Exercise 11: TP monitors and transaction protocols

1. Give a description in your own words of the ACID properties of a transaction.

In computer science, ACID (atomicity, consistency, isolation, durability) is a set of properties that guarantee database transactions are processed reliably. The concept of ACID is to evaluate databases and application architecture. In the context of databases, a single logical operation on the data is called a transaction. For example, a transfer of funds from one bank account to another, even though that might involve multiple changes (such as debiting one account and crediting another), is a single transaction.

2. Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?

TP monitor, short for transaction processing monitor, a program that monitors a transaction as it passes from one stage in a process to another. The TP monitor's purpose is to ensure that the transaction processes completely or, if an error occurs, to take appropriate actions.
TP monitors are especially important in three-tier architectures that employ load balancing because a transaction may be forwarded to any of several servers. In fact, many TP monitors handle all the load balancing operations, forwarding transactions to different servers based on their availability.



Reference

Wikipedia. (2010). ACID. Retrieved at 28 Apr, 2010, from http://en.wikipedia.org/wiki/ACID

Webopedia. (2010). TP monitor. Retrieved at 28 Apr, 2010, from http://www.webopedia.com/TERM/T/TP_monitor.html

Workshop 5: Admiring the scenery - Forms, AJAX screen layout and mobile interfaces

Topic objectives
• To reflect on what has been done so far with Ruby on Rails;
• To reflect on my role and decide to continue as EITHER a Developer OR as an IT infrastructure manager;
• To complete either the Developer’s Thread exercises or the IT Infrastructure manager’s Thread exercises below, according to my new role (NOT BOTH).
• To work with others in the same role via the subject forum or similar learning tool.
• To read and find out what those who chose the other role are doing each of the workshops 5 to 8 and discussing on the subject forum or learning tool.
• To be willing to change roles and share perspectives as developers learn from managers and vice versa.

DEVELOPERS THREAD (RED team)
• To create a Rails application framework with the WEBbrick or Mongrel Web server and:
o generate a controller and an action by adding a method(s) to a controller;
o create a view template for each action and to link to actions from views;
o use Rails for building applications with document requests, screen layouts and forms processing.
• To share your findings with others.

DEVELOPER’S THREAD

1. Introduction
By now you will have tackled the version problems with Rails and tools like InstantRails 2.0 and the scaffolding issues. Many developers get mixed up and annoyed to find that a tutorial does not match with changes to the framework or is for a different version. Even a lot of the Ruby language tutorials are years earlier than the first appearance of Ruby on Rails in 2005. Such lag is commonplace especially with new production tools like Ruby on Rails, so you need to work with a strategy to check each new resource and its version.

2. Building applications via document requests in Rails
The pre-packaged InstantRails 2.0 for Windows or Locomotive2 for MacOS can be treated as self-contained systems outside the Windows or MacOS environment, so interactions can be done via the Windows command (console) window or via the Terminal application in MacOS.

When you installed InstantRails, the “black I” symbol presents a menu which includes access to Rails Application>Open Ruby Console Window. This takes you to the command line in the base directory for issuing Rails commands. It is here that you add a new directory or folder for all your Rails applications. I call mine projects.

Inside the new projects folder, a new application is created. Lets us use the animals application from workshop 4. The new application animals is created within projects by the following command and Rails responds by creating files and directories:

C:\InstantRails\...\projects\>rails animals

The first folder of interest to examine here is app, which contains 4 sub-folders called models, views, controllers (according to the MVC architecture of a Rails application) and helpers which contains methods for helping with building the application.

Other folders of interest are script which contains more Ruby scripts to perform a variety of services, the most important script being generate as it is used to create the stub of an application controller and public which holds the HTML forms. The controller class can have methods added to perform certain actions. Each action or method such as forms processing, document requests or database editing will in turn require a view template.


To Do:
Part A: Viewing the action

1. Create the Rails application framework in the projects folder: C:\InstantRails\...\projects\>rails animals

C:\Ruby>rails animals
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts
create config/environments
create config/initializers
create config/locales
create db
create doc
create lib
create lib/tasks
create log
create public/images
create public/javascripts
create public/stylesheets
create script/performance
create test/fixtures
create test/functional
create test/integration
create test/performance
create test/unit
create vendor
create vendor/plugins
create tmp/sessions
create tmp/sockets
create tmp/cache
create tmp/pids
create Rakefile
create README
create app/controllers/application_controller.rb
create app/helpers/application_helper.rb
create config/database.yml
create config/routes.rb
create config/locales/en.yml
create db/seeds.rb
create config/initializers/backtrace_silencers.rb
create config/initializers/inflections.rb
create config/initializers/mime_types.rb
create config/initializers/new_rails_defaults.rb
create config/initializers/session_store.rb
create config/environment.rb
create config/boot.rb
create config/environments/production.rb
create config/environments/development.rb
create config/environments/test.rb
create script/about
create script/console
create script/dbconsole
create script/destroy
create script/generate
create script/runner
create script/server
create script/plugin
create script/performance/benchmarker
create script/performance/profiler
create test/test_helper.rb
create test/performance/browsing_test.rb
create public/404.html
create public/422.html
create public/500.html
create public/index.html
create public/favicon.ico
create public/robots.txt
create public/images/rails.png
create public/javascripts/prototype.js
create public/javascripts/effects.js
create public/javascripts/dragdrop.js
create public/javascripts/controls.js
create public/javascripts/application.js
create doc/README_FOR_APP
create log/server.log
create log/production.log
create log/development.log
create log/test.log

2. Running the application on localhost:3000 using the WeBrick ruby server (or Mongrel as alternative) and access via Web browser at http://localhost:3000/

C:\Ruby\animals>ruby script/server
=> Booting WEBrick
=> Rails 2.3.5 application starting on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-05-23 13:48:59] INFO WEBrick 1.3.1
[2010-05-23 13:48:59] INFO ruby 1.8.7 (2010-01-10) [i386-mingw32]
[2010-05-23 13:48:59] INFO WEBrick::HTTPServer#start: pid=176 port=3000

3. Create the controller to make the application do an action. This is under the controller-action/model-view structure.

Stop the WEBrick server each time you edit Ruby classes and then re-start or refresh the views you are testing. Use the Ruby command below:

>ruby script/generate controller Mammal

The mammal_controller.rb contains just a bare class description:

class MammalController

and the ApplicationController class inherits from ActionController::Base class in the ActionController module under Rails.

C:\Ruby\animals>ruby script/generate controller Mammal
exists app/controllers/
exists app/helpers/
create app/views/mammal
exists test/functional/
create test/unit/helpers/
create app/controllers/mammal_controller.rb
create test/functional/mammal_controller_test.rb
create app/helpers/mammal_helper.rb
create test/unit/helpers/mammal_helper_test.rb


4. Test the controller by starting the WEBrick server and navaigatibng the browser to http://localhost:3000/mammal Note how the controller name is appended to the end of the URL and that no action resulted because there are no controller methods.

