Embed Size (px)
Citation preview
Unit 9 - Current Web Applications
CO22007 Web Development Methods Tom McEwan 30th April 2001
Current Web Applications
Coursework IssuesSecurityExample Application Areasbreak for 10 minutesPlug-in Documentation … and Why?Possible applications for NITSS
Current Web Applications
Unit Learning Outcomes Describe security issues relating both to web
content and web users Example Application Areas - Browser Suites,
Medicine & Music Create a release letter that documents
installation issues Differentiate between web material that is
copyright and/or protected and discuss the ethical issues in accessing different types
Current Web Applications
Module Learning Outcomes 2: Identify current and future application areas
for the world wide web
4: Download files from the world wide web.
5: Download plug-ins from the world wide web.
6: Create simple web-sites combining text and graphics.
7: Understand copyright considerations in relation to the world wide web
Coursework One
Average was … average (54%) Vast majority passing, but marks combined Many failed to read questions totally Spread slightly skewed to top end see
chartPlagiarism Guidance
Many online histories of the Internet/Web and they tend to steal from each other
Anyone may resubmit item 1 for max 4/10
Coursework 2
Ambiguity of submissions dateDue date extended to Monday week
13 (21st May)At tutorials - guidance on items
Cw1 Item 1 (average 56%)
For the benefit of the board of directors, write a short paper describing the history of the Web, how creating this site will benefit the business, and identifying the key issues for phase one
Many failed to go back to 1945, nor up to 1993 Lack of clear-cut benefits, and poor presentation Few justified prototype approach to stimulate
requirements gathering, and demonstrate web technology
Cw1 Item 2 (average 55%)
Define an outline specification of how the web-site might look and work, along with a framework for evaluation of each prototype.
Specifications often overly wordy/detailed Appearance is a matter for early discussion - choice
of fonts, colours, layout (sample screen), frames or not, all to be grounded in HTML standards - as well as actual font size, use browser font sizes
Framework based upon more than “your good taste”. Not everyone provided evidence to back up their design approach - few frameworks were clear
Cw1 Item 3 (average 50%)
Identify, from the various requirements, and comparison with existing suppliers, the functionality required.
... form of your choosing, ... of five different activities that users of the site might carry out… navigation diagram
Discuss the user’s conflicting requirements
Evaluate 5 competitor sites (or fewer better!)
PACT -> scenarios or sample activities
Many left unfinished
Security - some issues
Content Prevent unauthorized changes en route Prevent snooping Guarantee who supplied it
Users Protect confidential data Preserve anonymity Non-repudiation (for merchant’s benefit)
Activity
In groups of 2 or 3…What scare-stories have you heard
about information on the WWW?Do they have any foundation?How would you protect against
them?
Security
Check for the padlock (frames issue)Encryption - makes it hard for people
to see the file.Certification - guarantees who sent it.
Browsers can be configured to ask user to confirm when entering and leaving a secure a site, or when receiving files without certification (untrusted files).
Security - Military Spec
128-bit Encryption can be cracked by football-pitches full of super computers
People had downloaded it anywaySo the US government now permits its
exportPrevious classed as a military weapon!c.f. Japan & Playstation 2
Security - Spoof Sites
Like setting up a fake ATM on the high street
Search engines looking for “Buy BMW online” - links to a dodgy URL in South America
“Secure Site”, padlocks and all,
Security
Sign at Taipei International Airport: “Welcome to Taipei Arms smugglers will be executed”
Carrying data on a laptop into a country can be a criminal offence So can downloading it
EU tradition - data protection lawsUS tradition - site’s privacy policy
Security - Firewalls
Only 4 billion addresses, sad types hack at random.
Keeps the outside world out, and the inside world in, except when authorised
Detect whether information & commands coming in are valid
Industrial strength protection £1-2000, but free/cheap solutions for consumer
NCC Business Information Security Survey (1999)
Significant security breaches in 41% of companies with 10-99 employees.
Average cost per breach was £1,165. In smaller companies it was more
expensive, almost £3,000 per time.
Security - Home PC
ADSL & Cable Modem (once and while working!!) Permanent Live connection to Internet PcPro (Mar 2001) discussed attacks -
logged several a day on ADSL line, and none on the cable modem
Your fridge could be looted, your TiVO set to record the wrong programme, your online banking details set free!
