Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
(7) May 15
What is an Email?
Till 1971, people were able to send messages to other people working on same system
only. In 1971, the first e-mail message was sent by Ray Tomlinson. Though that was a
very simple message based communication but it formed the basis of how advanced
e-mails have become today.
The main components of an e-mail system that facilitate sending and receiving of emails on Internet are :
An e-mail client
An Email Client
If you use e-mails for online communication the you would definitely be using an email client. An e-mail client provides you with the following capabilities :
Provides a list of messages that people have sent to you. Each entry in the list
contains the name of sender, a subject, a few words from the message body and the
time/date on which it was received.
Provides the ability to compose a new message and send it to the desired recipients.
Delete a message.
The e-mail clients could be standalone (like Microsoft Outlook, Pegasus etc) or could
be web based (like gmail, yahoo etc). There could be many advanced abilities that email clients may provide but whatever the type of e-mail client be, the core abilities
described above are provided by all type of clients.
An Email Server
Whenever you send a message from your e-mail client, it goes to an e-mail server.
The e-mail server manages the messages received by it. It forwards the message to a
POP or IMAP service if the message is to be sent to a recipient on the same subnet
else it follows the standard procedure to send the message over Internet to the
destined person.
An e-mail server comes into the picture twice if e-mail is sent over Internet to a
remote destination. First its the senders e-mail server that sends the e-mail over the
Internet and second is the receivers e-mail server that receives the e-mail and makes
sure that it is delivered to the recipients system. On the other hand, an E-mail server
comes into picture only once when the recipient is on the same subnet.
SMTP servers are widely used as e-mail servers all over the internet. An SMTP server
is also known as Mail Transfer Agent (MTA).
You also may want to read Journey of a Data Packet in Internet, which explains how
packets traverse on Internet.
As already explained, these servers come into the picture when a message is received
by SMTP server and it needs to be forwarded to the actual recipient. Lets discuss
both these servers one by one :
POP
POP stands for Post Office Protocol. A POP (or POP3) server in its simplest form
stores the messages for a particular user in a text file. The file for a particular user is
appended with information each time an e-mail is received by a POP server. If your
e-mail client is configured to use a POP3 protocol then whenever you try to fetch emails through your e-mail client then a request is sent to your POP server for the
same.
A POP server requires the log-in credentials of a user that are sent through e-mail
client. Once a user is authenticated, the POP server provides access to users e-mails.
As with any client server architecture, the e-mail client interacts with the POP server
through a predefined set of commands.
Here is a list of common commands used to interact with POP server :
Please note that the e-mail client connects to port 110 on the server where POP
service is running. After connecting the e-mail client issues the commands (as
described above) to the POP server to authenticate, fetch e-mail, list e-mails etc.
One small problem with POP servers is that once an e-mail client fetches the e-mails
from this server on client machine, it gets difficult to access the same e-mails from
any other device or system as they get downloaded on client machine and are
removed from the server. Though there exists and option Keep a copy on server
through which e-mail clients can tell the server not to delete the e-mails. But, this
leads to multiple copies of your mailbox on clients as well as on server and so it
makes the management of e-mails difficult.
IMAP
IMAP stands for Internet message access protocol. This protocol is also used to
access e-mails but it is far more capable than POP. One of the most prominent
feature an IMAP server provides is the central access to e-mails. Unlike POP server,
an IMAP server keeps the e-mails on the server itself and so you can access e-mails
from any machine or device.
This server also provides easy management of e-mails like searching, categorizing the
e-mails and placing them into various sub-folders etc. The only problem that one
could imagine with IMAP server is that you always need an Internet connection so
that the e-mail client is able to fetch e-mails from the IMAP server. But today, almost
all of the e-mail clients have the capability to cache the e-mails so that you can even
view them when you are offline.
To interact with IMAP server, the e-mail client connects to server machine on port
143. As with POP, IMAP server also understands a set of commands which the e-mail
client uses to connect with the server.
An e-mail client like Gmail, yahoo, outlook etc is used to create or reply to an
e-mail.
Once the e-mail is drafted successfully, it is sent using the e-mail client.
This e-mail first goes to the SMTP server (also known as MTA (Mail transfer
agent) ) to which the e-mail client is connected.
The e-mail server looks out for the recipients address. The address is of the
form <name>@domain.com
The e-mail server first uses the DNS technique to resolve the domain name
into a valid IP address.
Now the e-mail traverses over the Internet in a series of IP packets and
reaches the destination SMTP server or the MTA.
This server collects all the e-mails and places them to appropriate location so
that these are accessible to your e-mail clients through POP or IMAP services.