5. Create an action by editing and saving the mammal_controller.rb class in projects\animals\app\controllers using your text editor to add the method below:

class MammalController<>

6. Start the WEBrick server and browse at http://localhost:3000/mammals/breathe where you will get a “missing template” message since it is missing a view for the breathe method.


Rails is trying to connect the breathe method action of the mammal controller to a view, by using the action’s name – breathe. This view template is created as breathe.rhtml and stored in the \projects\animals\views\mammal directory.

7. Create and save a view in that directory by using a text editor to create a view called breathe.rhtml


Restart the WEBrick server and browse again at http://localhost:3000/mammals/breathe



8. Try Ruby code and HTML in the action view by using the wrapper around the inserted Ruby code. Here are some snippets to try from workshop 4:



NOTE: in practise you normally perform calculations in the action (method) and pass the results to the view.







Part B: The active view: passing data from an action too a view

1. Create a new application called scenery in the same projects directory to demonstrate the use of an active view.

> rails scenery
> cd scenery

C:\Ruby>rails scenery
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts
create config/environments
create config/initializers
create config/locales
create db
create doc
create lib
create lib/tasks
create log
create public/images
create public/javascripts
create public/stylesheets
create script/performance
create test/fixtures
create test/functional
create test/integration
create test/performance
create test/unit
create vendor
create vendor/plugins
create tmp/sessions
create tmp/sockets
create tmp/cache
create tmp/pids
create Rakefile
create README
create app/controllers/application_controller.rb
create app/helpers/application_helper.rb
create config/database.yml
create config/routes.rb
create config/locales/en.yml
create db/seeds.rb
create config/initializers/backtrace_silencers.rb
create config/initializers/inflections.rb
create config/initializers/mime_types.rb
create config/initializers/new_rails_defaults.rb
create config/initializers/session_store.rb
create config/environment.rb
create config/boot.rb
create config/environments/production.rb
create config/environments/development.rb
create config/environments/test.rb
create script/about
create script/console
create script/dbconsole
create script/destroy
create script/generate
create script/runner
create script/server
create script/plugin
create script/performance/benchmarker
create script/performance/profiler
create test/test_helper.rb
create test/performance/browsing_test.rb
create public/404.html
create public/422.html
create public/500.html
create public/index.html
create public/favicon.ico
create public/robots.txt
create public/images/rails.png
create public/javascripts/prototype.js
create public/javascripts/effects.js
create public/javascripts/dragdrop.js
create public/javascripts/controls.js
create public/javascripts/application.js
create doc/README_FOR_APP
create log/server.log
create log/production.log
create log/development.log
create log/test.log

C:\Ruby>cd scenery

C:\Ruby\scenery>


2. Create a controller called Demo in scenery\app\controllers
scenery> ruby script/generate controller Demo

C:\Ruby\scenery>ruby script/generate controller Demo
exists app/controllers/
exists app/helpers/
create app/views/demo
exists test/functional/
create test/unit/helpers/
create app/controllers/demo_controller.rb
create test/functional/demo_controller_test.rb
create app/helpers/demo_helper.rb
create test/unit/helpers/demo_helper_test.rb


3. Add an action to demo_controller.rb as the method called rubycobe

class DemoController<>

end

4. Add a view template - scenery\app\views\demo\rubycode.rhtml
We will edit this view in later steps but you may like to add your own test HTML code to the view at this stage.


5. Save and restart the Web server and navigate to http://localhost:3000/scenery/rubycode


6. Use the Time.now example to pass data from an action to a view.



7. Modify and save the rubycode action with a value for the time instance variable in the DemoController class in app\controllers\demo_controller.rb

class DemoController< time_now =" Time.now">

end

end

8. Then modify and save the corresponding view template in \app\views\demo\rubycode.rhtml by adding a call by reference to the action’s instance variable:



9. Restart the Web server and navigate the browser to http://localhost:3000/demo/rubycode



Data has been passed from the action to the view as it is done with SQL requests. The instance variables of a Ruby class are available to view templates by referencing the action’s instance variables by name in the view .rhtml template.

Part C: Screen layouts and forms processing with text fields, check boxes, radio buttons and multiple list controls

1. Create a new application called cabs in the same projects directory to demonstrate the use of an active view.

> rails cabs
> cd cabs

C:\Ruby>rails cabs
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts
create config/environments
create config/initializers
create config/locales
create db
create doc
create lib
create lib/tasks
create log
create public/images
create public/javascripts
create public/stylesheets
create script/performance
create test/fixtures
create test/functional
create test/integration
create test/performance
create test/unit
create vendor
create vendor/plugins
create tmp/sessions
create tmp/sockets
create tmp/cache
create tmp/pids
create Rakefile
create README
create app/controllers/application_controller.rb
create app/helpers/application_helper.rb
create config/database.yml
create config/routes.rb
create config/locales/en.yml
create db/seeds.rb
create config/initializers/backtrace_silencers.rb
create config/initializers/inflections.rb
create config/initializers/mime_types.rb
create config/initializers/new_rails_defaults.rb
create config/initializers/session_store.rb
create config/environment.rb
create config/boot.rb
create config/environments/production.rb
create config/environments/development.rb
create config/environments/test.rb
create script/about
create script/console
create script/dbconsole
create script/destroy
create script/generate
create script/runner
create script/server
create script/plugin
create script/performance/benchmarker
create script/performance/profiler
create test/test_helper.rb
create test/performance/browsing_test.rb
create public/404.html
create public/422.html
create public/500.html
create public/index.html
create public/favicon.ico
create public/robots.txt
create public/images/rails.png
create public/javascripts/prototype.js
create public/javascripts/effects.js
create public/javascripts/dragdrop.js
create public/javascripts/controls.js
create public/javascripts/application.js
create doc/README_FOR_APP
create log/server.log
create log/production.log
create log/development.log
create log/test.log

C:\Ruby>cd cabs

C:\Ruby\cabs>


2. Create a controller called Vehicle in cabs\app\controllers
cabs> ruby script/generate controller Vehicle

C:\Ruby\cabs>ruby script/generate controller Vehicle
exists app/controllers/
exists app/helpers/
create app/views/vehicle
exists test/functional/
create test/unit/helpers/
create app/controllers/vehicle_controller.rb
create test/functional/vehicle_controller_test.rb
create app/helpers/vehicle_helper.rb
create test/unit/helpers/vehicle_helper_test.rb


3. Add an action to vehicle_controller.rb as the method called cabtype
class VehicleController< id="BLOGGER_PHOTO_ID_5475605928490243650" style="DISPLAY: block; MARGIN: 0px auto 10px; WIDTH: 320px; CURSOR: hand; HEIGHT: 190px; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFFTsvLg4uUKFpBH4n3lbi1tWFcujLnn3hXJZl69ViaYjGnMC4XX1bOKcOpbILNKQL_0mcCfdY09jCT4Z1Ml_cOFLHhwmlYO6eyznKZ2Vwfcg89DsfBeTkavpqWUuJ149uanMzRuLpVANe/s320/wk5_p17.JPG" border="0">

4. Add a view template - cabs\app\views\vehicle\cabtype.rhtml We will edit this view in later steps but you may like to add your own test HTML code to the view at this stage.