Example Application Areas
Browsers integrated into larger tool-sets IE linked to Windows, Outlook, but also
networking, ActiveX, media player Netscape has Messenger, Composer, AOL
Instant Messenger, groupwareLike programming languages, uuthoring
tools like Director and Authorware can build browsing objects into larger applications
Example Application Areas
Music - http://www.digmedia.cc“Free software - free as in speech, not as
in beer” (Richard Stallman)Content owners starting to protect AND
promote online (useful to other industries) Limit free plays Free for a month Subscription
Example - Health and the Web
Two week wait for a doctor’s appointment five minutes to put your problems across need to prepare - or be very pushy :)
“Sinking feeling when the patient comes in with a pile of WWW printouts” If it’s on the Internet, it doesn’t make it true Australian government 1998 - 1400 quack sites
Example - Online Health
Several recent instances of people finding treatments or treatment centres from online sources
But “a little knowledge” can still be “a dangerous thing”. Would you be your own gas-fitter?
Online Health
American goverment portal to health sites www.healthfinder.org/ UK equivalent http://omni.ac.uk/ Dept of Health www.open.gov.uk/doh/dhhome.htm British Medical Journal www.bmj.com Pharmaceutical information www.pharmweb.net/ The Lancet www.lancet.com Reviews of other health sites www.jr2.ox.ac.uk/bandolier/ British Healthcare Internet Association http://bhia.org Medline - the database of medical research
http://medlineplus.nim.nih.gov/medlineplus Patient leaflets www.healthtouch.com NHSOnline
Intermission
Ten minutes
Release Letters
Why? To stop people asking you questions To get people to use your work To be able to update and maintain multiple
versions, adapted for multiple clientsWhat?
What’s asked for in the coursework Today - installation issues
Plug-in Documentation
Many companies are unwilling to consider using pages that require plug-ins
Why? In small groups write down some of the
reasons why
Plug-in Documentation
Long time to download Word and Acrobat both 8Mb plus
Take up a lot of disk space above - each expands to ~ 15Mb
Conflicts with existing working systemsMight not work with minority browsers
and emerging devices WebTV and PDAs might use HTML v 2.0
Plug-in Documentation
Your responsibility - be proactive about issues for the customer and their computers the end-users and their computers
Analyse the risksDocument the processes to install
and uninstall
Word
http://office.microsoft.com/2000/downloaddetails/wd97vwr32.htm
Note the size of the download! But also the effective tone and style of the
installation instructions. Many system administrators would prefer
a list of actual files installed date/timestamps and version numbers registry changes made.
This ensures that any potential conflicts can be analysed.
Acrobat
http://www.adobe.com/products/acrobat/readstep2.html (2001) describes the 8.8Mb download required to view Acrobat pages. Some will prefer to get this from magazine cover CDs!
If your end-user is an EU-based Palmpilot user they may find the following unpalatable to download their 5.5Mb plug-in:
“If you reside in the European Union, please indicate your consent that the personal information you have provided may be transferred and stored in countries outside the EU, including the United States. If you fail to provide your consent, you will not be permitted to download the beta software.”
The consequences of consenting are described at http://www.adobe.com/misc/privacy.html (2001).
Acrobat
Printing to file the contents of rs405eng.exe (the installation file for Acrobat 4.05): D:\essent\apps\Acrobat\rs405eng.exe Name Modified Size layout.bin 03/11/99 10:01 590 data1.hdr 03/11/99 10:01 32,468 data1.cab 03/11/99 10:01 469 ... AcroRd32.exe 03/11/99 09:38 2,333,184 Cooltype.dll 26/10/99 15:26 886,272 Movie32.api 22/10/99 10:24 111,616 etc...
Flash
Note: Flash animations are very much smaller than animated GIFs, and that Macromedia claim more PCs have Flash than Javascript
Plug-in is very small - 250k to download, but bundled with most OS and browsers
Flash.ini reveals that Reg Main Path=Communicator
Reg Relative Path=Plugins/Macromedia/Shockwave Flash
Version=4.60.0.98111
File0=npswf32.dll
Flash
De Facto standard for scalable, animated vector graphics on the web, but no longer part of the emerging W3C SVG standard http://www.macromedia.com/software/flash/open/faq/
(2001)
Alternative? http://www.adobe.com/svg/overview/svg.html (2001)
w3C working group on scalable vector graphics at http://www.w3.org/Graphics/SVG/Overview.htm8 (2001)
http://broadway.cs.nott.ac.uk/projects/SVG/flash2svg/ (2001) describes a Flash to SVG converter
Possible applications for Napier IT Skills-shop
If you were a customer would you want: Junk email? (spam)
Info on developments in your listed skills? Discounted books on subjects relevant to
your skill-set (or that others like you buy) To put samples of your code online for
prospective employers A link to your home page
Potential Areas
If you put code samples online then why not act as a software component exchange
You would want your work protectedYou would want contracts to assure
payment and to know the bona fides of your customers