What is Servlet ?: A Servlet is a Java program that runs within a servlet container. Servlets
receive and respond to requests from Web clients. Servlets could in principle communicate
over any clientserver protocol, but they are most often used with the HTTP protocol. Thus
"servlet" is often used as shorthand for "HTTP servlet". As every object is having a life-cycle
so as of servlet instance.
The life-cycle of a servlet is controlled by the container in which the servlet has been
deployed. Life cycle of servlet can be broadly divided into three stages :
1. Initialization stage - init() Executed only once
2. Service stage service() - For each request
3. Destroy stage. destroy() - Executed only once
We can represent all three method executing in servlet container as follows :
}
Here is a visual explanation of Instantiation phase, in layman terminology.
Notes :
init() is not the entry point of a servlet. servlet constructor is executed before
execution of init() but it is not recommended to use constructor for any Servlet. why?
Find here
The container would decide how many instances of servlet would be instantiated
upfront to cater the requests.This is container implementation..(Confused !! But it's
fact)
2. Service phase : In this stage for every new request a new thread is created or allocated
from a pool to invoke that servlet instance which was created in earlier stage . The
HttpRequest and HttpResponse objects will be new for each new request.
How HTTP request coming from web client is served by servlet ?
On request arrival web container(servlet container) calls service() method of servlet and the
service() method determines the kind of request and calls the appropriate method (doGet() or
doPost() for handling the request and sends response to the client using response object.
HttpServlet(javax.servlet.http.HttpServle) class reads the HTTP request(coming from client),
and determines if the request is an HTTP GET, POST, PUT, DELETE, HEAD etc. and calls
one the corresponding method.
Notes :
It is important to note that each request is served by a new thread if and only if our
servlet is not implementing SingleThreadModel interface. It is not recommended to
use SingleThreadModel interface.
Is servlet threadsafe ? Answer is : No, but we can make by it thread-safe by following
some standard so that it can serve multiple request in thread safe manner.
3. Destroy phase : When a servlet is unloaded by the servlet container, its destroy()
method is called. It is executed only once in servlet life cycle. A servlet is unloaded by the
container if the container shuts down, or if the container reloads the whole web
application at run-time.
What is servlet? Explain the various merits of it over CGI (8)- Nov-12
Servlets are server side components that provides a mechanism for developing
server web applications for server side.
Earlier CGI was developed to provide server side Capabilities to the web
applications, But due to its Performance, Scalability and Reusability issues, Servlets
are preferred.
Java Servlets overcome all the issues of CGI ( Common Gateway Interface ).
Servlets are built from ground up using Sun's Write one run
anywheretechnology, java servlets provide excellent framework for server side
processing.
Web Developers can create fast & efficient server side applications using java
servlets and can run it on any web server which is servlet compatible.
since servlets runs on server side, it does not check for Browser Compatibility.
1) Platform Independent
Platform Independence plays a major in the field where there are numerous
number of web servers available to choose from.
Servlets are written entirely in java, due to which they are platform
independent.
2) Performance
Due to interpreted nature of java, programs written in java are slow. But java
servlets run very fast. it is because the way servlets run on web server.
For any program Initialization takes significant amount of time in its life
cycle. But in case of servlets initialization takes place only once when it receives the
first request & remains in memory till times out or server shuts down's.
Once servlet is initialized & loaded, to handle a new request it simply creates
a new thread and runs service method of servlet.
java servlets take all java's advantages to provide the ideal solution.
4) Safety
Java provides very good safety feature's like Memory management, Exception
handling etc.
Servlets inherit all these features & had emerged as a very powerful web
server extension.
5) Security
Since servlets are server side Components, it inherits the security of server.
Servlets are also benefited with java security manager, provided by web
server.
(8) may 15
Tunneling, also known as "port forwarding," is the transmission of data intended for use only
within a private, usually corporate network through a public network in such a way that the
routing nodes in the publicnetwork are unaware that the transmission is part of a
private network.
Information that flows over the Internet, or between any two digital devices, does so using protocols.
These protocols divide the message into different parts (usually two): One containing the actual data
being transmitted, and one containing information regarding the rules of the transmission. In order
for a connection to be established, both sides have to understand and use the same communication
protocol. A tunneling protocol is one that encloses in its datagram another complete data packet that uses a
different communications protocol. They essentially create a tunnel between two points on a network that
can securely transmit any kind of data between them.
Generally, these types of protocols are used to send private network data over a public network, usually
when creating a virtual private network (VPN), but can also be used to increase the security of unencrypted
data when it is sent over a public network. There are a number of popular tunneling protocols, such as
Secure Socket (SSH), Point-to-Point Tunneling (PPTP) and IPsec, with each being tailored for a different
specific tunneling purpose.
