Internet and Web Technology B.E. 6th Sem I.T.

Internet & Web Technology Page No:1/203
Comparison of Web Technologies
The Advantages of Servlets Over “Traditional” CGI
Java servlets are more efficient, easier to use, more powerful, more portable, safer, and cheaper than
traditional CGI and many alternative CGI-like technologies.
Efficient
With traditional CGI, a new process is started for each HTTP request. If the CGI program itself is
relatively short, the overhead of starting the process can dominate the execution time. With servlets,
the Java Virtual Machine stays running and handles each request using a lightweight Java thread, not
a heavyweight operating system process. Similarly, in traditional CGI, if there are N simultaneous
requests to the same CGI program, the code for the CGI program is loaded into memory N times. With
servlets, however, there would be N threads but only a single copy of the servlet class. Finally, when a
CGI program finishes handling a request, the program terminates. This makes it difficult to cache
computations, keep database connections open, and perform other optimizations that rely on
persistent data. Servlets, however, remain in memory even after they complete a response, so it is
straightforward to store arbitrarily complex data between requests.
Convenient
Servlets have an extensive infrastructure for automatically parsing and decoding HTML form data,
reading and setting HTTP headers, handling cookies, tracking sessions, and many other such high-
level utilities. Besides, you already know the Java programming language. Why learn PERL too?
You’re already convinced that Java technology makes for more reliable and reusable code than does
C++. Why go back to C++ for server-side programming?
Powerful
Servlets support several capabilities that are difficult or impossible to accomplish with regular CGI.
Servlets can talk directly to the Web server, whereas regular CGI programs cannot, at least not
without using a server-specific API. Communicating with the Web server makes it easier to translate
relative URLs into concrete path names, for instance. Multiple servlets can also share data, making it
easy to implement database connection pooling and similar resource-sharing optimizations. Servlets
Compiled by: Mr. D. P. Mishra Lecturer Comp. Sci. & Engg. BIT, Durg
Cell: 9229594625, e-mail: dpmishra@bitdurg.org
can also maintain information from request to request, simplifying techniques like session tracking
and caching of previous computations.
Portable
Servlets are written in the Java programming language and follow a standard API. Consequently,
servlets written for, say, I-Planet Enterprise Server can run virtually unchanged on Apache, Microsoft
Internet Information Server (IIS), IBM WebSphere, or StarNine WebStar. For example, virtually all of
the servlets and JSP pages in this book were executed on Sun’s Java Web Server, Apache Tomcat
and Sun’s JavaServer Web Development Kit (JSWDK) with no changes whatsoever in the code. Many
were tested on BEA WebLogic and IBM WebSphere as well. In fact, servlets are supported directly or
by a plug-in on virtually every major Web server. They are now part of the Java 2 Platform, Enterprise
Edition (J2EE; see http://java.sun.com/j2ee/), so industry support for servlets is becoming even more
pervasive.
Secure
One of the main sources of vulnerabilities in traditional CGI programs stems from the fact that they are
often executed by general-purpose operating system shells. So the CGI programmer has to be very
careful to filter out characters such as backquotes and semicolons that are treated specially by the
shell. This is harder than one might think, and weaknesses stemming from this problem are constantly
being uncovered in widely used CGI libraries. A second source of problems is the fact that some CGI
programs are processed by languages that do not automatically check array or string bounds. For
example, in C and C++ it is perfectly legal to allocate a 100-element array then write into the 999th
“element,” which is really some random part of program memory. So programmers who forget to do
this check themselves open their system up to deliberate or accidental buffer overflow attacks.
Servlets suffer from neither of these problems. Even if a servlet executes a remote system call to
invoke a program on the local operating system, it does not use a shell to do so. And of course array
bounds checking and other memory protection features are a central part of the Java programming
language.
Inexpensive
There are a number of free or very inexpensive Web servers available that are good for “personal” use
or low-volume Web sites. However, with the major exception of Apache, which is free, most
commercial-quality Web servers are relatively expensive. Nevertheless, once you have a Web server,
no matter its cost, adding servlet support to it (if it doesn’t come preconfigured to support servlets)
costs very little extra. This is in contrast to many of the other CGI alternatives, which require a
significant initial investment to purchase a proprietary package.
JavaServer Pages
JavaServer Pages (JSP) technology enables you to mix regular, static HTML with dynamically
generated content from servlets. Many Web pages that are built by CGI programs are primarily static,
with the parts that change limited to a few small locations. For example, the initial page at most on-line
stores is the same for all visitors, except for a small welcome message giving the visitor’s name if it is
known. But most CGI variations, including servlets, make you generate the entire page via your
program, even though most of it is always the same. JSP lets you create the two parts separately.
Listing 1.1 gives an example. Most of the page consists of regular HTML, which is passed to the
visitor unchanged. Parts that are generated dynamically are marked with special HTML-like tags and
mixed right into the page.
1.4 The Advantages of JSP
JSP has a number of advantages over many of its alternatives. Here are a few of them.
Versus Active Server Pages (ASP)
ASP is a competing technology from Microsoft. The advantages of JSP are
twofold. First, the dynamic part is written in Java, not VBScript or another
ASP-specific language, so it is more powerful and better suited to complex applications that require
reusable components. Second, JSP is portable to other operating systems and Web servers; you
aren’t locked into Windows NT/2000 and IIS. You could make the same argument when comparing
JSP to ColdFusion; with JSP you can use Java and are not tied to a particular server product.
Versus PHP
PHP is a free, open-source HTML-embedded scripting language that is somewhat similar to both ASP
and JSP. The advantage of JSP is that the dynamic part is written in Java, which you probably already
know, which already has an Listing 1.1 A sample JSP page
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD><TITLE>Welcome to Our Store</TITLE></HEAD>
<BODY>
<H1>Welcome to Our Store</H1>
<SMALL>Welcome,

<%= Utils.getUserNameFromCookie(request) %>
To access your account settings, click
<A HREF="Account-Settings.html">here.</A></SMALL>
<P>
Regular HTML for all the rest of the on-line store’s Web page.
</BODY>
</HTML>
extensive API for networking, database access, distributed objects, and the like, whereas PHP
requires learning an entirely new language.
Versus Pure Servlets
JSP doesn’t provide any capabilities that couldn’t in principle be accomplished with a servlet. In fact,
JSP documents are automatically translated into servlets behind the scenes. But it is more convenient
to write (and to modify!) regular HTML than to have a zillion println statements that generate the
HTML. Plus, by separating the presentation from the content, you can put different people on different
tasks: your Web page design experts can build the HTML using familiar tools and leave places for
your servlet programmers to insert the dynamic content.
Versus Server-Side Includes (SSI)
SSI is a widely supported technology for inserting externally defined pieces into a static Web page.
JSP is better because you have a richer set of tools for building that external piece and have more
options regarding the stage of the HTTP response at which the piece actually gets inserted. Besides,
SSI is really intended only for simple inclusions, not for “real” programs that use form data, make
database connections, and the like.
Versus JavaScript
JavaScript, which is completely distinct from the Java programming language, is normally used to
generate HTML dynamically on the client, building parts of the Web page as the browser loads the
document. This is a useful capability but only handles situations where the dynamic information is
based on the client’s environment. With the exception of cookies, the HTTP request data is not
available to client-side JavaScript routines. And, since JavaScript lacks routines for network
programming, JavaScript code on the client cannot access server-side resources like databases,
catalogs, pricing information, and the like. JavaScript can also be used on the server, most notably on
Netscape servers and as a scripting language for IIS. Java is far more powerful, flexible, reliable, and
portable.
Versus Static HTML
Regular HTML, of course, cannot contain dynamic information, so static HTML pages cannot be based
upon user input or server-side data sources. JSP is so easy and convenient that it is quite reasonable
to augment HTML pages that only benefit slightly by the insertion of dynamic data. Previously, the
difficulty of using dynamic data precluded its use in all but the most valuable instances.
1.5 Installation and Setup
Before you can get started, you have to download the software you need and configure your system to
take advantage of it. Here’s an outline of the steps involved. Please note, however, that although your
servlet code will follow a standard API, there is no standard for downloading and configuring Web or
application servers. Thus, unlike most sections of this book, the methods described here vary
significantly from server to server, and the examples in this section should be taken only as
representative samples. Check your server’s documentation for authoritative instructions.
Obtain Servlet and JSP Software
Your first step is to download software that implements the Java Servlet 2.1 or 2.2 and JavaServer
Pages 1.0 or 1.1 specifications. If you are using an up-to-date Web or application server, there is a
good chance that it already has everything you need. Check your server documentation or see the
latest list of servers that support servlets at http://java.sun.com/products/ servlet/industry.html.
Although you’ll eventually want to deploy in a commercial-quality server, when first learning it is useful
to have a free system that you can install on your desktop machine for development and testing
purposes. Here are some of the most popular options:
• Apache Tomcat.
Tomcat is the official reference implementation of the servlet 2.2 and JSP 1.1 specifications. It can be
used as a small stand-alone server for testing servlets and JSP pages, or can be integrated into the
Apache Web server. However, many other servers have announced upcoming support, so these
specifications will be covered in detail throughout this book. Tomcat, like Apache itself, is free.
However, also like Apache (which is very fast, highly reliable, but a bit hard to configure and install),
Tomcat requires significantly more effort to set up than do the commercial servlet engines. For details,
see http://jakarta.apache.org/.
• JavaServer Web Development Kit (JSWDK).
The JSWDK is the official reference implementation of the servlet 2.1 and JSP 1.0 specifications. It is
used as a small stand-alone server for testing servlets and JSP pages before they are deployed to a
full Web server that supports these technologies. It is free and reliable, but takes quite a bit of effort to
install and configure. For details, see http://java.sun.com/products/servlet/download.html.
• Allaire JRun.
JRun is a servlet and JSP engine that can be plugged into Netscape Enterprise or FastTrack servers,
IIS, Microsoft Personal Web Server, older versions of Apache, O’Reilly’s WebSite, or StarNine
WebSTAR. A limited version that supports up to five simultaneous connections is available for free;
the commercial version removes this restriction and adds capabilities like a remote administration
console. For details, see http://www.allaire.com/products/jrun/.
• New Atlanta’s ServletExec.
ServletExec is a servlet and JSP engine that can be plugged into most popular Web servers for
Solaris, Windows, MacOS, HP-UX and Linux. You can download and use it for free, but many of the
advanced features and administration utilities are disabled until you purchase a license. For details,
see http://newatlanta.com/.
• LiteWebServer (LWS) from Gefion Software.
LWS is a small free Web server derived from Tomcat that supports servlets version 2.2 and JSP 1.1.
Gefion also has a free plug-in called WAICoolRunner that adds servlet 2.2 and JSP 1.1 support to
Netscape FastTrack and Enterprise servers. For details, see http://www.gefionsoftware.com/.
• Sun’s Java Web Server.
This server is written entirely in Java and was one of the first Web servers to fully support the servlet
2.1 and JSP 1.0 specifications. Although it is no longer under active development because Sun is
concentrating on the Netscape/I-Planet server, it is still a popular choice for learning
What is a JSP Page?
A JSP page is a text-based document that describes how to process a request to create aresponse.
The description intermixes template data with some dynamic actions and leverageson the Java
Platform. The features in the JSP technology support a number of different paradigms for authoring of
dynamic content; some of them are described in Section 1.6. The next couple of examples only
attempt to present the technical components of the JSP specification and are not prescribing “good” or
“bad” paradigms.
An Example Using Scripting and Beans
An simple example of a JSP page is shown in FIGURE 1-1. The example shows the response page,
which is intended to be a short list with the day of the month and year at the moment when the request
is received. The page itself contains fixed template text and additional elements described by the JSP
specification that are shown underlined in the figure. As the request reaches the page, the response is
created based on the template text. As the first element is reached, a server-side Bean object is
created with name clock and type calendar.jspCalendar. This object can be used and modified later in
the page. In particular, the next two elements access properties of the object and insert these values
into the response page as strings.
FIGURE 1-1 A JSP Page using Beans and Scripting
An Example Using a Tag Library
FIGURE 1-2 is another example of a JSP page. This page uses custom actions to create the server-
side object and then to produce the response data. In the example, a taglib directive first makes
available into this page a tag library for data base queries. The directive indicates the tag library to use
and provides a prefix to use locally in this page to name those actions. Designing tag libraries is a
delicate effort, analogous to that of designing a language; we are making no special effort here to
define tags that are useful for any but pedagogical purposes. For the purposes of this example, we will
assume that this fictitious tag library introduces four actions :
A queryBlock action introduces a data base connection; it can contain queryStatement actions and
queryCreateRow actions. The connData attribute refers to connection-specific data, like login and
password, that are to be defined elsewhere; see Appendix 5.8.3 for suggestions on where to place the
information.
A queryStatement action must be enclosed in a queryBlock. A queryStatement’s body is a SQL
statement; it will use the connection data defined in the enclosing queryBlock.
JSP Container JSP Page
request
response
<html>
<jsp:useBean id=”clock”
class=”calendar.jspCalendar” />
<ul>
<li>Day: <%=clock.getDayOfMonth() %>
<li>Year: <%=clock.getYear() %>
</ul>
</html>
A queryCreateRows action must be enclosed in a queryBlock action. A queryCreateRows action will
iterate over the results of the last executed query and will generate up to as many rows as requested.
A queryDisplay action must be enclosed in a queryCreateRows action. A queryDisplay action will
access the requested field from the current iteration in queryCreateRows and insert the value into the
out object.
FIGURE 1-2 A JSP page using custom actions
In this example:
• The x:queryCreateRows action implicitly refers to the object created by the x:queryStatement
within the same x:queryBlock
• The x:queryDisplay actions refer to the current row in the query result that is being iterated
over by x:queryCreateRows
• The code that locates a connection (perhaps from a connection pool), performs the JDBC™
API query, and navigates through the result of this query is hidden in the implementation of
the custom actions. This encourages division of labor and isolation from changes.
<html>
<%@ taglib uri=”http://acme.com/taglibs/simpleDB.tld” prefix=”x” %>
<x:queryBlock connData=”conData1”>
<x:queryStatement>
SELECT ACCOUNT, BALANCE FROM ...
</x:queryStatement>
The top 10 accounts and balances are:
<table>
<tr><th>ACCOUNT</th><th>BALANCE</th></tr>
<x:queryCreateRows from=”1” to=”10”>
<td><x:queryDisplay field=”ACCOUNT”/></td>
<td><x:queryDisplay field=”BALANCE”/></td>
</x:queryCreateRows>
</table>
</x:queryBlock>
</html>
Components and Containers
The JavaServer Pages technology builds on the Servlet standard extension. JavaServer Pages is a
Standard Extension that is defined extending the concepts in the Servlet Standard Extension. JSP 1.1
uses the classes from Java Servlet 2.2 specification.
JSP pages and Servlet classes are collectively referred as Web Components. JSP pages are
delivered to a Container that provides the services indicated in the JSP Component Contract.
JSP 1.1 and Servlet 2.2 rely only on features in the Java Runtime Environment 1.1, although they are
compatible with, and can take advantage of, the Java 2 Runtime Environment.
1.3 Features in JSP 1.1
The JavaServer Pages specification includes:
• Standard directives
• Standard actions
• Script language declarations, scriptlets and expressions
• A portable tag extension mechanism.
Most of the integration of JSP pages within the J2EE platform is inherited from the reliance on the
Servlet 2.2 specification.
1.4 Overview of JSP Page Semantics
This section provides an overview of the semantics of JSP pages
1.4.1 Translating and Executing JSP Pages
A JSP page is executed in a JSP container, which is installed on a Web server, or on a Web enabled
application server. The JSP container delivers requests from a client to a JSP page and responses
from the JSP page to the client. The semantic model underlying JSP pages is that of a servlet: a JSP
page describes how to create a response object from a request object for a given protocol, possibly
creating and/or using in the process some other objects.
All JSP containers must support HTTP as a protocol for requests and responses, but a container may
also support additional request/response protocols. The default request and response objects are of
type HttpServletRequest and HttpServletResponse, respectively.
A JSP page may also indicate how some events are to be handled. In JSP 1.1 only init and destroy
events can be described: the first time a request is delivered to a JSP page a jspInit() method, if
present, will be called to prepare the page. Similarly, a JSP container can reclaim the resources used
by a JSP page at any time that a request is not being serviced by the JSP page by invoking first its
jspDestroy() method; this is the same life-cycle as that of Servlets. A JSP page is represented at
request-time by a JSP page implementation class that implements the javax.servlet.Servlet interface.
JSP pages are often implemented using a JSP page translation phase that is done only once, followed
by some request processing phase that is done once per request. The translation phase creates the
JSP page implementation class. If the JSP page is delivered to the JSP container in source form, the
translation of a JSP source page can occur at any time between initial deployment of the JSP page
into the runtime environment of a JSP container and the receipt and processing of a client request for
the target JSP page.
A JSP page contains some declarations, some fixed template data, some (perhaps nested) action
instances, and some scripting elements. When a request is delivered to a JSP page, all these pieces
are used to create a response object that is then returned to the client. Usually, the most important
part of this response object is the result stream.
1.4.2 Compiling JSP Pages
JSP pages may be compiled into its JSP page implementation class plus some deployment
information. This enables the use of JSP page authoring tools and JSP tag libraries to author a
Servlet. This has several benefits:
• Removal of the start-up lag that occurs when a JSP page delivered as source receives the
first request.
• Reduction of the footprint needed to run a JSP container, as the java compiler is not needed.
If a JSP page implementation class depends on some support classes in addition to the JSP 1.1 and
Servlet 2.2 classes, the support classes will have to be included in the packaged WAR so it will be
portable across all JSP containers.
Appendix C contains two examples of packaging of JSP pages. One shows a JSP page that is
delivered in source form (probably the most common case) within a WAR. The other shows how a
JSP page is translated into a JSP page implementation class plus deployment information indicating
the classes needed and the mapping between the original URL that was directed to the JSP page and
the location of the Servlet.
Web Applications
A prototypical Web application can be composed from:
• Java Runtime Environment(s) running in the server (required)
• JSP page(s), that handle requests and generate dynamic content
• Servlet(s), that handle requests and generate dynamic content
• Server-side JavaBeans components that encapsulate behavior and state
• Static HTML, DHTML, XHTML, XML and similar pages.
• Client-side Java Applets, JavaBeans components, and arbitrary Java class files
• Java Runtime Environment(s) (downloadable via the Plugin) running in client(s) JSP 1.1
supports portable packaging and deployment of Web Applications through the Servlet 2.2
specification. The JavaServer Pages specification inherits from the Servlet specification the
concepts of Applications, ServletContexts, Sessions, Requests and Responses. See that
specification for more details.
Application Model
JSP pages can be used in combination with Servlets, HTTP, HTML, XML, Applets, JavaBeans
components and Enterprise JavaBeans components to implement a broad variety of application
architecture(s) or models.
Simple 21/2-Tier Application
The simple 2-tier model (accessing a database in the example above) describes the cgi-bin
replacement architecture that the Servlet model first enabled. This allows a JSP (or a Servlet) to
directly access some external resource (such as a database or legacy application) to service a client’s
request. The advantage of such a scheme is that it is simple to program, and allows the page author to
easily generate dynamic content based upon the request and state of the resource(s). However this
architecture does not scale for a large number of simultaneous clients since each must establish/or
share (ad-hoc) a (potentially scarce/expensive) connection to the resource(s) in question.
N-tier Application
In this model the application is composed of (n>=3) tiers, where the middle tier, the JSP, interacts with
the back end resources via an Enterprise JavaBeans component. The Enterprise JavaBeans server
and the EJB provide managed access to resources thus addressing the performance issues. An EJB
server will also support transactions and access to underlying security mechanisms to simplify
programming. This is the programming model supported by the Java2 Platform Enterprise Edition
(J2EE).
Loosely Coupled Applications
In this model we have two loosely coupled applications (either on the same Intranet, or over an
Extranet or the Internet). These applications may be peers, or act as client or server for the other. A
common example of this is supply chain applications between vendor enterprises. In such situations it
is important that each participant be isolated from changes in the implementation of it’s dependents. In
order to achieve this loose coupling the applications do not communicate using a fine grain imperative
interface contract like those provided for by RMI/IIOP or Java IDL. The applications communicate with
each other via HTTP, using either HTML or XML to/from a JSP page.
Using XML with JSP Technology
The JavaServer Pages technology is an ideal way to describe processing of XML input and output.
Simple XML generation can be done by just writing the XML as static template portions within the JSP
page. Dynamic generation will be done through JavaBeans components, Enterprise JavaBeans
components, or via custom actions that generate XML.
Similarly, input XML can be received from POST or QUERY arguments and then sent directly to
JavaBeans components, Enterprise JavaBeans components, or custom actions, or manipulated via
the scripting. There are two attributes of the JSP technology that make it specially suited for describing
XML processing. One is that XML fragments can be described directly in the JSP page either as
templates for input into some XML-consuming component, or as templates for output to be extended
with some other XML fragments. Another attribute is that the tag extension mechanism enables the
creation of specific actions and directives that are targeted at useful XML manipulation operations.
Future versions of the JSP specification may include several standard actions that will support XML
manipulation, including the transformation of the XML produced by the given JSP page using
XTL/XSL.
Redirecting Requests
It is common that the data to be sent to the client varies significantly depending on properties of the
client that are either directly encoded in the request object or can be discovered based on some
user/client profile (e.g. stored in a login database). In this case it is very convenient to have the initial
JSP page determine details about the request, perhaps create and/or update some server-side
objects, and then, if necessary, redirect the request to a different JSP page. This programming model
is supported by the underlying Servlet APIs. The properties of the HTTP protocol are such that the
redirect cannot be done if the response stream has started being sent back to the client; this
characteristic makes the description of some common situations quite inconvenient. To address this,
the JSP specification by default indicates buffering on the output stream. The JSP page can redirect
the request at any point before flushing the output buffer.
Buffering is also very convenient for error page handling, since that is done by redirecting the request.
Presentation JSP pages and Front JSP pages
In a slight variation of this model, the front component (a Servlet or a JSP) only creates and/ or
updates the server-side objects. In this organization, the front component does no presentation at all;
instead all presentation is done by a presentation component. Although the front component could be
written as a Servlet since it does no presentation, writing it as a JSP page enables the use of custom
actions for the creation and update of the server-side objects. The presentation component will almost
in all cases be a JSP page, and it will most likely access the server-side objects through custom
actions1.
1. Readers of the original JSP 0.92 draft will recognize the combination “front component is
servlet and presentation component is JSP” as the model 2 mentioned in that draft.
Including Requests
Another useful application model involves request includes. In this model, the request reaches an
initial JSP page. The page may start generating/composing some result but at some point it may want
to dynamically include the contents of some other page. These contents may be static but may also be
dynamically generated by some other JSP page, Servlet class, or some legacy mechanism like ASP.
Although in some cases this inclusion model is applicable to presentation-dependent contents, it is
most often used in the context of a presentation-independent content, like when the data generated is
actually XML (which may be converted later into some other format using, say, XSL).
The JSP Container
This chapter provides details on the contracts between a JSP container and a JSP page. This chapter
is independent on the Scripting Language used in the JSP page. Chapter 4 provides the details
specific to when the language directive has “java” as its value. This chapter also presents the
precompilation protocol (see Section 3.4).
JSP page implementation classes should use the JspFactory and PageContext classes so they will
take advantage of platform-specific implementations.
3.1 The JSP Page Model
As indicated in Section 1.4, “Overview of JSP Page Semantics”, a JSP page is executed by a JSP
container, which is installed on a Web Server or Web enabled Application Server. The JSP container
delivers requests from a client to a JSP page and responses from the JSP page to the client. The
semantic model underlying JSP pages is that of a Servlet: a JSP page describes how to create a
response object from a request object for a given protocol, possibly creating and/or using in the
process some other objects. A JSP page may also indicate how some events (in JSP 1.1 only init and
destroy events) are to be handled.
The Protocol Seen by the Web Server
The entity that processes request objects creating response objects should behave as if it were a Java
technology-based class; in this specification we will simply assume it is so. This class must implement
the Servlet protocol. It is the role of the JSP container to first locate the appropriate instance of such a
class and then to deliver requests to it according to the Servlet protocol. As indicated elsewhere, a
JSP container may need to create such a class dynamically from the JSP page source before
delivering a request and response objects to it.
Thus, Servlet defines the contract between the JSP container and the JSP page implementation class.
When the HTTP protocol is used, the contract is described by the HttpServlet class. Most pages use
the HTTP protocol, but other protocols are allowed by this specification.
The Protocol Seen by the JSP Page Author
The JSP specification also defines the contract between the JSP container and the JSP page author.
This is, what assumptions can an author make for the actions described in the JSP page. The main
portion of this contract is the _jspService() method that is generated automatically by the JSP
container from the JSP page. The details of this contract is provided in Chapter 4. The contract also
describes how a JSP author can indicate that some actions must be taken when the init() and
destroy() methods of the page implementation occur. In JSP 1.1 this is done by defining methods with
name jspInit() and jspDestroy() in a declaration scripting element in the JSP page. Before the first time
a request is delivered to a JSP page a jspInit() method, if present, will be called to prepare the page.
Similarly, a JSP container can reclaim the resources used by a JSP page at any time that a request is
not being serviced by the JSP page by invoking first its jspDestroy() method, if present.
A JSP page author may not (re)define any of the Servlet methods through a declaration scripting
element. The JSP specification reserves the semantics of methods and variables starting with jsp,
_jsp, jspx and _jspx, in any combination of upper and lower case.
The HttpJspPage Interface
The enforcement of the contract between the JSP container and the JSP page author is aided by
requiring that the Servlet class corresponding to the JSP page must implement the HttpJspPage
interface (or the JspPage interface if the protocol is not HTTP).
The involved contracts are shown in FIGURE 3-1. We now revisit this whole process in more detail.
JSP Page Implementation Class
The JSP container creates a JSP page implementation class for each JSP page. The name of the JSP
page implementation class is implementation dependent.
The creation of the implementation class for a JSP page may be done solely by the JSP container, or
it may involve a superclass provided by the JSP page author through the use of the extends attribute
in the jsp directive. The extends mechanism is available for sophisticated users and it should be used
with extreme care as it restricts what some of the decisions that a JSP container can take, e.g. to
improve performance.
The JSP page implementation class will implement Servlet and the Servlet protocol will be used to
deliver requests to the class.
A JSP page implementation class may depend on some support classes; if it does, and the JSP page
implementation class is packaged into a WAR, those classes will have to be included in the packaged
WAR so it will be portable across all JSP containers. A JSP page author writes a JSP page expecting
that the client and the server will communicate using a certain protocol. The JSP container must then
guarantee that requests from and responses to the page use that protocol. Most JSP pages use
HTTP, and their implementation classes must implement the HttpJspPage interface, which extends
JspPage. If the protocol is not HTTP, then the class will implement an interface that extends JspPage.
3.2.1 API Contracts
The contract between the JSP container and a Java class implementing a JSP page corresponds to
the Servlet interface; refer to the Servlet specification for details. The contract between the JSP
container and the JSP page author is described in TABLE 3-1. The responsibility for adhering to this
contract rests only on the JSP container implementation if the JSP page does not use the extends
attribute of the jsp directive; otherwise, the JSP page author guarantees that the superclass given in
the extends attribute supports this contract.
TABLE 3-1 How the JSP Container Processes JSP Pages
Comments Methods the JSP Container Invokes
Method is optionally defined in JSP page.
Method is invoked when the JSP page is initialized. When method is called all the methods in servlet,
including getServletConfig() are available
void jspInit()
Method is optionally defined in JSP page.
Method is invoked before destroying the page.
void jspDestroy()
Method may not be defined in JSP page.
The JSP container automatically generates this method, based on the contents of the JSP page.
Method invoked at each client request.
void _jspService(<ServletRequestSubtype>,
<ServletResponseSubtype>) throws
IOException, ServletException
EJB
The Enterprise Bean Component
Enterprise JavaBeans server-side components come in three fundamentally different types: entity,
session, and message-driven beans. Both session and entity beans are RMI-based server-side
components that are accessed using distributed object protocols. Message-driven beans process
messages from non-RMI systems like Java Message Service, legacy systems, and Web services. All
EJB servers must at least support a JMS-based message driven bean, but they may also support
other types of message-driven bean.
A good rule of thumb is that entity beans model business concepts that can be expressed as nouns.
For example, an entity bean might represent a customer, a piece of equipment, an item in inventory, or
even a place. In other words, entity beans model real-world objects; these objects are usually
persistent records in some kind of database. Our hypothetical cruise line will need entity beans that
represent cabins, customers, ships, etc.
Session beans are extensions of the client application that manage processes or tasks. A Ship bean
provides methods for doing things directly to a ship, but doesn't say anything about the context under
which those actions are taken. Booking passengers on the ship requires that we use a Ship bean, but
it also requires a lot of things that have nothing to do with the ship itself: we'll need to know about
passengers, ticket rates, schedules, and so on. A session bean is responsible for this kind of
coordination. Session beans tend to manage particular kinds of activities, such as the act of making a
reservation. They have a lot to do with the relationships between different entity beans. A TravelAgent
session bean, for example, might make use of a Cruise, a Cabin, and a Customer—all entity beans—
to make a reservation.
Similarly, message-driven beans coordinate tasks involving other session and entity beans. Message-
driven beans and session beans differ primarily in how they are accessed. While a session bean
provides a remote interface that defines which methods can be invoked, a message-driven bean
subscribes to or listens for messages. It responds by processing the message and managing the
actions that other beans take. For example, a ReservationProcessor message-driven bean would
receive asynchronous messages—perhaps from a legacy reservation system—from which it would
coordinate the interactions of the Cruise, Cabin, and Customer beans to make a reservation.
The activity that a session or message-driven bean represents is fundamentally transient: you start
making a reservation, you do a bunch of work, and then it's finished. The session and message-driven
beans do not represent things in the database. Obviously, session and message-driven beans have
lots of side effects on the database; in the process of making a reservation, you might create a new
Reservation by assigning a Customer to a particular Cabin on a particular Ship. All of these changes
would be reflected in the database by actions on the respective entity beans. Session and message-
driven beans like TravelAgent and ReservationProcessor, which are responsible for making a
reservation on a cruise, can even access a database directly and perform reads, updates, and deletes
to data. But there's no TravelAgent or ReservationProcessor record in the database—once the bean
has made the reservation, it waits to process another.
What makes the distinction between the different types of beans difficult to understand is that it's
extremely flexible. The relevant distinction for Enterprise JavaBeans is that an entity bean has
persistent state; session and message-driven beans model interactions but do not have persistent
state.
Classes and Interfaces
A good way to understand the design of enterprise beans is to look at how you'd go about
implementing one. To implement entity and session enterprise beans, you need to define the
1
component interfaces, a bean class, and a primary key:
Remote interface
The remote interface defines the bean's business methods which can be accessed from
applications outside the EJB container: the business methods a bean presents to the outside
world to do its work. The remote interface extends javax.ejb.EJBObject, which in turn extends
java.rmi.Remote. It is used by session and entity beans in conjunction with the remote home
interface.
1
There are basically three kinds of component interfaces: remote, local, and endpoint. The remote and local interfaces are
supported by both EJB 2.1 and 2.0, while the endpoint component interface is new in EJB 2.1 and is not supported by EJB
2.0.
Remote home interface
The home interface defines the bean's life-cycle methods which can be accessed from
applications outside the EJB container: the life-cycle methods for creating new beans,
removing beans, and finding beans. The home interface extends javax.ejb.EJBHome, which in
turn extends java.rmi.Remote. It is used by session and entity beans in conjunction with the
remote interface.
Local interface
The local interface for an enterprise bean defines business methods that can be used by
other beans in the same EJB container: the business methods a bean presents to other beans
running in the same JVM. It allows beans to interact without the overhead of a distributed
object protocol, which improves their performance. The local interface extends
javax.ejb.EJBLocalObject. It is used by session and entity beans in conjunction with the local
home interface.
Local home interface
The local home interface defines life-cycle methods that can be used by other beans in the
same EJB container; that is, the life-cycle methods a bean presents to other beans running in
the same JVM. It allows beans to interact without the overhead of a distributed object protocol,
which improves their performance. The local home interface extends
javax.ejb.EJBLocalHome. It is used by session and entity beans in conjunction with the local
interface.
Endpoint interface
The endpoint interface defines business methods that can be accessed from applications
outside the EJB container via SOAP. The endpoint interface is based on JAX-RPC (Java API
for XML-RPC) and is designed to adhere to the SOAP and WSDL standards. The endpoint
interface extends java.rmi.Remote. It can be used only by stateless session beans. There is
no home interface associated with the endpoint interface.
Message interface
Message-driven beans implement the message interface, which defines the methods by which
messaging systems, such as Java Message Service, can deliver messages to the bean..
Bean class
The session and entity bean classes implement the bean's business and life-cycle methods.
Note that the bean class usually does not implement the remote or local component
interfaces, but it may implement the endpoint interface. However, the bean class must have
methods matching the signatures of the methods defined in the remote, local, and endpoint
interfaces, and must have methods corresponding to some of the methods in both the remote
and local home interfaces. If this sounds perfectly confusing, it is. in addition, an entity bean
must implement javax.ejb.EntityBean; a session bean must implement javax.ejb.SessionBean.
The EntityBean and SessionBean extend javax.ejb.EnterpriseBean.
A message-driven bean implements one or more message delivery methods (e.g.,
onMessage()) defined in a message interface. The container calls these methods when a new
messages arrives. The message-driven bean class must also implement
javax.ejb.MessageDrivenBean. EJB 2.1 and 2.0 containers must support JMS-based
message-driven beans, which implement the javax.jms.MessageListener interface. EJB 2.1
also supports message-driven beans that process messages from other types of messaging
systems with their own message interfaces. The MessageDrivenBean, like the EntityBean and
the SessionBean, extends the javax.ejb.EnterpriseBean interface.
Primary key
The primary key is a class that provides a pointer into the database. Only entity beans need a
primary key. The only requirement for this class is that it implements java.io.Serializable.
Local interfaces provide a way for beans in the same container to interact efficiently. Calls to methods
in the local interface don't involve RMI; the methods in the local interfaces don't need to declare that
they throw RemoteException, and so on. An enterprise bean isn't required to provide a local interface
if you know when you're developing the bean that it will interact only with remote or Web service
clients. Likewise, an enterprise bean doesn't need to provide a remote or an endpoint interface if you
know it will be called only by enterprise beans in the same container. You can provide any
combination of local, remote, and endpoint interfaces.
The complexity comes about because enterprise beans exist in the middle—between some kind of
client software and some kind of database. The client never interacts with a bean class directly; it
always uses the methods of the entity or session bean's component interfaces to do its work,
interacting with stubs that are generated automatically. (For that matter, a bean that needs the
services of another bean is just another client: it uses the same stubs, rather than interacting with the
bean class directly.) Although the local and local home interfaces do not involve RMI, they still
represent a stub or a proxy to the bean class. While there is no network, the stubs allow the container
to monitor the interactions between beans and to apply security and transactions as appropriate.
It's important to note that message-driven beans don't support remote, local, or endpoint component
interfaces, but they may become the client of other session or entity beans and interact with those
beans through their component interfaces. The entity and session beans with which the message-
driven bean interact may be located in the same container, in which case the message-driven bean
use their local component interfaces; or, they may be located in a different address space and EJB
container, in which case the remote or endpoint component interfaces are used.
There are also many interactions between an enterprise bean and its server. These interactions are
managed by a container, which presents a uniform interface between the bean and the server. (Many
people use the terms "container" and "server" interchangeably, which is understandable because the
difference between the terms isn't clearly defined.) The container is responsible for creating new
instances of beans, making sure they are stored properly by the server, and so on. Tools provided by
the container's vendor do a tremendous amount of work behind the scenes. At least one tool takes
care of creating the mapping between entity beans and records in the database. Other tools generate
code based on the component interfaces and the bean class itself. The code generated does things
like create the bean, store it in the database, and so on.
Naming conventions
Before going on, let's establish some conventions. When we speak about an enterprise bean as a
whole—its component interfaces, bean class, and so forth—we will call it by its common business
name, followed by EJB. For example, an enterprise bean that is developed to model a cabin on a ship
will be called the Cabin EJB. Notice that we don't use a constant-width font for "Cabin,” because we
are referring to all the parts of the bean (the component interfaces, bean class, etc.) as a whole, not
just to one particular part, such as the remote interface or bean class. The term enterprise bean or
bean denotes any kind of bean, including entity, session, and message-driven beans. Entity bean
denotes an entity-type enterprise bean; session bean denotes a session-type enterprise bean; and
message-driven bean denotes a message driven-type enterprise bean. The acronym MDB is
frequently used in place of the term "message-driven bean."
We also use suffixes to distinguish between local, remote, and endpoint component interfaces. When
we are talking about the remote interface of the Cabin EJB, we will combine the common business
name with the word Remote. For example, the remote interface for the Cabin EJB is called the
CabinRemote interface. The local interface of the Cabin EJB would be the CabinLocal interface. The
endpoint interface for the Cabin EJB-based web service would be CabinWS (WS stands for Web
Service). The home interfaces add the word Home to the mix. The remote and local home interfaces
2
for the Cabin EJB would be CabinHomeRemote and CabinHomeLocal, respectively. The bean class
is always the common business name, followed by the word Bean. For example, the Cabin EJB's
bean class would be named CabinBean.
These naming conventions are used for clarity; they are not prescriptive or even recommended for use
in production. Once you understand the differences between the component interfaces and the
different types of beans, you can use any naming strategy you wish.
The remote interface
Having introduced the machinery, let's look at how to build an entity bean with remote component
interfaces. In this section, we examine the Cabin EJB, an entity bean that models a cabin on a cruise
ship. Let's start with its remote interface.
We'll define the remote interface for a Cabin bean using the CabinRemote interface, which defines
business methods for working with cabins. All remote interface types extend the javax.ejb.EJBObject
interface:
import java.rmi.RemoteException;
public interface CabinRemote extends javax.ejb.EJBObject {
public String getName() throws RemoteException;
public void setName(String str) throws RemoteException;
public int getDeckLevel() throws RemoteException;
public void setDeckLevel(int level) throws RemoteException;