5. Save the view and restart the Web server and navigate to http://localhost:3000/cabs/cabtype



6. Create a file in the public directory - \cabs\public called input.html

7. Edit the vehicle_controller.rb here is a start. The data in each form element in the Rails application can be accessed via its name and a hash called params

class VehicleController< data1 =" params[:text1]" data2 =" params[:check1]" data3 =" params[:radios1]" data4 =" params[:building1]" id="BLOGGER_PHOTO_ID_5475608956186520114" style="DISPLAY: block; MARGIN: 0px auto 10px; WIDTH: 320px; CURSOR: hand; HEIGHT: 154px; TEXT-ALIGN: center" alt="" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGixhYi0cAUsPc_bGU8F5dtw3oE7hd07l91-bnzKHtwsEjddGB3N7ZHDgw1bOhgule9bokSQdEH8NdFDrJvue26krI8gmuookk124OpRU_VV_HCNs6xrdOgyy9gGQ-h-o7s9go7w6UKa9L/s320/wk5_p21.JPG" border="0">
8. Edit the view template cabtype.rhtml

9. Start the Web server and go to the opening page of this application at http://localhost:3000/input.html





10. Submit the forms data. What do you find?



How it works

When you use the params method in Rails, it implements the details of the parameter hash to be changed without breaking existing code. For example, the params hash for radios1 will contain the value of the radio button and the data is extracted in the cabtype action. With the multiple list box example in Rails, using the select controls, the params hash of building1 is an associative array (dictionary) holding the users multiple selections and is not just a drop-down list.

Rails supports other HTML controls for forms processing via text fields, check boxes, radio buttons and list select controls etc. As an example start_form_tag abd stop_form_tag as well as methods for each item such as the create field method text_field_tag

11. Report your progress or findings in your Developers Blog.

The controller cannot perform any action until the application_controller.rb inserted with following entry:
Protect_from_forgery :only => [create, :update, :destroy]

And with the following commented:
#protect_from_forgery

The input.html not function properly until the follow is modified:
form action =”vehicle/cabtype”

Exercise 10: Concurrency and Threading demonstration in Python

1. Find definitions for eight terms and concepts used in threaded programming:

1. Thread Synchronisation
Thread synchronization refers to the act of shielding against multithreading issues such as data- races, deadlocks and starvation. You have to determine properly the objects and methods to synchronize as failure to do so would lead to situations like deadlocks

2. Locks
In computer science, a lock is a synchronization mechanism for enforcing limits on access to a resource in an environment where there are many threads of execution. Locks are one way of enforcing concurrency control policies.

3. Deadlock
Deadlock is where the threads stop responding, each waiting for the other to complete

4. Semaphores
A semaphore is a protected variable or abstract data type that constitutes a classic method of controlling access by several processes to a common resource in a parallel programming environment. A semaphore generally takes one of two forms: binary and counting. A binary semaphore is a simple "true/false" (locked/unlocked) flag that controls access to a single resource. A counting semaphore is a counter for a set of available resources. Either semaphore type may be employed to prevent a race condition.

5. Mutex (mutual exclusion)
Mutual exclusion (often abbreviated to mutex) algorithms are used in concurrent programming to avoid the simultaneous use of a common resource, such as a global variable, by pieces of computer code called critical sections. A critical section is a piece of code in which a process or thread accesses a common resource. The critical section by itself is not a mechanism or algorithm for mutual exclusion. A program, process, or thread can have the critical section in it without any mechanism or algorithm which implements mutual exclusion.

6. Event
Events includes all sensor outputs or user actions (mouse clicks, key presses) or messages from other programs or threads.

7. Waitable timer
A waitable timer object is a synchronization object whose state is set to signaled when the specified due time arrives. There are two types of waitable timers that can be created: manual-reset and synchronization. A timer of either type can also be a periodic timer.



2. A simple demonstration of the threading module in Python (threaddemo.py) that uses both a lock and semaphore to control concurrency is by Ted Herman at the University of Iowa. The code and sample output below are worth a look. Report your findings.

threaddemo.py
# Create a bunch of threads, let each do some work, wait until all are done
import random
import threading
import time
# This takes about n/3 seconds to run (about n/3 clumps of tasks, times
# about 1 second per clump).
numtasks = 10
# no more than 3 of the 10 can run at once
# create a semaphore bounded up to 3
sema = threading.BoundedSemaphore(value=3)
# create a Read Lock
mutex = threading.RLock()
# running is a global variable to keep track
# of how many threads are running
running = 0
# the TestThread class is a subclass of threading.Thread,
# so it should supply the standard methods: run, ...
class TestThread(threading.Thread):
def run(self):
# tell python we access the global variable
global running
# introduce a random delay between 0 and 2
delay = random.random() * 2
print 'task', self.getName(), 'will run for', delay, 'sec'
# first, wait on the semaphore (limited to three threads)
sema.acquire()
# but only one of these three at a time should update
# the running variable
mutex.acquire()
running = running + 1
print running, 'tasks are running'
# release lock so another can update "running"
mutex.release()
# now sleep for a while (yawn....zzzzzzz)
time.sleep(delay)
# after wakeup, say we are done
print 'task', self.getName(), 'done'
# time to decrement "running"
mutex.acquire()
running = running - 1
print self.getName(), 'is finished.', running, 'tasks are running'
mutex.release()
# and finally, exit the group of three tasks
sema.release()
# main program: build and start all the threads
threads = []
# done in a function just for convenience
def starttasks():
for i in range(numtasks):
# show off Python's formatting feature
# by building a name for each thread
t = TestThread(name=""%i)
# add new name to list
threads.append(t)
# start thread
t.start()
starttasks()
print 'waiting for all tasks to complete'
# next statement waits for all threads to finish
for t in threads: t.join()
print 'all tasks done'


Here is the output window when you can run the threaddemo.py script:


PythonWin 2.3.2 (#49, Nov 13 2003, 10:34:54) [MSC v.1200 32 bit (Intel)] on win32.
Portions Copyright 1994-2001 Mark Hammond (mhammond@skippinet.com.au) - see 'Help/About PythonWin' for further copyright information.
>>> task will run for 0.120358615571 sec
1 tasks are running
task will run for 0.763990116379 sec
2 tasks are running
task will run for 0.207353153515 sec
3 tasks are running
task will run for 1.55806365714 sec
task will run for 0.776083733579 sec
task will run for 0.336440216469 sec
task will run for 1.55779500185 sec
task will run for 1.96896800957 sec
task will run for 1.57596561512 sec
task will run for 0.634052702735 sec
waiting for all tasks to complete
task done
is finished. 2 tasks are running
3 tasks are running
task done
is finished. 2 tasks are running
3 tasks are running
task done
is finished. 2 tasks are running
3 tasks are running
task done
is finished. 2 tasks are running
3 tasks are running
task done
is finished. 2 tasks are running
3 tasks are running
task done
is finished. 2 tasks are running
3 tasks are running
task done
is finished. 2 tasks are running
3 tasks are running
task done
is finished. 2 tasks are running
task done
is finished. 1 tasks are running
task done
is finished. 0 tasks are running
all tasks done

After examining the code and the output, I discovered that there are 10 threads (from 0 to 9) executed with no more than 3 tasks (controlled by semaphore) could run at the same time. Those threads are introduced with random delays (0-2 seconds) and the running variable is locked by the mutex until there are less than 3 tasks running and could release to other threads. The program ends until all threads are finished running.


Reference

C Sharp Corner. (2010). Multithreading Part 3: Thread Synchronization. Retrieved at 24 Apr, 2010, from http://www.c-sharpcorner.com/UploadFile/mmehta/Multithreading311162005045743AM/Multithreading3.aspx

Wikipedia. (2010). Semaphore (programming). Retrieved at 24 Apr, 2010, from http://en.wikipedia.org/wiki/Semaphore_(programming)

Wikipedia. (2010). Event-driven programming. Retrieved at 25 Apr, 2010, from http://en.wikipedia.org/wiki/Event-driven_programming

MSDN. (2010). Waitable Timer Object. Retrieved at 26 Apr, 2010, from http://msdn.microsoft.com/en-us/library/ms687012(VS.85).aspx

Wikipedia. (2010). Lock (computer science). Retrieved at 26 Apr, 2010, from http://en.wikipedia.org/wiki/Lock_(computer_science)

Exercise 9: Electronic payments and security

1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.

SET stands for Secure Electronic Transaction which is a standard protocol developed by SETco, led by VISA and MasterCard

RSA 128-bit is to employ an asymmetric encryption system in public-key cryptography. It is the first algorithm know to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocol and is believed to be secure given sufficiently long keys and the use of up-to-date implementations.

2. What can you find out about network and host-based intrusion detection systems?

Network intrusion detection system (NIDS) is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. In a NIDS, the sensors are located at choke points in the network to be monitored, often in the demilitarized (DMZ) or at network borders. The sensor captures all network traffic and analyzes the content of individual packets for malicious traffic.

While the host-based intrusion detection system (HIDS) consists of an agent on a host that identifies intrusions by analyzing system calls, application logs, file-system modification (binaries, password files, capability/ACL databases) and other host activities and state

3. What is ‘phishing’?

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Communication purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by email or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?

SET is a standard protocol for securing credit card transactions over insecure networks. SET was intended to become the standard of payment method on the Internet between the merchants, the buyers and the credit-card companies. However, it failed to win market share for its cost and complexity which needs to install client software. It also requires client-side certificate distribution.

Secure Socket Layer (SSL) is cryptographic protocols that provide security for communications over networks such as Internet. SSL encrypts the segments of network connections at the Transport Layer end-to-end. Comparing to the low cost and simplicity of SSL, SET failed to win the market share.

5. What are cookies and how are they used to improve security? Can the use of cookies be a security risk?

Cookies which are know as web cookies, browser cookies and HTTP cookies, is a text string stored by a user’s web browser. A cookie consists of one or more name-value pairs containing bits of information, which may be encrypted for information privacy and data security purpose.

Cookies are supposed to be stored and sent back to the server unchanged, an attacker may modify the value of cookies before sending them back to the server. If, for example, a cookie contains the total value a user has to pay for the items in their shopping basket, changing the value exposes the server to the risk of making the attacker pay less than the supposed price. The process of tampering with the value of cookies is called “cookie poisoning”, and is sometimes used after cookie theft to make an attack persistent.

6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?

A firewall is a dedicated appliance, or software running on a computer, which inspect network traffic passing through it, and denies or permits passage based on a set of rules. There are several techniques employed by firewall that makes it a good security device:

 Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules.
 Application gateway: Applies security mechanisms to specific applications, such as FTP an Telnet servers. This is very effective but may impose performance degradation.
 Circuit-level gateway: Applies security mechanisms to specific applications, such as FTP or UDP connection is established. Once the connection has been made, packets can flow between the hosts with further checking.
 Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

The two big firewall vendors are Cisco, Checkpoint. They provide both hardware firewalls and software firewall applications.

7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

The most common security measures to establish trust among their potential customers are digital signatures and certificates.

Digital signatures meet the need for authentication and integrity. To vastly simplify matters, a plan text message is run through a hash function and so given a value: the message digest. This digest, the hash function and the plan text encrypted with recipient’s public key is sent to the recipient. The recipient decodes the message with their private key, and runs the message through the supplied has function to that the message digest value remains unchanged.

Sensitive information has to be protected through at least three transactions:

 Credit card details supplied by the customer, wither to the merchant or payment gateway. Handled by the server’s SSL and merchant/server’s digital certificates.
 Credit card details passed to the bank for processing. Handled by the complex security measures of the payment gateway.
 Order and customer details supplied to the merchant, either directly or from the payment gateway/credit card processing company. Handled by SSL, server security, digital certificates.

8. Get the latest PGP information from http://en.wikipedia.org/wiki/Pretty_Good_Privacy
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?

PGP which stands for Pretty Good Privacy is a computer program that provides cryptographic privacy and authentication. PGP is often used for signing, encrypting and decrypting emails to increase the security of email communications. Other than digital certificates and passports, there are some tools that can help users to avoid identity theft:

 Verification Engine – it is an easy tool to provide an extra layer of protection which double checks websites’ digital certificates. It checks to ensure that the name that the certificate was issued to matches the name in the web address.
 Stronger Authentication – dual authentication is a way to verify that you are logging onto the correct website. You will need to answer some additional question if you try to log on from a different location. This is called a security seal to help customers avoid pharming or phishing attacks.
Another kind of strong two-factor authentication is the one-time password token now being offered by PayPal. The key chain-sized token generates a 6-digit number that is used in combination with a user ID and password to log on to the account, which makes it very difficult for phishers to gain access to an online account.
 Security toolbars – it works as part of your web browsers which block fraudulent sites and allow users to easily report suspicious sites.
 Anti-Spyware and Anti-Rootkits – it searches and destroys any free software that identifies the most common kinds of software that track your online activity and helps you to remove them. It can also avoid your computer from remote hacker to control your machine.