Because tunneling protocols hide a complete packet within the datagram, there is the potential for misuse.
Tunneling is often used to get past unsophisticated or poorly configured firewalls by enclosing blocked
protocols within protocols that the firewall allows through. The use of tunneling protocols also makes it
difficult to complete tasks such as deep packet inspection, where network infrastructure looks at the
datagram for suspicious data, or ingress/egress filtering, which sanity-checks data destination addresses to
help ward off potential attacks. There are even reports of malware being transmitted using the new IPv6
technology, which has to use tunneling to transmit to or through devices that aren't IPv6-ready.
As a potential threat, tunneling protocols only need to be on the radar of networking or IT professionals, who
have to ensure their systems can block unwanted tunnels and are configured to apply security protocols to
data sent in using a known tunnel, like data sent through a VPN.
(b) Why is web maintenance is required? Explain the methods of maintaining the web. (7)
may-15
The World Wide Web (WWW) is a system for exchanging information over the
Internet. At the most basic level, the Web can be divided into two principal
components: Web servers, which are applications that make information
available over the Internet (in essence, publish information), and Web browsers
(clients), which are used to access and display the information stored on the Web
servers
Unfortunately, Web servers are often the most targeted and attacked hosts on organizations networks.
As a result, it is essential to secure Web servers and the network infrastructure that supports them. The
following are examples of specific security threats to Web servers:
Malicious entities may exploit software bugs in the Web server, underlying operating system, or
active content to gain unauthorized access to the Web server. Examples of this unauthorized
access include gaining access to files or folders that were not meant to be publicly accessible
(e.g., directory traversal attacks) and being able to execute commands and/or install software on
the Web server.
Denial of service (DoS) attacks may be directed to the Web server or its supporting network
infrastructure, denying or hindering valid users from making use of its services.
Sensitive information on the Web server may be read or modified without authorization.
Sensitive information on backend databases that are used to support interactive elements of a Web
application may be compromised through command injection attacks (e.g., Structured Query
Language [SQL] injection, Lightweight Directory Access Protocol (LDAP) injection, cross-site
scripting [XSS]).
Sensitive information transmitted unencrypted between the Web server and the browser may be
intercepted.
Information on the Web server may be changed for malicious purposes. Web site defacement is a
commonly reported example of this threat.
Malicious entities may gain unauthorized access to resources elsewhere in the organizations
network via a successful attack on the Web server.
Malicious entities may attack external entities after compromising a Web server host. These attacks
can be launched directly (e.g., from the compromised host against an external server) or indirectly
(e.g., placing malicious content on the compromised Web server that attempts to exploit
vulnerabilities in the Web browsers of users visiting the site).
The server may be used as a distribution point for attack tools, pornography, or illegally copied
software.
These indirect attacks occur in two forms:
Phishing, where attackers use social engineering to trick users into logging into a fake site
Pharming, where Domain Name System (DNS) servers or users host files are compromised to
redirect users to a malicious site in place of the legitimate site.
The following key guidelines are recommended to Federal departments and agencies for maintaining
a secure Web presence.
Organizations should carefully plan and address the security aspects of
the deployment of a public Web server.
Organizations should implement appropriate security management
practices and controls when maintaining and operating a secure Web
server.
Organizations should ensure that
systems
Establish an organizational-wide documented formal policy and process for approving public
Web content that
Identifies information that should be published on the Web
Maintain Web user privacy
Mitigate(ie avoid) indirect attacks on content
Client-side active content security considerations
Maintain server-side active content security
Perform logging
Perform Web server backups
Recover from a compromise
Test security
Conduct remote administration and content updates
Demilitarized Zone
A demilitarized zone (DMZ) describes a host or network segment inserted as a neutral zone
between an organizations private network and the Internet. It prevents outside users of the Web server
from gaining direct access to an organizations internal network (intranet). A DMZ mitigates the risks
of locating a Web server on an internal network or exposing it directly to the Internet. It is a
compromise solution thatoffers the most benefits with the least amount of risk for most organizations.
The DMZ allows access to the resources located within it to both internal and external users. There
are a wide variety of DMZ configurations, each with its own strengths and weaknesses.
Creating a DMZ involves placing a firewall between an organizations border router and its internal
network, and creating a new network segment that can only be reached through the DMZ device. The
Web server is placed on the new segment, along with other network infrastructure components and
servers that need to be externally accessible. In some configurations, the border router itself may act
as a basic firewall. Figure 8-1 illustrates an example of this simple DMZ using a router with access
control lists (ACL) to restrict certain types of network traffic to and from the DMZ.