}
2
The endpoint interface does not have a corresponding home interface.
These are methods for naming the cabin and setting the cabin's deck level; you can probably imagine
lots of other methods that you'd need, but this is enough to get started. All of these methods declare
that they throw RemoteException, which is required of all methods on remote component interfaces.
EJB requires the use of Java RMI-IIOP conventions with remote component interfaces, although the
underlying protocol can be CORBA IIOP, Java Remote Method Protocol (JRMP), or some other
protocol. Java RMI-IIOP will be discussed in more detail in the next chapter.
The remote home interface
The remote home interface defines life-cycle methods used by clients of entity and session beans for
locating enterprise beans. The remote home interface extends javax.ejb.EJBHome. We'll call the
home interface for the Cabin bean CabinHomeRemote, and define it like this:
import java.rmi.RemoteException;
import javax.ejb.CreateException;
import javax.ejb.FinderException;
public interface CabinHomeRemote extends javax.ejb.EJBHome {
public CabinRemote create(Integer id)
throws CreateException, RemoteException;
public CabinRemote findByPrimaryKey(Integer pk)
throws FinderException, RemoteException;
The create() method is responsible for initializing an instance of our bean. If your application needs
them, you can provide other create() methods with different arguments. For example, you could
provide a create() method that initialized the cabin’s deck and name.
The findByPrimaryKey() method, with a single Integer argument, is required, and allows you to look up
a particular Cabin given its primary key. You are free to define other methods that provide convenient
ways to look up Cabin beans—for example, you might want to define a method called findByShip()
that returns all the cabins on a particular ship. Find methods like these are used in entity beans but not
in session or message-driven beans.
The bean class
Now let's look at an actual entity bean. Here's the code for the CabinBean; it's a sparse
implementation, but it shows how the pieces fit together:
import javax.ejb.EntityContext;
public abstract class CabinBean implements javax.ejb.EntityBean {
public Integer ejbCreate(Integer id){
setId(id);
return null;
public void ejbPostCreate(Integer id){
// do nothing
public abstract String getName();
public abstract void setName(String str);
public abstract int getDeckLevel();
public abstract void setDeckLevel(int level);
public abstract Integer getId();
public abstract void setId(Integer id);
public void setEntityContext(EntityContext ctx){
// not implemented
public void unsetEntityContext(){
// not implemented
public void ejbActivate(){
// not implemented
public void ejbPassivate(){
// not implemented
public void ejbLoad(){
// not implemented
public void ejbStore(){
// not implemented
public void ejbRemove(){
// not implemented
Notice that the CabinBean class is abstract, as are several of the methods that access or update the
bean’s persistent state. Also notice that there are no instance fields to hold the state information these
methods access. The abstract methods (and the missing fields) are implemented by the container
system automatically. Container-managed entity beans are the only beans that are declared as
abstract with abstract accessor methods. You won't see abstract classes and methods in session or
message-driven beans.
The set and get methods for the cabin's name and deck level are the CabinBean's business methods;
they match the business methods defined by the EJB's remote interface, CabinRemote. The business
methods are the only methods visible to the client application; the other methods are visible only to the
EJB container or the bean class itself. For example, the setId()and getId() methods are defined in the
bean class but not in the remote interface, which means they cannot be called by the entity bean's
client. The other methods are required by the EJB component model and are not part of the bean
class's public business definition.
The ejbCreate() and ejbPostCreate() methods initialize the instance of the bean class when a new
cabin record is ready to be added to the database. The last seven methods in the CabinBean are
defined in the javax.ejb.EntityBean interface. These methods are life-cycle callback methods. The EJB
container invokes these callback methods on the bean class when important life-cycle events occur.
The ejbRemove() method, for example, notifies an entity bean that its data is about to be deleted from
the database. The ejbLoad() and ejbStore() methods notify the bean instance that its state is being
read or written to the database. The ejbActivate() and ejbPassivate() methods notify the bean instance
that it is about to be activated or deactivated, a process that conserves memory and other resources.
setEntityContext() enables the EJB container to give the bean information about itself and its
surroundings. unsetEntityContext() is called by the EJB container to notify the bean instance that it is
about to be dereferenced for garbage collection.
All these callback methods provide the bean class with notifications of when an action is about to be
taken, or was just taken, on the bean's behalf by the EJB server. These notifications simply inform the
bean of an event; the bean doesn't have to do anything about it. The callback notifications tell the
bean where it is during its life cycle, when it is about to be loaded, removed, deactivated, and so on.
Because the callback methods are defined in the javax.ejb.EntityBean interface, the entity bean class
must implement them, but it isn't required to do anything meaningful with the methods if it doesn't need
to. Our bean, the CabinBean, won't need to do anything when these callback methods are invoked, so
these methods are empty implementations.
The primary key
The primary key is a pointer that helps locate data that describes a unique record or entity in the
database; it is used in the findByPrimaryKey() method of the home interface to locate a specific entity.
Primary keys are defined by the bean developer and must be some type of serializable object. The
Cabin EJB uses a simple java.lang.Integer type as its primary key. It’s also possible to define custom
primary keys, called compound primary keys, which represent complex primary keys consisting of
several different fields.
What about session beans?
CabinBean is an entity bean, but a session bean wouldn't be all that different. It would extend
SessionBean instead of EntityBean and would have an ejbCreate() method that would initialize the
bean's state, but no ejbPostCreate(). Session beans do not have ejbLoad() or ejbStore() methods,
because session beans are not persistent. While session beans have a setSessionContext() method,
they do not have an unsetSessionContext() method. Session beans have ejbActivate() and
ejbPassivate() methods, which are used by stateful session beans to manage conversational state.
Finally, session beans provide an ejbRemove() method, which notifies the bean that the client no
longer needs it. However, this method doesn’t tell the bean that its data is about to be removed from
the database, because a session bean doesn't represent data.
Session beans don't have a primary key. That's because session beans are not persistent themselves,
so there is no need for a key that maps to the database.
What about message-driven beans?
Message-driven beans (MDBs) implement a message interface; they don’t implement remote, local,
endpoint, or home interfaces. The message-driven bean defines a few callback methods and one or
more message delivery methods. The callback methods include the ejbCreate() method, which is
called when the bean class is first created; the ejbRemove() method, called when the bean instance is
about to be discarded from the system (usually when the container doesn't need it any longer); and
the setMessageDrivenContext() method. The kind of message delivery methods implemented by the
MDB depend on the type of messaging service it supports. For example, a JMS-based MDB, which all
EJB containers must support, must implement the onMessage() method, which is called every time a
new asynchronous JMS message is delivered. The message-driven bean doesn't define the
ejbPassivate(), ejbActivate(), ejbLoad(), or ejbStore() methods because it doesn't need them.
Message-driven beans don't have a primary key, for the same reason that session beans don't. They
are not persistent, so there is no need for a key to the database.
Deployment Descriptors and JAR Files
The interfaces and classes we have discussed don’t address how beans are managed at runtime. We
didn't talk about how beans interact with security, transactions, naming, and other services common to
distributed object systems. These types of primary services are handled automatically by the EJB
container; but that begs the question, “How does the EJB container know how to handle security,
transactions, and so on?” The EJB container gets this kind of runtime information from deployment
descriptors.
Deployment descriptors allow us to customize an EJB’s runtime behavior without having to change the
software itself. Deployment descriptors are also similar to the property sheets used in Visual Basic and
PowerBuilder. Where property sheets allow us to describe the runtime attributes of visual widgets
(background color, font size, etc.), deployment descriptors allow us to describe runtime attributes of
server-side components (security, transactional context, etc.).
When a bean class and its interfaces have been defined, a deployment descriptor for the bean is
created and populated with data about the bean. Integrated development environments (IDEs) that
support development of Enterprise JavaBeans often allow developers to set up the deployment
descriptors they need using visual utilities like property sheets. After the developer has set all of the
bean’s properties, the deployment descriptor is saved to a file. Once the deployment descriptor is
completed and saved to a file, the bean can be packaged in a JAR file for deployment.
JAR (Java Archive) files are ZIP files that package Java classes and other resources that are ready to
be used in some type of application. JARs are used for packaging applets, Java applications,
JavaBeans, web applications (servlets and JSPs), and Enterprise JavaBeans. A JAR file containing
one or more enterprise beans includes the bean classes, component interfaces, and supporting
classes for each bean. It also contains one deployment descriptor, which is used for all the beans in
the JAR file. When a bean is deployed, the JAR file's location is given to the container's deployment
tools.
When the container opens the JAR file, it reads the deployment descriptor to learn about the bean and
how it should be managed at runtime. The deployment descriptor tells the deployment tools what kind
of beans are in the JAR file (session, entity, or message-driven), how they should be managed in
transactions, who has access to the beans at runtime, and other information. The person deploying
the bean can alter some of these settings, such as transactional and security access attributes, to
customize the bean for a particular application. Most container tools provide user-friendly property
sheets for reading and altering the deployment descriptor when the bean is deployed.
When Enterprise JavaBeans 1.0 was released, serializable classes were used for the deployment
descriptor. Starting with Enterprise JavaBeans 1.1, the serializable deployment descriptor classes
used in EJB 1.0 were dropped in favor of a more flexible file format based on the Extensible Markup
Language (XML). The XML deployment descriptors are text files structured according to a standard
schema (XML Schema in EJB 2.1 and Document Type Definition (DTD) in EJB 2.0) that can be
extended so the type of deployment information stored evolves as the specification evolves. The
following sections provide a brief overview of XML deployment descriptors.
EJB 2.1: Deployment descriptor
The following descriptor might be used to describe the Cabin bean in EJB 2.1:
<?xml version=”1.0” encoding=”UTF-8”?>
<ejb-jar xmlns=”http://java.sun.com/xml/ns/j2ee”
xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=”http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd”
version=”2.1”>
<enterprise-beans>
<entity>
<ejb-name>CabinEJB</ejb-name>
<home>com.titan.CabinHomeRemote</home>
<remote>com.titan.CabinRemote</remote>
<ejb-class>com.titan.CabinBean </ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
<reentrant>False</reentrant>
</entity>
</enterprise-beans>
</ejb-jar>
The first element in an EJB 2.1 deployment descriptor declares the document to be an XML document
conformant with XML Version 1.0 and the character encoding, which normally UTF-8.
The root element is the ejb-jar element. It declares the namespace of the EJB 2.1 XML Schema as
well as the schema's location. In addition, the ejb-jar element declares the version of EJB supported,
which in the case of EJB 2.1 is version "2.1".
EJB 2.0: Deployment descriptor
The following descriptor might be used to describe the Cabin bean in EJB 2.0:
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD EnterpriseJavaBeans 2.0//EN"
"http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<enterprise-beans>
<entity>
<ejb-name>CabinEJB</ejb-name>
<home>com.titan.CabinHomeRemote</home>
<remote>com.titan.CabinRemote</remote>
<ejb-class>com.titan.CabinBean </ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
<reentrant>False</reentrant>
</entity>
</enterprise-beans>
</ejb-jar>
The first element in an EJB 2.0 deployment descriptor is <!DOCTYPE>. This element describes the
organization that defined the DTD for the XML document, supplies the DTD's version, and provides a
URL for the DTD. The DTD describes how a particular XML document is structured.
EJB 2.1 and 2.0: Elements of the XML deployment descriptor
Now, let’s look more closely at the information in the deployment descriptor. Note that the deployment
descriptor for a real bean would have a lot more information; this example simply illustrates the type of
information you'll find in a deployment descriptor. Here's what the individual elements mean:
<ejb-jar>
The root of the XML deployment descriptor. All other elements must be nested below this one.
It must contain one <enterprise-beans> element and may contain other optional elements.
<enterprise-beans>
Contains declarations for all the enterprise beans described by this XML document. It may
contain <entity>, <session>, or <message-driven> (EJB 2.0) elements, which describe entity,
session, and message-driven enterprise beans, respectively.
<entity>
Describes an entity bean and its deployment information. There must be one of these
elements for every entity bean described by the XML deployment descriptor. While this
deployment descriptor describes a single entity bean, the <session> element is used in the
same way to describe a session bean. The <message-driven> element is different, as it does
not define any component interfaces.
<ejb-name>
The descriptive name of the enterprise bean. It is the name used for the enterprise bean in
conversation, when talking about the bean component as a whole.
<home>
The fully qualified class name of the remote home interface. This interface defines the life-
cycle behaviors (create, find, remove) of the enterprise bean to its clients outside the container
system.
<remote>
The fully qualified class name of the remote interface. This interface defines the enterprise
bean's business methods to its clients outside the container system.
<ejb-class>
The fully qualified class name of the bean class. This class implements the business methods
of the bean.
<prim-key-class>
The fully qualified class name of the enterprise bean's primary key. The primary key is used to
find the bean data in the database.
The last two elements in the deployment descriptor, the <persistence-type> and <reentrant> elements,
express the persistence strategy and concurrency policies of the entity bean. These elements are
explained in more detail later in the book.
As you progress through this book, you will be introduced to the elements that describe concepts we
have not covered yet, so don't worry about knowing all of the elements you might find in a deployment
descriptor.
EJB Objects and EJB Home
The entity and session beans both declare the component interfaces that their clients use to access
them. (Message-driven beans are a very different kind of animal). In EJB 2.0, clients outside the
container system always use the enterprise bean's remote component interfaces. In EJB 2.1, clients
outside the container system have the option of accessing stateless session beans as Web services.
For both EJB 2.1 and 2.0, clients within the same J2EE system (i.e., enterprise beans, Servlets, and
JSPs) can use local component interfaces to interact. This section explains how the component
interfaces are connected to instances of the bean class at runtime.
Now that you have a basic understanding of some of an enterprise bean’s parts (component
interfaces, bean class, and deployment descriptor), it's time to talk more precisely about how these
parts come together inside an EJB container system. Unfortunately, we can't talk as precisely as we'd
like. There are a number of ways for an EJB container to implement these relationships; we'll show
some of the possibilities. Specifically, we'll talk about how the container implements the component
interface of entity and session beans, so that clients—either applications outside the container or other
co-located enterprise beans—can interact with and invoke methods on the bean class.
The two missing pieces are the EJB object itself and the EJB home. You will probably never see the
EJB home and EJB object classes because their class definitions are proprietary to the vendor's EJB
implementation and are generally not made public. This practice is useful because it represents a
separation of responsibilities along areas of expertise. As an application developer, you are intimately
familiar with how your business environment works and needs to be modeled, so you will focus on
creating the applications and beans that describe your business. System-level developers, the people
who write EJB servers, don't understand your business, but they do understand how to develop CTMs
and support distributed objects. It makes sense for system-level developers to apply their skills to the
mechanics of managing distributed objects, but leave the business logic to you, the application
developer. Let's talk briefly about the EJB object and the EJB home so the missing pieces in the big
picture are understandable.
The EJB object
This chapter has said a lot about a bean's remote and local interfaces, which extend the EJBObject
and the EJBLocalObject interfaces, respectively. Who implements these interfaces? Clearly, the stub
does: we understand that much. But what about the server side?
On the server side, an EJB object is an object that implements the remote and/or local interfaces of
the enterprise bean. The EJB object is generated by your EJB container and wraps the enterprise
bean instance—that is, an instance of the enterprise bean class you've created (in our example, the
CabinBean) on the server and expands its functionality to include javax.ejb.EJBObject and/or
javax.ejb.EJBLocalObject behavior. This object works with the container to apply transactions,
security, and other system-level operations to the bean at runtime.
We’re forced to use "and/or" a lot when talking about which interface the EJB object implements.
That's because enterprise beans in EJB can declare the local interface, the remote interface, or both!
In EJB 2.1, stateless session beans can also implement an endpoint interface, which turns it into a
Web service. Regardless of which interfaces the bean implements, we can think of the EJB object as
implementing both. In reality, there may be a special EJB object for the remote interface and another
special EJB object for the local interface of each enterprise bean; that depends on the how the vendor
chooses to implement it. But that distinction, while it matters to EJB vendors, isn’t visible to EJB
developers.
A vendor can use a number of strategies to implement the EJB object. Figure 2-1 illustrates three
possibilities using the CabinRemote interface. The same implementation strategies apply to the
CabinLocal and javax.ejb.EJBLocalObject interfaces.
Figure 2-1: Three ways to implement the EJB object
In Figure 2-1(a), the EJB object is a classic wrapper because it holds a reference to the bean class
and delegates the requests to the bean. In Figure 2-1(b), the EJB object class actually extends the
bean class, adding functionality specific to the EJB container. In Figure 2-1(c), the bean class is no
longer included in the model. In this case, the EJB object has both the proprietary implementation
required by the EJB container and bean class method implementations that were copied from the
bean class's definition.
The EJB object design shown in Figure 2-1(a) is perhaps the most common. Throughout this book,
particularly in the next chapter, we will explain how EJB works with the assumption that the EJB object
wraps the bean class instance as depicted in Figure 2-1(a). But the other implementations are used; it
shouldn't make a difference which one your vendor has chosen. The bottom line is that you never
really know much about the EJB object: its implementation is up to the vendor. Knowing that the EJB
object exists answers a lot of questions about how enterprise beans are structured. But everything a
client (including other enterprise beans) needs to know about an enterprise bean is described by the
remote and home interfaces.
The EJB home
The EJB home is a lot like the EJB object. It's another class that's generated automatically when you
install an enterprise bean in a container. It implements all the methods defined by the home interfaces
(local and/or remote) and is responsible for helping the container manage the bean's life cycle. The
EJB home is responsible for locating, creating, and removing enterprise beans. These tasks may
involve working with the EJB server's resource managers, instance pooling, and persistence
mechanisms, the details of which are hidden from the developer.
For example, when a create method is invoked on a home interface, the EJB home creates an
instance of the EJB object that references a bean instance of the appropriate type. Once the bean
instance is associated with the EJB object, the instance's matching ejbCreate() method is called. In
the case of an entity bean, a new record is inserted into the database. With session beans, the
instance is simply initialized. Once the ejbCreate() method has completed, the EJB home returns a
remote or local reference (i.e., a stub) for the EJB object to the client. The client can then work with the
EJB object by invoking business methods. The stub relays the methods to the EJB object; in turn, the
EJB object delegates those method calls to the bean instance.
How does the EJB home know which type of EJB object reference (local or remote) to return? It
depends on which home interface is being used. If the client invokes a create() method on the remote
home interface, the EJB home returns a remote interface reference. If the client is working with a local
home interface, the EJB home returns a reference implementing the local interface. EJB requires that
the return type of remote home interface methods be remote interfaces and that the return type of
local home interface methods be local interfaces:
// The Cabin EJB's remote home interface
public interface CabinHomeRemote extends javax.ejb.EJBHome {
public CabinRemote create(Integer id)
throws CreateException, RemoteException;
public CabinRemote findByPrimaryKey(Integer pk)
throws FinderException, RemoteException;
// The Cabin EJB's local home interface
public interface CabinHomeLocal extends javax.ejb.EJBHome {
public CabinLocal create(Integer id)
throws CreateException;
public CabinLocal findByPrimaryKey(Integer pk)
throws FinderException;
Figure 2-2 illustrates the architecture of EJB with the EJB home and EJB object implementing the
home interface and remote or local interface. The bean class is wrapped by the EJB object.
Remember, though, that this is only an illustration. "EJB object" and "EJB home" are simply terms to
describe the EJB container's responsibilities for supporting the component interfaces. In reality, we
have no idea how the vendor chose to implement the EJB object and EJB home, since they are only
logical constructs and may not have equivalent software counterparts.
Deploying a bean
After the files that define the bean (the component interfaces and the bean classes) have been
packaged into a JAR file, the bean is ready to be deployed; that is, it can be added to an EJB
container so it can be accessed as a distributed component. During the deployment process, tools
provided by the EJB container vendor generate the EJB object and EJB home classes by examining
the deployment descriptor and the other interfaces and classes in the JAR file.
Figure : EJB architecture
Using Enterprise Beans
Let's look at how a client would use an enterprise bean to do something useful. We'll start with the
Cabin EJB defined earlier. A cabin is a thing or place with a description that is stored in a database. To
make the example a little more real, assume that there are other entity beans: Ship, Cruise, Ticket,
Customer, Employee, and so on.
Getting Information from an Entity Bean
Imagine that a GUI client needs to display information about a particular cruise: the cruise name, the
ship name, and a list of cabins. Using the cruise ID obtained from a text field, we can use our beans to
look up data about the cruise. Here's the code:
CruiseHomeRemote cruiseHome = ... ; // use JNDI to get the home
// Get the cruise ID from a text field.
String cruiseID = textFields1.getText();
// Create an EJB primary key from the cruise ID.
Integer pk = new Integer(cruiseID);
// Use the primary key to find the cruise.
CruiseRemote cruise = cruiseHome.findByPrimaryKey(pk);
// Set text field 2 to show the cruise name.
textField2.setText(cruise.getName());
// Get a remote reference to the ship that will be used
// for the cruise from the cruise bean.
ShipRemote ship = cruise.getShip();
// Set text field 3 to show the ship's name.
textField3.setText(ship.getName());
// Get all the cabins on the ship.
Collection cabins = ship.getCabins();
Iterator cabinItr = cabins.iterator();
// Iterate through the enumeration, adding the name of each cabin
// to a list box.
while(cabinItr.hasNext())
CabinRemote cabin = (CabinRemote)cabinItr.next();
listBox1.addItem(cabin.getName());
We start by getting a remote reference to the EJB home for an entity bean that represents a cruise.
We need a remote reference rather than a local one because the client is an application located
outside the EJB container. It's not shown in the example, but references to the EJB home are obtained
using JNDI. JNDI is a powerful API for locating resources, such as remote objects, on networks. JNDI
lookups are covered in subsequent chapters.
We read a cruise ID from a text field, use it to create a primary key, and use that primary key together
with the EJB home to get a CruiseRemote reference. This reference implements the bean’s business
methods. Once we have the appropriate Cruise EJB, we can ask the bean to give us a remote
reference to a Ship EJB that represents the ship used for the cruise. We can then call the
ship.getCabins() method to get a Collection of remote Cabin EJB references from the Ship EJB; and,
with the Cabin EJBs in hand, we can retrieve and display the names of the Cabin EJBs.
Modeling Taskflow with Session Beans
Entity beans are useful for representing data and describing business concepts that can be
expressed as nouns, but they're not very good at representing a process or a task. A Ship bean
provides methods and behavior for doing things directly to a ship, but it does not define the context
under which these actions are taken. The previous example retrieved data about cruises and ships;
we could also have modified this data. With enough effort, we could have figured out how to book a
passenger—perhaps by adding a Customer EJB to a Cruise EJB, or adding a customer to a list of
passengers maintained by the ship. We could try to shove methods for accepting payment and other
tasks related to booking into our GUI client application, or even into the Ship or Cabin EJBs, but that's
a contrived and inappropriate solution. We don't want business logic in the client application—that's
why we went to a multitier architecture in the first place. Similarly, we don't want this kind of logic in
our entity beans that represent ships and cabins. Booking passengers on a ship or scheduling a ship
for a cruise are the types of activities or functions of the business, not the Ship or the Cabin bean, and
are therefore expressed in terms of a process or task.
Session beans act as agents that manage business processes or tasks for the client; they're the
appropriate place for business logic. A session bean is not persistent; nothing in a session bean maps
directly into a database or is stored between sessions. Session beans work with entity beans, data,
and other resources to control taskflow. Taskflow is the essence of any business system, because it
expresses how entities interact to model the actual business. Session beans control tasks and
resources but do not themselves represent data.
The term "taskflow" was coined specifically for this book. It's derived from the term
"workflow," which is frequently used to describe the management of business
processes that may span several days with lots of human intervention. In contrast to
workflow, the term taskflow is used in this book to describe the interactions of beans
within a single transaction that takes only a few seconds to execute.
The following code demonstrates how a session bean designed to make cruise-line reservations might
control the taskflow of other entity and session beans. Imagine that a piece of client software, in this
case a user interface, obtains a remote reference to a TravelAgent session bean. Using the
information entered into text fields by the user, the client application books a passenger on a cruise:
// Get the credit card number from the text field.
String creditCard = textField1.getText();
int cabinID = Integer.parseInt(textField2.getText());
int cruiseID = Integer.parseInt(textField3.getText());
// Create a new Reservation session passing in a reference to a
// customer entity bean.
TravelAgent travelAgent = travelAgentHome.create(customer);
// Set cabin and cruise IDs.
travelAgent.setCabinID(cabinID);
travelAgent.setCruiseID(cruiseID);
// Using the card number and price, book passage.
// This method returns a Ticket object.
TicketDO ticket = travelAgent.bookPassage(creditCard, price);
This is a fairly coarse-grained abstraction of the process of booking a passenger: most of the details
are hidden from the client. Hiding the fine-grained details of taskflow is important because it provides
the system with flexibility as it evolves: we know that we will always want to book passengers, but the
process for booking a passenger may change.
The following listing shows some of the code for the TravelAgentBean. The bookPassage() method
works with three entity beans, the Customer, Cabin, and Cruise EJBs, and another session bean, the
ProcessPayment EJB. The ProcessPayment EJB provides several methods for making a payment,
including check, cash, and credit card. In this case, we use the ProcessPayment bean to make a
credit card payment. Once payment has been made, a serializable TicketDO object is returned to the
client.
public class TravelAgentBean implements javax.ejb.SessionBean {
public CustomerRemote customer;
public CruiseRemote cruise;
public CabinRemote cabin;
public void ejbCreate(CustomerRemote cust){
customer =cust;
public TicketDO bookPassage(CreditCardDO card,double price)
throws IncompleteConversationalState {
if (customer == null ||cruise == null ||cabin == null){
throw new IncompleteConversationalState();
try {
ReservationHomeRemote resHome = (ReservationHomeRemote)
getHome("ReservationHome",ReservationHomeRemote.class);
ReservationRemote reservation =
resHome.create(customer,cruise,cabin,price,new Date());
ProcessPaymentHomeRemote ppHome = (ProcessPaymentHomeRemote)
getHome("ProcessPaymentHome",ProcessPaymentHomeRemote.class);
ProcessPaymentRemote process = ppHome.create();
process.byCredit(customer,card,price);
TicketDO ticket = new TicketDO(customer,cruise,cabin,price);
return ticket;
}catch(Exception e){
throw new EJBException(e);
// More business methods and callback methods follow
This example leaves out some details, but it demonstrates the difference in purpose between a
session bean and an entity bean. Entity beans represent the behavior and data of a business object,
while session beans model the taskflow. The client application uses the TravelAgent EJB to perform a
task using other beans. For example, the TravelAgent EJB uses a ProcessPayment EJB and a
Reservation EJB in the process of booking passage. The ProcessPayment EJB processes the credit
card, and the Reservation EJB records the actual reservation in the system. Session beans can also
be used to read, update, and delete data that can't be adequately captured in an entity bean. Session
beans don't represent records or data in the database, but they can access data.
All of the work performed by the TravelAgent session bean could have been coded in the client
application. Having the client interact directly with entity beans is a common but troublesome design
approach because it ties the client directly to the details of the business tasks. This is troublesome for
two reasons: any changes in the entity beans and their interaction require changes to the client, and
it's very difficult to reuse the code that models the taskflow.
Session beans allow clients to perform tasks without being concerned with the details that make up
the task. A developer can update the session bean, possibly changing the taskflow, without affecting
the client code. In addition, if the session bean is properly defined, other clients that perform the same
tasks can reuse it. The ProcessPayment session bean, for example, can be used in many areas
besides reservations, including retail and wholesale sales. For example, the ship's gift shop could use
the ProcessPayment EJB to process purchases. As a client of the ProcessPayment EJB, the
TravelAgent EJB doesn't care how ProcessPayment works; it's only interested in the ProcessPayment
EJB's coarse-grained interface, which validates and records charges.
Moving taskflow logic into a session bean also simplifies the client application and reduces network
traffic. Excessive network traffic is a common problem for distributed object systems: it can overwhelm
the server and clog the network, hurting response time and performance. Session beans, if used
properly, can reduce network traffic by limiting the number of requests needed to perform a task. The
user of session beans keeps the interaction between the beans involved in a taskflow on the server.
One method invocation on the client application results in many method invocations on the server, but
the network sees only the traffic produced by the client’s call to the session bean. In the TravelAgent
EJB, the client invokes bookPassage(); in turn, bookPassage() makes several method invocations on
other enterprise beans. Furthermore, the TravelAgent bean may be in the same container as the other
beans, and therefore can use the local interfaces, further reducing network traffic. For the network
cost of one method invocation, the client gets several method invocations.
In addition, session beans reduce the number of network connections that the client needs. The cost
of maintaining many network connections can be high, so reducing the number of connections each
client needs improves the performance of the system as a whole. Figure 2-3 compares the network
traffic and connections generated by a client that uses only entity beans to those generated by a client
that uses session beans.
Figure 2-3: Session beans reduce network traffic and thin down clients
Session beans also limit the number of stubs used on the client, which saves the client memory and
processing cycles. This may not seem like a big deal, but without the use of session beans, a client
might be expected to manage hundreds or even thousands of remote references at one time. In the
TravelAgent EJB, for example, the bookPassage() method works with several remote references, but
the client is exposed only to the TravelAgent’s remote reference.
Stateless and stateful session beans
Session beans can be either stateful or stateless. Stateful session beans maintain conversational
state when used by a client. Conversational state is not written to a database; it's information that is
kept in memory while a client carries on a conversation with an enterprise bean, and is lost when the
conversation ends. For example, a client making a reservation through the TravelAgent bean may call
the methods that set cabin and cruise IDs. These IDs are part of the session’s conversational state,
and affect the behavior of subsequent method calls—for example, the call to bookPassage() that
makes the actual reservation. Conversational state is kept for only as long as the client application is
actively using the bean. Once the client shuts down or releases the TravelAgent EJB, the
conversational state is lost forever. Stateful session beans are not shared among clients; they are
dedicated to the same client for the life of the enterprise bean.
Stateless session beans do not maintain any conversational state. Each method is completely
independent and uses only data passed in its parameters. The ProcessPayment EJB is a perfect
example of a stateless session bean: it doesn't need to maintain any conversational state from one
method invocation to the next. All the information needed to make a payment is passed into the
byCreditCard() method. Stateless session beans provide better performance and consume fewer
resources than entity and stateful session beans because a few stateless session bean instances can
serve hundreds and possibly thousands of clients.
Message-Driven Beans
Message-driven beans are integration points for other applications interested in working with EJB
applications. Java applications or legacy systems that need to access EJB applications can send
messages to message-driven beans via JMS. This bean processes those messages and performs the
required tasks using other entity and session beans. EJB 2.1 is not limited to JMS-based message-
driven beans: message-driven beans can support any messaging system that implements the correct
JCA 1.5 (J2EE Connector Architecture Version 1.5) contracts. However, support for JMS-based
message-driven beans (JMS-MDBs) in EJB 2.1 is mandatory, so JMS-MDBs are the type of message-
driven bean addressed in this section.
In many ways, JMS-MDBs fulfill the same role as session beans: they manage the taskflow of entity
and session beans. The task is initiated by an asynchronous message sent by an application using
JMS. Unlike session beans, which respond to business methods invoked on their component
interfaces, a JMS-MDB responds to messages delivered through its onMessage() method. Since the
messages are asynchronous, the client that sends them doesn't expect a reply. The messaging client
simply sends the message and forgets about it.
As an example, we can recast the TravelAgent EJB developed earlier as the ReservationProcessor
JMS message-driven bean:
public class ReservationProcessorBean implements javax.ejb.MessageDrivenBean,
javax.jms.MessageListener {
public void onMessage(Message message) {
try {
MapMessage reservationMsg = (MapMessage)message;
Integer customerPk = (Integer)reservationMsg.getObject("CustomerID");
Integer cruisePk = (Integer)reservationMsg.getObject("CruiseID");
Integer cabinPk = (Integer)reservationMsg.getObject("CabinID");
double price = reservationMsg.getDouble("Price");
CreditCardDO card = getCreditCard(reservationMsg);
CustomerRemote customer = getCustomer(customerPk);
CruiseLocal cruise = getCruise(cruisePk);
CabinLocal cabin = getCabin(cabinPk);
ReservationHomeLocal resHome = (ReservationHomeLocal)
jndiContext.lookup("java:comp/env/ejb/ReservationHome");
ReservationLocal reservation =
resHome.create(customer,cruise,cabin,price,new Date());
Object ref = jndiContext.lookup("java:comp/env/ejb/ProcessPaymentHome");
ProcessPaymentHomeRemote ppHome = (ProcessPaymentHomeRemote)
PortableRemoteObject.narrow(ref,ProcessPaymentHomeRemote.class);
ProcessPaymentRemote process = ppHome.create();
process.byCredit(customer,card,price);
TicketDO ticket = new TicketDO(customer,cruise,cabin,price);
} catch(Exception e) {
throw new EJBException(e);
// More helper methods and callback methods follow
All the information about the reservation is obtained from the message delivered to the MDB. JMS
messages can take many forms; the javax.jms.MapMessage used in this example carries name-value
pairs. Once the information is gathered from the message and the enterprise bean references are
obtained, the reservation is processed in the same way as it was in the session bean. The only
difference is that a TicketDO is not returned to the caller; message-driven beans don't have to respond
to the caller.
Regardless of the messaging system, message-driven beans do not maintain any conversational
state. Each new message is independent of the previous messages.
The Bean-Container Contract
The environment that surrounds the beans on the EJB server is often called the container. The
container is more a concept than a physical construct. It acts as an intermediary between the bean
and the EJB server. It manages the EJB objects and EJB homes and helps these constructs to
manage bean resources and provide services such as transactions, security, concurrency, and
naming at runtime. The distinction between the container and the server is not clearly defined, but the
EJB specification defines the component model in terms of the container's responsibilities, so we will
follow that convention here.
Enterprise bean components interact with the EJB container through a well-defined component model.
The EntityBean, SessionBean, and MessageDrivenBean interfaces provide callback methods that
notify the bean class of life-cycle events. At runtime, the container invokes these methods on the bean
instance when relevant events occur. For example, when the container is about to write an entity bean
instance's state to the database, it first calls the bean instance's ejbStore() method. This call gives the
bean instance an opportunity to do cleanup on its state before it's written to the database. The
ejbLoad() method is called just after the bean's fields are populated from the database, providing the
bean developer with an opportunity to manage the bean's state before the first business method is
3
called. Other callback methods can be used by the bean class in a similar fashion. EJB defines when
these various callback methods are invoked and what can be done within their contexts.
While the bean interfaces require implementations of all the callback methods, those implementations
don’t have to be meaningful. The method body of any or all of the callback methods can be left empty,
and often is. Beans that implement callback methods usually access resources that aren’t managed by
the EJB system. Enterprise beans that wrap legacy systems often fall into this category.
javax.ejb.EJBContext is an interface that is implemented by the container and is also part of the bean-
container contract. Entity beans use a subclass of javax.ejb.EJBContext called
javax.ejb.EntityContext. Session beans use a subclass called javax.ejb.SessionContext. Message-
driven beans use the subclass javax.ejb.MessageDrivenContext. These EJBContext types provide the
bean with information about its environment: its container, the client using the enterprise bean, and the
bean itself. The bean can use this information while processing requests from clients and callback
methods from the container.
An enterprise bean's interface with the container also includes a JNDI namespace, called the
environment naming context, which the bean can use to look up the resources it needs (including
other beans).
Summary
This chapter covered a lot of ground describing the basic architecture of an EJB system. At this point,
you should understand that beans are business object components. The home interfaces define
life-cycle methods for creating, finding, and destroying beans, and the remote and local interfaces
define the public business methods of the bean. Message-driven beans do not have component
interfaces. The bean class is where the state and behavior of the bean are implemented.
There are three basic kinds of beans: entity, session, and message-driven. Entity beans are persistent
and represent a person, place, or thing. Session beans are extensions of the client and embody a
process or a taskflow that defines how other beans interact. Session beans are not persistent: they
receive their state from the client, and they live only as long as the client needs them. Message-driven
beans are integration points that allow other applications to interact with EJB applications using JMS
or, in EJB 2.1, some other JCA 1.5–complaint resource. Message-driven beans, like stateless session
beans, are not persistent and do not maintain conversational state.
The EJB object and EJB home are conceptual constructs that delegate method invocations to session
and entity beans from the client and help the container to manage the enterprise bean at runtime. The
clients of entity and session beans do not interact with the instances of the bean class directly.
Instead, the client software interacts with stubs, which are connected to the EJB object and EJB home.
The EJB object implements the remote and/or local interface and expands the bean class's
functionality. The EJB home implements the home interface and works closely with the container to
create, locate, and remove beans.
Beans interact with their containers through the well-defined bean-container contract. This contract
provides callback methods, the EJBContext, and the JNDI environment-naming context. The callback
methods notify the bean class that it is involved in a life-cycle event. The EJBContext and JNDI
environment-naming context provide the bean instance with information about its environment.
J2EE
Distributed Multitiered Applications
The J2EE platform uses a multitiered distributed application model. This means application logic is
divided into components according to function, and the various application components that make up
a J2EE application are installed on different machines depending on which tier in the multitiered J2EE
environment the application component belongs. Figure 1 shows two multitiered J2EE applications
divided into the tiers described in the bullet list below. The J2EE application parts shown in Figure 1
are presented in J2EE Application Components (page 29).
• Client tier components run on the client machine
• Web tier components run on the J2EE server
• Business tier components run on the J2EE server
• Enterprise information system (EIS) tier software runs on the EIS server
While a J2EE application can consist of the three or four tiers shown in Figure 1, J2EE multitiered
applications are generally considered to be three-tiered applications because they are distributed over
three different locations: client machines, J2EE server machine, and the database or legacy machines
at the back-end. Three-tiered applications that run in this way extend the standard twotiered client and
server model by placing a multithreaded application server between the client application and back-
end storage.
J2EE Application Components
J2EE applications are made up of components. A J2EE component is a self-contained functional
software unit that is assembled into a J2EE application with its related classes and files and
communicates with other components. The J2EE specification defines the following J2EE
components:
• Application clients and applets are client components.
• Java Servlet and JavaServer Pages™ (JSP™) technology components are web components.
• Enterprise JavaBeans™ (EJB™) components (enterprise beans) are business components.
J2EE components are written in the Java programming language and compiled in the same way as
any program in the language. When you work with the J2EE platform, the difference is that J2EE
components are assembled into a J2EE application, verified that they are well-formed and in
compliance with the J2EE specification, and deployed to production where they are run and managed
by the J2EE server.
Client Components
A J2EE application can be web-based or non-web-based. An application client executes on the client
machine for a non-web-based J2EE application, and a web browser downloads web pages and
applets to the client machine for a web-based J2EE application.
Application Clients
An application client runs on a client machine and provides a way for users to handle tasks such as
J2EE system or application administration. It typically has a graphical user interface created from
Swing or Abstract Window Toolkit (AWT) APIs, but a command-line interface is certainly possible.
Application clients directly access enterprise beans running in the business tier. However, if the J2EE
application client requirements warrant it, an application client can open an HTTP connection to
establish communication with a servlet running in the web tier.
Web Browsers
The user’s web browser downloads static or dynamic Hypertext Markup Language (HTML), Wireless
Markup Language (WML), or Extensible Markup Language (XML) web pages from the web tier.
Dynamic web pages are generated by servlets or pages created with JavaServer Pages (JSP)
technology pages running in the web tier.
Applets
A web page downloaded from the web tier can include an embedded applet. An applet is a small client
application written in the Java programming language that executes in the Java VM installed in the
web browser. However, client systems will likely need Java Plug-in and possibly a security policy file
so the applet can successfully execute in the web browser. JSP pages are the preferred API for
creating a web-based client program because no plug-ins or security policy files are needed on the
client systems. Also, JSP pages enable cleaner and more modular application design because they
provide a way to separate applications programming from web page design. This means personnel
involved in web page design do not need to understand Java programming language syntax to do
their jobs. Applets that run in other network-based systems such as handheld devices or car phones
can render Wireless Markup Language (WML) pages generated by a JSP page or servlet running on
the J2EE server. The WML page is delivered over Wireless Application Protocol (WAP) and the
network configuration requires a gateway to translate WAP to HTTP and back again. The gateway
translates the WAP request coming from the handheld device to an HTTP request for the J2EE server,
and then translates the HTTP server response and WML page to a WAP server response and WML
page for display on the handheld device.
JavaBeans™ Component Architecture
The client tier might also include a component based on the JavaBeans™ component architecture
(JavaBeans component) to manage the data flow between an application client or applet and
components running on the J2EE server. Java- Beans components are not considered J2EE
components by the J2EE specification. JavaBeans components written for the J2EE platform have
instance variables and get and set methods for accessing the data in the instance variables. Java-
Beans components used in this way are typically simple in design and implementation, but should
conform to the naming and design conventions outlined in the JavaBeans component architecture.
J2EE Server Communications
Figure 2 shows the various elements that can make up the client tier. The client communicates with
the business tier running on the J2EE server either directly, or as in the case of a client running in a
browser, by going through JSP pages or servlets running in the web tier.
Thin Clients
A thin client is a lightweight and typically browser-based interface to the application. Thin clients do not
do things like query databases, execute complex business rules, or connect to legacy applications.
When you use a thin client, heavyweight operations like these are off-loaded to web or enterprise
beans executing on the J2EE server where they can leverage the security, speed, services, and
reliability of J2EE server-side technologies. Your J2EE application uses a thin browser-based client or
thick application client. In deciding which one to use, you should be aware of the tradeoffs between
keeping functionality on the client and close to the user (thick client) and offloading as much
functionality as possible to the server (thin client). The more functionality you offload to the server, the
easier it is to distribute, deploy, and manage the application; however, keeping more functionality on
the client can make for a better perceived user experience.
Web Components
J2EE web components can be either JSP pages or servlets. Servlets are Java programming language
classes that dynamically process requests and construct responses. JSP pages are text-based
documents that execute as servlets, but allow a more natural approach to creating static content.
Static HTML pages and applets are bundled with web components during application assembly, but
are not considered web components by the J2EE specification. Server-side utility classes can also be
bundled with web components, and like HTML pages, are not considered web components. Like the
client tier and as shown in Figure 3, the web tier might include a Java-Beans object to manage the
user input and send that input to enterprise beans running in the business tier for processing.
Business Components
Business code, which is logic that solves or meets the needs of a particular business domain such as
banking, retail, or finance, is handled by enterprise beans running in the business tier. Figure 4 shows
how an enterprise bean receives data from client programs, processes it (if necessary), and sends it to
the enterprise information system tier for storage. An enterprise bean also retrieves data from storage,
processes it (if necessary), and sends it back to the client program.
There are three kinds of enterprise beans: session beans, entity beans, and message-driven beans. A
session bean represents a transient conversation with a client. When the client finishes executing, the
session bean and its data are gone. In contrast, an entity bean represents persistent data stored in
one row of a database table. If the client terminates or if the server shuts down, the underlying
services ensure the entity bean data is saved. A message-driven bean combines features of a session
bean and a Java Message Service (JMS) message listener, allowing a business component to receive
JMS messages asynchronously. This tutorial describes entity beans and session beans. For
information on message-driven beans, see the Java Message Service Tutorial, which is online at:
Enterprise Information System Tier
The enterprise information system tier handles enterprise information system software, and includes
enterprise infrastructure systems such as enterprise resource planning (ERP), mainframe transaction
processing, database systems, and other legacy information systems. J2EE application components
might need access to enterprise information systems for database connectivity, for example.
J2EE Architecture
Normally, thin-client multitiered applications are hard to write because they involve many lines of
intricate code to handle transaction and state management, multithreading, resource pooling, and
other complex low-level details. The component- based and platform-independent J2EE architecture
makes J2EE applications easy to write because business logic is organized into reusable components
and the J2EE server provides underlying services in the form of a container for every component type.
Because you do not have to develop these services yourself, you are free to concentrate on solving
the business problem at hand.
Containers and Services
Containers are the interface between a component and the low-level platformspecific functionality that
supports the component. Before a web, enterprise bean, or application client component can be
executed, it must be assembled into a J2EE application and deployed into its container. The assembly
process involves specifying container settings for each component in the J2EE application and for the
J2EE application itself. Container settings customize the underlying support provided by the J2EE
server, which include services such as security, transaction management, Java Naming and Directory
Interface™ (JNDI) lookups, and remote connectivity. Here are some of the highlights:
• The J2EE security model lets you configure a web component or enterprise bean so system
resources are accessed only by authorized users.
• The J2EE transaction model lets you specify relationships among methods that make up a
single transaction so all methods in one transaction are treated as a single unit.
• JNDI lookup services provide a unified interface to multiple naming and directory services in
the enterprise so application components can access naming and directory services.
• The J2EE remote connectivity model manages low-level communications between clients and
enterprise beans. After an enterprise bean is created, a client invokes methods on it as if it
were in the same virtual machine.
The fact that the J2EE architecture provides configurable services means that application components
within the same J2EE application can behave differently based on where they are deployed. For
example, an enterprise bean can have security settings that allow it a certain level of access to
database data in one production environment and another level of database access in another
production environment.
The container also manages non-configurable services such as enterprise bean and servlet life cycles,
database connection resource pooling, data persistence, and access to the J2EE platform APIs
described in J2EE APIs (page 42). Although data persistence is a non-configurable service, the J2EE
architecture lets you override container-managed persistence by including the appropriate code in
your enterprise bean implementation when you want more control than the default container-managed
persistence provides. For example, you might use bean-managed persistence to implement your own
finder (search) methods or to create a customized database cache.
Container Types
The deployment process installs J2EE application components in the J2EE containers illustrated in
Figure 5.
• J2EE server—is the runtime portion of a J2EE product. A J2EE server provides EJB and web
containers.
• Enterprise JavaBeans (EJB) container—manages the execution of enterprise beans for J2EE
applications. Enterprise beans and their container run on the J2EE server.
• Web container—manages the execution of JSP page and servlet components for J2EE
applications. Web components and their container run on the J2EE server.
• Application client container—manages the execution of application client components.
Application clients and their container run on the client.
• Applet container—manages the execution of applets. Consists of a web browser and Java
Plug-in together running on the client.
Packaging
J2EE components are packaged separately and bundled into a J2EE application for deployment. Each
component, its related files such as GIF and HTML files or server-side utility classes, and a
deployment descriptor (DD), are assembled into a module and added to the J2EE application. A J2EE
application is composed of one or more enterprise bean, web, or application client component
modules. The final enterprise solution can use one J2EE application or be made up of two or more
J2EE applications depending on design requirements A J2EE application and each of its modules has
its own deployment descriptor. A deployment descriptor is an Extensible Markup Language (XML)
text-based file with an .xml extension that describes a component’s deployment settings.
An enterprijse bean module deployment descriptor, for example, declares transaction attributes and
security authorizations for an enterprise bean. Because deployment descriptor information is
declarative, it can be changed without modifying the bean source code. At run time, the J2EE server
reads the deployment descriptor and acts upon the component accordingly.
A J2EE application with all of its modules is delivered in an Enterprise Archive (EAR) file. An EAR file
is a standard JAR file with an .ear extension. In the GUI version of the J2EE SDK application
deployment tool, you create an EAR file first and add JAR and WAR files to the EAR. If you use the
command line packager tools, however, you create the Java ARchive (JARs) and Web Archive (WAR)
files first and create the EAR. The J2EE SDK tools are described in Tools (page 45).
• Each EJB JAR file contains its deployment descriptor, related files, and the .class files for the
enterprise bean.
• Each application client JAR file contains its deployment descriptor, related files, and the .class
files for the application client.
• Each WAR file contains its deployment descriptor, related files, and the .class files for the
servlet or .jsp files for a JSP page.
Using modules and EAR files makes it possible to assemble a number of different J2EE applications
using some of the same components. No extra coding is needed; it is just a matter of assembling
various J2EE modules into J2EE EAR files.
Development Roles
Reusable modules make it possible to divide the application development and deployment process
into distinct roles so different people or companies can perform different parts of the process. The first
two roles involve purchasing and installing the J2EE product and tools. Once software is purchased
and installed, J2EE components can be developed by application component providers, assembled by
application assemblers, and d eployed by application deployers. In a large organization, each of these
roles might be executed by different individuals or teams. This division of labor works because each of
the earlier roles outputs a portable file that is the input for a subsequent role. For example, in the
application component development phase, an enterprise bean software developer delivers EJB JAR
files. In the application assembly role, another developer combines these EJB JAR files into a J2EE
application and saves it in an EAR file. In the application deployment role, a system administrator at
the customer site uses the EAR file to install the J2EE application into a J2EE server.
The different roles are not always executed by different people. If you work for a small company, for
example, or if you are prototyping a sample application, you might perform the tasks in every phase.
J2EE Product Provider
The J2EE product provider is the company that designs and makes available for purchase the J2EE
platform, APIs, and other features defined in the J2EE specification. Product providers are typically
operating system, database system, application server, or web server vendors who implement the
J2EE platform according to the Java 2 Platform, Enterprise Edition Specification.
Tool Provider
The tool provider is the person or company who creates development, assembly, and packaging tools
used by component providers, assemblers, and deployers. See Tools (page 45) for information on the
tools available with J2EE SDK version 1.3.
Application Component Provider
The application component provider is the company or person who creates web components,
enterprise beans, applets, or application clients for use in J2EE applications.
Enterprise Bean Creation
A software developer performs the following tasks to deliver an EJB JAR file that contains the
enterprise bean:
• Writes and compiles the source code
• Specifies the deployment descriptor
• Bundles the .class files and deployment descriptor into an EJB JAR file
Web Component Creation
A web designer (JSP pages) or software developer (servlets) performs the following tasks to deliver a
WAR file containing the web component.
• Writes and compiles servlet source code

