The Internet: Co-Evolution of Technology and Society
CPSC 156a, Fall 2003
HW2: A Glimpse at the Server Side
1a. Logistics
-
The second homework assignment (HW2) is due at 5 p.m. on
October 9, 2003.
-
Late homeworks will not be accepted without Deans' excuses.
-
Submit all homeworks online. Homework
submission instructions are on the class website.
-
Please address questions about HW2 to the TAs, Wesley
Maness and
kevin DOT chang AT yale DOT edu
.
1b. Introduction
In
HW1, you were introduced to the client side of HTML forms.In
HW2, you will see a little bit of what happens on the server-side when
a user submits an HTML form and will test your understanding of a few of
the Internet-protocol concepts that were discussed in class.
Please
be patient as you read through these instructions for HW2. They are
long, and there are several new technical terms introduced, but HW2 is
actually a fairly easy assignment. It will count for 10% of your
overall course grade, in contrast to other HW assignments and the two in-class
exams, each of which will count for 15%.
As
explained in HW1, client-side forms generally link to a server-side program
called a script that allows the user to enter data. Actually, there
are often at least three important server-side programs that are run when
a user enters some data by pressing a Submit button on a client-side form:
the script that the client-side form links to, the web-server system itself,
and one or more application programs that process the data entered in a
manner that makes sense in context; for example, if the form submitted
is an order form, then one of the application programs run in this context
might be an inventory system that checks whether the merchandise ordered
is available. In this HW assignment, the application program that
will be run is a database-management system called MySQL; it is explained
briefly in the section 1c below.
The
web-server system software that is being used in this assignment is Apache,
the most popular web-server system in use today. Anyone running a
web-server needs Apache or one of the competing server systems to provide
the overall framework for the server. The web-server system basically
manages all of the server-side activity in an enterprise; in particular,
it stores web pages and other data files, it stores and runs scripts, application
programs (such as MySQL), and other executable files, and it provides links
to other machines that store relevant data and programs.
A
script is a program that facilitates client-side requests for server-side
action. In this assignment, the script is responsible for receiving
raw data that are entered on the client-side, parsing these data (i.e.,
extracting the parts that are meaningful in context and formatting them
so that they can be processed), feeding the data to the database application,
generating a "transcript" of the client-server interaction and the results
produced by the database application, and sending the transcript to the
client so that it can be displayed for the user. ("Transcripts" are
explained in section 1d below.)
In
this assignment, the script, the web-server system, and the application
program are all running on the same host machine, namely lab.zoo.cs.yale.edu.
In general, this will not be the case; organizations often dedicate
one or more machines completely to web-server activity, and these servers
communicate with other machines that perform other functions.
1c. The database
In
HW2, the server-side application program that will be run is a database-management
system called MySQL.
Database-management systems (dbmss) are one
of the most important and ubiquitous types of software systems in use today;
they allow organizations and individuals to store, retrieve, update, and
modify their essential information, and most large organizations could
not function without them. Using a dbms,
an organization creates and uses adatabase,
which is a collection of one or more related tables.Each
table contains a set of records,
the meaning of which depends on the natures of the particular database
and the organization that owns it. Users retrieve records from databases
by submittingqueries, i.e., questions
expressed in a formal language that is understood by the dbms.
The
database in HW2 is just about the simplest one possible: It contains just
one table, in which each record contains the name of a student enrolled
in a fictitious course called Biology 101 and that students grades on
each assignment and exam in the course. Hereinafter, we will refer succinctly
to both the Biology 101 database and the one table in it as the DB.
An
important part of what you will do in HW2 is submit
queries to the DB using the form that we have provided: http://lab.cs.yale.edu/cs156/QF.html
(hereinafter referred to succinctly as QF.html). We
suggest that you submit one now.Display the form
QF.html in your browser,
select Assignment 1, select display all student records containing a grade
equal to or lower than the value entered on the exam or assignment chosen,
enter the number 100 in the Grade-Value box,
and press the Submit form button at the bottom.A
lot of information will then be displayed in your browser window; most
of it will be explained in Section 1.d. below.For
now, scroll down to the bottom of your browser window; the entire contents
of the DB should be displayed.This is because the
query you submitted asked for the records of all students who got a grade
lower or equal to 100 on Assignment 1, and of course that includes all
students: Any grade entered on QF.html
must be an integer between 0 and 100; otherwise an error message will be
displayed.
In
practice, a complete database for an introductory biology course would
contain more than this one table of grades. Other tables might contain
TAs and the students in their sections, laboratory exercises and the materials
needed for them, HW and exam questions and solutions from previous years,
etc. However, CPSC156a is not a course about databases, and so this
one table suffices for our purposes.
1d. The transcript
The transcriptis
the page displayed in your browser after you press the Submit button on
the QF.html form.
Here are descriptions of the fields in
a transcript.
-
Form
processed on server at: The date and time at which this query form
was processed
-
Raw
form content: Uninterpreted, or "raw," data submitted on the query
form
-
Parsed
form content: Data submitted on the query form after they
have been parsed by the script
-
HTTP
session variables:
-
HTTP_HOST: Name
of the machine, or "host," on which the script is stored and run
-
HTTP_USER_AGENT:
Information about the "user agent" (usually but not always a browser) in
which requests and responses are displayed on the client machine.