Figure 8-
A single-firewall DMZ is a low-cost approach because the organization needs only to add a single
firewall and use its existing border router to provide protection to the DMZ. It is usually appropriate
only for small organizations that face a minimal threat. The basic weakness in the approach is that
although the router is able to protect against most network attacks, it is not aware of the Web server
application layer protocols (e.g., HTTP) and thus cannot protect against application layer attacks
aimed at the Web server. A superior approach is to add a second firewall between the Internet and the
DMZ, as shown in Figure 8-2.
Figure 8-2. Two-Firewall DMZ
Dynamic typing
JavaScript is a loosely typed or a dynamic language. That means you don't have to declare the
type of a variable ahead of time. The type will get determined automatically while the program
is being processed. That also means that you can have the same variable as different types:
var foo = 42; // foo is now a Number
var foo = "bar"; // foo is now a String
var foo = true; // foo is now a Boolean
Data types
o
o
o
o
o
o
Primitive values
All types except objects define immutable values (values, which are incapable of being
changed). For example and unlike to C, Strings are immutable. We refer to values of these
types as "primitive values".
Boolean type
Boolean represents a logical entity and can have two values: true, and false.
Null type
The Null type has exactly one value: null. See null and Null for more details.
Undefined type
A variable that has not been assigned a value has the value undefined.
See undefined and Undefinedfor more details.
Number type
According to the ECMAScript standard, there is only one number type: the double-precision
64-bit binary format IEEE 754 value (number between -(253 -1) and 253 -1). There is no
specific type for integers. In addition to being able to represent floating-point numbers, the
number type has three symbolic values: +Infinity, -Infinity, and NaN (not-a-number).
To check for larger or smaller values than +/-Infinity, you can use the
constants Number.MAX_VALUE or Number.MIN_VALUE and starting with ECMAScript 6, you
are also able to check if a number is in the double-precision floating-point number range
using Number.isSafeInteger() as well
asNumber.MAX_SAFE_INTEGER and Number.MIN_SAFE_INTEGER . Beyond this range,
numbers in JavaScript are not safe anymore.
The number type has only one integer that has two representations: 0 is represented as -0 and
+0. ("0" is an alias for +0). In the praxis, this has almost no impact. For example +0 ===
-0 is true. However, you are able to notice this when you divide by zero:
> 42 / +0
Infinity
> 42 / -0
-Infinity
Although a number often represents only its value, JavaScript provides some binary operators .
These can be used to represent several Boolean values within a single number using bit
masking. This is usually considered a bad practice, however, JavaScript offers no other means
to represent a set of Booleans (like an array of Booleans or an object with Boolean values
assigned to named properties). Bit masking also tends to make code more difficult to read,
understand, and maintain. It may be necessary to use such techniques in very constrained
environments, like when trying to cope with the storage limitation of local storage or in extreme
cases when each bit over the network counts. This technique should only be considered when
it is the last measure that can be taken to optimize size.
String type
JavaScript's String type is used to represent textual data. It is a set of "elements" of 16-bit
unsigned integer values. Each element in the String occupies a position in the String. The first
element is at index 0, the next at index 1, and so on. The length of a String is the number of
elements in it.
Unlike in languages like C, JavaScript strings are immutable. This means that once a string is
created, it is not possible to modify it. However, it is still possible to create another string based
on an operation on the original string. For example:
Strings are easy to debug (what you see printed is always what is in the string).
Strings are the common denominator of a lot of APIs (input fields , local
storage values,XMLHttpRequest responses when using responseText, etc.) and it can be
tempting to only work with strings.
With conventions, it is possible to represent any data structure in a string. This does not make
it a good idea. For instance, with a separator, one could emulate a list (while a JavaScript array
would be more suitable). Unfortunately, when the separator is used in one of the "list"
elements, then, the list is broken. An escape character can be chosen, etc. All of this requires
conventions and creates an unnecessary maintenance burden.
Use strings for textual data. When representing complex data, parse strings and use the
appropriate abstraction.
Symbol type
Symbols are new to JavaScript in ECMAScript Edition 6. A Symbol is
a unique and immutable primitive value and may be used as the key of an Object property
(see below). In some programming languages, Symbols are called atoms. You can also
compare them to named enumerations (enum) in C. For more details see Symbol and
the Symbol object wrapper in JavaScript.
Objects
In computer science, an object is a value in memory which is possibly referenced by
an identifier.