• Writes JSP and HTML files
• Specifies the deployment descriptor for the web component
• Bundles the .class, .jsp, .html, and deployment descriptor files in the WAR file
J2EE Application Client Creation
A software developer performs the following tasks to deliver a JAR file containingthe J2EE application
client.
• Writes and compiles the source code
• Specifies the deployment descriptor for the client
• Bundles the .class files and deployment descriptor into the JAR file
Application Assembler
The application assembler is the company or person who gets application component JAR files from
component providers and assembles them into a J2EE application EAR file. The assembler or
deployer can edit the deployment descriptor directly or use tools that correctly add XML tags according
to interactive selections. A software developer performs the following tasks to deliver an EAR file
containing the J2EE application.
• Assembles EJB JAR and web components (WAR) files created in the previous phases into a
J2EE application (EAR) file.
• Specifies the deployment descriptor for the J2EE application.
• Verifies that the contents of the EAR file are well-formed and comply with the J2EE
specification.
Application Deployer and Administrator
The company or person who configures and deploys the J2EE application, administers the computing
and networking infrastructure where J2EE applications run, and oversees the runtime environment.
Duties include such things as setting transaction controls and security attributes, and specifying
connections to databases.
During configuration, the deployer follows instructions supplied by the application component provider
to resolve external dependencies, specify security settings, and assign transaction attributes. During
installation, the deployer moves the application components to the server, and generates the
container-specific classes and interfaces.
A deployer/system administrator performs the following tasks to install and configure a J2EE
application.
• Adds the J2EE application (EAR) file created in the preceding phase to the J2EE server.
• Configures the J2EE application for the operational environment by modifying the deployment
descriptor of the J2EE application.
• Verifies that the contents of the EAR file are well-formed and comply with the J2EE
specification.
• Deploys (installs) the J2EE application EAR file into the J2EE server.
Reference Implementation Software
The J2EE SDK is a non-commercial operational definition of the J2EE platform and specification made
freely available by Sun Microsystems for demonstrations, prototyping, and educational use. It comes
with the J2EE application server, web server, relational database, J2EE APIs, and complete set of
development and deployment tools. You can download the J2EE SDK from the web:
http://java.sun.com/j2ee/download.html#sdk
• Product providers use the J2EE SDK to determine what their implementations must do under
a given set of application conditions, and to run the J2EE Compatibility Test Suite to test that
their J2EE products fully comply with the specification.
• Application component developers run their J2EE applications on the J2EE SDK to verify that
applications are fully portable across all J2EE products and tools.
Web Server
The web server provides services to one or more web containers. For example, a web container
typically relies on a web server to provide HTTP message handling. A J2EE implementation is not
required to support a particular type of web server, which means the web server supported by different
J2EE products can vary.
Database Access
The relational database provides persistent storage for application data. A J2EE implementation is not
required to support a particular type of database which means the database supported by different
J2EE products can vary. See the Release Notes included with the J2EE SDK download for a list of the
databases currently supported by the reference implementation.
J2EE APIs
The Java 2 Platform, Standard Edition (J2SE™) SDK is required to run the J2EE SDK and provides
core APIs for writing J2EE components, core development tools, and the Java virtual machine. The
J2EE SDK provides the following APIs to be used in J2EE applications.
Enterprise JavaBeans Technology 2.0
An enterprise bean is a body of code with fields and methods to implement modules of business logic.
You can think of an enterprise bean as a building block that can be used alone or with other enterprise
beans to execute business logic on the J2EE server.
There are three kinds of enterprise beans: session beans, entity beans, and message-driven beans as
described in Business Components (page 33). You do not have to write any SQL code or use the
JDBC™ API directly to perform database access operations with an entity bean. The EJB container
handles this for you.
However, if you override the default container-managed persistence for any reason, you will need to
use the JDBC API. Also, if you choose to have a session bean access the database, you have to use
the JDBC API.
JDBC™ 2.0 API
The JDBC API lets you invoke SQL commands from Java programing language methods. You use the
JDBC API in an enterprise bean when you override the default container-managed persistence or
have a session bean access the database. With container-managed persistence, database access
operations are handled by the container and your enterprise bean implementation contains no JDBC
code or SQL commands. You can also use the JDBC API from a servlet or JSP page to access the
database directly without going through an enterprise bean.
The JDBC API has two parts: an application-level interface used by the application components to
access a database, and a service provider interface to attach a JDBC driver to the J2EE platform.
Java Servlet Technology 2.3
Java Servlet technology lets you define HTTP-specific servlet classes. A servlet class extends the
capabilities of servers that host applications accessed by way of a request-response programming
model. Although servlets can respond to any type of request, they are commonly used to extend the
applications hosted by web servers.
JavaServer Pages (JSP) Technology 1.2
JSP pages technology lets you put snippets of servlet code directly into a textbased document. A JSP
page is a text-based document that contains two types of text: static template data which can be
expressed in any text-based format such as HTML, WML, and XML, and JSP elements that determine
how the page constructs dynamic content.
Java Message Service (JMS) 1.0
The JMS API is a messaging standard that allows J2EE application components to create, send,
receive, and read messages. It enables distributed communication that is loosely coupled, reliable,
and asynchronous. For more information on JMS see the online Java Message Service Tutorial:
http://java.sun.com/products/jms/tutorial/index.html
Java Transaction API (JTA) 1.0
The JTA API provides a standard demarcation interface for demarcating transactions. The J2EE
architecture provides a default auto commit to handle transaction commits and roll backs. An auto
commit means any other applications viewing data will see the updated data after each database read
or write operation. However, if your application performs two separate database access operations
that depend on each other, you will want to use the JTA API to demarcate where the entire
transaction, including both operations, begins, rolls back, and commits.
JavaMail™ Technology 1.2
Many Internet applications need to send email notifications so the J2EE platform includes the JavaMail
API with a JavaMail service provider that application components can use to send Internet mail. The
JavaMail API has two parts: an application-level interface used by the application components to send
mail, and a service provider interface.
JavaBeans Activation Framework 1.0
The JavaBeans Activation Framework is included because JavaMail uses it. It provides standard
services to determine the type of an arbitrary piece of data, encapsulate access to it, discover the
operations available on it, and create the appropriate JavaBean component to perform those
operations.
Java API for XML Processing (JAXP) 1.1
XML is a language for representing and describing text-based data so the data can be read and
handled by any program or tool that uses XML APIs. Programs and tools can generate XML files that
other programs and tools can read and handle.
For example, a J2EE application can use XML to produce reports, and different companies that
receive the reports can handle the data in a way that best suits their needs. One company might put
the XML data through a program to translate the XML to HTML so it can post the reports to the web,
another company might put the XML data through a tool to create a marketing presentation, and yet
another company might read the XML data into its J2EE application for processing.
J2EE Connector Architecture 1.0
The J2EE Connector Architecture is used by J2EE tools vendors and system integrators to create
resource adapters that support access to enterprise information systems that can be plugged into any
J2EE product. A resource adapter is a software component that allows J2EE application components
to access and interact with the underlying resource manager. Because a resource adapter is specific
to its resource manager, there is typically a different resource adapter for each type of database or
enterprise information system.
Java Authentication and Authorization Service (JAAS) 1.0
The Java Authentication and Authorization Service (JAAS) provides a way for a J2EE application to
authenticate and authorize a specific user or group of users to run it.
JAAS is a Java programing language version of the standard Pluggable Authentication Module (PAM)
framework that extends the Java 2 platform security architecture to support user-based authorization.
Simplified Systems Integration
The J2EE platform is a platform-independent and full systems integration solution that creates an open
marketplace in which every vendor can sell to every customer. Such a marketplace encourages
vendors to compete, not by trying to lock customers into their technologies, but by trying to outdo each
other by providing products and services that benefit customers such as better performance, better
tools, or better customer support. The J2EE APIs enable systems and applications integration as
follows:
• Unified application model across tiers with enterprise beans.
• Simplified response and request mechanism with JSP pages and servlets.
• Reliable security model with JAAS API.
• XML-based data interchange integration with the JAXP API.
• Simplified interoperability with the J2EE Connector Architecture.
• Easy database connectivity with the JDBC API.
• Enterprise application integration with message-driven beans and the JMS, JTS, and JNDI
APIs.
You can learn more about using the J2EE platform to build integrated business systems by reading
J2EE Technology in Practice. http://java.sun.com/j2ee/inpractice/aboutthebook.html
Tools
The J2EE reference implementation provides an application deployment tool and an array of scripts
for assembling, verifying, and deploying J2EE applications and managing your development and
production environments. See J2EE™ SDK Tools (page 453) for a discussion of the tools.
Application Deployment Tool
The J2EE reference implementation provides an application deployment tool for assembling, verifying,
and deploying J2EE applications. There are two versions: command-line and GUI.
The GUI tool includes wizards for
• Packaging, configuring, and deploying J2EE applications
• Packaging and configuring enterprise beans
• Packaging and configuring web components
• Packaging and configuring application clients
• Packaging and configuring resource adaptors
In addition, configuration information can be set for each component and module type in the tabbed
inspector panels.
Scripts
Table 1 lists the scripts included with the J2EE reference implementation that let you perform
operations from the command line.
ASP
• Part 1 - Introducing ASP