-
REMOTE_ADDR: IP
address of the client
-
REQUEST_METHOD: HTTP
command used to send data and action requests from the client to the server
-
SCRIPT_FILENAME:
Location and name of the script
-
SERVER_ADDR: IP address
of the server
-
SERVER_SIGNATURE: Web-server
system name, version, and location
-
Accessing
database: Report of a successful database access or an error message
in the case of a failure to gain access
-
Results:
Data produced by a successful database query or an error message in the
case of a malformed query
1e. Hidden form
items
In
HW1, you were introduced to several types of form items. Here, you
will see another type, namely hidden form
items. An item of type "hidden" is used only to convey a fixed piece
of data from the client to the server; it does not cause the user to be
asked to give an input. If you are designing a web form that has
to send from the client to the server a value that
you know at the time you design the form, you can store that value
in a hidden form item. If, on the other hand, there is a value
that can only be supplied by the user, you must use a type of form
item that prompts the user to enter that value in the browser. In
particular, hidden form items can be used to spare users from having to
re-enter the same fixed value every time they use the form.
QF.html
contains several hidden form items that you should be aware of; you
will have to understand them to do this assignment and will have to modify
some of them.
Form items:
-
<input
type="hidden" name="database" value="cs156">
-
<input
type="hidden" name="table" value="students">
-
<input
type="hidden" name="host" value="lab.zoo.cs.yale.edu">
-
<input
type="hidden" name="userName" value="wcm4">
-
<input
type="hidden" name="password" value="vinson">
-
<input
type="hidden" name="displaySessionInfo" value="Y">
-
<input
type="hidden" name="displayFormContent" value="Y">
Form item definitions:
-
database - Name of the database
to search
-
table - Name of the table
to be searched
-
host
- Name of the host on which the database is stored
-
username - Login name of an
authorized user of this database
-
password - Password for this
authorized user
-
displaySessionInfo - Y if the
HTTP session variables in the transcript are to be displayed on the client-side
after the Submit-query button is pressed; N if they are not to be displayed
-
displayFormContent - Y
if the parsed form content in the transcript is to be displayed on the
client-side after the Submit-query button is pressed; N if it is not to
be displayed
2. Homework questions
-
Question 1 (24 points): Use query form QF.html
three times to submit three different correct
queries to the DB. The three transcripts produced by these queries
should be included in the zip file you submit for HW2. (In order
to save your transcript, you can do a File -> Save as... from within your
browser when viewing the transcript.)
-
Question 2 (10 points): What is the IP address of lab.zoo.cs.yale.edu?
-
Question 3 (10 points): If you were to use the Opera web
browser (see http://www.opera.com) to
display, complete, and submit QF.html,
which field of the transcript would reveal that fact?
-
Question 4 (10 points): Use the form QF.html
to submit a query that is incorrect in the following sense: You will be
granted access to the DB, but the query will not produce meaningful results.
The transcript produced by this incorrect query should be included in the
zip file you submit for HW2.
-
Question 5 (16 points): Download the form QF.html
and modify it to create a new form, say QF2.html, that is incorrect in
the following sense: Even if you use QF2.html to submit one of the correct
queries you submitted in Question 1, you will not get the same results
as you got in Question 1, because you will not be granted access to the
DB. Both your modified form QF2.html and the transcript produced
when you use QF2.html to submit one of your correct queries from Question
1 should be included in the zip file you submit for HW2. (In order
to download the form, you can right-click on the QF.html
link and select Save As...)
-
Question 6 (10
points):
It is very important to note that this procedure for remote queries to
databases is not used in practice. Identify
at least one feature of this set-up that gives rise to database-security
problems, i.e., that makes the database vulnerable to unauthorized access
or modification.
-
Question 7 (10
points): If
you were to use a web-enabled mobile phone to display, complete, and submit
QF.html, which field
of the transcript would reveal that fact? (Note that both the query form
and the transcript are tailored to full-sized screens of the type found
on desktops and would not be particularly usable on the type of small screen
found on mobile devices.)
-
Question
8 (10 points): For the purposes of this question, we are assuming
that you have done this HW assignment on a computer in the yale.edu domain.
Suppose that you had been traveling while you wore working on this assignment
and had done it in a hotel room on a laptop that was connected to the internet
via the hotel's Internet Service Provider. Consider the first query
that you submitted in Question 1. If you were to submit it from the
hotel room instead of from your machine at yale, which field of the resulting
transcript would be different?
3. Requirements
Your
answers to Questions 2, 3, 6, 7, and 8 should all be in one file, prepared
using Word or whatever text editor you are most comfortable with.
Your answer to Question 1 should consists of three transcripts in three
separate files, and your answer to Question 4 should consist of one transcript
in one file. Finally, there should be two separate files for your
answer to Question 5, one containing a modified query form and one containing
a transcript.
Combine these seven files using WinZip
or whatever compression program you used in HW1, and then submit the zip
file using the same instructions
that you used in HW1.