COMP 3320

ELECTRONIC COMMERCE TECHNOLOGY

LECTURE 3: WEB SERVER AND E-COMMERCE SERVER

Dr John T. H.Yuen
(Main Reference Chapter 8-9) CYC 306, thyuen@cs.hku.hk 1
CONTENT

Understand:
The flow of an e-commerce website
Static vs dynamic webpage
Customer information
Shopping cart
Email

2
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Catalog
Email
display Login Shopping
server
cart

Customer Catalog Order Warehouse

database database database database
3
4
WEB SERVER AND E-COMMERCE SERVER

Web Server implements an E-Com Server

Web Server: lower level, focus on data & programs (Server view)
E-Com Server: higher level, focus on business objects (Business Processes/Software System view)
E-Com server deals with buying and selling goods and services, and supporting functions
Ideal E-com server software will
Generate sales report on demand
Allow managers to see updated sales info
Integrate different business processes
Inventory control
Billing and accounting
Promotion & marketing
Staff management (e.g., after-sales support) 5
6
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
7
DISPLAYING WEBSITE

Recall http protocol:

Internet
Static HTML pages
with text, pictures,
etc.

Step 1: Request

Step 2: Response
Client (Browser) Web Server 8
PLATFORM NEUTRALITY OF THE WEB

Enable communication of computers using different type of hardware, operating systems, and
software system
Web clients
Different browsers (and additional functions like email handling)
Web servers
Different hardware
Different operating systems
Different http response generation software systems
Require standardization of data format and protocol
9
PLATFORM NEUTRALITY OF THE WEB

Internet

DNS Server

Local Area
Network
(LAN) Client 2: Server 3: IBM
Macbook mainframe +
Apache HTTP
Server
Server 2: Unix
Client 3: OS + Sun Java
iPad System Web
Server 1: Windows
Client 1: Client 4: OS + Microsoft Server
Windows PC Mobile phone Internet Information 10
Server (IIS)
STATIC & DYNAMIC WEBPAGE

The reply page can be generated from 4 different ways Server Side
Scripting .

1.
2. -side scripting)
E.g. CGI (Common Gateway Interface) programs, ASP (Active Server Pages), Java Server Pages (JSP), Servlets, and PHP
(Hypertext Preprocessor).
3. The web server replies a web page, which contains some codes to be executed in the client-side browser
(a.k.a. client-side scripting)
E.g. Applets, Adobe Flash, JavaScripts (JavaScript can also perform server-side scripting, though not so common)
4. The web server executes a program, and the output is a web page, containing some codes to be executed in
the client side
Combination of (2) & (3) needed 11
STATIC WEBPAGE

Internet
Static HTML
pages with text,
pictures, etc.

Step 1: Request

Step 2: Response
Client (Browser) Web Server

Hands-on practice in Lab 1! 12

SERVER-SIDE SCRIPTING USING CGI

A fixed HTML page Internet

Web Server passes variables
that is output of the to execute Common Gateway
CGI program Interface (CGI) program

Step 1: Request
CGI programs

Step 2: Response
Client (Browser) Web Server

Catalog
database
13
Hands-on practice in Lab 2!
CLIENT-SIDE SCRIPTING USING JAVA APPLETS

Internet
HTML Pages
with applet codes

Step 1: Request

Step 2: Response
Web Server

Browser build-in
e.g. JavaScript + HTML + CSS
Java interpreter

Client (Browser)
14
STATIC VS. DYNAMIC WEBPAGE

Static web page

simple to implement, easy to estimate data transfer time
Dynamic pages - Server-side code execution
Reduce server-side page storage, may overload the system when number of requests is huge
Dynamic pages - Client-side code execution
Low server burden (both CPU cycle and DB storage), but may have incompatibility issues for
some clients
Dynamic pages - both Server/Client-side code execution
Most flexible, can carry out a lot of business logic, web access data analysis, and personalization.
However, very complicate to implement
Design issue: Balance the static and dynamic pages
15
 EXAMPLE

Dynamic pages Server-side code

Static

l 16

Dynamic pages Client-side code

execution
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
17
TWO-TIER ARCHITECTURE

A two-tier architecture is one in which only a client and a server are

involved in the requests and the responses that flow between them
over the Internet.
A typical request message from a client to a server consists of three
major parts:
Request line : command, name of target resource, and protocol name
and version number

Optional request headers : Can contain information about types of files

that client will accept in response to request

Optional entity body : Used to pass bulk information to the server

Server returns a Web page to the client 18
THREE-TIER ARCHITECTURE

retrieve info from database

Web server Application server Database

(e.g., Apache) (e.g., PHP) (e.g., SQL)

A three-tier architecture builds on the traditional two-tier approach.