• Part 2 - Output And Variables
• Part 3 - IF Statements
• Part 4 - Loops and Arrays
Part 1 - Introducing ASP
Introduction
For any webmaster, once you have created a page with graphics and content, the next logical step is
to make it interactive. You can, of course, go to one of the remotely hosted scripting sites who will
provide you with a simple piece of code to put on your site, but there is a lot more flexibility if you can
create and install your own scripts which will do exactly what you want.
It's thought by many that this 'server-side scripting' (it is processed by the server and not the browser,
so unlike JavaScript the use of ASP doesn't depend on someone's browser supporting it) is very
difficult to learn, and this has come from the early languages like Perl, which are difficult to write and
even more difficult to debug. Over the past few years two new languages have emerged, PHP and
ASP. These are easy enough for even the novice webmaser to learn.
What Is ASP?
ASP stands for Active Server Pages. It is basically a server-side scripting language designed for the
Windows Platform, although it is available on Unix/Linux systems through new systems, although PHP
is the more popular choice for this platform. Active Server Pages is based around VBScript, a variant
of Visual Basic, which makes it very easy to use as the majority of the commands are plain English
and simple to decipher.
As mentioned earlier, ASP is a server-side scripting language. Basically what this means is that if an
ASP page is requested, the web server will process it and run all the ASP code, before sending the
output to the browser. This has two major advantages over client-side (processed by the browser)
scripts like JavaScript. The first is that there are no compatibility problems. It doesn't matter if the user
is using the latest browser or the oldest, they will see the same output. The second is that your code is
hidden. Because code is executed on the server, users only ever see the output, so it is safe to put
passwords etc. in your ASP code.
What Do I Need?
ASP is a server-side language, so you will need to make sure that your web server has the correct
software for running it. The most common setup for running ASP scripts is on a Windows-based server
running IIS (Internet Information Server). It is possible to use Linux-based systems, though, but they
must have the Chillisoft ASP package installed. Most web hosts will publish whether they support
ASP, but if in doubt contact your systems administrator. If you need a free web host supporting ASP,
try visiting Free-Webhosting.info.
Once you have the server ready to accept scripts, running one is as easy as simply uploading and
running the file. You don't need to put it in any particular place on the server or change any settings.
Just upload and run.
ASP Code
When writing ASP you don't need to worry about changing all your HTML, you simply add ASP code
into your HTML pages where needed. YOu also don't need any special software on your computer, a
simple text editor will do. To begin an ASP page you will first need to tell it what language you have
written it in. The most common (and the one used in this tutorial) is VBScript. You should begin your
page with:
<%@ Language=VBScript %>
All this code does is tell the ASP system that you are writing your page in VBScript. You will notice that
the ASP code is enclosed in special tags. All ASP code should be enclosed in the 'percent sign tags' in
the form:
<% ASP Code Here %>
Code can be written over multiple lines, but any code not enclosed in the ASP tags will simply be
treated as HTML. Similarly and HTML inside these tags but not specifically sent as output by the code
will cause an error.
Testing ASP
Before you start writing scripts it is a good idea to test whether ASP will run correctly on your server.
Make a simple page with the following:
<html>
<head><title>Test Page</title></head>
<body>
This is some HTML. Below this I have ASP<br>
<%@ Language=VBScript %><br>
Nothing should appear above here.
</body>
</html>
and save it as test.asp. Then upload this to your server and access it with your browser. If it has
worked correctly, the page should display and you should only see the lines:
This is some HTML. Below this I have ASP
Nothing should appear above here.
If the ASP appears in the page or the source of the page, something has gone wrong. Check the code
and also the settings on your server. No ASP should appear as it should have been processed by the
server before it was sent to the browser.
Part 2- Output & Variables
Introduction
In the last part I explained a little about how to write ASP and how to tell the server that you have ASP
code in your file and what language it is written in. In this part I will explain what is probably the most
important use of ASP: output.
Sending Output To The Browser
It's always been a tradition of programming tutorials to begin by writing the simple 'Hello World'
program, so this one won't make an exception! Sending output is done using the ASP command:
Response.Write()
so to write 'Hello World' to the user's browser the complete code would be:
<%
Response.Write("Hello World")
%>
Again, this code begins by telling the system that you are writing in VBScript. Then comes the
Response.Write command. Basically this is made up of two parts. 'Response' tells the server that you
want to send information to the user. There are other types of command including: Request (which
gets information from the user), Session (for user session details), Server (for controlling the server)
and Application (for commands relating to the application). More about these later.
The second part, 'Write', tells the server that the type of response you would like to send is to write
information to the user's browser. This doesn't just have to be text, but can include variables, which
will be discussed in more depth later in this tutorial.
Variables
Probably the most important feature of a programming language is a variable. A variable is basically a
way of storing text, numbers or other data, so that it can be referenced later. For example, to change
the earlier 'Hello World' script:
<%
OutputText = "Hello World"
Response.Write(OutputText)
%>
The output of this code will be exactly the same as the first script, but it is fundementally different as it
uses variables. Basically what this code does follows:
This line sets up a variable called OutputText and stores in it the string of letters 'Hello World'. As this
is now stored in a variable, you can now reference this text you have stored in any part of your script,
and you can also manipulate it. The next line:
Response.Write(OutputText)
tells the server that you are sending information to the browser, and that the information to be sent is
the contents of the variable called OutputText. Please note that the variable name is not enclosed in
quotation marks. If you did this the browser would simply output the title of the variable as text.
There is a second way of outputting the values of variables, other than using Response.Write. The
earlier code could have been written:
<%
=OutputText
%>
In this example, the = sign is used instead of ResponseWrite.
Variable Operations
The main benefits to storing information in variables is that you can use the text over and over again.
For example, once storing "Hello World" in the variable OutputText, I can then use it in various places
in my code:
<%
%>
This is my <% =OutputText %> script. The whole reason for it is to output the text <% =OutputText %>
to the browser.
which would display in the browser:
This is my Hello World script. The whole reason for it is to output the text Hello World to the browser.
You can also do various operations on text stored in variables using len, left and right.
The len function simply tells you how many characters are in a string, so if you used the following
code:
<% =len(OutputText) %>
The server would return to the browser the length of the text stored in OutputText, in this case "Hello
World", so the browser would display the number 11 on the screen. You could also assign this value to
a variable using:
<% StringLength = len(OutputText) %>
which would set the value of the variable called StringLength to 11.
You can also use the functions left and right. These will display only part of the variable. For example:
<% =left(OutputText, 2) %>
which would display:
He
and the code:
<% =right(OutputText, 4) %>
would display:
orld
Basically, these functions take the number of characters specififed from the left or right of the string, so
left("Some Text", 5) takes the first 5 characters of the text.
Part 3- If Statement
Introduction
Over the past two parts I have shown you the basics of text in ASP and how to store it as variables. In
this part of the tutorial I will show you how to use IF statements to make decisions in your scripts.
The Basics Of IF
If statements are used to compare two values and carry out different actions based on the results of
the test. If statements take the form IF, THEN, ELSE. Basically the IF part checks for a condition. If it
is true, the then statement is executed. If not, the else statement is executed.
IF Strucure
The structure of an IF statement is as follows:
If something=somethingelse Then
Execute some code
Else
Execute other code
End If
Common Comparisons
The ASP IF statement construction is very much like plain text, but here is a quick example of a
common use of ASP. In this example the user has entered a password which has been stored in the
variable EnteredPassword. The idea of this script it to check whether the user has entered the correct
password:
<%
If EnteredPassword="password1" Then
Response.Write("Well done. You got the password right.")
Else
Response.Write("Sorry. That was the wrong password.")
End If
%>
If the user enters the correct password (password1) the text:
Well done. You got password right.
but if you get it incorrect you will be shown the text:
Sorry. That was the wrong password.
Other IF Options
There are many of different comparisions you can make with ASP, for example you can comapre two
variables:
If EnteredPassword=RealPassword Then
or different types of comparison:
If Age>13 Then
which will check to see if the age entered by the user is greater than 13.
You can also place HTML etc. in IF statements, as the ASP will continue executing a THEN statement
until it reaches an Else or an End If, and will continue to execute Else statements until it reaches End
If, for example:
<%
If EnteredPassword="password1" Then
%>
<font face="Arial" size="3">Congratulations. You may enter.</font>
<%
Else
%>
<font face="Arial" size="5" color="Red">ERROR! You cannot enter.</font>
<%
End If
%>
Part 4 Loops and Arrays
Introduction
So far you have learned how to output text, use variables and execute conditional statements. Another
very powerful feature of ASP is it's looping funciton.
FOR and NEXT Loops
FOR/NEXT loops are used when you want to execute a piece of code a set number of times. If, for
example, you want to output the world 'Hello' 10 times, you could either code it manually or you could
use:
<%
For index = 1 to 10
Response.Write("Hello")
Next
%>
Basically, this code says:
For index = 1 to 10
Repeat the following code until the variable 'index' is equal to 10, starting at 1 and going up 1 by 1.
Next
This tells the server to return to the beginning of the loop and increment the variable.
Using The Variable
A loop isn't much use if it just does the same thing over and over again. It really offers no benefits over
a simple piece of code. The real power appears when you use the counter variable in your code. If, for
example, I wanted to output the numbers 1 to 10 I could use:
<%
For index = 1 to 10
Response.Write(index)
Next
&>
STEP
Step is an extra part you can add on to the end of the For line of the code to change the way it counts.
In the loop above, the code starts by setting index to 1, then when Next is reached it adds another 1
(2), the next time it adds another 1 (3) and so on. Using, STEP you can change this action. For
example:
<%
For index = 1 to 10 STEP 2
Response.Write(index)
Next
%>
Would output:
246810
It is counting up in 2s. You can also count down:
For index 10 to 1 STEP –1
which will count down from 10 to 1.
While Loops
Another type of loop which can be used in ASP is the While loop. A While loop is written as:
<%
Do While thenumber<10
Resonse.Write("Less than 10")
thenumber = thenumber + 1
Loop
%>
To explain this code:
Do While thenumber<10
This code first checks if the variable thenumber has a value which is less than 10, then if it is executes
the following code until it reaches:
Loop
This tells the code to return to the Do line. Now, you may have noticed the problem here. If all the Do
line does is check whether thenumber has the value of less than 10, the loop will go on forever. This is
why the line:
has to be included. This increments the value of thenumber, so that it will eventually be more than 10,
and the loop will end. Of course, you aren't just limited to adding and subtracting as you are with a For
loop. You can make any changes to the variable you like in the code.
Until Loops
A third type of loop is the Until loop. This is almost exactly the same as the While loop:
<%
Do Until thenumber=10
Response.Write("Less than 10")
Loop
%>
The difference between this and a While loop is that the code will execute until the conditionin the Do
line is met, unlike a While loop where it will only execute while the condition is met. As with the While
loop you must increment the variable yourself.
PHP
A PHP file may contain text, HTML tags and scripts. Scripts in a PHP file are executed on the
server.
What you should already know
Before you continue you should have some basic understanding of the following:
WWW, HTML and the basics of building Web pages
Some scripting knowledge
What is PHP?
• PHP stands for PHP: Hypertext Preprocessor

• PHP is a server-side scripting language, like ASP
• PHP scripts are executed on the server
• PHP supports many databases (MySQL, Informix, Oracle, Sybase, Solid, PostgreSQL,
Generic ODBC, etc.)
• PHP is an open source software (OSS)
• PHP is free to download and use
What is a PHP File?
• PHP files may contain text, HTML tags and scripts

• PHP files are returned to the browser as plain HTML
• PHP files have a file extension of ".php", ".php3", or ".phtml"
What is MySQL?
• MySQL is a small database server

• MySQL is ideal for small and medium applications
• MySQL supports standard SQL
• MySQL compiles on a number of platforms
• MySQL is free to download and use
PHP + MySQL
• PHP combined with MySQL are cross-platform (means that you can develop in Windows and
serve on a Unix platform)
Why PHP?
• PHP runs on different platforms (Windows, Linux, Unix, etc.)

• PHP is compatible with almost all servers used today (Apache, IIS, etc.)
• PHP is FREE to download from the official PHP resource: www.php.net
• PHP is easy to learn and runs efficiently on the server side
Where to Start?
• Install an Apache server on a Windows or Linux machine

• Install PHP on a Windows or Linux machine
• Install MySQL on a Windows or Linux machine
What do You Need?
If your server supports PHP - you don't need to do anything! You do not need to compile anything or
install any extra tools - just create some .php files in your web directory - and the server will parse
them for you. Most web hosts offer PHP support.
However, if your server does not support PHP, you must install PHP. Below is a link to a good tutorial
from Webmonkey on how to install PHP4:
http://hotwired.lycos.com/webmonkey/00/44/index4a.html?tw=programming
Download PHP
Download PHP for free here: http://www.php.net/downloads.php
Download MySQL Database
Download MySQL for free here: http://www.mysql.com/downloads/index.html
Download Apache Server
Download Apache for free here: http://www.php.net/manual/en/installation.php
You cannot view the PHP source code by selecting "View source" in the browser - you will only see
the output from the PHP file, which is plain HTML. This is because the scripts are executed on the
server before the result is sent back to the browser.
Basic PHP Syntax
A PHP file normally contains HTML tags, just like an HTML file, and some PHP scripting code.Below,
we have an example of a simple PHP script which sends the text "Hello World" to the browser:
<html>
<body>
<?php echo "Hello World"; ?>

</body>
</html>
A PHP scripting block always starts with <?php and ends with ?>. A PHP scripting block can be
placed anywhere in the document.
Each code line in PHP must end with a semicolon. The semicolon is a separator and is used to
distinguish one set of instructions from another.
There are two basic statements to output text with PHP: echo and print. In the example above we
have used the echo statement to output the text "Hello World".
Variables in PHP
All variables in PHP start with a $ sign symbol. Variables may contain strings, numbers, or arrays.
Below, the PHP script assigns the string "Hello World" to a variable called $txt:
<html>
<body>
<?php
$txt="Hello World";
echo $txt;
?>
</body>
</html>
To concatenate two or more variables together, use the dot (.) operator:
<html>
<body>
<?php
$txt1="Hello World";
$txt2="1234";
echo $txt1 . " " . $txt2 ;
?>
</body>
</html>
The output of the script above will be: "Hello World 1234".
Comments in PHP
In PHP, we use // to make a single-line comment or /* and */ to make a large comment block.
<html>
<body>
<?php
//This is a comment
/*
This is
a comment
block
*/
?>
</body>
</html>
Operators are used to operate on values.
PHP Operators
This section lists the different operators used in PHP.
Arithmetic Operators
Operator Description Example Result

+ Addition x=2 4
x+2
- Subtraction x=2 3
5-x
* Multiplication x=4 20
x*5
/ Division 15/5 3
5/2 2.5
% Modulus (division remainder) 5%2 1
10%8 2
10%2 0
++ Increment x=5 x=6
x++
-- Decrement x=5 x=4
x--
Assignment Operators
Operator Example Is The Same As

= x=y x=y
+= x+=y x=x+y
-= x-=y x=x-y
*= x*=y x=x*y
/= x/=y x=x/y
%= x%=y x=x%y
Comparison Operators
Operator Description Example

== is equal to 5==8 returns false
!= is not equal 5!=8 returns true
> is greater than 5>8 returns false
< is less than 5<8 returns true
>= is greater than or equal to 5>=8 returns false
<= is less than or equal to 5<=8 returns true
Logical Operators
Operator Description Example

&& and x=6
y=3
(x < 10 && y > 1) returns true

|| or x=6
y=3
(x==5 || y==5) returns false

! not x=6
y=3
!(x==y) returns true
Conditional statements in PHP are used to perform different actions based on different
conditions.
Conditional Statements
Very often when you write code, you want to perform different actions for different decisions. You can
use conditional statements in your code to do this.
In PHP we have two conditional statements:
• if (...else) statement - use this statement if you want to execute a set of code when a
condition is true (and another if the condition is not true)
• switch statement - use this statement if you want to select one of many sets of lines to
execute
The If Statement
If you want to execute some code if a condition is true and another code if a condition is false, use the
if....else statement.
Syntax
if (condition)
code to be executed if condition is true;
else
code to be executed if condition is false;
Example
The following example will output "Have a nice weekend!" if the current day is Friday, otherwise it will
output "Have a nice day!":
<html>
<body>
<?php
$d=date("D");
if ($d=="Fri")
echo "Have a nice weekend!";
else
echo "Have a nice day!";
?>
</body>
</html>
If more than one line should be executed when a condition is true, the lines should be enclosed within
curly braces:
<html>
<body>
<?php
$x=10;
if ($x==10)
{
echo "Hello<br />";
echo "Good morning<br />";
}
?>
</body>
</html>
The Switch Statement
If you want to select one of many blocks of code to be executed, use the Switch statement.
Syntax
switch (expression)
{
case label1:
code to be executed if expression = label1;
break;
case label2:
code to be executed if expression = label2;
break;
default:
code to be executed
if expression is different
from both label1 and label2;
}
Example
This is how it works: First we have a single expression (most often a variable), that is evaluated once.
The value of the expression is then compared with the values for each case in the structure. If there is
a match, the block of code associated with that case is executed. Use break to prevent the code from
running into the next case automatically. The default statement is used if none of the cases are true.
<html>
<body>
<?php
switch ($x)
{
case 1:
echo "Number 1";
break;
case 2:
echo "Number 2";
break;
case 3:
echo "Number 3";
break;
default:
echo "No number between 1 and 3";
}
?>
</body>
</html>
Looping statements in PHP are used to execute the same block of code a specified number of
times.
Looping
Very often when you write code, you want the same block of code to run a number of times. You can
use looping statements in your code to perform this.
In PHP we have the following looping statements:
• while - loops through a block of code if and as long as a specified condition is true
• do...while - loops through a block of code once, and then repeats the loop as long as a
special condition is true
• for - loops through a block of code a specified number of times
• foreach - loops through a block of code for each element in an array
The while Statement
The while statement will execute a block of code if and as long as a condition is true.
Syntax
while (condition)
code to be executed;
Example
The following example demonstrates a loop that will continue to run as long as the variable i is less
than, or equal to 5. i will increase by 1 each time the loop runs:
<html>
<body>
<?php
$i=1;
while($i<=5)
{
echo "The number is " . $i . "<br />";
$i++;
}
?>
</body>
</html>
The do...while Statement
The do...while statement will execute a block of code at least once - it then will repeat the loop as
long as a condition is true.
Syntax
do
{
}
while (condition);
Example
The following example will increment the value of i at least once, and it will continue incrementing the
variable i while it has a value of less than 5:
<html>
<body>
<?php
$i=0;
do
{
$i++;
echo "The number is " . $i . "<br />";
}
while ($i<5);
?>
</body>
</html>
The for Statement
The for statement is used when you know how many times you want to execute a statement or a list of
statements.
Syntax
for (initialization; condition; increment)

{
}
Note: The for statement has three parameters. The first parameter is for initializing variables, the
second parameter holds the condition, and the third parameter contains any increments required to
implement the loop. If more than one variable is included in either the initialization or the increment
section, then they should be separated by commas. The condition must evaluate to true or false.
Example
The following example prints the text "Hello World!" five times:
<html>
<body>
<?php
for ($i=1; $i<=5; $i++)
{
echo "Hello World!<br />";
}
?>
</body>
</html>
The foreach Statement
Loops over the array given by the parameter. On each loop, the value of the current element is
assigned to $value and the array pointer is advanced by one - so on the next loop, you'll be looking at
the next element.
Syntax
foreach (array as value)