Properties
In JavaScript, objects can be seen as a collection of properties. With the object literal syntax , a
limited set of properties are initialized; then properties can be added and removed. Property
values can be values of any type, including other objects, which enables building complex data
structures. Properties are identified using key values. A key value is either a String or a Symbol
value.
There are two types of object properties which have certain attributes: The data property and
the accessor property.
Data property
Associates a key with a value and has the following attributes:
Attributes of a data property
Attribute
Type
Description
[[Value]]
[[Writable]]
Boolean
Default value
undefined
[[Enumerable]] Boolean
false
false
can't be changed.
Obsolete attributes (as of ECMAScript 3, renamed in ECMAScript 5)
Attribute
Type
Description
Read-only
Boolean
DontEnum Boolean
DontDelete Boolean
Accessor property
Associates a key with one or two accessor functions (get and set) to retrieve or store a value
and has the following attributes:
Attributes of an accessor property
Description
Default
Attribute
Type
[[Get]]
value
[[Enumerable]] Boolean
[[Configurable]] Boolean
false
false
It is the attachment to the e-mail that contains the potential hazard. If the attachment came
from an unknown sender either unexpected or unsolicited, the best decision would be to
delete the e-mail without opening it. If the e-mail is from a known and trusted source, but did
not expect an attached file from that source, you may want to contact the sender to confirm
that the attachment is legitimate.
Avoid forwarding e-mail attachments unless you first scan the attachment for
viruses
If you have an anti-virus program that scans all incoming e-mail attachments, or if you can
scan the attachment after it arrives, then it is probably safe to forward the attachment.
Otherwise, do not forward the attachment.
If the subject line or the body of an e-mail states that the attachment is a certain type of file or
the file icon implies a certain type of file and the file extension does not match, delete the
file.
If you trust the sender, contact that person to determine what you were supposed to have
received.
In a worst case scenario, a virus may corrupt or destroy data on one or more files. Regular
backups will allow you to recover more easily in the event that a virus damages your files.
A file that contains only data will not carry a virus since a virus has to have some kind of
executable code. For example, files ending with the extension .txt, .csv, .gif, .jpg, .mp3, .wav
are common data files that would not have executable code.
Files ending in .doc, .xls, .exe, and even .htm may have executable code and could potentially
carry a virus.
Computer users must keep their antivirus and anti-spyware applications up to date. All
Windows users must take measures to prevent license expiration, thereby ensuring that their
anti-malware programs stay current and continue providing protection against the most recent
threats. Those threats now spread with alarming speed, thanks to the popularity of such social
media sites as Twitter, Facebook, and My Space.
5: Disable autorun
Many viruses work by attaching themselves to a drive and automatically installing
themselves on any other media connected to the system. As a result, connecting any network
drives, external hard disks, or even thumb drives to a system can result in the automatic
propagation of such threats.
Computer users can disable the Windows autorun feature by following Microsoft's
recommendations, which differ by operating system. Microsoft Knowledge Base articles
967715 and 967940 are frequently referenced for this purpose.
Users should never click on email attachments without at least first scanning them for viruses
using a business-class anti-malware application. As for clicking on links, users should access
Web sites by opening a browser and manually navigating to the sites in question.
8: Surf smart
Many business-class anti-malware applications include browser plug-ins that help protect
against drive-by infections, phishing attacks (in which pages purport to serve one function
when in fact they try to steal personal, financial, or other sensitive information), and similar
exploits. Still others provide "link protection," in which Web links are checked against
databases of known-bad pages.
Whenever possible, these preventive features should be deployed and enabled. Unless the
plug-ins interfere with normal Web browsing, users should leave them enabled. The same is
true for automatic pop-up blockers, such as are included in Internet Explorer 8, Google's
toolbar, and other popular browser toolbars.
Regardless, users should never enter user account, personal, financial, or other sensitive
information on any Web page at which they haven't manually arrived. They should instead
open a Web browser, enter the address of the page they need to reach, and enter their
information that way, instead of clicking on a hyperlink and assuming the link has directed
them to the proper URL. Hyperlinks contained within an e-mail message often redirect users
to fraudulent, fake, or unauthorized Web sites. By entering Web addresses manually, users
can help ensure that they arrive at the actual page they intend.
But even manual entry isn't foolproof. Hence the justification for step 10: Deploy DNS
protection. More on that in a moment.
Another worry is Web sites that distribute infected programs, applications, and Trojan files.
Still another threat exists in the form of poisoned DNS attacks, whereby a compromised DNS
server directs you to an unauthorized Web server. These compromised DNS servers are
typically your ISP's systems, which usually translate friendly URLs such as yahoo.com to
numeric IP addresses like 69.147.114.224.