First tier is the client
Second tier is the Web server. Server of 2nd tier will serve the 1st tier clients
19
Third tier consists of applications and their databases. Server of 3rd tier will serve the 2nd tier clients
 HTTP Request

> > Application Database

Client Web fewer >

Server
Web Browser) lrtpache) < IMYSQH
, , (pµp,
HTTP Response

tether 2nd tier 3rd tier

SCALABLE WEB SERVER ARCHITECTURE

Three layers in E-commerce systems:

Web server layer
Middle-tier layer (Application server) Middleware

Backend layer (Database server)

Web server Application server Database
The duties and features of Web servers differ depending on (e.g., Apache) (e.g., PHP) (e.g., SQL)
whether they are publicly accessible.
Web server software program feature depends on the
software package being used, usually involve integration of
several software packages.
Web servers are located on the Internet or intranets, usually
behind firewalls.
20
MULTI-TIER E-COM ARCHITECTURE
Demilitarized Layer 1 Layer 2 Layer 3
Zone
(DMZ)
FW FW

Firewall
Router FW

Internet

Load logging
Balancer Database
Servers

Web Application
Servers Servers
LAN 1 LAN 2 LAN 3 LAN 4 21
FIREWALL & LOAD BALANCE
Firewall: defer to the security part won't
normally users
see

A load-balancing switch is a piece of network hardware that the

queuing process
server
for the actual web
monitors the workloads of the servers attached to it to be avati
able

assigns incoming Web traffic to the server that has the most available capacity.
In a simple load-balancing system, the traffic that enters the site from the Internet, encounters the
load-balancing switch, which then directs the traffic to the Web server best able to handle the traffic

Web Server 1

Web Server 2

Internet router Load-balancing 22

switch Web Server 3
 load balance
wait for the avatiableweb server

23
HOSTING A STATIC PAGE WITHOUT SERVER
static /client

scripting
like bittorrent system
InterPlanetary File System (IPFS) ↳
a peer-to-peer network for storing and sharing data in a
distributed file system.
uses content-addressing to uniquely identify each file in a global
namespace connecting all computing devices.
You can put a static/client side scripting webpage in IPFS
IPFS hash
E.g., upload a index.html file and get a IPFS hash for the file centralized Distributed System
system
Peer distributes its
Open the webpage by the IPFS hash in browser get the own peers .

index.html content addressing oysters

(difffrom IP addressing system )

collision ofhashis mathematically #Samefile same code heedadaresstofndilomnhtmipage

24

almost impossible samehash To be done in Lab 3!

same content
-
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
25
REQUIREMENTS FOR WEB SERVER

Development site (for software development)

Low security, low performance
Intranet site (serve clients within Intranet)
Median security, median performance
Extranet site (same as above, with extension to suppliers or strategic partners)
High security, median performance
Transaction processing sites (B2C, B2B E-Com)
High security (user account/PKI certificates), high performance
Atomic transaction properties (e.g. in Electronic Fund Transfer)
Content Delivery sites (specialized in speedy delivery of huge-sized content)
Median/High security
Extremely high performance, fast in delivery and searching 26
FUNCTIONS OF WEB SERVER

Respond to browser request by serving static web pages

Dynamic Content Site management Allow Admire to
manage
the Ace .

Ace
eq upload files , manage
customer's
File Transfer (for control and other purposes)
.

User a/c management (e.g. with portals)

Session management (e.g. using cookies )
Application development (of E-com functions)
Providing security (secure channel with TLS/SSL, password control)
Search engine abilities (esp. for large site)
Data analysis (logging/administration of site usage)
27
WEB SERVER

In case you want to set up your own web By default, web server does not know
server, there are many web servers. programming, i.e., it cannot do any server-side
Two most popular: programming, such as connecting to a database
system, allowing user login/logout, reading PHP,
Apache HTTP Server JSP, ASP, etc. So we need to install modules to let
http://httpd.apache.org/ the web server understand different
Nginx programming languages.
http://nginx.org/ Install PHP module then the web server
understand PHP programs
You can install the above Web Servers in most
of the common operating systems, such as Install JSP module then the web server understand
Windows, Linux, Mac. JSP programs

28
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
29
DATABASE
We have many different Database
Management Systems (DBMSs)! Some of
the most famous ones:
MySQL (open-source)
SQLite (open-source)
PostgreSQL (open-source)
Oracle
IBM DB2
Usually defined within the relational
model.
Relational DBMSs implement the relational model to
work with the data.
Relational model shapes whatever information to be
stored by defining them as related entities with
attributes across tables (i.e. schemas).
DMBSs require tables to be defined in order to work
with data. With tables, each column holds a different data
type of information.
Each record in the database, uniquely identified with
keys, translates to a row that belongs to a table, with
columns of a table all related together, as defined
within the relational model. 30
business processes view (e-com server)!