{
}
Example
The following example demonstrates a loop that will print the values of the given array:
<html>
<body>
<?php
$arr=array("one", "two", "three");
foreach ($arr as $value)
{
echo "Value: " . $value . "<br />";
}
?>
</body>
</html>
The real power of PHP comes from its functions.
In PHP - there are more than 700 functions available.
PHP Functions
We will only list a few useful functions in this tutorial.
A complete list of PHP functions available on http://www.php.net/quickref.php
PHP Information
The phpinfo() function is used to output PHP information.
This function is useful for trouble shooting, providing the version of PHP, and how it is configured.
The phpinfo() function options
Name Description
INFO_GENERAL The configuration line, php.ini location, build date, Web Server,
System and more
INFO_CREDITS PHP 4 credits
INFO_CONFIGURATION Local and master values for php directives
INFO_MODULES Loaded modules
INFO_ENVIRONMENT Environment variable information
INFO_VARIABLES All predefined variables from EGPCS (Environment, GET, POST,
Cookie, Server)
INFO_LICENSE PHP license information
INFO_ALL Shows all of the above. This is the default value
Example
<html>
<body>
<?php
// Show all PHP information
phpinfo();
?>
<?php
// Show only the general information
phpinfo(INFO_GENERAL);
?>
</body>
</html>
PHP Server Variables
All servers hold information such as which URL the user came from, what's the user's browser, and
other information. This information is stored in variables.
In PHP, the $_SERVER is a reserved variable that contains all server information. The $_SERVER is
a global variable - which means that it's available in all scopes of a PHP script.
Example
The following example will output which URL the user came from, the user's browser, and the user's
IP address:
<html>
<body>
<?php
echo "Referer: " . $_SERVER["HTTP_REFERER"] . "<br />";
echo "Browser: " . $_SERVER["HTTP_USER_AGENT"] . "<br />";
echo "User's IP address: " . $_SERVER["REMOTE_ADDR"];
?>
</body>
</html>
PHP Header() Function
The header() function is used to send raw HTTP headers over the HTTP protocol.
Note: This function must be called before anything is written to the page!
Example
The following example will redirect the browser to the following URL: http://www.bitdurg.org/:
<?php
//Redirect browser
header("Location: http://www.bitdurg.org/");
?>
<html>
<body>
......
</body>
</html>
Note: This function also takes a second parameter - an optional value of true or false to determine if
the header should replace the previous header. Default is TRUE.
However, if you pass in FALSE as the second argument you can FORCE multiple headers of the
same type.
Example
<?php
header("WWW-Authenticate: Negotiate");
header("WWW-Authenticate: NTLM", FALSE);
?>
<html>
<body>
......
</body>
</html>
This section describes file handling in PHP.
Opening a File
The fopen() function is used to open files in PHP.
The first parameter of this function contains the name of the file to be opened and the second
parameter specifies in which mode the file should be opened in:
<html>
<body>
<?php
$f=fopen("welcome.txt","r");
?>
</body>
</html>
The file may be opened in one of the following modes:
File Modes Description
r Read only. File pointer at the start of the file
r+ Read/Write. File pointer at the start of the file
w Write only. Truncates the file (overwriting it). If the file doesn't exist, fopen() will try
to create the file
w+ Read/Write. Truncates the file (overwriting it). If the file doesn't exist, fopen() will
try to create the file
a Append. File pointer at the end of the file. If the file doesn't exist, fopen() will try to
create the file
Read/Append. File pointer at the end of the file. If the file doesn't exist, fopen()
a+
will try to create the file
x Create and open for write only. File pointer at the beginning of the file. If the file
already exists, the fopen() call will fail and generate an error. If the file does not
exist, try to create it
x+ Create and open for read/write. File pointer at the beginning of the file. If the file
already exists, the fopen() call will fail and generate an error. If the file does not
exist, try to create it
Note: If the fopen() function is unable to open the specified file, it returns 0 (false).
Example
The following example generates a message if the fopen() function is unable to open the specified file:
<html>
<body>
<?php
if (!($f=fopen("welcome.txt","r")))
exit("Unable to open file!");
?>
</body>
</html>
Closing a File
The fclose() function is used to close a file.
fclose($f);
Reading from a File
The feof() function is used to determine if the end of file is true.
Note: You cannot read from files opened in w, a, and x mode!
if (feof($f))
echo "End of file";
Reading a Character
The fgetc() function is used to read a single character from a file.
Note: After a call to this function the file pointer has moved to the next character.
Example
The example below reads a file character by character, until the end of file is true:
<?php
if (!($f=fopen("welcome.txt","r")))
exit("Unable to open file.");
while (!feof($f))
$x=fgetc($f);
echo $x;
fclose($f);
?>
A very powerful feature of PHP is the way it handles HTML forms!
PHP Form Handling
The most important thing to notice when dealing with HTML forms and PHP is that any form element
in an HTML page will automatically be available to your PHP scripts.
Look at the following example of an HTML form:
<html>
<body>
<form action="welcome.php" method="POST">
Enter your name: <input type="text" name="name" />
Enter your age: <input type="text" name="age" />
<input type="submit" />
</form>
</body>
</html>
The example HTML page above contains two input fields and a submit button. When the user fills in
this form and hits the submit button, the "welcome.php" file is called.
The "welcome.php" file looks like this:
<html>
<body>
Welcome <?php echo $_POST["name"]; ?>.<br />
You are <?php echo $_POST["age"]; ?> years old!
</body>
</html>
A sample output of the above script may be:
Welcome John.
You are 28 years old!
Here is how it works: The $_POST["name"] and $_POST["age"] variables are automatically set for you
by PHP. The $_POST contains all POST data.
Note: If the method attribute of the form is GET, then the form information will be set in $_GET instead
of $_POST
A cookie is often used to identify a user.
What is a Cookie?
A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's
computer. Each time the same computer requests for a page with a browser, it will send the cookie
too. With PHP, you can both create and retrieve cookie values.
How to Create a Cookie
The setcookie() function is used to create cookies.
Note: The setcookie() function must appear BEFORE the <html> tag.
Syntax
setcookie(name, value, expire, path, domain);
Example
The following example sets a cookie named "uname" - that expires after ten hours.
<?php
setcookie("uname", $name, time()+36000);
?>
<html>
<body>
<p>
A cookie was set on this page! The cookie will be active when
the client has sent the cookie back to the server.
</p>
</body>
</html>
How to Retrieve a Cookie Value
When a cookie is set, PHP uses the cookie name as a variable.
To access a cookie you just refer to the cookie name as a variable.
Tip: Use the isset() function to find out if a cookie has been set.
Example
The following example tests if the uname cookie has been set, and prints an appropriate message.
<html>
<body>
<?php
if (isset($_COOKIE["uname"]))
echo "Welcome " . $_COOKIE["uname"] . "!<br />";
else
echo "You are not logged in!<br />";
?>
</body>
</html>
Server Side Includes (SSI) are used to create functions, headers, footers, or elements that will
be reused on multiple pages.
Server Side Includes
You can insert the content of one file into another file before the server executes it, with the require()
function. The require() function is used to create functions, headers, footers, or elements that will be
reused on multiple pages.
This can save the developer a considerable amount of time. If all of the pages on your site have a
similar header, you can include a single file containing the header into your pages. When the header
needs updating, you only update the one page, which is included in all of the pages that use the
header.
Example
The following example includes a header that should be used on all pages:
<html>
<body>
<?php require("header.htm"); ?>
<p>
Some text
</p>
<p>
Some text
</p>
</body>
</html>
The date() function is used to format a time or a date.
The Date() Function
The date() function is used to format a time or a date.
Syntax
string date (date_format[,int timestamp])
This function returns a string formatted according to the specified format.
Date Formats
The table below shows the characters that may be used in the format string:
Character Description
a "am" or "pm"
A "AM" or "PM"
B Swatch Internet time (000-999)
d Day of the month with a leading zero (01-31)
D Three characters that represents the day of the week (Mon-Sun)
F The full name of the month (January-December)
g The hour in 12-hour format without a leading zero (1-12)
G The hour in 24-hour format without a leading zero (0-23)
h The hour in 12-hour format with a leading zero (01-12)
H The hour in 24-hour format with a leading zero (00-23)
i The minutes with a leading zero (00-59)
I "1" if the date is in daylights savings time, otherwise "0"
j Day of the month without a leading zero (1-31)
l The full name of the day (Monday-Sunday)
L "1" if the year is a leap year, otherwise "0"
m The month as a number, with a leading zero (01-12)
M Three letters that represents the name of the month (Jan-Dec)
n The month as a number without a leading zero (1-12)
O The difference to Greenwich time (GMT) in hours
r An RFC 822 formatted date (e.g. "Tue, 10 Apr 2005 18:34:07 +0300")
s The seconds with a leading zero (00-59)
S The English ordinal suffix for the day of the month (st, nd, rd or th)
t The number of days in the given month (28-31)
T The local time zone (e.g. "GMT")
U The number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT)
w The day of the week as a number (0-6, 0=Sunday)
W ISO-8601 week number of year, weeks starting on Monday
Y The year as a 4-digit number (e.g. 2003)
y The year as a 2-digit number (e.g. 03)
z The day of the year as a number (0-366)
Examples
<?php
//Prints something like: Monday
echo date("l");
//Prints something like: Monday 15th of January 2003 05:51:38 AM
echo date("l dS of F Y h:i:s A");
//Prints something like: Monday the 15th
echo date("l \\t\h\e jS");
?>
ODBC is an Application Programming Interface (API) that allows you to connect to a data
source (e.g. an MS Access database).
Create an ODBC Connection
With an ODBC connection, you can connect to any database, on any computer in your network, as
long as an ODBC connection is available.
Here is how to create an ODBC connection to a MS Access Database:
1. Open the Administrative Tools icon in your Control Panel.
2. Double-click on the Data Sources (ODBC) icon inside.
3. Choose the System DSN tab.
4. Click on Add in the System DSN tab.
5. Select the Microsoft Access Driver. Click Finish.
6. In the next screen, click Select to locate the database.
7. Give the database a Data Source Name (DSN).
8. Click OK.
Note that this configuration has to be done on the computer where your web site is located. If you are
running Internet Information Server (IIS) on your own computer, the instructions above will work, but if
your web site is located on a remote server, you have to have physical access to that server, or ask
your web host to to set up a DSN for you to use.
Connecting to an ODBC
The odbc_connect() function is used to connect to an ODBC data source. The function takes four
parameters: the data source name, username, password, and an optional cursor type.
The odbc_exec() function is used to execute an SQL statement.
Example
The following example creates a connection to a DSN called northwind, with no username and no
password. It then creates an SQL and executes it:
$conn=odbc_connect('northwind','','');
$sql="SELECT * FROM customers";
$rs=odbc_exec($conn,$sql);
Retrieving Records
The odbc_fetch_rows() function is used to return records from the result-set. This function returns true
if it is able to return rows, otherwise false.
The function takes two parameters: the ODBC result identifier and an optional row number:
odbc_fetch_row($rs)
Retrieving Fields from a Record
The odbc_result() function is used to read fields from a record. This function takes two parameters: the
ODBC result identifier and a field number or name.
The code line below returns the value of the first field from the record:
$compname=odbc_result($rs,1);
The code line below returns the value of a field called "CompanyName":
$compname=odbc_result($rs,"CompanyName");
Closing an ODBC Connection
The odbc_close() function is used to close an ODBC connection.
odbc_close($conn);
An ODBC Example
The following example shows how to first create a database connection, then a result-set, and then
display the data in an HTML table.
<html>
<body>
<?php
$conn=odbc_connect('northwind','','');
if (!$conn)
exit("Connection Failed: " . $conn);
$sql="SELECT * FROM customers";
$rs=odbc_exec($conn,$sql);
if (!$rs)
exit("Error in SQL");
echo "<table><tr>";
echo "<th>Companyname</th>";
echo "<th>Contactname</th></tr>";
while (odbc_fetch_row($rs))
$compname=odbc_result($rs,"CompanyName");
$conname=odbc_result($rs,"ContactName");
echo "<tr><td>$compname</td>";
echo "<td>$conname</td></tr>";
odbc_close($conn);
echo "</table>";
?>
</body>
</html>
U-IV
Internet Security:
Security threats goes on emerging in Internet world due to mobile codes (software agents or rogue
software) which are responsible to create virus threat
Mobile codes is software agent which have ability to move from one computer to other and also have
ability to get themselves invoked without the external influence
Threats are divided in major two categories
1. Threat to the local computing Environment
2. Access control and threat to the server
Security threats arise when downloaded data is passes through local interpreter on client machine
without users knowledge. Client threats arises mostly due to malicious code refers to viruses like
Trojan horse, worms rabbits, chameleon, ordinary software bombs, timed software bombs and logical
software bombs
Threats to Server:
Threats to server consist of
1. Unauthorized modification of server
2. Unauthorized modification of incoming data packets by exploiting the bug in server software
3. Server can be attacked by denial of service where intruder make system unusable by
destroying resources so that they can be used
Most common form of denial of service attacks is service overloading and message overloading
Service Overloading:
Servers are vulnerable to service overloading for ex we can easily overload www server by writing
small loop that send request continuously for a particular file to server. Server tries to respond as it
assumes the request is genuine one Hence while providing services to all the request a stage will
reach when server is not able to satisfy the need or request so it deny for providing services to the
request i.e. Denial of service will occur due to overloading of the server
Message Overloading:
Message overloading will occur when someone sends a very large file to the message box of sever at
every few seconds. Due to of which message box grows in size and begins to occupy the hard disk
space and increases they no of receiving processes on recipient machine and thereby causes disk
crash
Virus: -
• A small program written to alter the way a computer operates, without
the permission or knowledge of the user. A virus must execute and replicate itself.
• Program that replicates itself so as to infect more computers
• A program or piece of code that is loaded onto your computer without your knowledge and
runs against your wishes. Viruses can also replicate themselves. All computer viruses are
manmade.
• A computer program written by a smart person who chooses to be an idiot. (e-mail signature
file)
• Computer “Viruses” and related programs have the ability to replicate themselves on an ever
increasing number of computers. They originally spread by people sharing floppy disks. Now
they spread primarily over the Internet (a “Worm”).
• Other “Malicious Programs” may be installed by hand on a single machine. They may also be
built into widely distributed commercial software packages. These are very hard to detect
before the payload activates (Trojan Horses, Trap Doors, and Logic Bombs).
Ways Viruses Are Transmitted
• Software (floppy disks and CDs)
• E-mail
7 Types of Viruses
• File infector viruses
• Boot sector viruses
• Master boot record viruses
• Multi-partite viruses
• Macro viruses
• Script viruses
• Companion viruses
File Infector Viruses
• Infect program files.
• Can infect other files when infected program is run from floppy, hard
drive, or network.
• Many are memory resident.
• After memory is infected, any non-infected executable that
runs becomes infected.
Examples: Jerusalem and cascade
Boot Sector Viruses
• Infect the system area of a disk. (boot record on floppy/hard disks)
• Activated when user starts up from infected disk.
• Always memory resident in nature.
• Once in memory, all non-write protected floppy disks will become infected when accessed.
• Examples: Form, Disk Killer, Michelangelo, and Stoned
Master Boot Record Viruses
• Similar to boot sector virus except viral code is located in different area.
• Prevents computer from booting.
• Examples: NYB, AntiExe, and unashamed (Symantec.com)
Multi-Partite Viruses
• Infect boot records and program files.
• Difficult to repair.
• Boot area and files must both be cleaned of virus or re-infection will occur.
• Examples: One Half, Emperor, Anthrax, and Tequila
• Macro Viruses
• Most common type of virus.
• Infect data files – word, excel, power point and access files.
• Use another program’s internal programming language which was created to allow users to
automate certain tasks within that program.
• Examples:w97m.Melissa, WM.NiceDay, and W97M.Groov
• Script Viruses
• Infect various script languages such as DOS, Java Script, and Visual Basic Script.
Companion Viruses
• Execute through operating system rather than directly infecting programs or boot sectors.
• When you execute the command ‘ABC’, ABC.COM executes before ABC.EXE Thus, a
companion virus could place its code in a COM file with its first name matching that of an
existing EXE file. When the user next executed the ‘ABC’ command, the virus’ ABC.COM
program would be run.
• Executable Viruses - These are viruses hidden within executable files or posing as
executable files.
• Visual Basic Script Viruses - Visual Basic Script (VBS) is a powerful programming
language built into Windows. VBS viruses can send emails, delete files, rename files etc.
VBS viruses often pretend to be something that they are not.
• Boot Sector Virus - resides in the boot sector of a hard disk or floppy. The boot sector is
that portion of a disk that gives it its identity. After a given number of boots, the virus
activates and the system is usually destroyed.
• Stealth Virus - Can be any one of the previously mentioned types, but were designed to
defeat anti-viral scanning and other anti-viral detection software and methods.
• Macro Viruses – These are very common and make use of the macro functionality in
Microsoft Office. Macros are mini-programs that allow users to automate various commands
within the program.
Other Threats to Computers
Worm
• Self-replicating program that are self contained and doesn’t require host program. It creates
copies of itself and executes them and generally it utilizes the network services to propagate
to other host system. They will consume all resources on network and affects response time
• A program or algorithm at replicates itself over a computer network and usually performs
malicious actions, such as using up the computer's resources and possibly shutting the
system down.
• A virus that spreads by creating duplicates of itself on other drives, systems, or networks.
• Worms – spreads by creating duplicates of itself on other drives, systems, or networks
Rabbits
• Rabbits are similar to worms they too are full programs. However as soon as they are executed
they are replicating themselves on the disk until its capacity is exhausted this process is then
repeated on other nodes so that complete network comes to stand still.
• Rabbits are less harmful as compared to worms since they are easily detected.
Trojan Horse
• Program which appears to be harmless but has piece of code which is very harmful . Trojan horse
is derived from the greek mythology Trojan horse here means to fool the common users , Hence
all the rogue s/w delivered comes under this category
• The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to
their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside
their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates,
allowing their compatriots to pour in and capture Troy
• A destructive program that masquerades as a good/useful application. Unlike viruses, Trojan
horses do not replicate themselves but they can be just as destructive.
• One of the most insidious types of Trojan horse is a program that claims to rid your computer of
viruses but instead introduces viruses onto your computer.
Ordinary Software bombs:
S/w bombs are the piece of code segment, which “explodes” as soon as it executed without any
delay and brings system to grinding halt
Timed Software bombs:
Similar to ordinary software bomb except that it becomes active only at specific time or frequency
Logical Software bombs:
Similar to ordinary software bomb , except its activated only if the logical condition is satisfied(e.g.
Delete employees master data when gross salary exceeds say 10,000)
Chameleon:
Are similar to Trojan horses It normally seems like a useful and correct program and throws a logon
screen to collect all the valid user names and passwords and then display a message system shut
down and then it makes the utilization of collected password later on
Backdoor
• Also called a trapdoor. An undocumented way of gaining access to a program, online service
or an entire computer system. The backdoor is written by the programmer who creates the
code for the program. It is often only known by the programmer. A backdoor is a potential
security risk.
Malware
• Short for malicious software. Software designed specifically to damage or disrupt a system,
such as a virus or a Trojan Horse.
Spyware
• Also called adware, spyware is any software that covertly gathers user information through the
user's Internet connection without his or her knowledge, usually for advertising purposes.
• Spyware applications are typical bundled as a hidden component of freeware or shareware
programs that can be downloaded from the Internet.
• Once installed, the spyware monitors user activity on the Internet and transmits that
information in the background to someone else.
• Spyware can also gather information about e-mail addresses and even passwords and credit
card numbers.
• Spyware is similar to a Trojan horse in that users unwittingly install the product when they
install something else.
• Aside from the questions of ethics and privacy, spyware steals from the user by using the
computer's memory resources and also by eating bandwidth as it sends information back to
the spyware's home base via the user's Internet connection.
• Because spyware is using memory and system resources, the applications running in the
background can lead to system crashes or general system instability.
Top Ten Viruses as of 05-23-2002
TrendMicro Sophos McAfee MessageLabs
• WORM_KLEZ.H • W32/Klez-G • W95/Elkern.cav.c • W32/Klez.H-mm
• PE_FUNLOVE.4099 • W32/Klez-E • W32/Nimda.eml • W32/Klez.E-mm
• PE_ELKERN.D • W32/Badtrans- • W32/Klez.e@MM • W32/SirCam.A-mm
• WORM_KLEZ.E B • W32/Nimda.gen@MM • W32/Magistr.B-mm
• PE_NIMDA.A • W32/ElKern-C • JS/IEStart.gen • W32/Magistr.A-mm
• JS_EXCEPTION.GEN • W32/Magistr-B • VBS/Loveletter@MM • W32/Hybris.B-mm
• WORM_SIRCAM.A • W32/Klez-A • JS/NoClose • EML/Fortnight
• PE_MAGISTR.B • W32/MyLife-F • VBS/Haptime@MM • W32/BadTrans.B-
• PE_NIMDA.E • W32/Magistr-A • W32/Klez.gen@MM mm
• WORM_HYBRIS.M • W32/Sircam-A • JS/Kak@M • W32/Yaha.C-mm
• W32/Nimda-D
The Rogue’s Gallery
Some of our more common and infamous viruses.
Klez
http://www.virus.uga.edu/klezalrt.html
• What does it do?
– The Klez virus propagates by taking a randomly picked e-mail address from web pages, ICQ
databases or Windows Address Books and inserts it as the From: address before sending out
its payload to the rest of your address book. When you receive an e-mail from someone
whose computer is infected, it may appear to come from an entirely different person.
Klez
• What does it do? (cont.)
– This means that the e-mail address in the From: field of the infected e-mail you receive is
probably not infected with the virus. The From: e-mail address happens to be in the infected
machine’s address book.
Klez
• What else does it do?
– The virus can infect personal documents and send them out to others and, therefore, possibly
send out confidential information.
Sircam
http://www.virus.uga.edu/scalrt.html
– Sircam is a mass mailing e-mail worm with the ability of spreading through Windows Network
shares. It sends e-mails with variable user names and subject fields, and attaches user
documents with double extensions to them.
– Since the worm can pick any of the user's personal documents it might send out confidential
information.
– When a Sircam-infected e-mail attachment is opened it shows the document it picked up from
the sender’s machine. The file is displayed with the appropriate program according to its
extension. This is so the recipient is unaware of virus infecting his machine.
• How Does It Spread?
– The worm uses Windows Address Book, which is used by both the Outlook and Outlook
Express e-mail clients to collect e-mail addresses. The worm also tries to look for e-mail
addresses in the \Windows\Temporary Internet Files\ folder, which is where Internet Explorer
and other programs store temporary copies of downloaded web pages and other Internet files.
Nimda
http://www.f-secure.com/v-descs/nimda.shtml
– Nimda is a complex virus with a mass mailing worm component which spreads itself in
attachments named README.EXE. If affects Windows 95, Windows 98, Windows Me,
Windows NT 4 and Windows 2000 users.
– It uses normal end user machines to scan for vulnerable web sites. It is looking for the
Unicode exploit to infect IIS web servers.
– The actual lifecycle of Nimda can be split to four parts: 1) Infecting files, 2) Mass mailing, 3)
Web worm and 4) LAN propagation.
• How does it spread?
– Infecting files
• Nimda locates EXE files from the local machine and infects them. These files then spread the
infection when people exchange programs.
Nimda
– Mass mailing
• It then locates e-mail addresses from your e-mail client as well as searching local HTML files
for additional addresses. Then it sends one e-mail to each address. These mails contain an
attachment called README.EXE, which might be executed automatically on some systems.
– Web worm
• Nimda starts to scan the internet, trying to locate web servers. Once a web server is found,
the worm tries to infect it by using several known security holes. If this succeeds, the worm will
modify random web pages on the site, which if viewed may infect the web surfer’s computer.
Hybris
http://www.fsecure.com/v-descs/hybris.shtml
– Hybris is an Internet worm that spreads itself as an attachment to e-mail messages.
– It can upgrade itself via the Internet.
– Depending on the installed plugins, it can:
• Infect all ZIP and RAR archives on all available drives. The worm renames EXE files in
archive with .EX$ extension and add its copy with .EXE extension to the archive.
• Infect DOS and Windows executable files (*.exe) files. The worm changes them so that they
become droppers. When run, they copy worm's EXE file to TEMP directory and execute it.
• Depending on system date and time, a "spiral" effect is shown on the Windows Desktop.
– The worm intercepts Windows functions that establishes network connections, including those
to the Internet. It reads the data that is sent and received, looking for e-mail addresses. When
an address is found, the worm waits and then sends an infected message to each person.
Magistr
http://www.fsecure.com/v-descs/magistr.shtml
– Magistr is a very dangerous memory resident worm combined with virus infection routines.
– The virus has an extremely dangerous payload, and depending on different conditions it
erases hard drive data, CMOS memory and Flash Bios contents.
– When the virus is run (from infected message for example, if a user clicks on it installs itself to
the Windows memory, then runs in background, sleeps for a few minutes and run its routines:
local and network EXE file infection, e-mail spreading, etc.
Magistr
– Depending on its internal counters the virus manifests itself: it gets access to Windows
desktop and does not allow access to icons on the desktop by mouse. When mouse cursor is
moved to an icon, the virus moves the icon out of the cursor. It looks like desktop icons try to
"escape" mouse cursor.
– Magistr virus spreads via Internet with infected emails, infects Windows executable files on a
infected machine (local machine) and is able to spread itself over a local network.
• Mass mailing:
– To send infected emails, the virus reads the settings of installed e-mail client settings--Outlook
Express Netscape Messenger Internet Mail & News
– The virus then scans email database files of those clients, gets e-mail addresses from there and
sends itself to those addresses.
- The attachment name is variable, it can have an EXE or SCR extension. The virus looks on
the system for an EXE file, infects it and attaches it to the message.
– The Subject and Body are randomly constructed from words and sentences that are found in
.DOC and .TXT files in the system (the virus also scans local drives for these files and get texts
from there).
How big is the virus problem?
Should I really worry about it? Can it really happen to me?
YES!!!
• The number of known viruses surpassed 50,000 in August 2000. According to the anti-virus
vendor, Sophos the number of new viruses discovered every month continues to rise.
• Virus trends between 1999 and 2001 illustrate the threat to an e-mail system.
• In 1999, 1 in 1400 e-mails contained a virus. In 2000, it was 1 in 700, and 1 in 300 this year.
Message Labs, an anti-virus vendor that specializes in scanning e-mail, predicts that if trends
continue that by 2008, 1 in 10 e-mails will contain a virus.
• There are 808 viruses listed on the May 2002 WildList and Supplemental list.
• For a virus to be considered “in the wild”, it must be spreading as a result of normal day-to-day
operations on and between the computers of unsuspecting users.
How do I get a virus?
I know what they are, but how do they work?
Methods of Attack
• E-Mail Attachments
• Web Pages
• Open Network Shares (Peer to Peer Networking)
• Internet Relay Chat & Instant Messaging
• Floppy Disks
• MS Office Document Macros
• Macromedia Flash Documents
• And, new ways appearing all the time…
How do I protect myself from viruses?
How can I avoid this agony?
Steps to Protect Yourself
• Be paranoid.
• According to Murphy’s law--"If anything can go wrong, it will“
• In computing, this is not as far from the truth as you might hope.
• Make sure you have an up to date anti-virus package installed on your computer.
• EITS currently provides the F-Secure Anti-Virus package for UGA student, faculty, and staff
use.
• It is available for download from the Anti-Virus @ UGA website: http://www.virus.uga.edu
• Do not open unexpected attachments.
• Increasingly, viruses are sent as attachments to e-mails. This is a particularly insidious
method of transmission because often people will open attachments that have been sent by
acquaintances, co-workers, or friends, only to find that the attachment is in fact a virus.
• Install patches for the software you use in a timely manner
• There are viruses that exploit 'holes' or vulnerabilities in operating systems and applications.
Anti-virus programs are generally able to protect you from this kind of 'malware' even if you
have not installed the appropriate patch for that vulnerability.
• It is recommended that you visit your software manufacturer's Web site regularly to download
and install new patches in a timely fashion.
• From http://online.securityfocus.com/infocus/1288
• Always scan floppy disks and CDs for viruses before using them
• Despite the fact that approximately 85% of all registered cases of computer infection are
transmitted through e-mail, we should not ignore the traditional transport for malware: the
mobile media (diskettes, compact disks, etc.).
• Users should always check these external media for viruses before using it on their
computers. It is a simple, straightforward procedure to scan a disk with an anti-virus program.
It takes just a few seconds, and can save hours of aggravation.
• Be careful with software, even from a credible source
• It is not just pirated software that may be infectious. Sometimes even licensed CDs with
software from well-established, credible vendors may contain viruses. Also, software
downloaded from the Internet may carry a virus.
• Another source of infection may be a computer that has been taken in for maintenance that
may be returned to its owner with a hard drive that is infected with a virus.
• Create a virus-free start-up disk for your computer and keep it in a safe place.
• Sometimes an infected computer cannot be started. This does not mean that a virus has
deleted data from your hard drive; it only means that your operating system cannot be loaded
any more.
• To solve this problem, you should use a virus-free start-up diskette containing an anti-virus
program that has been developed for your operating system. This diskette will help you to start
your computer and delete any viruses in your operating system.
• Back up your files regularly.
• Although this rule will not protect against virus infection, it will allow you to protect your
valuable data in case your computer becomes infected (or, as an added bonus, if you have
any other problems with your hardware).
• It is advisable to back up your most valuable data using external media, such as diskettes, MO
disks, magnetic tapes, CDs, etc. In this case, whatever might happen, you will always be
prepared.
• Make file extensions visible.
• It is safe to run non-executable file content, such as JPGs, MPGs, GIFs, WAVs, etc. You just
need to make sure they aren't executables in disguise.
• Most Windows versions will hide known file extensions. Thus, a seemingly innocuously named
file, PICTURE.JPG, may be PICTURE.JPG.EXE. In Windows Explorer, look for the file
extension hiding option under Folder Options.
• From http://security.oreilly.com/news/maliciouscode_0801.html
• Don't share your hard drive (disable file sharing on your hard drive).
• If you do need to provide some file and print sharing, don't give the keys to the kingdom; use
a password, and ONLY give the minimum that you have to a directory (folder) is much better
than giving all of the C:\, read only is better than full access. If you have to give a C:\
administrative share, limit the number of people who can use it.
• There is a very simple way for Windows users to eliminate the threat of "accidentally"
executing a VBS attachment to an e-mail.
• By doing the following steps, if you ever "accidentally" click on a worm or virus written in
Visual Basic, it will pop open in notepad rather than executing.
[1] Go to any open Windows Explorer or File Manager window.
[2] On the pull-down menus select "Options" on the "View" pull-down.
[3] Select the "File Types" tab.
[4] Scroll down until you see the .vbs file type.
[5] For each of them, highlight the entry and select "Edit."
[6] Highlight "Open" and select "Edit."
[7] Change the "application use to perform action" from "wscript.exe" to the path name for where
"notepad.exe" is located. This is likely either "C:windowsnotepad.exe" or
"C:WINNTnotepad.exe." You can use the file find feature to locate the proper path.
[8] Once changed, click "OK" and "Close."
[9] Repeat for the .vbe file type.
Ways to Protect Your Computer From Viruses
• Install an anti-virus program.
• Remove disks from disk drive before shutting down/restarting computer.
• Be cautious of email attachments from unknown sources.
• Do not set your email program to auto-run attachments.
• Write protect floppy disks when finished.
Some Popular Antivirus Programs
• Norton Antivirus
• McAfee virus scan
FIREWALL
Every time corporate connects its Intranet to Internet and it faces potential danger, Due to the
openness of Internet there is a possibility of attack by the hackers and Intruders to cause the harm to
local computing Environment in no of ways like
• They can steal or damage the important data
• Damage individual computer or entire network
• Use the corporate ‘s computers resources
Solution for all such types of threats and many more to build a firewall to protect Intranet.
What is a firewall?
• A firewall is any mechanism that acts to restrict access to a network according to a set of
defined rules.
• Function as “front doors” to a network.
• A firewall is combination of hardware and software and are build up
by using routers, servers and variety of software’s and are placed in
between Internet & Intranet
A set of programs residing on a "gateway server" that
protect the resources of an internal network
• A network device or an host that connect 2 or more networks
• A device able to monitor each packet to determine whether to forward it toward its destination
• A device able to evaluates packets with the objective to Control, Modify and Filter network
traffic
Advantages
• Hiding network information
• application/content-level filtering
• fail over and load balancing features
• single-point of control (easy to control access)
• powerful logging features
Disadvantages
• increases the communication latency/delay
• proxy per application and no generic one
• client might need to be modified/reconfigured to use the proxy server
• connections which bypass firewall services through the firewall
• introduce vulnerabilities
• insiders can exercise internal vulnerabilities
• performance may suffer single point of failure
How do they work?
• By inspecting traffic that travels across/through them according to the policy that’s been set.
How are they set up?
• Act as a go-between for any two given networks
• All traffic between external and internal networks must go through the firewall
• Firewall has opportunity to ensure that only suitable traffic goes back and forth
Firewall Architecture’s
Fig : Shows Simple Firewall Architecture
Bastion
Host
Internet
Intrane
t
Inner Outer
Barrier Barrier
Requisites of Good Firewall Systems:
Requisites are totally depends on security requirements however one should check some attributes
before commissioning any type of firewall system
• Firewall system should be able to support or deny services except those are specifically
permitted
• Firewall system should posses flexibility i.e. it must have ability to new changes based on
company’s policy
• It should contain advanced authentication measures
• It should employ filtering techniques
Firewalls Rules
• Packet Filters/FW Rules: to implement the FW policy
• Questions to ask:
• Which services do want to offer on the network and in which direction?
• Do want to restrict user Internet access: which, what and when?
• Is there any trusted external hosts to which you want to give network access?
• Fields used to Filter Packets:
• IP headers: options, proto, src/dest IP,
• TCP and UDP: src/dest port, flags, SYN and ACK bits
Firewall Rules Basis
• Interface name (FW may have more than one incoming/outgoing link
• Interface or traffic direction
• Source and destination IP address: this includes broadcast and multicast addresses
• IP options : need to check this for source routing
• ICMP
• Transport Protocols: UDP, TCP, IPX, ..
• Well-know TCP/UDP Services: WEB, FTP .. etc
• More restricted rules comes first to avoid rules conflict and shadow
1. Permit ANY TCP incoming (more general)
2. Deny DestPort=25 TCP incoming (will be shadowed by 1)
PACKET FILTERING FIREWALLS
IP packet fitering firewall examines each and every incoming and outgoing packet flowing through it by
examining the specific field in IP datagram headers, Firewall decides whether to allow the packet to
come inside / go outside or discard the packet
Key fields tested by the firewall are
• Source Ip headers
• Destination IP headers
• TCP/UDP source port
• TCP/UDP destination port
Packet filtering firewalls
• Packet filtering firewalls decide whether or not to forward packets based on
o source and destination IP addresses
o protocol field
o source and destination port numbers
o SYN flag settings
• Rules dictate whether or not packets should be forwarded
• Inspects packets in isolation
• Does not keep track of connection state
• Susceptible to application layer attacks
WWW FTP Client
IP Packet
screening
router
Server
Filtering/Scr
eening rules
Usenet e-mail Client
As shown in above fig firewall router filters incoming and outgoing Packets based on the security rules
that are set at the time of configuring the firewall host based on the company’s policies
can do: allow incoming telnet from a particular host
cannot do: allow incoming telnet from a particular user
e.g. If company doesn’t offer FTP services to outsiders then firewall is configured to reject the request
related with FTP
An example: Ports >1024! (I)
Objective: allow a network application (based on sockets), to be accessible by hosts outside your local
LAN:
• The software is made by a main process that receive connection requests on port 999.
• Then the main process create a new process for each new connection. New processes waits
for client data on ports from 40001 to 41000.
• The main process send a reply to the client (in the payload of an UDP packet) with port to use
to connect to the dedicate process
• The client receive the packet, read the port (ex:40001) and send the next packet to port 40001
of the same server
• A statless firewall REJECT the packet cause port>1024 are closed
• With a stateless firewall, if you want to allow your server to work properly with hosts outside
your LAN you must open all port>1024
• A statfull Firewall allow to leave ports >1024 closed
Statefull vs. Stateless Firewalls
• Statless firewalls can make filter decision based only on:
o source/destination addresses and ports
o Statfull firewall associate a packet to a state and can make decision base on:
o source/destination addresses and ports
o state of the packet
Drawbacks Of packet filtering firewall:
1. Packet filtering rules can be complex
2. Logging facility is not provided by such firewall
3. If TCP /UDP packet filtering is not implemented fully , it can lead to security hole
4. Can not handle RPC(Remote procedure calls)
• Two main types of filtering firewall
• Routing based filters
• From where did you come?
• Where are you going?
• Don’t care what you do once you get there.
Content based filters
• What are you trying to do?
• Not as common as Routing based because it’s harder to implement
successfully
Proxy Application Gateways
In such type of firewall remote host or network can interact only with proxy server (proxy application
gateway) proxy server is responsible for hiding the details of the Internal network ie Intranet. If the
remote host is interested to avail the facilities placed inside the company in that case first proxy
authenticates remote host/user then it creates the session between application gateway and the
Internal host and allows the transmission of packet as well maintain the log details of user too.
Web HTTP Server