Reference

Wikipedia. (2010). Secure Electronic Transaction. Retrieved Apr 18, 2010, from http://en.wikipedia.org/wiki/Secure_Electronic_Transaction

Wikipedia. (2010). RSA. Retrieved Apr 18, 2010, from http://en.wikipedia.org/wiki/RSA

Wikipedia. (2010). Intrusion Detection System. Retrieved Apr 18, 2010, from http://en.wikipedia.org/wiki/Intrusion_detection_system

Wikipedia (2010). Transport Layer Security. Retrieved Apr 20, 2010, from http://en.wikipedia.org/wiki/Transport_Layer_Security

Wikipedia. (2010). HTTP cookie. Retrieved Apr 20, 2010, from http://en.wikipedia.org/wiki/HTTP_cookie

Wikipedia. (2010). Firewall (Computing). Retrieved Apr 20, 2010, from http://en.wikipedia.org/wiki/Firewall_(computing)

Ecommerce –Digest.Com. (2010). Ecommerce Security Issues. Retrieved Apr 21, 2010, from http://www.ecommerce-digest.com/ecommerce-security-issues.html

Phishinginfo.org. (2010). Tips and Tools for Avoiding Online Identity Theft. Retrieved Apr 22, 2010, from http://www.phishinginfo.org/tips.html

Workshop 4: Riding the Rails with Ruby

Topic objectives
• To learn about the Ruby language and its classes and methods;
• To use Ruby via an interpreter console window with Windows, Linux or MacOS
• To select and test a Ruby IDE
• To explain how Rails framework is built upon inheritance of Ruby classes and methods.


To do:

1. Spend some time moving your way through the 46 Ruby coding examples in the Ruby Tutorial with Code from http://www.fincher.org/tips/Languages/Ruby/
2. What are the syntax differences in the way that Ruby and Javascript use the if statement?

The main syntax different between Ruby and JavaScript using the "if" statement is that the "else if" condition in Ruby is stick together as "elseif" and there is not () brackets for condition statement and no {} brackets for the if else statement. Both if else conditional sample codes are attached as follows.

Ruby:
if var == 10
print “Variable is 10″
elsif var == “20″
print “Variable is 20″
else
print “Variable is something else”
end

JavaScript:
if (time < 10)
{
document.write("Good morning!");
}
else
{
document.write("Good day!");
}


3. While Ruby and Python are quite similar, can you find some similarities between Ruby and Javascript?

JavaScript and Ruby are very similar in many aspects, but they are also very different In some areas. Both languages are highly dynamic, allowing you to change objects and methods at runtime and both languages are very object-oriented. Both can use variables to hold data and reference to other objects.

In JavaScript we use function to provide scope. This means that for and while loops, for example, do not have their own scope. this is the same In Ruby, but while Ruby has classes and modules to provide shelter from the global scope.

There are two methods in JavaScript which are "call" and "apply". These methods allow you to call a function. With "call", you give it the arguments like you would when calling it directly but with "apply" you pass the arguments as an array. The "apply" version is similar to "splatting" an array in a similar situation in Ruby.

The concept of class method for both JavaScript and Ruby are the same which instantiates a new object from that class. The classes are also "open" and you can extend any class with new methods for both.


Recommended time: 1-4 hours, but it may take several trial attempts so be patient with initial success.



Challenge Problems:

1. Create, test and debug a Ruby program called dognames.rb or catnames.rb to accept 3 names from the keyboard and to display each name on the screen in alphabetical order WITHOUT using a data structure such as a list.

The code is created as below:

def dognames
puts "Enter the first dog name: "
$dogname1 = gets
puts "Enter the second dog name: "
$dogname2 = gets
puts "Enter the third dog name: "
$dogname3 = gets

if $dogname1 > $dogname2
$temp = $dogname1
$dogname1 = $dogname2
$dogname2 = $temp
end

if $dogname2 > $dogname3
$temp = $dogname2
$dogname2 = $dogname3
$dogname3 = $temp
end

if $dogname1 > $dogname2
$temp = $dogname1
$dogname1 = $dogname2
$dogname2 = $temp
end

puts "Dog names in alphabetical order:"
puts $dogname1, $dogname2, $dogname3

end
dognames

The above code is saved to file dognames.rb. It is tested and debugged by making use of the Ruby Interpreter (C:\Ruby\bin\irb.bat) and issue the command "irb dognames.rb" which successfully generates the desired result as follows:




2. Write a Ruby program called fizzbuzz.rb that prints the numbers from 1 to 100. But for multiples of three print "Fizz" instead of the number and for the multiples of five print "Buzz". For numbers which are multiples of both three and five print "FizzBuzz".

The code is created as below:

def fizzbuzz

1.upto(100) do |i|
if i % 5 == 0 and i % 3 == 0
puts "FizzBuzz"
elsif i % 5 == 0
puts "Buzz"
elsif i % 3 == 0
puts "Fizz"
else
puts i
end
end
end

fizzbuzz


Part of the output is generated as follow:





Compare the Ruby and Python versions of the dog years calculator:

#!/usr/bin/ruby
# The Dog year calculator program called dogyears.rb

def dogyears
# get the original age
puts “Enter your age (in human years): "
age = gets # gets is a method for input from keyboard
puts # is a method or operator for screen output

#do some range checking, then print result
if age < 0
puts "Negative age?!? I don't think so."
elsif age < 3 or age > 110
puts "Frankly, I don't believe you."
else
puts "That's", age*7, "in dog years."
end
dogyears

Python

#!/usr/bin/python
# The Dog year calculator program called dogyears.py

def dogyears():
# get the original age
age = input("Enter your age (in human years): ")
print # print a blank line

# do some range checking, then print result
if age < 0:
print "Negative age?!? I don't think so."
elif age < 3 or age > 110:
print "Frankly, I don't believe you."
else:
print "That's", age*7, "in dog years."

### pause for Return key (so window doesn't disappear)
raw_input('press Return>')

def main():
dogyears()
main()


After comparing the Ruby and Python code which perform the same function to calculate the dog age by multiplying the human age by 7, it is found that the logical flow and syntax is very familiar. With only some minor syntax difference for the If … Else condition. Also Python requires additional code to pause the output screen.



Reference

How-To Greek. (2010). Ruby IF, Else If Command Syntax. Retrieved 15 Apr, 2010, from http://www.howtogeek.com/howto/programming/ruby/ruby-if-else-if-command-syntax/

W3schools.com. (2010). JavaScript If…Else Statements. Retrieved 15 Apr, 2010, from http://www.w3schools.com/js/js_if_else.asp

Sneaky Abstractions. (2010).JavaScript eye for the Ruby Guy. Retrieved 15 Apr, 2010, from http://tore.darell.no/pages/javascript_eye_for_the_ruby_guy

Elevator Pitch 1

Hi, I am Gary studying in Hong Kong. E-System Infrastructure Development, my first impression is a subject for system administrator or project manager. The time when I received the subject guide really surprises me… Frankly speaking, I am not studying or working as a system developer at the very beginning, but as a system administrator. The first assessment is already a great challenge for me. I could barely make up the schedule to finish all the exercises and workshops. But in return, I have learnt a lot about building a e-commerce web site either from the ICT manager, system architect or developer aspect. The step-by-step guide of the exercises also guide me through the most popular design model and tools to build an interactive site that serve commercial purpose. It equips me with knowledge not only as a developer but also as a system architect. Couldn’t find another course as update and useful as this. Second assessment is on the way, hope I could finish successfully and graduate. Thanks for listening.

