. It is used daily by millions of people around the world
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org