Secure Subnet Inside
FTP Server
Proxy Server
Clients running on
Inside Firewall M/C Gopher Server
Firewall that connects
to Internet
Telnet Server
Firewall Security perimeter USENET Server
As shown in fig. Proxy application gateway is special server which runs on firewall machine
and user ie inside or outside if they have to share the data in that case they have to divert the
request to the proxy server proxy applies the security policy by authenticating the user and
then maintains or establishes the session between the end users
Gopher: Is as server application that allows you to browse huge amount of information by performing
remote logins and FTP
Advantages Of Application Gateways:
1. Proxy authenticates only those services for which it is configured /installed
2. Robust authentication and logging facility
3. Cost effectiveness
4. Less complex filtering rules
Hardened Firewall Hosts (HFH):
Hardened firewall hosts are similar to proxy application gateways and are configured for increased
security . This type of firewall requires inside or outside user to connect to some trusted application
running on firewall machine before getting connected furthur. These firewalls are configured to protect
against unauthorized interactive logins from the external world
Steps required to setup HFH:
• Remove all users account except those are necessary for the operation of firewall machine
• Remove all noncrucial files and executables especially network server programs and client
programs like FTP and Telnet
• Exten the feature of traffic logging and monitoring to check remote access
• Disable IP forwarding to prevent firewall to forward unauthorized packets
Advantages:
• Concentration of security
• Information hiding: Having ability to hide the company’s Intranet
• Centralized and simplified network services management
Drawbacks:
• Concentrates security at one spot as apposed to distribute it among system
• S/w support is not enough as few vendors are offering HFH
AAA Security:
AAA Security
Intranet Internet
Fig : Shows AAA(Authentication Authorization and Accounting) Security
AAA Security works similar to Proxy application gateway in this too user must have to get himself
authenticated by security system for availing the facilities that are kept inside or outside of the
company ,ie its an compulsion over clients to get themselves logged on Security system and then only
they would be authorized for availing facilities based on the policies set on the security system, after
giving the authorization AAA system will maintain the details data packet transaction for the purpose
of further accounting/auditing
Two ways to approach the rule sets:
– Allow all except what is defined as unwanted
• Place roadblocks/watch gates along a wide open road.
– Deny all except what is defined as wanted
• Build a wall and carve paths for everyone you like.
Problems:
– Firewalls as filters can be considered for most part to be infallible... but as a security
measure? They can only enforce rules (generally static)
• Crunchy on the outside, but soft and chewy on the inside.”
• Conclusions
– People don’t just put up a thick front door for their sensitive belongings, you shouldn’t
for your network either.
– Firewalls are an effective start to securing a network. Not a finish.
– Care must be taken to construct an appropriate set of rules that will enforce your
policy.
Crytography and Securities:
There are two types of encryption techniques
Symmetriction encryption technique(Conventional encryption)
Assymetric encryption(Public key encryption)
In general there are two types of ciphers
A Block Cipher: It takes given length of data as input and produces a different length of
encrypted data
A Stream Cipher:It converts plain text to encrypted or ciphertext one bit at a time
Symmetric Encryption:
Private Key Private

key
Plain Text Cipher Plain Text

Cipher Text Cipher
Fig . Shows Symmetric Encryption
Symmetric encryption is also termed as secret key encryption because secret key is shared between
sender and receiver
Asymmetric encryption:
Asymmetric encryption was developed in 1970. Two keys are involved in asymmetric encryption first
key (the public key) is published and is used by entities intending to send data securely to key owner.
Second key is private key known only to the owner and interesting thing is that two keys are
reversible ie private key can be used to encrypt data that can be decrypted only by using the public
key and vice versa and this capability directly leads to the digital signatures
Recipeints Recipents private key
public
Private Key
Plain Text Cipher Text Plain Text

Cipher Cipher
Senders Senders
Pribvate Key public key
Plain Text Cipher Text Plain Text

Cipher Cipher
Fig Shows Details of Asymmetric encryption techniques
By using Asymmetric encryption several secure algorithms are developed like
1. Message digest algorithm
2. Secure hash algorithm
3. Digital Signature’s etc
Digital Signatures:
It provides means for the contents of message and the identity of sender to be verified . A digital
signature is implemented by using asymmetric encryption and hash function. Digital signature
depends on the fact that asymmetric encryption ciphers are reversible. Digital signature also depends
on fact that orignal message signature and key pair are related so that changing any one will result in
failure to verify the signature
Data to be Data
sent Received
Digital Digital
Messag Signature Signature Messag
e Digest e Digest
Algorith Algorith
Public Public
Message Key Key
Digest Cipher Cipher
Senders
Private Message Message
Key Digest Digest
Two
M.D.
Equals
Sender Side Recipeint side
Fig. Shows the working of Digital Signature
Sender prepares message digest this message digest is then encrypted with senders private key the
recipient receives message and decrypt the message digest by using senders public key
A digital code that can be attached to an electronically transmitted message that uniquely identifies the
sender called digital signature. Like written signature , the purpose of digital signature is to gurantee
that the individual sending message really is who he or she claims to be. Digital signatures are
especially important for electronic commerce and are key component of most authentication schemes,
to be effective, digital signature must be unforgettable there are number of encryption technique to
guarantee this type of security
Website planning & hosting
Phases of web publishing
1. Planning: Setting goals specifying contents, organizing content and setting user interface to
navigate content
2. Implementation: Creating content, implementing navigation, user interface and coding site
which may include HTML, scripts, programs and database developments
3. Testing: User browser and system testing (ie same page may appear differently on different
browsers so check it on all the available browsers in market)
4. Domain Registration & Hosting: Based on the importance of site register for unique or sub
domain and host it on respective domain by performing ftp
5. Website Promotion: Promote your site by registering it on search engines and indexes to
increase the hit rate
6. Maintenance: Maintaining and updating the site, questioning the old goals and returning to
planning phase
Website Planning: For executing any work in proper/systematic way planning is must e.g. plan for
traveling in which we would do advance reservations ad other things, plan to watch movie, plan to
construct house plan to do the preparation of examinations
Before you begin to create your Web site, spend some time planning what the purpose of the site will
be, what content it will contain, and how to structure it. Planning before you begin helps you create a
Web site that has a unified look and a well-designed structure. Putting your business on the Web will
require new ways of thinking. To help evaluate your needs look at various perspectives for your
business on the web:
• Information Distributor – Determine your information relationship with your customer. What do
you need to tell the customer, or prospective customer? What format best suits your product
or service, pictures, text or graphics?
• Information Gathering/Market Research – Get to know your customer or prospective customer
What information do you need from them? Include a feedback form on your web site.
• Marketing versus Sales – Is the site going to be a promotional tool or a selling platform. Will
customers gain decision making information quickly?
• Customer Quantity versus Quality – Will the website increase the number of customers that
you can reach? Will it expand your business to a new demographic of customer?
• Satisfaction Measurement – Ensure that you monitor the statistics to determine whether the
site is effective. What are the number of hits? Has it extended the reach of the customers?
Has it reduced print and postage costs? Has it reduced sales and distribution costs?
• Revenue – Examine new markets and revenue streams that can be generated from your
website.
So before developing the site there is need of proper planning so that it would become
effective it includes the following points
Identify your target audience
Materialize the concept and ideas
Selection of Web page layouting schemes
Finalizing directory structure
Developing look and feel related with representation of color, graphics etc
Target audience:
In order to convey the proper message to proper peoples there is need to identify the right peoples so
at the time of planning first identify to whom you want to convey the message? Without this information
you will miss the intended mark of message. So consider following points while identifying audiences
Audiences background and their previous experiences
Their interest’s and their tastes
The reason why they are visiting your site
What their age is?
What they are expecting from your website
We can achieve above mentioned things by doing survey either traditional or e-survey and in that you
must have to include following points
Age of the audience
Gender
Financial status
Educational background
Geographical Location
Material status
Any other relevant point
Materialize your Concept and Ideas
You should be clear with your motive of creating website it might be among the following
To inform
To promote a product
To educate the audiences
To do research and report
To entertain the audience
So your vision of creating website needs to be well defined and acceptable to management, if you
are working in organization. So once goals are defined, organize all your material. Put together
any existing documents and pictures you want to work with. For example, if it is a company’s site
you may want to assemble logos, company information and product descriptions also think about
the message you want to convey to fulfill your mission and which type of images or text might be
appropriate. If your site’s goal suggests fun and light heartedness, then use informal language and
whimsical graphics
WebPages Lay outing :
Web page lay outing selection is totally depends on the clarity and expressiveness of
concerned scheme so at the time of selecting lay outing scheme you must have to check the
possibility of confusion and expressiveness of concerned scheme following are the major web page
lay outing schemes
1. Tree Structure:
Big Company
Dept-I Dept -II Dept-III
Tree structure seems to be most appropriate its up to designer to select breadth Vs
depth structure
Big Company Big Company
Dept-I Dept -II Dept-III Dept-I Dept -II Dept-III
Depth Vs Breadth
Pure Linear
Linear with alternate
Linear with options
Linear with side trip
Mixed Hierarchy
Pure Web
Grid Layout
Grid
Pure Web
Expressive ness
Linear Hierarchy
Possibility of confusion
Create a directory structure:
If you think site will contain files, which are small in size and large in number, then store all of them just
in directory. But if the site is going to be very large and complex, then you will need to organize files
into separate directories and subdirectories. Developing a logical directory structure is an essential
part of planning your website. You can have a subdirectory of images or pictures. Similarly
subdirectory for sound clippings
Web Site Planning Worksheet
Plan Your Content
The following questions will help you determine your content. Answer them and
note any other information that might be important.
1. What is the purpose of your site?
2. Who is your audience? What do they know? What do they need to know? What kind of network
connection do they have?
3. What do you want your students to learn from your Web site?
4. What subsections would you divide your content into so the flow of information is clear, logical, and
useful to your students?
Since a Web site can be developed to offer a “Web-enhanced” course, here are some
other considerations:
5. How will the Web site support the educational objectives of the course?
6. What course materials will be placed on-line? In what format?
7. Does your textbook have companion Web site that you can link to?
8. Will the course Web site offer links to other resources on the Web?
Tip: When linking to online resources outside your site, be specific about why you have linked to a
particular site. Don't link to sites just because they happen to mention the subject you are teaching.
Instead link to sites that support a specific instructional goal.
9. Will all the materials be posted on the Web at the beginning of a course? Or, updated regularly
during a semester?
Tip: At the beginning of your course, explain to your students the purpose
and contents of the Course Web site and how often they should visit it.
Implemetation :At the time of actual keying/coding you must have to consider following points
Title should be catchy, descriptive and accurate
Page length should not be more than two pages
Images should not be of varying shapes
Filename should be short and consistent
Color scheme should be soothing
Appearance of your Website:
Above all else you must ensure that your website looks professional to give a good ‘first impression’.
Navigation - Many visitors will arrive at your home page; make sure that your visitors can get a
general idea of what’s on your site and can easily access the different pages. You can do this with the
use of navigation buttons.
However, keep in mind that not all of your visitors arrive at your home page first. For this reason, it’s a
good idea to make it easy to return to your home page from other pages in your site, by including a
link to the home page. Your material should be organised so that your visitors understand it. You will
need to lead your visitor through your site so that their eye flows from one element to the next. Don't
put pictures next to unrelated text. You might know what you mean, but your visitors sure won't.
Positioning - A few more tips for positioning words and pictures on your new site. Most of us are
used to reading English and other European languages from left to right and top to bottom. Our eyes
are used to going to the top left corner of a page - so place the information that you want people to
see first up there and arrange other elements to flow across and down the page in decreasing order of
importance. Don't put too many distracting links to other pages or topics all over the place.
Graphics & photos - Don’t get carried away with graphics, photos or typefaces. You should be
conscious of the download time as you don’t want your visitors to go off as your page takes too long to
view. ZyWeb produces optimised graphics and photos which are a high quality resolution, whilst be
small in size and hence quick to download.
Style - Try to keep a similar style throughout your pages. Colour will make your page look great.
Colours will make it distinctive and memorable and colours also have strong psychological effects that
can set moods or convey feelings. Most web sites are set in a theme colour throughout. A small vivid
splash on the graphics will have a great effect to highlight something but vivid splashes everywhere
will be overwhelming. You should, ideally, use only 2 colours with shades of those colours.
Colors - Legibility is vital - your page needs to be read! So adequate contrast is the answer; light type,
dark background, dark type, light background. Obviously black and white give the maximum contrast,
but that's boring. Color contrast creates powerful effects. Cool colors, greens, blues, tend to calm,
while warm colours, reds, yellows tend to excite. Dark colours can convey heavy and oppressive
feelings while light colours promote open airy feelings.
Here are a few sure-fire color combinations. Stick to light coloured backgrounds, white or light grey,
tan, light blue, light green or pale yellow. Use black or dark coloured text on these backgrounds. Avoid
bright text colors on light backgrounds. Large, bold text can be coloured in strong colors – try bright
red, orange or blue, but don't overdo it. Use light type on dark backgrounds in small areas where you
want to attract attention
Interactive - Make the site interactive to retain the concentration of the visitor for the maximum
amount of time. Ideally, build interactivity into the opening home page screen with the use of clickable
navigational buttons. The wording of the label on the link should prompt the visitor to take action.
Highlight buttons to take visitors to special areas and always put the more important ones at the top.
Remember to lead the visitor through your site.
What is Domain Name
A Domain nam e can contain the num ber s 0-9, the letters a-z and the h yphen
character ("-"). Note however t hat Domain names cannot begin or end with a hyphen.
You can use UPPERCASE or lowercase letters when registering a Dom ain nam e, but
you ma y occasionally run into problems if you mix cASes, depending on the exact
configur ation of the web ser ver that will be hosting your website.
The easiest way to mak e sure your Domain name will not cause you any problems
later is to register it using all lowercase letter s.
A Dom ain name can contain up to 67 char acter s, although som e Domain registrars
have still not reconfigured their ser vices to accommodate these longer Domain names
(Domain names used to be limited to 26 characters until m id- 1999).
This 67 char acter limit includes the "." (dot) and the top level Domain. So in the case
of a ".com" name, for instance, you'll be able to specif y up to 63 characters your self.
Some top Domains from specific countries have additional limitations on length and
on the number of c har acters in a Domain. Some even specify a minim um length for a
Domain name, suc h as 3 character s or more.
There are man y differ ent wa ys to resear ch Domain names and to find inspirat ion for
new Dom ain names to register. The way you research Dom ain names will be color ed
to a large extent b y the intended use for t he Domain nam e i.e. is it being register ed
for a new or existing site, for investment purposes or to "protect" an established
brand or trademark .
You're looking for a Domain n ame for a new w ebsite
Start by not ing down what the site will be about, in a paragraph or two. Then boil
down this descr iption into a maximum of 2 sentences. Don't worr y about covering all
the details - just mak e sure you'r e addr essing the es sentials of what the site will be
about.
Now tak e your short description, and under line all the "k ey" words that descr ibe your
site. Let's tak e a specific (fict ional) example:-
"Our website will be the leading source of infor mation on weaving and k nitting,
providing k nitting patterns and design ideas, an introduction to w eaving, a guide to
selecting and caring for loom s, and a store for people t o bu y wool, yarn and book s."
Now try to come up with a Domain name that either addr es ses the one fundamental
concept of the site, or that marr ies two or m ore k ey concepts in a single name.
In our example: weavingandk nitting.com, k nittingandweav ing.com,
k nittingpatterns.com , k nittingworld.com, weavingwor ld.com etc.
Once you've drawn up a short- list of Domain names to "test" for availability, it's time
to fire up your favorite Dom ain name search engine.
If you're having difficult y coming up with useful Domain name combinations from your
k eywords, tr y a single k eyword and add pr efixes or suffixes. Not all prefixes and
suffixes are appropriate in all situations - use your judgment when deciding which to
add.
Common Pref ixes
e, e-, m y, i, i-, the, online, net, web, inter net, hot, cool, our, your
Common Suffixes
world, link s, site, web, net, resour ce, business, compan y, corp, inc,
shop, store, mall, sear ch, director y, guide
You're loo king for a Domain name for an existing w ebsite
In the case that you're look ing to bu y a Domain name for a website that is alread y up
and running, your options will be more limited than if you'r e starting from scratch.
First, have you already been operating the site under a clear ly-recognizable "name"
or "title"? Even if your site is hosted on cheap space at an ISP, or on a free host, you
ma y have given it a short title in large letter s (or in a logo). This is the obvious place
to start when look ing f or a Dom ain name.
If your site' s name (as given in its title) is ver y generic, you ma y well find one (or
man y) other sites already using it - and the corresponding Domain name( s) long since
gone. In that case, you have to decide whether you will m ak e a bid t o bu y the Domain
name you want from its current owner, look for an alter nat ive extension or use the
brainstor ming trick s outlined earlier in this article to find a suitable alternative. You
can also consult the guide to choosing t he r ight Dom ain name for more help.
W hy to Book a Domain Nam e
There are many uses for Domain Names.
Do main names can b e used to establish a unique id entit y in
cybersp ace
Companies often choose a dom ain name that corresponds to their
compan y name. For instance, Net4India's web site is at net 4india.com
and Yahoo is at yahoo. com.
Generic do main names are popular
A generic domain name is one that would not im mediately be associated
with a compan y, but instead is a name that defines an entir e categor y of
business. Some examples of gener ic names include movies.com,
flower s.com and ess ay. com. Companies have gone on to cr eate
successful br ands based on a generic domain name, and these names
tend to be ver y valuable if the word is a comm on one.
Domain n ames can be resold, leased and b artered
As well as being used to identif y a website, domain names can be
resold to other companies or people, leased or even bartered for other
names or for goods or ser vices. A whole industr y has sprung up ar ound
the resale of domain names, with dom ain brok ers acting as middlemen
in the sales process. The pr ofits from a successful sale can be
enor mous compar ed to the original value of the name, s ince some
domains have sold for over $1 million - and cost under $100 to r egister!
Domain n ames can be used to give yourself a uniqu e, permanent
email address
Many companies will set you up with email forwarding, where messages sent to
@yourdomain.com will be redirected to your existing mailbox as provided by your ISP. This
lets you choose a truly unique email address and keep the same email address regardless
of which ISP you use to access the Internet.
Domain n ames can be used to impro ve a site's ranking in certain
search engines
Although the rules b y which search engines "rank " sites when returning
search results change often, some search engines have recently been
favoring sites with their own domain nam es over sites that do not have a
domain name of their own. Some sear ch engines even give increased
relevancy to domain names that contain "k eywor ds" that people search
for. For example, a s earch engine m ight rate a site wit h the domain
name "freestuffguide.com" more highly than a site with the domain name
"freebieguide.com" for the sear ch "free stuff" since the for mer domain
name contains the sear ch terms being searched for.
Register ing a Domain Nam e
Step 1
To register Domain Names on this website, use the Domain s ear ch box
on the home page of this website.
In the Domain, sear ch box on the home page enter the Domain Nam e
you want, select an extension for your Domain Nam e and start your
search by click ing on the Search butt on.
Step 2
The result page will show you whether the Domain is available or not. If
your Domain Name is available, you may proceed to register by
selecting the check box against the Dom ain Name you want along with
the term for registration.
If the Dom ain is not av ailable then you will have to r esume your search
again.
Step 3
Enter your UserName and P assword in User Login window. In case, you
are a New User, click on Register! W hich will lead you to a New User
Registration For m. Please complete this form and Submit. Registration
is absolutel y free of cost. Once you are registered member you can use
your member ship for availing all the services and products available
here.
Step 4
Fill in the Domain Registration F orm and Submit. Kindly ensure t hat you
enter all the mandator y fields.
Step 5
Once you have confir m ed the order you will get an or der code along
with the am ount that you are required to pay.
The Domain Names ar e book ed on first-com e-first-serve basis. P lease
arrange to send the payment immediately to enable com pletion of the
registr ation process.
After receipt of your paym ent , you will receive an ack nowledgem ent for
the same. You will also receive a confirmation of your Domain Name
having been r egistered.
Kindly note that it tak es about 48 hrs, for the Regis tr y database to
update a new Registr ation and r eflect it on the 'W hois Sear ch'.
Your own Domain Name
Make it easy for your customers to find you on the Internet with your own unique domain name
(alsoknown as an Internet address or URL) for example www.bit.ac.in or bitdurg.org Having your own
domain name also makes your email address consistent and meaningful, eg dpmishra@bitdurg.org
dpmishra@bit.ac.in and it means that you don’t have to change it when you change ISP Thousands of
domains are being registered every day so we strongly recommend that you register your domain
name now, otherwise you may find your company name already taken.
Where to Host our Site
How well do you know the company where u host your site:
1. How often do you back up the files?
The answer you should be looking for is that they backup every night. You should also keep a up to
date copy of your site on your computer to be on the safe side.
2. What sort of equipment and software are in place to ensure that my site is up?
Most Internet Hosting Companies use some combination of equipment and software to ensure that the
servers are up and working. You want to make sure that the server is hooked up to an UPS
(uninterrupted Power Supply). The UPS is just a big battery that will provide the server with power for
30 minutes to several hours. Also most Hosting Companies have software and equipment that
monitors the servers and restarts them if they quit serving pages. You will also want to know if this
fails, does the company have a way to restart the server manually.
3. How many domains can I host per account?
If you have 2 domain names, say joestools.com and cooltools.com, and wanted them to both go to the
same site, would they charge you extra for the domain names or since it all goes to one site will you
be charged just for one. If you plan on hosing several sites to see which ones will be successful, you
might want to ask for a volume discount or ask if they have a reseller package.
4. What are their billing policies?
You need to find out who to contact if you have a problem with billing and what is the process for
resolving problems.
5. What is the procedure for uploading files to your account?
You want to know if you will have 24 hour FTP access. Some hosting companies restrict how you can
upload files to the servers.
6. Do they provide log files or Stats?
Hosting companies usually do one or the other, either provide you with the raw logs for you account or
provide you with some sort of online statistics. You will want to make sure that the logs contain
information from search engines on the words and phrases used, how long the visitor stayed at the
site, entry page, number of page visits, broken links and errors, and exit page.
7. Do they provide Form to email processing?
Nearly every hosting company will provide atleast a basic form of this. You will want to know if there
are any limitations on the size of the form. Also you might want to ask if there is a way to encrypt the
form. If so you could use this for an ecommerce solution until you are ready for a shopping cart.
8. What exactly is included in the monthly charge?
You want to know what the features of the account are, but you also want to know if you need them to
do something extra whether there will be a charge for it.
9. How quickly they respond when you have questions?
Before choosing a hosting company call them up or email them with a question and see how quickly
they have an answer for you.
One of the biggest pains about having a web site is changing web hosts. I ought to know, I've changed
over half a dozen times in the last three years. Each time has been a step up and with each move it
becomes easier and easier to change.
Why change web hosts?
In many cases, your web site is the first and only thing that your customer sees (besides, hopefully,
your product after they make a purchase). This is especially true if your company does not have a
real-world presence such as a store or office. Thus it is important that your web site be available to
your visitors (and customers if your site is commercial) twenty-four hours a day, seven days a week,
365 days a year.
Not only must it be available, but your web site must load quickly. If your host computer is too slow, it
doesn't matter how much you optimize your graphics and HTML, cut down page sizes and perform
other actions.
Other features must work properly. These include CGI routines, autoresponders, PHP, ASP and SSI
scripts, and, very importantly, shopping carts and credit card services.
All of this is so important that you must keep an eye on your site. I use two services: alertsite and
internetseer. Both of these ping my site occasionally to determine if it is up. Any errors are reported to
my email inbox. Why do I do this? Two reasons: (a) it's critical that my site be online all of the time,
and (b) these services provide a third-party record of any downtime, which is useful when attempting
to get fees refunded.
These two services also measure response time, which is very useful to determine how well your site
responds to your users browsing requests. These two factors, uptime and response time, are the most
critical measures of web site performance. A consistently bad number in either measure is more than
enough reason to find another host.
Of course, if your CGI routines stop working mysteriously or your autoresponders stop responding,
then by all means shoot off a trouble ticket to your host. You have a right to expect these types of
issues to be quickly and politely fixed. If they are not and the errors continue, then consider moving to
another host.
Getting Ready to Move
There are a number of tasks that you should be performing on a regular basis. You see, you cannot
predict when you might have to change web hosts. It could be that they are suddenly sold and their
level of service drops, or they upgrade their computers which causes a series of new problems. You
can be sure that you will only find out about these things when your web site stops working or
becomes unstable.
Another reason to be performing regular maintenance tasks is the possibility of disasters. A hacker
could deface or even destroy your web site. Your credit card could be closed, which might cause your
host to close down your site until you pay. Any number of other disasters could occur, which make it
very imperative that you have a continual set of procedures in place to be prepared for anything.
What do you need to do regularly?
Monitor your site - As I stated earlier, be sure you use a site monitoring service to keep an eye on your
web site. That way you will know immediately if something happens.
Backup your site - You should perform all edits to your pages on your own computer and upload them
to your site. Never edit your site pages directly. This, by it's very nature, ensures that a copy of your
site always exists on your own computer system.
However, you may also have databases stored on your web site which do not originate from your
computer. These might include mailing lists, demographic data, links and other similar things. These
items must all be copied to your own hard drive on a regular basis.
You can set up your favorite FTP program to do scheduled downloads of selected databases, or you
can just manually copy them on a regular basis.
In addition, your web host should be backing your site up daily. In many instances, these backups are
available to your as downloadable zip files. Be sure and copy these down to your system once in a
while - perhaps once a week.
Don't forget about such things as autoresponders, CGI routines and anything else which you may
enter at your site control panel. You must ensure that you have a backup of everything.
Keep a log - Be sure you know everything that you've done to your site. You should list all of your
autoresponders and their names, track any subdomains which you have set up, and anything else
which you may do. This way if you have to change you can recreate your site quickly and efficiently.
Only use a domain name - Always reference your site via a domain name which you have purchased
and control. Never, ever use the URL provided by your web host, as tempting as this can be at times. I
ran into a situation where my web host URL was somehow entered into a number of search engines,
and I discovered I was getting tens of thousands of hits from these URLs. This forced me to keep
paying for the old site after I switched hosts, just to be able to redirect the traffic to my new site.
Make sure you register your domain elsewhere - The first time I registered a domain name, it seemed
so convenient to just use my web hosts domain registration service. What I didn't know is they became
the registrar, and it was a nightmare getting the domain transferred to a different one. By registering
the domain at a different company, you will most likely get a better price, and you will gain
independence from your web host.
Scope out a few hosts in advance - Even if you are completely happy with your current web host, at
least take a few minutes and have a few names ready just in case. This way if you are forced to move,
you have a pretty good idea of where.
Moving To A Different Host
If you are lucky, you get to make the choice about moving. In that case, you can simply upload your
new site, get it all working, then transfer the domain and cancel the old site. This gives you a large
amount of control, because you don't have to transfer the domain and cancel until you are happy with
the new host.
If for some reason your web host has cut off access to your site, then you have to move fast. This is
where the monitoring services come in handy - you know immediately when your site fails.
These are the steps that I follow when I change hosts.
1) Determine that a change is necessary. Ideally you are the one making this determination. Of
course, if your web host decides for you, then you have to perform the rest of these steps very quickly
because you are down.
2) Find a new hosting company. Read all of the information on the internet that I can find. I also
learned something the hard way - check the hosting companies own forums for customer complaints.
There were several times that I would have avoided trouble had I followed this advice.
3) Review the features of the hosting company to be sure they offer what you need. If you have any
questions, be sure and send an email off to their sales department.
4) If you need a storefront, shopping cart and/or merchant status, be sure you resolve any issues you
may have before laying out any money.
5) Sign up for the hosting company with the right size package, but the minimum amount of time (one
to three months). This gives you some time to check them out without laying out too much money up
front.
6) Once the site is active, start uploading files.
7) Modify any scripts as necessary. Test all of them to be sure they work.
8) Upload any autoresponders and set up your email forwarding as desired.
9) Create any subdomains, if you use this feature.
10) Of course, set up any databases. If your other site is still active, then just load the databases on
the new site with data from the most recent backup - you just want the data for testing purposes. If it's
not active, then load the databases with the most recent values you have.
11) Set up your storefront, merchant services and credit card processing, if necessary. Test as
thoroughly as you can.
12) Once everything works and is tested, transfer the domain to the new host.
13) If you have the option, freeze your databases on the old site about 12 hours after transferring the
domain. Disable all activity to the old databases, then copy to the new site.
14) Once the domain transfers (usually a day or two) test thoroughly again. Unfreeze the databases as
soon as you can.
15) Once everything works, cancel the old account.
16) Depending upon the circumstances of the move, demand a partial or full refund. It does not matter
what the hosting companies policies are - presumably you moved because they were not fulfilling their
contract. This means they are in breach of contract, so demand your money back.
17) If they will not give it back (and they probably won't), check with your credit card company to see
what your options are - if you've paid within 60 days via credit card, you may be able to get the credit
card company to get your money back for you. This is where your monitoring logs come in very handy
(assuming downtime or response time was the reason you left) - you can prove your case using third
party data.
18) Why the focus on getting a refund? Because the hosting company did not provide contracted
services - and no one should be rewarded for failure to fulfill their contract. The only real weapon you
have is your money. Demand a refund.
19) Once you've moved, be sure and practice the maintenance steps mentioned earlier in this article.
You may have to move your site again, and you want to be prepared.
So basically, moving to a new host is always a traumatic, time consuming event. You should take
pains to be prepared so that the trauma is reduced in duration and loss.
To see a list of article available for reprint, you can send an email to: mailto:article-list@internet-
tips.net?subject=send_article_list or visit http://internet-tips.net/requestarticles.htm
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net/ - Visit
our website any time to read over 1,000 complete FREE articles about how to improve your internet
profits, enjoyment and knowledge.
Can you really get FREE web hosting?
Yes, there are hundreds of free hosts, as far as not having to pay any money. Generally they either
cost you in time, hosting restrictions, or modifying your web pages by adding popups or other adverts.
When looking for free web hosting (especially on search engines), you should beware that there are
also a large number of commercial web hosts that claim to offer free hosting, but those have a catch,
such as paying an excessive amount for a domain name or other service, and therefore aren't really
free.
How do the free web hosts make money?
The free hosts often make money in other ways, such as putting banners, popups, or popunders on
your site. Some free hosting companies do not put ads on your site, but require you as the webmaster
to click on banners in their control panel or signup process, or just display banners in the file manager
in hopes you will click them. Some lure visitors with free hosting in hopes you will upgrade and pay for
advanced features. A few send you occasional emails with ads, or may even sell your email address.
Are free web hosts reliable?
Generally no, although there may be a few exceptions. If the host is making money from banner ads or
other revenue sources directly from the free hosting, then they likely will stay in business, provided
someone doesn't abuse their hosting with spam, hacking, etc., as often happens to new free web
hosting companies with liberal signup policies. If the host accepts just anyone, especially with an
automated instant activation and it offers features such as PHP or CGI, then some users invariably try
to find ways to abuse it which can cause the host to have a lot of downtime or the server to be slow. It
is best if you choose a very selective free host which only accepts quality sites (assuming you have
one).
Uses for free webspace
Free web hosting is not recommended for businesses unless you can get domain hosting from an ad-
free host that is very selective, such as DistantHost (http://signup.distanthost.com/) or Fairmount
(http://www.fairmount.nu/). Other reasons for using free hosting would be to learn the basics of
website hosting, have a personal website with pictures of your family or whatever, a doorway page to
another website of yours, or to try scripts you have written on different hosting environments.
How to find the right free web hosting
The best place to search for free webhosting is on a free webspace directory website (i.e. a site which
specializes in listing only free web hosting providers). There are some which add new free hosts pretty
much every week (and if it is updated often, has usually had to delete about as many). There are also
many which almost never update their site, and a huge percent of their links and info are outdated.
Unfortunately that includes most of the directories that were the best several years ago. The problem
is free hosts change so often, and most fold up in less than a year (often even after only a day or two),
that it is hard to keep such a directory up-to-date. The most recommended directory is Free Webspace
(http://www.free-webhosts.com/), which has a detailed list of over 900 free web hosting providers with
user reviews, ratings, forums, and searchable database. It is updated daily, and the advanced free
web hosting search has 42 options, helping you to find the free hosting package with all the features
you need, such as CGI, PHP, MySQL, ASP, SSI, and FrontPage extensions.
For a smaller, more selective list of the best free hosts, there is also:
100 Best Free Webspace (http://www.100-Best-Free-Webspace.com/)
Free Hosting (http://www.Absolutely-Free-Hosting.com/)
Free Webspace (http://www.free-webspace.org/)
Other (usually less useful) resources include subcategories of freebies sites, search engines and
directories, and forums. Your ISP might also supply you with free webhosting.
Hints for finding the best free web hosting
Generally it is best not to choose a free hosting package with more features than you need, and also
check to see if the company somehow receives revenue from the free hosting itself to keep it in
business. As already mentioned, it is best to try to get accepted to a more selective free host if
possible. Look at other sites hosted there to see what kind of ads are on your site, and the server
speed (keep in mind newer hosts will be faster at first). Read the Terms of Service (TOS) and host
features to make sure it has enough bandwidth for your site, large webspace and file size limit, and
any scripting options you might need. Read free webspace reviews and ratings by other users on free
hosting directories. If you don't have your own domain name, you might want to use a free URL
forwarding service so you can change your site's host if needed.
Recommended free web hosts
It would be awfully hard to recommend any host and someone not like it, as different people need
different hosting features and have different priorities, and the hosting quality may change over time.
Also some people want free domain hosting (you own the domain), and others might not be able to
buy a domain. Here are some of the most recommended free web hosts, and their main features.
DistantHost (http://signup.distanthost.com/) offers subdomain or domain hosting, 100 MB webspace,
no forced ads on your site, FTP and/or browser upload, CGI and Perl, PHP, MySQL database, SSI,
and FrontPage Extensions, as well as a collection of other pre-installed scripts. It has great support
and a generous bandwidth limit of 6 GB/month. There is also CPanel 7 control panel with most if not
all the options you would find on a paid host: web-based Email and forwarding, statistics, custom error
pages, SSL, Cron, and much more. What is the catch? You must click on a certain number of banners
in the control panel monthly.
HostRave (http://www.freehosting.hostrave.com/) gives you a URL such as
http://freehosting.hostrave.com/b/ , and offers 21 MB webspace, POP3 and web-based Email, PHP
and SSI, MySQL database, guestbook and forum script, and unmetered bandwidth. You can upload
via a file manger or FTP import. Only English websites are accepted, and there is a text link at the top
of your pages. It has about the best support of any free host, and in fact, maybe better than any paid
host. It's two sister sites offer slightly different features:
Hp-h (http://signup.hspages.com/cgi-bin/signup) - 50 MB.
Homepage-Host (http://www.homepage-host.uni.cc/index1.html) - 10 MB, and no forced ads.
Yahoo Geocities (http://geocities.yahoo.com/home/) is controversial. Many people hate the ads they
put on your site or its other limitations, but it is one of the oldest and most reliable free web hosts. Your
URL looks like http://www.geocities.com/you . They give you 15 MB webspace, file manager and
editor, web-based Email, and statistics. The bandwidth limit is 3 GB/month, and the file size limit is 5
MB. You can upload several file types such as RealAudio, RealVideo, Flash, MP3, and Java, but other
scripting is not supported.
-> Selecting Your Web Page Host <-
When selecting a professional web host your first