Users can protect themselves from all these threats by changing the way their computers
process DNS services. While a computer professional may be required to implement the
switch, OpenDNS offers free DNS services to protect users against common phishing,
spyware, and other Web-based hazards.
.How will you add audio and video in a web page? (7) Nov- 13
Sound Files
You can also link sound files to your web page. You can either
record your own sound file (using a program like SoundEdit--),
or link to a sound file at another web site
Example 1: This is a <a href="willkommen.au"> greeting</a> in
German!
Example 2: Another <a href="http://www.dfki.unisb.de/imedia/herzog/noise/willkommen.au"> German greeting!</a>
1.
2.
3.
4.
src - URL
loop no of times the audio will play
balance balance b/w left & right speakers (-10000 to 10000)
volume volume of the audio clip (-10000 to 0)
Using <img> element dynsrc property we can add video files to a web
page by specifying
URL of video file to the dynsrc property, the other properties are
users can control the video playback. Other attributes enable you to set the source file,
add a placeholder image, or start playing the video automatically. Like most HTML
elements, you can use Cascading Style Sheets (CSS) to style and position the element.
The syntax for the HTML5 element is:
HTML
<video src="demo.mp4" controls autoplay >HTML5 Video is required for this
example</video>
For a single line of code, this example enables you to accomplish several things.
The src attribute points to the video file to play. The src attribute provides one of two
ways to specify content for the video element. To play your video, assign
the src attribute to the URL of a video file.
The controls attribute tells the browser to display the built-in playback controls. The
built-in controls can differ in function and look between browsers. At a minimum, you
should see Play and Pause controls, a progress bar or buttons that skip forward or
backward in the video, and a time counter. While a video is playing, the controls are
usually hidden and then reappear when the user hovers their mouse over the player.
Finally, the autoplay is a Boolean attribute that causes the video to play as soon as it
loads.
Attrib
ute
Description
src
contro Boolean attribute that turns on a set of built-in playback controls. This
ls
typically includes play, pause, seek, and set volume. Internet Explorer 10
also displays a control for choosing multiple audio and text tracks.
loop
Boolean attribute that replays the video repeatedly until the pause
button on the controls is pressed, or the pause method is called from
script.
muted Boolean attribute that plays video with the audio track turned off.
autopl Boolean attribute that starts playing the video automatically after the
ay
player has enough content buffered.
preloa Boolean attribute that defines a hint to how much buffering is needed.
d
width
Note If you set only one dimension of the video player, height for example, the video
player sizes the video to that dimension and scales the other dimension based on the
aspect ratio of the video content. If you set both dimensions to an aspect ratio that
doesn't match the video content, the player scales the closest dimension to fit, but it
maintains its aspect ratio. The video will be centered either horizontally or vertically with
blank space on either side.
This next example plays a video, displays a poster until content is loaded, repeatedly
plays a video with playback controls.
HTML
<video src="demo.mp4" controls autoplay loop muted preload="auto"
poster="demo.jpg" >
HTML5 Video is required for this example
</video>
What is a CGI Script? Why is PERT used for CGI? Explain how a CGI script
Is written and executed in PERL (15)
What Is CGI?
As you traverse the vast frontier of the World Wide Web, you will come across
documents that make you wonder, "How did they do this?" These documents could
consist of, among other things, forms that ask for feedback or registration
information, imagemaps that allow you to click on various parts of the image,
counters that display the number of users that accessed the document, and utilities
that allow you to search databases for particular information. In most cases, you'll
find that these effects were achieved using the Common Gateway Interface,
commonly known as CGI.
One of the Internet's worst-kept secrets is that CGI is remarkably simple. That is,
it's trivial in design, and anyone with an iota of programming experience can write
rudimentary scripts that work. It's only when your needs are more demanding that
you have to master the more complex workings of the Web. In a way, CGI is easy
the same way cooking is easy: anyone can toast a muffin or poach an egg. It's only
when you want a Hollandaise sauce that things start to get complicated.
CGI is the part of the Web server that can communicate with other programs
running on the server. With CGI, the Web server can call up a program, while
passing user-specific data to the program (such as what host the user is connecting
from, or input the user has supplied using HTML form syntax). The program then
processes that data and the server passes the program's response back to the Web
browser.
CGI isn't magic; it's just programming with some special types of input and a few
strict rules on program output. Everything in between is just programming. Of
course, there are special techniques that are particular to CGI, and that's what this
book is mostly about. But underlying it all is the simple model shown in Figure 1.1.