Workshop 3: Online Taxi Booking System: MySQL and Database design

Topic objectives
• Develop a database object design for an online taxi booking system (OTBS);
• Revise database techniques with Rails and SQL
• Describe how to use the MVC “push-based architecture” in the Ruby on Rails development environment

To do:

1. Set up the MySQL tools on your computer as described in section 6 above.

The MySQL server 5.1 is downloaded from http://www.mysql.com and installed into my laptop as follows:




2. Rails will setup a new application directory for each of your Web application projects. Get InstantRails (Windows) or Locomotive (MacOS) running on your machine. Both packages install Ruby, Rails, a Web server or one called ‘Mongrel’ or another small Ruby Web server called ‘WEBrick’, and MySQL “inside a bubble” as I call it so that others parts of your system are not modified (Similarly ZOPE does with installing its own Web server and Python versions).

Ruby on Rails installer for Windows 1.8.7 package is downloaded from http://www.rubyonrails.org and installed.

Command “gems install rails --include-dependencies” is issued to install GEMS. Another command “gem update rails” is also required to grab the most recent updates from the official web.


3. Once Rails is running you at http://localhost:3000, you need to configure database access. Connection to the database is specified in the config/database.yml file.

“Rails Taxi” command is used to generate the data model for the Taxi project with the following hierarchy

C:\Ruby>rails Taxi
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts
create config/environments
create config/initializers
create config/locales
create db
create doc
create lib
create lib/tasks
create log
create public/images
create public/javascripts
create public/stylesheets
create script/performance
create test/fixtures
create test/functional
create test/integration
create test/performance
create test/unit
create vendor
create vendor/plugins
create tmp/sessions
create tmp/sockets
create tmp/cache
create tmp/pids
create Rakefile
create README
create app/controllers/application_controller.rb
create app/helpers/application_helper.rb
create config/database.yml
create config/routes.rb
create config/locales/en.yml
create db/seeds.rb
create config/initializers/backtrace_silencers.rb
create config/initializers/inflections.rb
create config/initializers/mime_types.rb
create config/initializers/new_rails_defaults.rb
create config/initializers/session_store.rb
create config/environment.rb
create config/boot.rb
create config/environments/production.rb
create config/environments/development.rb
create config/environments/test.rb
create script/about
create script/console
create script/dbconsole
create script/destroy
create script/generate
create script/runner
create script/server
create script/plugin
create script/performance/benchmarker
create script/performance/profiler
create test/test_helper.rb
create test/performance/browsing_test.rb
create public/404.html
create public/422.html
create public/500.html
create public/index.html
create public/favicon.ico
create public/robots.txt
create public/images/rails.png
create public/javascripts/prototype.js
create public/javascripts/effects.js
create public/javascripts/dragdrop.js
create public/javascripts/controls.js
create public/javascripts/application.js
create doc/README_FOR_APP
create log/server.log
create log/production.log
create log/development.log
create log/test.log

Change to the Taxi directory C:\Ruby\Taxi and issue the command “ruby script/server” to run WEBrick web server on the machine and to test if the environment is ready or not.

C:\Ruby\Taxi>ruby script/server
=> Booting WEBrick
=> Rails 2.3.5 application starting on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-04-15 10:03:32] INFO WEBrick 1.3.1
[2010-04-15 10:03:32] INFO ruby 1.8.7 (2010-01-10) [i386-mingw32]
[2010-04-15 10:03:32] INFO WEBrick::HTTPServer#start: pid=3444 port=3000

If the environment is setup successfully it would show the following.



The connection of database is required to be specified in the file which is located in C:\Ruby\Taxi\config\database.yml with the following content.





4. Generate the Passenger model by creating the MySQL database and ‘passengers’ table from the information above.

There is a tool for GUI interface to manage MySQL called MySQL-Front is downloaded and installed. Database “Taxi” is created with table “Passenger” inserted. The required field for the table is also inserted according as follows.




5. Further work on understanding MySQL under Rails by David Mertz:
a. See “Fast-track your Web apps with Ruby on Rails” at http://www-128.ibm.com/developerworks/linux/library/l-rubyrails/
b. The “Rolling with Ruby on Rails” series and “Cookbook recipes by Curt Hibbs and others beginning at http://www.onlamp.com/pub/a/onlamp/2005/01/20/rails.html

Both resources links has been reviewed. I would find the second link to be extremely useful and practical for this Workshop which is a hands on step-by-step guide to setup the RoR environment with the association to the database MySQL. It also mentioned the tools for managing MySQL in depth which is very useful for students like me who is not a DBA typing SQL query commands everyday.


Recommended time: 1-4 hours, but it may take several trial attempts so be patient with initial success.

Challenge Problems: There are enough already in this workshop.

Exercise 8: XML Introduction

Create an XML document for an online catalogue of cars where each car has the child elements of make, model, year, colour, engine, number_of_doors, transmission_type and accessories. The engine has child elements called number_of_cylinders and fuel_system

Exercise 7: Application server platforms in e-commerce

1. Why is the perception getting stronger that integration will become a critical factor in coming days?

Application integration is the process of bringing data or function from one application program together with that of another application program where these programs already exist. The process is sometimes accomplished by using middleware, either packaged by a vendor or written on a custom basis.

The integration of function or data across different application platforms is increasingly import because it provides users with the ability to manipulate legacy data and to easier to acquire and maintain new data. Users could take advantage of familiar software to use known assets and resources and to use existing data management tools to access data wherever it is located. Users can work with a single, tailored user interface which is available through virtually any device which allows coherent search, access, replication, transformation and analysis over a unified view of information assets to meet business needs.


2. What is the relationship of AJAX to JQuery (jquery.com) and the lightweight Web2.0 JavaScript framework called MooTools (mootools.net) within the enterprise software architecture?

AJAX = Asynchronous JavaScript +XML, which is a group of interrelated web development techniques used on the client-side to create interactive web applications. With AJAX, web applications can retrieve data from the server asynchronously in the background without interfering with the display and behavior of the existing page. This is accomplished by using existing technologies together including HTML, XHTML, CSS, JavaScript, DOM, XML, XSLT and XMLHttpRequest object.
jQuery is a lightweight cross-browser JavaScript library that emphasizes interaction between JavaScript and HTML. The syntax of jQuery is designed to make it easier to navigate a document, create animations, handle events and develop AJAX applications. Microsoft has bundled jQuery on their platforms for adopting it with AJAX framework. Microsoft hosts jQuery on its AJAX content delivery network making it easy to add the support for jQuery library.