consideration should be the company. Check out their
background. Talk to some of their customers and ask
them if they've been satisfied with their service.
- How many customers do they serve?
- What is their uptime percentage?
- Do they require you to make payments in advance?
- Do they charge set up fees?
- How is their customer support? Test them.
- Do they offer fast connections?
- Do they offer shopping cart software to process

your orders?
- Can you upgrade free of charge?
Web hosting prices vary greatly. When selecting your

host, make sure you're getting exactly what you're
paying for. Keep in mind, a lower monthly rate will
not benefit you if your site is down a lot, slow, or
customer service is poor.
-> Criteria for selecting a host <-
Selecting a professional web host is a very important

decision. Make sure you do your homework and ensure
the host you select offers exactly what you need.
- Your own domain name (www.yourname.com)
- Your own True POP email account - name@yourdomain.com
- Fast, low overhead, Multi-T3 access
- Your own unrestricted cgi-bin
- Access to SSL Encryption for secure transactions
- Java, C, C++, Tcl support
- Autoresponders
- htaccess Password Protection for your files or

directories
- At least 1 GIGABYTE (1024 MB) of Daily Transfer
- Design (and upload to) your site using Netscape or

other HTML editing software
- Microsoft Frontpage (98) Server Extensions for those

utilizing Frontpage
- Unlimited free access to your server via Telnet/FTP
- Online invoices, account tracking, and payment