Figure 1.1: Simple diagram of CGI
What is a CGI Script? Why is PERT used for CGI? Explain how a CGI script
Is written and executed in PERL (15) Nov- 11
Each word in the acronym, "Common Gateway Interface," helps to understand the
interface:
CGI applications can perform nearly any task that your imagination can think up.
For example, you can create web pages on-the-fly, access databases, hold telnet
sessions, generate graphics, and compile statistics.
The basic concept behind CGI is pretty simple, however, actually creating CGI
applications is not. That requires real programming skills. You need to be able to
debug programs and make logical connections between one idea and another. You
also need to have the ability to visualize the application that you'd like to create.
This chapter and the next, "Form Processing," will get you started with CGI
programming. If you plan to create large applications, you might want to look at
Que's "Special Edition, Using CGI".
Why use Perl for CGI?
Perl is the de facto standard for CGI programming for a number of
reasons, but perhaps the most important are:
I can move more quickly from task to task, without the frustration that can
sometimes arise from debugging compiled programs. Of course not any interpreted
language will do. Perl has the distinct advantage of having an extremely rich and
capable functionality.
Note : Give any eg program in PERL
Listing 19.1-19LST01.PL - A Very Small CGI Program
#!/usr/local/bin/perl -w
use strict;
Write a program using CGI script to display current date and explain how CGI works.
May-15
(15)
This Perl CGI script will print the current date on a web page. The script can be
called using SSI. Example:
<!--#exec cgi="/cgi-bin/script.cgi"-->
Or:
<!--#include virtual="/cgi-bin/script.cgi"-->
The Perl CGI script below will print the day of the week and the month name as part
of the date. Example: Saturday, May 5, 2016
#!/usr/bin/perl
use strict;
print "Content-type:text/html\n\n";
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,
$isdst) = localtime;
my @weekday = qw(Sunday Monday Tuesday Wednesday
Thursday Friday Saturday);
my @month = qw(January February March April May
June July August September October November
December);
$year += 1900;
print "$weekday[$wday], $month[$mon] $mday, $year";
exit;
This Perl CGI script will print the date in m/d/y format. Change the output order and
delimiting characters to suit your own date format preferences. Example: 5/7/2016
#!/usr/bin/perl
use strict;
print "Content-type:text/html\n\n";
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,
$isdst) = localtime;
$year += 1900;
$mon++;
print "$mon/$mday/$year";
exit;
The output of this Perl CGI script is similar to the above except it will print the day
and month as two digits, prepended with a 0 (zero) if necessary. It will print the date
in mm/dd/yyyy format. Change the output order and delimiting characters to suit your
own date format preferences. Example: 05/07/2016
Advantages of CGI:
- Platform independence: Most web servers support CGI, including
Unix: Apache, Netscape, NCSA, and CERN
Windows NT: Netscape, Microsoft IIS, and OReilly WebSite
Macintosh: WebStar
- Language independence: (Perl, TCL, C, C++ Visual Basic, AppletScript,
Java)
- Scalability: The simplicity of the CGI interface means that it is extremely
scalable.
For example, suppose you have a form that lets people comment on your Web
pages. You want the comments emailed to you and you want to automatically
generate a page and send it back to your reader.
1. The reader fills out your form and clicks the "Submit" button.
The <FORM> tag in your page might look like this:
<FORM METHOD="POST" ACTION="/cgi-bin/myprog">
The METHOD controls how the information typed into the form is
passed to your program. It can be "GET" or "POST"
The ACTION determines which program should be run
Note : These points are for disadvantages of CGI, if asked you write
otherwise you leave it
The limitation and problems of CGI
Problems:
- Performance
Every time a user requests a CGI script, the server must launch the
CGI program, which takes processor time.
When the CGI program is written in an interpreted language like Perl,
then the program must run the entire Perl interpreter, and compile
the program before it can be run, which takes even more processor time.
For busy web sites running complex applications, the performance
problem become critical issue.
- It is free. --> not easy to sell the web server products with free software.
- Not good to interact with database.(connecting issue)
- Not flexible or powerful to generate dynamic HTML pages.
Explain how XML parser works. Write a XML document for displaying the contact details
(address,e-mail, mobile no, etc)? (15) Nov 13
XML parser
It is a software library (or a package) that provides methods (or interfaces)
for client applications to work with XML documents
It checks the well-formattedness
It may validate the documents
It does a lot of other detailed things so that a client is shielded from that
complexities
Dom Parsers
A DOM document is an object containing all the information of an XML
document
It is composed of a tree (DOM tree) of nodes , and various nodes that are
somehow associated with other nodes in the tree but are not themselves
part of the DOM tree
There are 12 types of nodes in a DOM Document object
Document node
Element node
Text node
Attribute node
Processing instruction node
.