It is possible to perform browser-independent AJAX queries using $.ajax and associated methods to load and manipulate remote data.

$.ajax({
type: "POST",
url: "some.php",
data: "name=John&location=Boston",
success: function(msg){
alert( "Data Saved: " + msg );
}
});

JavaScript is a client-side scripting language that can be used for implementing an AJAX application. It is the most popular language for AJAX programming due to its inclusion in and compatibility with the majority of modern web browsers. Classic AJAX involves writing ad-hoc JavaScript on the client. It is a simpler alternative to use standard JavaScript libraries that can partially update a page.


3. What are the similarities between the object-oriented development using model-view-controller (MVC) in Ruby on Rails 2.0 and Action Script 2.0 (Flash animations)?

Rails use the Model-View-Controller (MVC) architecture pattern to organize application programming. The MVC architecture with the Controller handles the input event from the user interface and notifies the Model of the user action. The View gets its data from the Model and render itself. It seperates into various packages namely ActiveRecord which is an object-relational mapping system for database access. Apart from standard packages, developers can make plugins to extend existing packages. The Convention over Configuration (CoC) and the rapid development principle of Don’t Repeat Yourself (DRY) emphasis less coding and less repetition effort by developer.

ActionScript is a scripting language based on ECMAScript which is used primarily for the development of websites and software using the Adobe Flash Player platform in the form of SWF files embedded into web pages. ActionScript 2.0 also introduced class-based inheritance syntax so that developers could create classes and interfaces, much as they would in class-based languages such as Java and C++. These allow for a more structured object-oriented programming approach for code reuse.


4. What does it mean to develop RESTful practices into our web applications?

Representation State Transfer (REST) is a style of software architecture for distributed hypermedia systems such as the World Wide Web. Confirming to the REST constraints is referred to as being “RESTful”.

REST-style architectures consist of clients and servers. Clients initiate requests to servers. Server process requests and returns appropriate responses. Requests and responses are built around the transfer of “representations” of “resources” in stateless client-server architecture. REST is an analytical description of the existing web architecture in which the web services are viewed as resources. It also has to be cacheable, layered system with enhanced scalability and performance.
RESTful practice is especially useful when the web service is completely stateless and the bandwidth is particularly important and needs to be limited. REST is particularly useful for limited-profile device such as PDAs and mobile phones.

Reference
SearchSOA.com Definitions (Application Integration. (2003). Retrieved 4 Apr, 2010, from http://searchsoa.techtarget.com/sDefinition/0,,sid26_gci211586,00.html

DB2 Universal Database. (2009). Why is information integration important to your enterprise? Retrieved 4 Apr, 2010, from http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.ii.doc/ad/ciiwhyen.htm

Mozilla Developer Center. (2010). AJAX. Retrieved 4 Apr, 2010, from https://developer.mozilla.org/en/AJAX

Wikipedia. (2010). AJAX (programming). Retrieved 4 Apr, 2010, from http://en.wikipedia.org/wiki/Ajax_(programming)

Wikipedia. (2010). jQuery retrieved 4 Apr, 2010, from http://en.wikipedia.org/wiki/Jquery

Wikipedia. (2010). ActionScript. Retrieved 4 Apr, 2010, from http://en.wikipedia.org/wiki/ActionScript

Wikipedia. (2010). Ruby on Rails. Retrieved 4 Apr, 2010, from http://en.wikipedia.org/wiki/Ruby_on_rails

Oracle Sun Developer Network. (2010). RESTful Web Services. Retrieved 4 Apr, 2010, from http://java.sun.com/developer/technicalArticles/WebServices/restful/

Exercise 6: Web form design and processing: A basis for e-commerce interaction

1. Design the form
“Retrofit” the form data string above:
Name=Evan+Burke&card=Visa&number=8443261344895544&order=French+perfume
For buying some French perfume into the
HTML form fields and submit button on the Web page form.



2. Write the script
Script archives exist for PERL, Python and JavaScript. Search the Web for a script that processes the HTML forms data. Read the code and list the steps involved in processing the form.

The following JavaScript is called a function called SubmitForm which would be executed when the submit button is clicked in the process.html.




3. Can you modify the script to process the form?
With JavaScript at the client side we can process simple forms without invoking server. JavaScript can only take care all the preliminary requirements, such as validating input to ensure that the user has entered everything and trigger JavaScript events by manipulating form controls. To actually process the form, CGI is required which is a mechanism for safely transporting data from a client HTML form to server.


4. Improve the user experience by add a JavaScript feature.

The following script checks for any input box in the form which is not filled in and prompt to alert the user to fill in the specific input box.

function checkscript() {
for (i=0;i<4;i++) {
box = document.example.elements[i];
if (!box.value) {
alert('You haven\'t filled in ' + box.name + '!');
box.focus()
return false;
}
}
return true;
}


Reference
Gordon, M. (1996). Using JavaScript and forms. Retrieved at 2 Apr, 2010 from http://www.javaworld.com/jw-06-1996/jw-06-javascript.html

Dutch politics primer and blog (2010). Example Form. Retrieved at 2 Apr,2010 from http://www.quirksmode.org/js/formex.html

Workshop 2: Model View Controller design approach

Topic objectives
• Describe the history and architecture of the Model View Controller (MVC) approach to Web application design;
• Revise database techniques with Rails and SQL
• Describe how to use MVC in the Ruby on Rails development environment
• Set up a focus group (like a study group for peer learning) to work on the Ruby on Rails workshops via Interact tools

To do:

1. Set up a focus group (like a study group for peer learning) to work on the Ruby on Rails workshops via Interact tools as a class.

Focus group is setup in CSU Interact Forum where I have joined the discussion on the topics raised by other students and has looked into the problem raised by course coordinator and figure out the solution by web searching.

2. What is meant by “convention over configuration” and how does it reduce coding?

“Convention over configuration” (CoC) means a developer only needs to specify unconventional aspects of the application. For example, if there is a class Sale in the model, t he corresponding table in the database is called sales by default. It is only if one deviates from this convention, such as calling the table “product_sold”, that one needs to write code regarding these names.

When the convention implemented by the tool you are using matches your desired behavior, you enjoy the benefits without having to write configuration files. These reduce repeated coding and configuration. Only when your desired behavior deviates from the implemented convention, then you configure your desired behavior.


3. Further work on understanding MVC:
a. See the wiki at http://wiki.rubyonrails.org/rails/pages/UnderstandingMVC
b. Do the MVC tutorial at http://wiki.squeak.org/squeak/1767

Having walkthrough the wiki materials about MVC. Understood that MVC stands for Model-View-Controller and it is one of the earliest and one of the most successful design patterns. With the View rendering the graphical and textual output of the application. The Controller interprets the mouse and keyboard inputs from the user. The Model manages the behavior and data of the application, responds to requests for information about its state and responds to instructions to change state.