history to enable you to check your account balance,
monthly invoices, past payments, etc.
- Complete daily server backup
- Easy access to your log files
- Statistics on visits to your site
Free web hosts are great for hosting a personal web site,
but not recommended for a business site. If you're really
serious about your business and want to establish your
Internet presence, I highly recommend Host4Profit. They
provide you with exactly what you need to develop a
profitable Internet business at a very reasonable price.
http://www.web-source.net/cgi-bin/t.cgi?l=h4p
HOSTINGYOUR WEBSITE
The term 'Hosting' refers to the housing of a website, email or domain on a server connected to the
internet.All domains need to be hosted somewhere and many require specialist services to be
available such as database or scripting support, frontpage extensions, password protection and
secure login facilities
Your Internet Service Provider (“ISP”) – ie. the company you use toconnect to the Internet, may well
offer to host your Web site as part of the services provided. However, this has the major
disadvantages because you generally cannot use your own domain name as your Internet address will
be attached to their address and the ecommerce
capabilities you need may not be not available. There are specialist Web “hosting” companies which
take the collection of Web pages which make up your Web site, store them on their computers which
are available to Internet users all the time.
Shopping around is necessary and some of the things to be taken into account in deciding upon a host
your Web site include:
• Reliability - It is essential that the host is reliable and that your Web site will be available day and
night, every day of the year.
• Security - Your chosen host needs to provide a high level of security. There are many ways people
can illegally access your site and damage your business, whether by hacking into your customers’
personal details or attempting to bring your site down.
• Speed - If your site's performance is slow or unpredictable, it won't matter how good your product is,
people won't come back.
• Space - Hosts store your Web site on computers called servers. When you enter into a hosting
agreement, you pay for a certain amount of space on these servers (A basic professional site might
require 5 – 20MB (megabytes), whereas a fully e- commerce enabled, content rich site could require
100MB or more). Elements like email and images take more space than text. Make sure you ask what
is included in the space you are
getting. Once you have a domain name and a Web site designed, the next step is to have your Web
site stored on a computer where the world can access it (called a “host” computer).
EXAMPLE PACKAGE
• Scalability - Hopefully, your Web site will attract more and more traffic in which case you will want to
add options such as e-commerce facilities. Make sure you understand the options to increase your
space and functionality before you enter into a
hosting arrangement.
• Email capabilities - Most hosting providers will also provide email addresses such as
yourname@yourcompany.com.au. The number of email addresses provided with a hosting
arrangement can vary and depends upon your needs.
• Support - If you have a large site with a lot of traffic, you may require 24-hour technical support. The
level of support provided by the host vendor varies and is an important consideration.
• How much does it cost - Costs will obviously vary from provider to provider and will be dependent
on your requirements. Most vendors will charge an initial set up fee then an ongoing charge each
month.
The following is an example of package elements and indicative costs for an SME hosting package:
• 20 email boxes
• Support for FrontPage extensions
• Pre-written CGI Scripts
• Detailed web usage statistics
• Private FTP facilities for file upload
• five extra passwords beyond the master password for accessing or editing the site
• 70 megabytes of storage, and 750 megabytes of data transfer per month
• Support for CGI scripts, Active Server Pages (ASP) and Microsoft Access database.
• Set up costs - $100 (once only)
• Ongoing costs - $55 per month or $550 per year
These features and costs may vary, so we recommend you shop around for the latest prices and most
appropriate services for your situation.
Following table shows the prices listings
Update your Website regularly:
A failing with many web sites is that they are not kept up to date. You should edit your site frequently
to add or remove information, products or pictures. Tell the world about a new special deal on a
product. Visitors are more likely to keep on coming back if they see something new every time! Here
are some changes you should do:
• Change the designs or the colours but you must ensure that you retain your identity brand.
• Update your products and prices
• Scrolling text. Use moving messages catch the attention of the visitor and use it to announce
news.
• Audio message – include an audio message to announce news.
• News – ensure that you keep your news up to date. Provide interesting news to your Visitors.
Make your Website interesting to your Visitors:
Your primary objective with your website is to attract and retain visitors, both new prospective
Customers and existing customers. You want to convert the prospects into actual customers and you
need to retain existing customers. You can become a reference point or ‘portal’ to extend the length of
time that visitors are on your site so that you can also gain revenues by selling advertising or
sponsorship on your site. Interesting features for your website include:
Relevant articles - If you are a lawyer specializing in Employment law then have some articles on
some of the regulations, health & safety requirements, etc. Become known as a reference site on
those specialist topics. Not only will it attract and retain visitors but it will also show you to be an
industry expert.
Forums or newsgroups – Initiate some forums or newsgroups so that your customers and prospects
can communicate amongst themselves. Many companies use forums for support and it is very often
the case that members answer each others’ queries.
Industry news – Include some relevant industry news.
Links to other sites – provide links to other sites that are of interest, in the case of the lawyer they
would like to relevant government sites, Health and Safety information, etc.
Prize Draws and Competitions – you could run a competition and have a form on your website for the
entries to be emailed to you.
Use your Website for CRM:
CRM (customer relationship Marketing). Use your website to build a relationship with your visitors and
customers. There are various different uses when you put a form on your website and have the results
emailed back to yourself:
• Feedback forms – use these for comments or suggestions.
• Questionnaires – use these for market research.
• Product information requests.
• Customer support queries
Web Site Promotion
Part 1 - Preparations
Introduction
Today the internet is very different to it used to be. Several years ago, if you made a website you were
assured of visitors as there were so few sites on the internet. Now, with several hosting companies
having over half a million web sites on their servers it is much harder to get the visitors. Just recently,
the search engine Google announced it had information on over 2 billion web pages.
Luckily it is not all bad news. Today there are over 200 million people on the internet and thousands of
people are getting connected every day. The main problem you will face is getting your site noticed
above all the others because, even if you have the best site ever, nobody will know that until they visit
it.
Where To Start
There are thousands of places and ways to publicize your site. Basically, you must think to yourself,
"How do I find sites?" The first thing you are likely to think of is Search Engines. They are the first
place you should publicize your site. Secondly, you probably follow links from other pages. This is a
very important way, which we will cover in more detail later.
To publicize your site well, all you need to do is follow this tutorial. We cannot guarantee that your site
will be very popular after this but you should certainly get enough visitors to make your site worthwhile.
Preparations
Something a lot of people don't do right when publicizing their site is that they don't prepare properly.
Anyone can submit their site to a search engine but there is a lot to do before you do this.
First of all, make sure that you know what your website is about. Although this sounds silly, a lot of
people find that they don't really know a category their website could fit in (for example Webmaster
Resources). You will need this once you start submitting to directories and link sites. If your site has
many separate subjects, promote them one at a time.
The second thing you should write is a description of your site. This should be short, about 20-30
words. There are several things that are quite important about your description:
• Never write anything like "The best site on the internet" or "The coolest site around" because it
probably isn't and people aren't fooled that easily
• Don't Begin Each Word With A Capital Letter
• DON'T USE ALL CAPITALS
• Write your description in the 3rd person. For example don't write "We offer several free
services to help your business." Instead write "Here you can get several free services to help
your business."
Once you have written your description, save it in a text file somewhere. You will need it later. Next
you will need to come up with some keywords. These are the words which people will use when
searching for your site. You should have about 20-40 of these. Type them into a text file separating
them with commas. For example a site offering credit card processing for small businesses might have
keywords like:
credit, card, small, business, low, cost, new, startups, processing, creditcard, company, companies,
businesses
Here are some tips for your keywords:
• Put your 5 most important keywords first. It hasn't been proved to increase your search engine
ranking but some search engines have a limit to the number of keywords you use so you can
make sure they are not cut off
• Never repeat a keyword. Search engines will consider this spamming and will not index your
site
• Try to think of alternatives to some words. For example, in the keywords above, both the
words business and company were used
• Include plurals of words in your keywords but don't take out separate ones for them. For
example, you wouldn't take out the keyword company so that you could include the word
businesses
Save your keywords to a file as you will need them very soon.
Finally you should make sure you have a descriptive title for your site. An example of this is, instead of
calling a site:
Football World
you could call it:
Football World - Teams, stats, results and match reports
This will help your search engine ranking and help people to understand what your site is about.
Meta Tags
The next thing you will need to do is create meta tags. These are a bit of code which goes at the top of
your site. It will tell any search engines the description of your site and the keywords.
Creating your meta tags is easy. You can use our very own Meta Tag Creator (see related links). All
you need to do is paste the description and keywords you wrote into the appropriate boxes. It will
display your meta tags on screen and e-mail them to you for future reference. It will also tell you how
to add them to your site.
What Now?
Now you are ready to start publicizing your site. In the next part we will show you how to submit your
site to the search engines.
Part 2 - Search Engines
Introduction
In part 1 I showed you how to prepare for promoting your site. This involved writing a description and
keywords for your site and changing them into META tags which you could add to your site so that be
able to pick them up. This week I will show you site to the main search engines and how to try and
engine ranking.
The Problems With Search Engines
Many years ago, when the Internet was just, starting to become popular, search engines did exactly
what they were designed to do. They provided a place where you could search all the sites on the
internet and get a list of all the best ones in your browser. Unfortunately, millions of sites have been
submitted, some of them have no useful information at all. This means that, if you search for a subject
of interest on a search engine you will get hundreds of thousands of results, and only about half of
them are relevent to the query.
This, of course, causes even bigger problems for webmasters. Unless you are listed within the first
100 results for a search term, very few people will ever visit your site. This means that hundreds of
web sites have been set up just to explain how to get a good rating on a search engine. But not
everyone can be in the top 100 so don't expect too much traffic from the search engines. If you are
higly rated you will get a lot of visitors (some people get 40%-60% of their vistiors from the search
engines).
I have found that, especially if a lot of sites have the same subject as you, you are very unlikely to get
in the top 100 for a major search term, so try concentrating on a different, less popular one. Here is an
example:
On Free Webmaster Help there is a tutorial explaining how to use PHP and MySQL together. Free
Webmaster Help has no chance of being in the top 100 for search terms such as 'webmaster
resources' or 'how to build a site' but does very well on searches for 'php mysql tutorial', and I have
found that a great many of my visitors enter the site through the PHP/MySQL tutorial. This niche
market is making up a great many of my visitors.
Search Engines And Directories
A common mistake people make is to get Search Engines mixed up with Web Directores. Web
Directories are collections of sites which are organised into catagories. They are usually submitted and
then looked at by a human before being allowed into the directory.
Search engines alre just a huge database of sites, descriptions and keywords which can be searched.
They are collected by 'Spiders'. These are pieces of software which visit a website and 'spider it'. This
means that, they take the information from the META tags and then follow all the links on the page to
find more pages. When you submit to a search engine you are asking the spider to vist your site
Getting Into A Search Engine
This is one of the easiest things to do badly but actually submitting your site to a search engine and
gett,ing a good ranking is completely different. Your META tags play and important part here but so
does the actual text of your page. Before you submit your site you might want to do the following as it
sometimes improves search rankings:
Add keywords to your page. What this is is when you use the keywords from your Keywords and
Description tag in your text. For example:
Title: Web Design International - Professional web design for businesses
Description: Web Design International offer competitively priced web design for medim and small
businesses around the globe. You can have your page designed, hosted and a domain name set up
and you can even have your web site in multiple languages
Keywords: web, design, site, make, international, translation, low cost, world, host, hosting, domain
name, price, medium, small, business, company
Firstly you would start your page using something very like your description. Then you would follow
this with more information about your business. Several times in this you should include your major
keywords like 'web design' 'low cost' 'competitively priced' 'hosting' and 'domain name'. Don't be
tempted to keep repeating these words over and over again, though. Search engines will reject your
site if they think you are trying to get a higher ranking this way.
Next you should make sure that you have a lot of links to the other parts of your site from the front
page. This will help the search engine spiders to easily get to the rest of your site. On most search
engines every single page on your site will appear if the correct keywords are searched for.
Submitting Your Site
Now you have prepared your site for the search engines it is time to start submitting it. The more
search engines you submit to the better. The most important, though, is Google. This is because
Google now provide the web page matches for Yahoo! and this is the most popular site on the web.
Yahoo! is an extremely important place to publicize your site. Because of this there is a complete
section dedicated to it int he next part as it is actually a directory.
You should submit to all the main search engines such as Google and AltaVista but if there are any
specific search engines for your site then your should also submit your site to them (for instance music
site search engines etc.)
If the search engine you are submitting to asks for your description and keywords, check that it is
actually a search engine and not a directory (especially if it asks for a catagory). Some do ask for
these, though. You can get them from the files you created last week and paste them into the form.
Part 3 - Directories
In the next part I will show you how to submit your site to the many web directories and give you some
tips on how to get your site listed on Yahoo!, the biggest directory of them all.
Introduction
In the last part I explained the difference between search engines and directories and how to add your
site to a search engine effectively. In this part I will explain how to get your site listed in a directory and
some tips on getting listed on Yahoo.
The Problems With Directories
Like search engines, directories have their problems. In the past, when the internet was small,
directories were very effective at their job. As an example, Yahoo, the most popular site on the
internet, started as two students' list of their favorite sites. They published it on the internet and it was
extremely popular.
Even now, a directory is a much better place to find what you want than a search engine. This is
because, usually, every single site on a directory has been visited by a human. They check that a site
is good quality and that it is being submitted to the correct category. This is excellent for users but it
makes it very difficult for webmasters to get their sites listed.
This is mainly because there are so many sites listed it can take weeks to get your site added - or, in
the case of Yahoo, sometimes never. People have tried to overcome this by trying to get normal
people to sign up as a 'guide' or something similar, which means that you get to review the sites
coming in. The most famous of these is the Open Directory Project. This can give a webmaster an
easy, if not very ethical, way of getting into a directory.
Another problem with having human edited directories is that your site needs to be of a very high
standard to be accepted. If it isn't, the extremely busy reviewer will just take one quick look and then
forget about it.
Submitting your site to a directory is nearly as easy as submitting to a search engine. You just click
'Add my Site' and choose the category for it (more about this later). Then you usually give them your
URL, e-mail address, and a description of your site. Keywords are rarely needed. Sometimes they will
not ask for a description and will write it themselves.
Most major search engines have a directory as well (although most are provided by the Open
Directory Project). There are also hundreds of specialist directories for different subjects (like 123
Webmaster.com for webmaster sites). If you would like to find one for your subject, take a look in the
Yahoo directory.
Tips on Getting Listed on Yahoo (and others)
Getting listed on Yahoo is probably the best form of website promotion any webmaster can do. Being
the most popular website on the internet, every single site which is listed gets hundreds of visits from
it. If you are listed on Yahoo you can be quite sure that your site is going to get visitors.
Unfortunately Yahoo is nearly impossible to get into. Thousands of sites every day submit to be added
and most of them are completely useless sites. Yahoo only have a limited staff and it will take months
to get listed (if you actually get listed at all). So how can you increase your chances?
First of all don't bother with all the spam and adverts that tell you that for 'just' $150 they will tell you
the secret of getting on Yahoo. They don't work.
As an example, once a newsletter for webmasters I read mentioned a 'secret e-mail address which
you can use to get your site listed if you have tried several times'. The next week the same newsletter
revealed that this e-mail address didn't exist and that they had made it up completely as an
experiment. The experiment showed that these companies' schemes don't work as, over the week, the
newsletter's editor had received several pieces of spam trying to sell him his own idea!
You can increase your chances of being reviewed, though, by following these guidelines (which also
work on other search engines):
• Make sure you have a very good description
• Find EXACTLY the right category for you. Smaller categories will give your site more chance
of being clicked on and there will be less sites being submitted so you have more chance of
being reviewed.
Although it won't work on Yahoo, you can try the following to get your site listed on some directories.
Go to the directory and apply to become a 'guide' or 'editor' for your section. If you get accepted you
can then add your own site manually.
Part 4 - FFA Links Pages
Introduction
In part 3 I explained about directories and Yahoo! In this part I am going to focus on FFA Links pages.
These are Free For All Links Pages, sites where anyone can add a link for free.
FFA Links - The Good and Bad Points
Some webmasters claim that FFA Links Pages are no use and that their bad points outweigh their
good ones but I do not agree. I will show you why I think that it is worth submitting your site to them.
The first good point of being on a FFA Links Page is, of course, that there is a chance that someone
will click on the link on the page to your site. Unfortunately, there are so many thousands of sites, big
and small, who are submitting to these pages that your site has a very low chance of being clicked on,
in fact some FFA Links Pages only keep links for a few weeks before deleting them as they have so
many submissions.
There is one time, though, when your link has an extremely good chance of being clicked on.
Sometimes only for a day, your link will be listed as a new link on the main page (or a major page) and
at the top of your category. Most of the FFA Links pages are very popular and get thousands of
visitors every day. In your first week you will get nearly all of your clicks and most of these will be in
the first 24 hours.
The main reason why you should add your site to these pages is that Google includes the number of
sites who link to you in its calculation of how high your site appears in the rankings. If you are listed on
a FFA Links Page you will have another site linking to you, and your ranking will rise.
One major disadvantage of the FFA Links Pages is that they have realized that it is good for a
webmaster to have a link on their page as they have so many visitors. Because of this they can
request your e-mail address before you submit your site. They will then send you what is effectively
spam (unsolicited e-mail). Although you can have your name removed from their mailing lists it is
usually harder to do this than delete the e-mails.
Submitting your site to a Free For All Links Page is a little more complex than adding your site to a
directory or search engine. Unlike for search engines this is where mass submission tools become
very useful.
Before you start, though, there is something very important you must do. Go to a free e-mail provider
like Hotmail or Yahoo and set up a free e-mail account. This is very important because you do not
want to use your main e-mail address when signing up because of the amount of e-mail you will
receive from the FFA Links Pages.
Next go and find a good site submission tool. There will be links on many major webmaster sites (try
our directory) or you can do a search. Try to find ones which offer the largest number of sites (usually
over 1000) as you need to get into as many as possible to get a good number of hits. Don't pay any
attention to the search engines it says it will submit your site to. They don't usually work and, if you
have been following this tutorial, you will already have submitted your site.
Now you must fill in the form it provides with your sites name and URL and the e-mail address you set
up. You may also need to provide a description or keywords, for which you should use your standard
ones. Click submit and wait for the confirmation.
Other Sites
There are some FFA Links Pages which are not usually included in the site submission tools. These
are usually of a slightly higher quality and they sometimes require to look at your site or a linkback
from your site to add you. Some ones you should submit personally to are:
• Free.com
• FreebiesPlanet.com
• The Free Site
• FreakyFreddies.com
• iFreebies.com
• Resubmitting Your Site
Now you are on some FFA Links Pages you should start getting some extra traffic to your site but,
as I mentioned earlier, you will soon go down in the rankings and some sites will even drop your
site. I would suggest that, at least once a month, you resubmit your site (possibly even using a
different submission tool) so that you are back at the top again. Some FFA Links Pages will not
allow this but it will all be automated and will not make any difference to the submission process.
Part 5 - Reciprocal Links
Introduction
In the last part I explained how to use Free For All Links Pages. In this part I will tell you about one of
the most powerful ways of promoting your site. This one will require you to do some hard work but will
pay off in the end.
How To Start
Before making some reciprocal links you should understand what they are. A reciprocal link is when
you make a link to another website and they make a link back to your site. In this way you will each be
able to benefit from each other's traffic.
There is no 'reciprocal linking Yahoo' (although there are some links pages and directories who require
a link back to them). You will actually have to find the sites to link to and contact the webmaster
yourself regarding a link.
Before you start making links, though, you must be prepared. You should have at least one 468x60
pixel banner, one 88x31 pixel button and a short text link about your site, for example:
My Site - Information, links and communites for webmasters
Or something similar. It will be different depending on your site, for example someone selling
computers might have:
The Computer Store - Great bargains on computer hardware and software
You should make a page on your website which has these links and the code used to add them to
someone else's site (you can copy it from your WYSIWYG editor's HTML code window if you are using
one). You must test this before putting it on the internet and make sure the code will point to your
image from anywhere on the internet.
Write a little paragraph on this page inviting people to exchange links with you and give them an e-mail
address to contact. Then link to it from your site.
You might also want to set up a 'Links' section of your site for you to put all your return links on.
Finding Partners
This is where the real work is. You have now got to go out and find link partners. To get the most out
of link exchanges you must target the right sites. There are three things you should look for:
1. Similar but not identical content. For example, if you sell CDs you will want to exchange links
with some bands and entertainment sites but don't exchange links with another CD shop.
2. About the same size of site. For example, if your CD shop gets 10 visitors a week you should
not try to exchange links with huge entertainment sites getting 10,000 visitors a day.
3. Sites which have other adverts and links on them. For example there would be no point in
your CD shop trying to exchange links with a guitar manufacturer who have no banners or
buttons on their site.
One excellent way to find sites is to search on the search engines for something to do with your site.
Then start visiting the pages until you find one which looks like it fits all the criteria above. Now you
can try and exchange links.
Exchanging Links
The first thing you should look for is a section on this site like the one on your site which asks for link
exchanges (it could be called 'Link To Us'. If you find it then choose one of the links and copy the
code. Paste it into your site and then upload it. You have now linked to their site. Now you must
contact them.
If they provide a form on the website to fill in then just fill it in and submit it. More often than not,
though, you will need to e-mail the webmaster. This is an art in itself as you want to give the
webmaster the right attitude. If they like the look of a link exchange they are more likely to put your link
in a better place on their site. Send them an e-mail like this:
Dear <Name> (Try and find out the webmaster's real name. Personal e-mails work better)
I have just visited your site and I think that the information about <information> would be of interest to
my visitors. (Put something about their site in here so that they realize it isn't just a generic e-mail. If
they are selling a product you could mention this instead.)
I have placed a link to your site at <link location> and I would appreciate it if you would link back to my
site at <site URL>. You can use the following code:
<insert code>
(For this section include the URL of the page where they can find the link to your site. The URL of your
site so that the webmaster can look at it and the code for the equivalent link to the one you have
placed on your site. For example if you placed a text link to the site then offer the code for your text
link.)
Thank You
<Your Name>
<Your E-mail>
This e-mail is just a sample and you should adapt it depending on the site you are linking to.
Reciprocal linking requires a bit of thought. It's not as easy as submitting to a search engine.
Maintaining Your Links
It is a good idea to visit the sites you have exchanged links with occasionally. There are two reasons
for this. Firstly you should make sure that your link is still being displayed and if it isn't e-mail the
webmaster and ask why. Secondly it is sometimes a good idea to sign the guestbook or post a
message in the other websites message board. This is not really essential but if you remember that a
webmaster who likes you will place your link higher. Webmasters like feedback and message board
messages so this might get your link placed higher.
If you have a lot of links it might be a good idea to make a database or spreadsheet listing them all.
Include on it the URL of the site you have exchanged links with, the type of link and any other
information. Every few months all you have to do is run through this database and check all the links
etc.
Part 6 - Writing For Promotion
In the next part I will show you how you can increase you visitor numbers by posting messages on
newsgroups and message boards, writing articles and using e-mail signatures
Introduction
In part 5 I showed you how to exchange links with other webmasters to increase your site's popularity.
In this part I will show you how to promote your site in more subtle ways. Basically, you can increase
awareness of your site by including references to it in other ways.
E-Mail Signatures
E-mail is the main reason most people use the internet. Knowing this is very important as it provides a
whole new way of promoting your site. Before explaining how to get visitors through e-mail I will make
something very clear: NEVER SPAM! Sending spam (unsolicited e-mail) is a very bad idea. You will
never have a popular website if you do it and you are more likely to create a bad impression than get
extra visitors.
You can, though, benefit from e-mail by including an 'advert' for your site in every single e-mail you
send. Think about that for a minute, most people send many, many e-mails every week and if every e-
mail you send has an advert on it you are certainly going to get some extra visitors.
An example of this in action is Microsoft's Hotmail. It is the most popular free e-mail provider on the
internet with tens of millions of users. How did they do it? Signatures. Every single e-mail sent from
Hotmail has:
Get your own free e-mail at www.hotmail.com
at the bottom of it. This caused thousands of people who received these messages to sign up. With no
extra expense or work, Hotmail gained thousands, if not millions, of users.
You can do your own version of this, too. It is called adding an e-mail signature. This is a few lines
after your name to give information to the reader. You can include your e-mail address, website
address, ICQ/AIM number, or anything you like (in fact a lot of people have amusing signatures). For
example here is my signature file:
D. P. Mishra
webmaster@bitdurg.org
ICQ# ICQ NUMBER HERE
everything you need for the internet.
As you can see from this, I provide all my contact information and a quick summary of what my
website is about. This is sent on every e-mail I write (although I have several variations of it) and,
without any extra work, promotes my site.
You could just type all this out every time but there is an easier way. Most e-mail programs offer a
signature option. This allows you to define one or more signatures which you can add to your
messages with one click (or can even be added automatically).
A few things to remember about your signature file:
• Keep it short. Write no more than 5 lines about your website.
• DON'T USE ALL CAPITALS
• Don't try to make pictures out of keyboard characters, they will not display properly on all
programs
• Include the http:// in front of your web address. This will make a clickable link in most e-mail
software.
Newsgroups and Forums
There are two ways to promote your site through newsgroups and forums (message boards). Both
only require a little bit of work and can be very effective.
Firstly, you can promote your website by contributing to the discussions and including your e-mail
signature on the posting. This will have the same effect as sending an e-mail except there could be
hundreds, if not thousands, of people reading each message. This is an effective way of promoting
your site.
Another way you can get extra visitors by using a newsgroups or forum is by referring people to your
website for more information. This only works with some websites (mainly ones providing
information/tutorials etc.). You must be careful, though, not to make the mistake of spamming the
newsgroup or forum. This is when you post a message just to promote your website (or an advert for a
product etc.) with no real purpose. This is nearly as bad as spamming by e-mail.
You should try to get well known in one or two forums or newsgroups. Don't only promote your site in
postings but try to reply to some with information, not just giving a URL for your site. This will increase
your credibility and make people more likely to visit your site.
One important thing to remember, though is that you should never just reply to a message with a URL.
Include even a small bit of text. For example instead of just using a URL put a minimum of something
like:
I think that you would find this page interesting:
SITE URL
I hope this is of some help to you.
Try to point users to the exact page for the information they are looking for. They will be much more
likely to visit if they think that they can get the information they want without having to search through
your site.
Writing Articles
A very good way of promoting your site, and one which is not widely used, is writing articles for other
websites and newsletters. Newsletters are actually the best place to do this and it is a totally free way
of promoting your site.
Firstly, you will need to find a newsletter which is about the same subject as your site and that you can
write a short article for. Sign up to this newsletter and read it for a few issues to get an idea of what
sort of information they publish.
Next you will need to write your article. You should try and write it in the same style as is used by the
newsletter you are submitting to. To increase your chance of being included you should format your
article correctly. Write it in plain text and place an enter at the end of each line. Lines should be shorter
than 75 characters.
A good idea when writing articles is to try not to promote your site directly in the article. People will like
and trust you more if it looks like you are writing the article to help them, not to promote your site.
So where do you get the free promotion from then? Well, if you provide an article to a newsletter (or
website) for free then you will get a byline in return. This is a few lines after the article which credit it to
you and advertise your site.
The next thing you have to do is send an e-mail to the newsletter editor (or the newsletter's contact
address) with your article and byline attached (either in the e-mail or as a text file). Tell them that you
are offering this article for them to use and that they can use it for free if they include your byline.
If you get an article placed in a major newsletter you will certainly get some extra visitors. Some
newsletters are sent to tens of thousands of people and, if you have a good byline, you should get
quite a few new visitors.
Part 7 - Banner & Button Exchanges
In the final part I will show you how you can increase your site's popularity using banner and button
exchanges.
Introduction
In part 6 I showed you how to promote your site by writing e-mails and articles. In this, the final part, I
will show you how you can benefit from banner and button exchanges.
What Is An Exchange?
The most common type of exchange is a banner exchange so I will concentrate on this first. Basically
a banner exchange is a large system where you can have your banner displayed on other sites.
You sign up to the exchange and give them the URL of your banner. Then you receive some code to
put on your site. This code will display another banner from the exchange on the site and log the view.
You will have an account where all the times a banner is viewed on your site is logged. These are
known as banner impressions.
For every impression you earn you will be given a number of impressions on another site. This is
usually done at a ratio of something like 2:1 (for every 2 banner impressions you display on your site
you receive 1 impression of your banner on another site). This sounds a bit unfair but the site running
the exchange needs a lot of bandwidth and resources and the spare impressions are used to display
advertising banners. You may find rates as good as 10:9, though, where only 1 in 10 banners are
taken by the exchange owners.
Why Should I Join an Exchange?
Some people wonder why a banner exchange is worthwhile if you only receive 1 banner impression
for every 2 you display. You could be using this space on your website for paid advertising, making
you money.
The main reason for doing an exchange, though, is that you are getting for free what could cost you a
lot of money, advertising on another website. You are almost sure to benefit from an exchange,
especially if you can design a very effective banner.
Another reason for joining an exchange is that you do not always have do give up your banner or
prime advertising space. It is because of this that many new exchanges have been set up dealing in
button and box advertising. These are much smaller and can be placed in navigation bars or just at
the bottom of pages.
Banners, Buttons and Boxes
With all the different options for exchanges, what are they all. Banners are the standard 468x60 pixel
images you see at the top and bottom of most websites. They are by far the most popular way of
advertising on the web.
Buttons are 88x31 pixel images. Being very small, they are usually found under navigation bars or in
clusters at the bottom of pages. They are becoming more popular as a method of advertising.
Boxes are usually 120 pixels wide and can vary in height. They are usually found in navigation bars or
next to the banner at the top of a page. They are not particularly popular way of having an exchange
but are an excellent form of advertising.
Exchange Tips
There are literally hundreds of exchange programs on the web, going from large networks, with
millions of member websites, right down to tiny exchanges with a few members. Their display ratios
vary greatly also, sometimes even being a 1:1 exchange!
Finding the right exchange program for your website can be difficult but it is usually better to go for a
specific exchange which is related to your website because you are likely to get a much higher click
through rate (the chances of your banner being clicked on (usually around 1%)). With the big
exchanges, although you are categorized, you have less of a chance of having your banner clicked
on.
Another useful tip is to get as many impressions as possible. Even if you think that your advertising
space is too valuable to give up you are never going to get a decent amount of visitors through the
exchange unless you get a lot of impressions. Put the code on every page of your site so that you get
as many as possible.
If you don't have one already, you should get a counter or tracker which tells you the referring URL of
your visitors (the site they have come from). Sitemeter is an excellent option. Although, this will allow
you to see where your visitors have come from it will not tell you if they came through the banner
exchange. If a site appears that you don't think you have a link on, visit it. If you see a banner or
button from the exchange you are a member of then the visitor probably came through the exchange.
Most exchanges also offer statistics that will tell you the number of impressions and clicks you have
received.
Finding Exchanges
Finding exchanges is actually the easiest part of using an exchange effectively. You can just do a
search on a search engine. Another way of finding them is by looking at the banners and buttons on
other people's sites. These will sometimes have a link under them to the exchange. You can also
move your mouse over the button. The URL displayed in the status bar will tell you where you can find
the exchange.
What Now?
After these 7 parts of the promotion tutorial you should have a very good idea of how to promote your
site. Now you should just continue the promotion process, as if you stop your visitor numbers will fall. If
you work hard you can be assured of having a popular site.
You must not forget, though, to keep developing your site and adding new content to make visitors
want to come back again.
Success
The content is in your hands. You have achieved success for your web site if it:
• Fulfils its purpose
• Creates a lasting first impression
• Generates prospects for conversion into customers
• Assists customer retention
• Provides good cost effective customer service
• Increases your revenues
Why Do You Need Website Maintenance?
You've invested the time, energy and money into building a great website, one that you believe will
drive traffic and create opportunities for your business. Web-wise, you're done, and you can sit back
and reap the rewards of your Internet presence, right? Not exactly. There's no denying that creating a
website and placing yourself in the online sphere is the first (and a very essential) part of effectively
marketing your business. Proper Internet marketing is not a one-step process, however. Like any good
marketing tool, a website is only effective if it's relevant; having an outdated site is arguably more
detrimental than having no site at all. Not convinced? Put yourself in a user's (and potential
customer's) position. Who wants to trust a source that is "stagnant" or out of date? Regardless of what
they are consuming, customers want to believe that what you are offering them is available (who
hasn't been excited by the lure of a special offer, and equally frustrated when told that the offer no
longer exists?). Consumers also need to feel that they won't be able to find an improved version of
your product elsewhere.
Beyond the practical reasons for an updated website are less obvious but equally important
psychological motivations. A website with outdated information can easily be perceived as an
indication of sloppiness or indifference on the part of the distributor; both indications are likely to breed
distrust among customers. (If a business can't be bothered to update their website, perhaps they can't
be bothered to do other potentially vital things.) So you know that website maintenance is an important
part of your online strategy. But how do you know how much website maintenance is enough, and
what type of maintenance is right for your website? Before delving into any specific details, try to
evaluate your business based on the following criteria:
Information Type
Put more simply, what are you trying to sell? Is it a tangible product, some form of skill or knowledge,
or something different? The way you maintain your site, and how often you maintain it, will naturally
have a lot to do with what you are promoting.
"Season".
Can you identify a time of year (be it a quarter, a month, or even a week) when business opportunities
are at their biggest and you want your website promotion to really go the distance? Clearly, this is not
always an easy question to answer (unless you run a website advertising Halloween costumes or
holiday trinkets). Most businesses have loosely defined ebbs and flows in their output, which make the
"season" parameter hard to define. But if you can come up with a target time frame, based up on
experience and research, when you believe your business can really extend its potential, then you can
aim to extend your site maintenance plans accordingly.
Audience.
Who is going to be looking at your site? Remember that maintenance plans with lots of "bells and
whistles" may be a waste of time and money for businesses marketing to a more low-tech audience,
or to an audience whose informational needs are simpler.
Budget and Resources.
Depending on the size of your website, and the frequency with which you make changes, anywhere
from one to ten hours per month should suffice. Most website design firms offer maintenance
packages whereby the more hours you sign up for, the less the cost per hour.
Long Term Strategy.
Treat your website maintenance plans as you would any other business plan-one that involves
advance planning thought. All too often, businesses consider maintenance as an
afterthoughtsomething to be taken care of as time allows and with whatever budget is remaining.
Make this mistake, and you'll be playing catch-up for the duration of your site's existence.
Website Road Map to Success: User-Centered Design Approach
Planning
Before your first web page is created or redesigned you should consider the following questions:
• Why are you developing a website?
While this may seem like an obvious question it is one that is all too often neglected.
This is an important question to ask, as it will help you to shape your content and measure you
success. There are many reasons to develop a website. If you are a
business, you may have a product or service you wish to market. In the case of a Chesapeake Bay
Gateways site your motivation may be to increase travel to your site or even to sell you products.
• What are your goals and objectives?
Deciding why you are developing or redeveloping a website should help you determine
your goals (e.g. educate, inform, attract visitors, entertain, sales, etc.). Your goals determine your
audience, content, function, and the site's look and feel.You should develop specific and measurable
goals to help you quantify success.
• Who will use your site?
Knowing who your users are helps you efficiently address their needs. After all your website will exist
solely to serve the users - without the users you would not
require a site. It is important to realize that your users may not always be who you think they are. If
you have an existing website an analysis of the log files may shed some light on the composition of
your users. You may find that you have several types of users (k-12 student, college students, general
public, etc.). Creating user profiles or personas may help you to identify the needs of your users.
• What tasks do your users need to accomplish? Different types of users will likely visit your site for
various reasons. Think of the tasks that various users might want to accomplish on your site, this will
ensure that your site is user centered.
Technology
Once you have determined the purpose, goals and user needs you will be ready to begin thinking
about the technological needs of your site.
• What are technology requirements? Websites can be quite simply in nature or very complex. To
determine the technological needs of your website it is important to know your goals, objectives and
user needs. Working with a web professional you can determine what technologies will be needed to
make your website a reality.
• Avoid using “bleeding edge technologies”. The term “bleeding edge technology” is used to
describe the latest, often unproven technology. While the latest technologies may offer solutions to
problems you have encountered, using unproven and new technologies is not recommended. It is
important to remember that while you may have cutting edge equipment and a super high speed
Internet connection your typical user may not.
Content
The most important aspect of your website is the content. The content of your site is what will attract
visitors and ensures return visits.
• Keep content fresh. Since content is the most important aspect of your website it is necessary to
keep it fresh if you wish to generate return visits.
• Spelling and grammar are important. Mistakes in spelling or grammar degrade the credibility of
your website.
• The web is different type of media and requires different approach.
While a website may share many similarities with other types of media (TV, radio, and print) it is
unique and requires a unique approach to optimize its effectiveness.
• Use interactive content (games, puzzles and contests). Interactive content engages the user with
the site and increases the likelihood of return visits
• Follow writing for the web guidelines. Did you know that people read 25-50% slower from a
computer screen than they do paper? In order to be effective text for the web should be concise,
scannable, accurate and use objective language.
Usability/Accessibility
Websites are designed to be used and therefore should be easy to use. Your website user’s needs
should be at the center of your web strategy.
• Know the attributes of a usable site. A usable site should be easy to learn, efficient to use, easy to
remember, and satisfying to user.
• Conduct user test on your site early and often. You can begin user testing your website even
before the first web page is coded by using methods such as paper prototyping. Following an iterative
design process can help address usability problems before a final product is launched.
• Follow a user-centered design approach. Users are the reason your site exists. You site should
focus on the user’s needs not the organization’s structure.
• Accessibility means reaching more people in more situations.
While many in the web design community mistakenly assume that accessibility issues only affect
disabled users this is not the case. Users can have functional and/or
situation limitations that affect their ability to use your website. Having a site that is accessible to all
users increases your potential user base.
Design
While content is the most important aspect of your website it is the design that facilitates the ability of
users to access the content. A successfully designed website is able to get users quickly and
efficiently to the content that they seek.
• Efficient and consistent navigation. Navigation is the most critical design element when
developing a website. Navigation should be easy to use and consistent across your site
• Consistent look and feel. Many websites in the early days of the Internet had a different look and
feel to virtually every page.This not only makes the site seem non-cohesive but can hinder the user
experience.
• Web has potential to be great equalizer. Whether a small organization or large, the web gives you
the same ability to reach the same audience.
• Graphics should be simple and meaningful. Although many users now have high-speed
broadband Internet connections many still connect through low speed modem connections. Graphics
can greatly increase page download times and affect user satisfaction.
Marketing
• Choosing a proper domain name. Your domain name is often the first contact a user will have with
your site. Domain names should be short and meaningful. Your URL should be no more than 75
characters.
• Monitor and evaluate your site. It is important to continually evaluate your site in terms of your
goals. Are you reaching your target audience? Is your site easy to use?
• Is your site ready for search engines?
In order to be successful users must be able to find your site. Making sure your site has what it takes
to be listed in major search engines is a must.
• Arrange reciprocal links.
Are there other sites that might want to link to your site, perhaps state travel, chamber of commerce or
tourism sites? This can potentially increase traffic to your site.
• Put your web address on everything. Include your URL in stationary, business cards, brochures,
invoices and all company literature.
• Create an e-mail mailing list. Publish an e-mail newsletter with links to your site. This is a great way
to communicate with those whom have expressed an interest in your organization.
• Add URL to signature line of employee e-mail. Another simple way to spread your URL.
• Conduct contest tied to the website. This is a great way to engage your user and encourage them
to return to your site.
• Advertise your site on TV and radio. Use other forms of media to promote your website. Include
the website URL in all press releases.
Quick Tips
Things to Do:
• Make sure your pages load quickly.
• Provide an effective site search engine.
• Provide a site map.
• Respond to all visitor feedback and questions.
• Do include prices if you have products on your site.
• Include a privacy policy on your website.
• Use high contrast color schemes.
• Do use standard link colors.
Things NOT to Do:
• No splash page!
• No scrolling or blinking text.
• No visible hit counters.
• Only use animation if it is information rich.
• No “Under Construction Signs”.
• Avoid use of frames.
• Avoid long scrolling pages.
• Don’t let your content become outdated.
For evaluating site check it under following heads:
Public Domain Softwares:
Internet permits to download files from vast selection of sample application like digital arts and music
and may other offerings. Software companies promote their product by maintaining sites where their
customers can obtain samples of updated and related information. Entertainment companies may
supply sound and video files of movies and video games too.
Shareware: Software that is distributed freely (sometimes in limited or list format) on trial basis if you
like software and want to continue the use then you must have to register for it
Software distributed absolutely free of cost is called as freeware
Software that reminds you to register all the times is often called Nagware
Website URL’s for sharewares are
http://www.tucows.com
http://hyperarchive.lcs.mit.edu
Napster:(Song trading program)
Napster is free windows program available to any one over Internet, but heaviest users are students
who are enjoying high speed connectivity of Internet. The fast connection enables napster to
download computer coded music file in as little as 10 seconds. Anyone running napster over Internet
connection can enter in online music community populated at any time by thousands of other users .
Similar program called master for apple and Macintosh users
Introduction to FTP
Introduction
FTP is an essential part of the internet, not only for people building web sites but also for people
downloading files. FTP stands for File Transfer Protocol and is the best way of sending files from one
computer to another over the internet.
Software
Depending on what you are planning to do with your FTP software you should pick different ones.
There are hundreds of free pieces of software so there is a very good choice. The three software
packages I will cover in this tutorial are:
• Cute FTP
• FTP Explorer
• Elite FTP
Each of these has its own good and bad points.
Cute FTP used to be the best shareware FTP program around. It is easy to use and has many
functions. Unfortunately, because it has become so popular, the latest version only allows you to
transfer one file at a time unless you register. If you can find a copy of version 2.6.* it is an excellent
program. You can find Cute FTP here.
FTP Explorer is not such a good program as Cute FTP but it is freeware so there are no annoying
nag-screens. It can be downloaded here.
Elite FTP is not such a good program for uploading standard files but I think it works better if you are
working with CGI as you can send commands to the server by typing them in. I would only suggest
this for CGI as it does not work with some servers properly and for some reason can't rename files!
You can download it here.
Downloading Files
One good reason to use FTP is to download files. FTP is much faster than standard HTTP downloads
(through your browser). The two ways to download via FTP are quite easy. One is to find the file you
want on the internet and then copy the shortcut to the file. After doing this open your FTP program and
paste it into the Quick Connect dialog box. Click OK and the program will connect to the file and begin
to download it.
The second way to download a file via FTP is to connect to a download site through the software and
then navigate through it to find the files you want. Follow the instructions below to connect. Usually
these sites allow you to log in using anonymous FTP. This means that you either do not enter a user
name and password or use anonymous as your user name and your e- mail address as your
password. Two servers you can use to download files are ftp.download.com and ftp.cdrom.com.
Connecting To A Server
Because there are so many FTP programs you could use I will show you how to use FTP Explorer.
Most of them look the same, though, and this technique will work with most of them.
When you open the FTP program a connection dialog box will appear (if it doesn't you should run the
Site Manager or something similar). It will look like this.
This is the screen where you need to enter all the information for a connection you want to set up. This
will be saved so you only need to enter it once. The following may appear on this screen. Some of the
names may be different and all of them may not appear.
Setting Description
A name for the profile you have just created on your computer. This is just a name for
Profile Name
you to remember the connection by.
This is the server the computer will connect to (like ftp.download.com). It will be given
Host Address
to you by your web host or download site.
This is the port on the remote computer the software will connect to. It does not
Port
normally need to be changed.
Your user name. If you do not have one put in anonymous (and select the anonymous
Login
or anonymous login option)
Password Your password. For anonymous login either use your e-mail address or leave blank.
The first directory which will be opened on the remote computer. This is normally not
Initial Path
used.
This is the number of times the computer will try to download (or upload) a file if it is
Attempts
interrupted.
Retry Delay The time between each retry.
Download
The directory on your computer where files will be downloaded to.
Path
An area where you can put notes for yourself which will be stored with the connection
Description
information.
What Now?
Now you are connected to an FTP site. If you want to you can now go on and download or upload files
(it is quite easy to get the hang of). If you aren't sure what to do then read on. In the next part we will
cover how to transfer files to and from your computer.
Part 2 - Transferring Files
Introduction
Once you have connected to the FTP server you will want to upload and download files. First of all I
will cover how to download a file to your computer and then how to upload a file to a remote server.
Downloading
As in the last part, I will use Cute FTP to demonstrate how to download a file from the archives at
cdrom.com. This procedure is nearly the same in all FTP programs.
The first thing you need to do is to set up a profile for the connection. Click Add Site and call it
cdrom.com
The host address is ftp.cdrom.com
You don't need a user name and password so choose anonymous login or type anonymous as your
user name.
You can leave the rest of the variables and click OK. Now double click the connection to connect to
the site.
You should get a view like this on the screen. The left pane shows files on your computer and the right
pane shows files on the remote computer. To find a file to download use the right pane as you would
use Windows Explorer or My Computer.
An example of some files to download are found in pub, win95, scrsave
Once you are there right click on a file and choose Download from the menu. It will be transferred to
your hard disk. This is how to download any file from an FTP site.
Uploading Files
A major use of FTP is to upload files to a server. This is mainly used when creating websites. If you
would like to try uploading a file you will first of all need a web host with FTP access. You can find a
free one at Free-Webhosting.info.
Once you have got the FTP server information from the host, set up a new profile as you would for
downloading (you will need a user name and password this time) and connect to the server.
The screen will appear the same as it did before. Now you will want to find the file to upload. In the left
pane navigate to the folder which holds the file (or files) on your computer. Now navigate to the folder
you want on the right hand pane (on the server). If you would like to create a folder right click in the
right pane and choose Make new directory...
To upload a file choose it in the left hand pane and right click it. Click Upload. The file will be uploaded
to the server. Now use a web browser to check that the file exists on the server.
Some FTP Tips
Here are a few tips for using FTP:
• If you have the choice, download by FTP, not via the browser as it is much faster.
• You can sometimes use an FTP site for normal download sites by adding ftp. to their address,
for example the ftp site for www.download.com is ftp.download.com
• Upload and download large files when there is not too much web traffic (during the night
Types Of FTP Servers
Anonymous: Anonymous server is the most common FTP server. The Internet FTP sites that
allows anonymous type of FTP do not require a password for access. You can log on
anonymously and enter your email Id as password for their records
Non Anonymous: In this you must have to get yourself logged on by specifying username
and password .ie its compulsion to check your authenticity in case of Non Anonymous type of
FTP servers
FTP Clients:
FTP runs on client/server model so in order to use it you must have to run it on your machine. To start
FTP session first we have to run FTP client to contact with server and FTP client talks with FTP server
FTP client uses TCP to communicate and create session between the two host
FTP Server FTP Client

Program Copy On Program
Disc
File On Internet
Disc Users
Remote
FTP daemon continuously runs on FTP server and is responsible for handling all the FTP request’s or
transactions. When FTP client contacts FTP Server, the daemon will ask for account number or name
and password and then lets to perform desired task or operations. Suppose you want to change
directories on FTP server your client software sends instructions to FTP daemon by using command
link to perform respective operation in response daemon returns output over same link eg listing of
files and directories that you have changed is visible on your client machine and whenever you want to
download the file ,the request is issued over command link
Whenever we issue a command to download file , a second connection is opened up called the data
connection (data link). This link is opened in two modes
1. ASCII Mode: Used to send text files
2. Binary mode: Used for sending binary files and lets files unchanged
Basic FTP Commands
ftp hostname
above command opens an ftp session with the remote host and following table shows major ftp
commands with their functionalities
Command Description
Append Used for appending local or remote file
Bell This command toggles the bell on or off. The bell is off by default if turned on
,it rings after each file transfer
Cd,dir,close Changes directory,lists directory, closes FTPsession
Disconnect Similar to close closes ftp session
Input It accepts local filename and places it on ftp server
Get It retrieves file from the remote host
Binary Changes mode from ASCII to binary
Telnet
Telent stand for telecommunication network, it is virtual terminal protocol which allows user to log on to
TCP/IP host to access other host on network.
The most remarkable feature of Internet is it allows us to use the resources of remote
computer from any where as an example its possible to access the resources or files of office’s
computer just by sitting on home PC this is possible by means of Telnet. Telnet follows client server
model which means that you have to run a piece of software on your local computer to access the
resources of distant/host computer. Host computer allows many clients to access its resources at
same time ie host computer is not bounded to provide service to specific client
Working Of Telnet
Local Client Remote
Client Server
Server waiting
for Request
Client
perform
telnet
Internet
Telnet follows client server methodology when user on local computer decides to log on to remote
computer user invokes a local application program for the remote login service and enter the name of
remote computer to contact and in response server sends same login prompt used in case of
conventional terminals. Once connection is established between client & server software allows user
to interact directly with remote user
Server Daemon
Server daemon is Unix program that continuously runs on server machine and is waiting for some
requests from client its responsible for providing services to clients based on their request and these
programs are usually invisible to the user
Daemon manages all types of tasks, including mail management, networking Internet services, FTP
sessions, and NFS services. Some daemons are triggered automatically by events to perform their
work. Other daemon operate at set time intervals because they spend most of their inactive, waiting
for something to do, daemons doesn’t consume large no of system resources.
Following table shows most common Unix daemons
ftpd File transfer protocol daemon
inetd Internet daemon
lockd Network lock daemon
ppd Point to point protocol daemon
uucpd Unix to unix copy daemon
nfsd NFS daemon
Terminal Emulation
A personal computer can connect via modem to a large computer and run a terminal emulation
program. The most common terminal emulation is VT100. The computer works like a dumb terminal,
except it is connected via a phone line instead of direct connection.
Many terminal emulation programs can emulate DEC terminals, including the VT52 and
VT200 series terminal ex tty is Unix command that displays pathname of your terminals device file
$ tty [option]
option Description
-l Prints synchronous line number
-s Causes tty not to print any output but set the exit status to 0 if standard input
file is terminal, and1 if not
Internet Relay Chat
A virtual room where a chat session takes place is called chat room. If two computers are connected
through Internet the Internet Relay Chat (IRC) application provides a platform for the users to chat.
Technically, a chat room is really a channel, but the term room is used to promote the chat metaphore.
Usenet News Group Service:
A worldwide bulletin board system that can be accessed through the Internet or through many online
services is called? Usenet service. The Usenet contains more than 14,000 forums, called newsgroup,
that cover every imaginable interest group. It is used daily by millions of people around the world

Internet and Web Technology B.E. 6th Sem I.T.

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Internet and Web Technology B.E. 6th Sem I.T.

Încărcat de

Drepturi de autor:

Formate disponibile

Internet & Web Technology Page No:1/203

Comparison of Web Technologies

The Advantages of Servlets Over “Traditional” CGI

traditional CGI and many alternative CGI-like technologies.

straightforward to store arbitrarily complex data between requests.

C++. Why go back to C++ for server-side programming?

and caching of previous computations.

significant initial investment to purchase a proprietary package.

mixed right into the page.

1.4 The Advantages of JSP

Versus Active Server Pages (ASP)

ASP is a competing technology from Microsoft. The advantages of JSP are

know, which already has an Listing 1.1 A sample JSP page

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HEAD><TITLE>Welcome to Our Store</TITLE></HEAD>

<H1>Welcome to Our Store</H1>

<%= Utils.getUserNameFromCookie(request) %>

To access your account settings, click

requires learning an entirely new language.

Versus Pure Servlets

your servlet programmers to insert the dynamic content.

Versus Server-Side Includes (SSI)

database connections, and the like.

Versus Static HTML

1.5 Installation and Setup

representative samples. Check your server’s documentation for authoritative instructions.

Obtain Servlet and JSP Software

latest list of servers that support servlets at http://java.sun.com/products/ servlet/industry.html.

purposes. Here are some of the most popular options:

• JavaServer Web Development Kit (JSWDK).

install and configure. For details, see http://java.sun.com/products/servlet/download.html.

console. For details, see http://www.allaire.com/products/jrun/.

• New Atlanta’s ServletExec.

• LiteWebServer (LWS) from Gefion Software.

Netscape FastTrack and Enterprise servers. For details, see http://www.gefionsoftware.com/.

• Sun’s Java Web Server.

concentrating on the Netscape/I-Planet server, it is still a popular choice for learning

What is a JSP Page?

An Example Using Scripting and Beans

into the response page as strings.

FIGURE 1-1 A JSP Page using Beans and Scripting

An Example Using a Tag Library

assume that this fictitious tag library introduces four actions :

A queryStatement action must be enclosed in a queryBlock. A queryStatement’s body is a SQL

JSP Container JSP Page

<li>Day: <%=clock.getDayOfMonth() %>

<li>Year: <%=clock.getYear() %>

A queryCreateRows action must be enclosed in a queryBlock action. A queryCreateRows action will

A queryDisplay action must be enclosed in a queryCreateRows action. A queryDisplay action will

FIGURE 1-2 A JSP page using custom actions

within the same x:queryBlock

<%@ taglib uri=”http://acme.com/taglibs/simpleDB.tld” prefix=”x” %>

SELECT ACCOUNT, BALANCE FROM ...

The top 10 accounts and balances are:

<x:queryCreateRows from=”1” to=”10”>

Components and Containers

uses the classes from Java Servlet 2.2 specification.

1.3 Features in JSP 1.1

The JavaServer Pages specification includes:

• Script language declarations, scriptlets and expressions

• A portable tag extension mechanism.

Servlet 2.2 specification.