Sample XML document ( here you have to give . Write a XML document for
<squre color=BLUE>
<length> 20 </length>
</squre>
</shapes>
Disadvantage:
(1) It is memory inefficient
(2) It seems complicated, although not really
SAX parsers
It does not first create any internal structure
Client does not specify what methods to call
Client just overrides the methods of the API and place his own code inside
there
When the parser encounters start-tag, end-tag,etc., it thinks of them as
events
Advantage:
(1) It is simple
(2) It is memory efficient
(3) It works well in stream application
Disadvantage:
The data is broken into pieces and clients never have all the information as a
whole unless they create their own data structure
Cascading Style Sheet (CSS): originally used to support HTML, has been
extended to support XML.
XML Style Language (XSL): supports advanced styling for XML documents,
such as creating a table of contents. XSL is organized in two parts: XSLT (XSL
Transformation) and XSLFO (XSL Formatting Objects).
xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns="http://www.w3.org/TR/REC-html40"
version="1.0">
......
</xsl:stylesheet>
The bulk of the style sheet is a list of XSL template for matching with the source
element and produce the target document. For example,
<xsl:template match="address-book/person">
<H2><xsl:apply-templates/></H2>
</xsl:template>
Since XML does not have a fixed set of elements, the name of the element cannot
be used to locate links. Instead, XML processors identify links by recognizing
the XML-LINK attribute. Other attributes can be used to provide additional
information to the XML processor. An attribute renaming facility exists to work
around name collisions in existing applications.
Two of the attributes, SHOW and ACTUATE allow you to exert some control over the
linking behavior. The SHOW attribute determines whether the document linked-to is
embeded in the current document, replaces the current document, or is displayed in
a new window when the link is traversed.ACTUATE determines how the link is
traversed, either automatically or when selected by the user.
Some applications will require much finer control over linking behaviors. For
those applications, standard places are provided where the additional semantics
may be expressed.
Simple Links
A Simple Link identifies a link between two resources, one of which is the content
of the linking element itself. This is an in-line link.
The locator identifies the other resource. The locator may be a URL, a query, or
an Extended Pointer.
Extended Links
Extended Links allow you to express relationships between more than two
resources:
<ELINK XML-LINK="EXTENDED" ROLE="ANNOTATION">
<LOCATOR XML-LINK="LOCATOR" HREF="text.loc">The Text</LOCATOR>
<LOCATOR XML-LINK="LOCATOR" HREF="annot1.loc">Annotations</LOCATOR>
<LOCATOR XML-LINK="LOCATOR" HREF="annot2.loc">More Annotations</LOCATOR>
<LOCATOR XML-LINK="LOCATOR" HREF="litcrit.loc">Literary Criticism</LOCATOR>
<ELINK>
This example shows how the relationships between a literary work, annotations,
and literary criticism of that work might be expressed. Note that this link is
separate from all of the resources involved. The semantics of extended links
depend on the application, but another example following the discussion of
Extended Pointers will demonstrate how extended links can be used to add links to
read-only resources.
Extended Links can be in-line, so that the content of the linking element other than
the locator elements, participates in the link as a resource, but that is not
necessarily the case. The example above is an out-of-line link because it does not
use its content as a resource.
Develop a program in XML to create three buttons and link them to a web page
(www.google.com),xml file (create_links.xml), and word document (market_planning.doc).
(15) - May -15
<!DOCTYPE html>
<html>
<body>
<p>Click the button to create a "class" attribute with the value "www.google.com"
and insert it to the a element above.</p>
<script>
function myFunction() {
var anchor = document.getElementById("myAnchor");
var att = document.createAttribute("href");
att.value = "http:// www.google.com ";
anchor.setAttributeNode(att);
}
</script>
<a id="myAnchor2">A Link: create_links.xml </a>
<p>Click the button to create a "class" attribute with the value " create_links.xml "
and insert it to the a element above.</p>
<script>
function myFunction2() {
var anchor = document.getElementById("myAnchor2");
var att = document.createAttribute("href");
att.value = "http:// create_links.xml ";
anchor.setAttributeNode(att);
}
</script>
<a id="myAnchor3">A Link: www. market_planning.doc </a>
<p>Click the button to create a "class" attribute with the value "www.
market_planning.doc " and insert it to the a element above.</p>
<script>
function myFunction3() {
var anchor = document.getElementById("myAnchor3");
var att = document.createAttribute("href");
</body>
</html>