4. Got a spare hour or so? I recommend the UC Berkeley RAD lab’s Ruby on Rails Short course at http://youtube.com/watch?v=LADHwoN2LMM
Read the Flash article using ActionScript by Colin Moock titled “The Model-View-Controller Design Pattern “at http://www.adobe.com/devnet/flash/articles/mv_controller.html

A really long video which would take 6 hours for an undergraduate course topic on Ruby-on-Rails. It is a step-by-step approach to guide your through RoR with lab sessions. Really useful for beginners who need to have a quick introductory course and get it done within one day.



Challenge Problems:

1. How is Rails structured to follow the MVC pattern?

Consider our project and examine the directories where Rails is located. If the data model is called Taxi (it is convention to name the model beginning with an upper case letter). The model is a Ruby class located in app/models/taxi.rb
The SQL table is taxis – the pluralisation of the model. In our project we have 2 tables as passenger_origin and passenger_destination, where the table row = an object instance and each of the columns = an object attribute.

The controller methods live in app/controllers/taxi_controller.rb
Each controller can access templates to display the input screen and methods for action.

The views are kept is app/views/taxi/*.rhtml, where each *.rhtml maps to a controller method.

In Rails, the view is rendered using RHTML or RXML. According to the wiki page at http://wiki.rubyonrails.org/rails/pages/UnderstandingViews, RHTML is HTML with embedded Ruby code and RXML is Ruby-generated XML code.

The data model “Taxi” is created by issuing the following command

C:\Ruby>rails Taxi
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts
create config/environments
create config/initializers
create config/locales
create db
create doc
create lib
create lib/tasks
create log
create public/images
create public/javascripts
create public/stylesheets
create script/performance
create test/fixtures
create test/functional
create test/integration
create test/performance
create test/unit
create vendor
create vendor/plugins
create tmp/sessions
create tmp/sockets
create tmp/cache
create tmp/pids
create Rakefile
create README
create app/controllers/application_controller.rb
create app/helpers/application_helper.rb
create config/database.yml
create config/routes.rb
create config/locales/en.yml
create db/seeds.rb
create config/initializers/backtrace_silencers.rb
create config/initializers/inflections.rb
create config/initializers/mime_types.rb
create config/initializers/new_rails_defaults.rb
create config/initializers/session_store.rb
create config/environment.rb
create config/boot.rb
create config/environments/production.rb
create config/environments/development.rb
create config/environments/test.rb
create script/about
create script/console
create script/dbconsole
create script/destroy
create script/generate
create script/runner
create script/server
create script/plugin
create script/performance/benchmarker
create script/performance/profiler
create test/test_helper.rb
create test/performance/browsing_test.rb
create public/404.html
create public/422.html
create public/500.html
create public/index.html
create public/favicon.ico
create public/robots.txt
create public/images/rails.png
create public/javascripts/prototype.js
create public/javascripts/effects.js
create public/javascripts/dragdrop.js
create public/javascripts/controls.js
create public/javascripts/application.js
create doc/README_FOR_APP
create log/server.log
create log/production.log
create log/development.log
create log/test.log

Currently there are no views rendered and so there is no rhtml under the C:\Ruby\Taxi\app\views\taxi. Also checked the wiki link at rubyonrails.org about understanding Views is already unavailable.

2. Apply the MVC design approach to our Project: Online Taxi Booking System.

HINT: Begin with a single model, single view and single controller classes. This will give you a head start to the next workshop: Online Taxi Booking System: SQL and Database design

Model – Defines how the system handles the passengers’ data including their names, source and destination. The action is to save the data into the database and acknowledge user the data is successful save after user click the submit button.

View – Defines what the passenger would see as they access the system, input the data and submit the data.

Controller – Receives the input from the passenger and initiate the response / acknowledgement by making calls on Model which would trigger the View to render the image to acknowledge the passenger the order has been received by the system.

Exercise 5: Database Case Study

Case A: Microsoft SQL server
1. Investigate the SQL Server 2008 architecture available from the Dreamspark website.

The pre-requisite of SQL Server 2008 Express:
-> Maximum data size of 4GB per database.
-> Single physical CPU, multiple cores
-> Uses only 1GB of RAM
-> SQL Server Agent service unavailable

SQL Server 2008 aims to make data management self-tuning, self organizing, and self maintaining with SQL Server Always On technology to provide near-zero downtime. It also includes support for structured and semi-structured data, including digital media formats for pictures, audio, video and other multimedia data. Multimedia data can be stored as BLOBs (binary large objects). It can be a data storage backend for different varieties of data: XML, email, time/calendar, file, document, spatial as well as perform search, query, analysis, sharing and synchronization across all data types.
SQL Server 2008 also takes the advantage of Hyper-V in Windows Server 2008 which support for more virtual systems per physical host, leading to potential cost reduction. The Hyper-V Migration allows to move a virtual machine between two host servers without any interruption of service.
SQL Server 2008 offers customers scalability to meet the demands of growing data warehouse.


2. Test out the SQL Server Express as a lightweight application development tool. SQL Server 2008 Express Edition and report your findings.

SQL Server 2008 Express is a freely downloadable and distributable version of Microsoft’s SQL Server relational database management system. Before installing SQL Server 2008 Express, you have to get the following pre-requisites ready:

-> .Net Framework 2.0 SP2
-> Windows Installer 4.5
-> Windows PowerShell 1.0
-> Visual Studio 2008 SP1

SQL Server 2008 Express is a scaled down, free edition which includes the core database engine. While there are no limitations on the number of databases or users supported. It comprises a dataset specifically targeted for embedded and smaller-scale applications which limits to using only one processor, 1GB memory and 4GB of database file. These technical restrictions make it undesirable for large-scale deployment and help to govern the workload during concurrent access. The entire database is stored in a single .mdf file. Two additional editions provide superset of features not in the original Express Edition. The first is SQL Server Express with Tools, which includes SQL Server management Studio Basic. The other one is SQL Server Express with Advanced Services which adds full-text search capability and reporting services.

After installing and basic configuration, it runs pretty smooth on my dual-core notebook. The basic features such as creation of database, tables , creating entries and performing queries is not much difference from previous version. The GUI and dashboard would be familiar if you are using the previous version of SQL Server. We can get quick insights into the server instances and applications with tools and wizards and easy management setup and reveal versioning information. It provides superior insight into resource utilization and policy violations which helps to identify potential problems and maintain system healthiness.

It accelerate deployments and upgrades through a new concept, a single unit of deployment, that packages database schema (database, table, stored procedures) with deployment requirements and can be extracted from existing applications or created in Microsoft Visual Studio which helps to reduce deployment trial and error.