31
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
32
WEB HOSTING

More a Business View concern

To show an e-commerce website, we need to have a web server.

Buy a server-grade computer, rent an IP address and set up everything by yourself.

Hybrid: pay a hosting company for the hardware and IP, you set up yourself.
The total costs of setting up your own in-house Web commerce site are expensive.
Web hosting services allow businesses to start electronic commerce inexpensively.
Web hosting services provide all the services that an ISP does.
33
IMPLICATIONS
Self-hosting
The online business owns and maintains the
server and all its software.
It implies full control, instant hardware access,
and complete flexibility.
Business must have additional staff, web
expertise, expensive equipment, and a high-
speed direct Internet connection.
Easier to establish firm s own style
Higher technology risk
Shared Hosting
Your e-commerce site resides on the same
server as several other sites.
It is inexpensive, requires very little of an online
store s time to maintain.
It has a very high-speed connection to the
Internet.
It may lose direct control from online stores.
Security concerns arising from unrelated online
businesses sharing the same server.
34
BASIC HOST SERVICES (SMALL SCALE)

Basic packages are free or low-cost electronic commerce

software supplied by the Web host for building Web sites
(e.g. no shopping carts)
May not include transaction processing. E.g. the host makes
money from advertising banners placed on the storefront s
Web pages.
Customer purchase transactions are handled by e-mail in
this host service.

advertising banners
35
FULL-SERVICE, SHARED MALL-STYLE HOSTING (E-MALLS)

Provides domain name and IP address

Full-service shared hosting sites provide online stores with
good service, good website creation tools, and little or no
banner advertising clutter.
It charges a monthly fee, one-time setup fees, and customer
transaction fee
The mall provides software like shopping carts, e-payment, etc.
to e-merchants
Advantages: low set up fee, less staff commitment, less
technical requirements
Classic examples:Taobao, eBay Stores and Yahoo!Store
36
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
37
More or less the same across the world

38
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
39
USER AUTHENTICATION SYSTEM

Simple website: build your own using PHP + MySQL database

Managing intranet of a big company: use software like MS Active
Directory
Gain Datafor
Marketing
-

Third Party to blame

leg Google)
-
.

Current trend: use OAuth/OpenID

OAuth: a way for Internet users to grant websites or applications access
to their information on other websites but without giving them the
passwords way websiteto access social media
OpenID: allows users to be authenticated by co-operating sites using a
third-party service, eliminating the need for webmasters to provide their
own ad hoc login systems
40
 E- banking lltiqh Security
TWO-FACTOR AUTHENTICATION (2FA)

2FA: a method of confirming users' claimed identities by using a

combination of two different factors: 1) something they know, 2)
something they have, or 3) something they are.
Common examples in e-commerce:
Credit Card Security Code + SMS confirmation during e-payment
E-banking password + security token
E-banking password + mobile token (fingerprint/FaceID)
Required by some regulatory bodies:
HKMA: https://www.hkma.gov.hk/media/eng/doc/key-functions/banking-
stability/supervisory-policy-manual/TM-E-1.pdf 41
SHOPPING IN E-COMMERCE
delivery

Warehouse

newsletter http request

Email Catalog
Login Shopping
server display
cart

Customer Catalog Order Warehouse

database database database database
42
HOW SHOPPING CARTS WORK
the web server cannot remember the transaction / pages that you have visited

The Web is a stateless system- unable to

remember from one transmission to another
Therefore, shopping carts must store information
about each shopping cart, to avoid mixed-up
purchases. Methods used include:
file Stored in client - side server

Cookies - stored information on a shopper s hard

drive
Temporary numbers assigned to a user within the
same browser session, by add the random number
to the end of a shopper s URL
43
TRANSACTION PROCESSING MECHANISM

Required when the shopper clicks the virtual checkout button

Usually, browser changes to Secure Sockets Layer (SSL)
Software calculates tax, shipping charges, discounts
Some software packages connect directly with shippers to get shipping costs
Connected with seller s internal system: e.g. accounting system to allow tallying of Web
sales (involve software integration problem of different systems)
Technical problem: how to recognize several http request-response pairs as a transaction?
Ans: using cookies to provide the session concept: plaintext files that store user settings for a
particular website 44
COOKIES?
Cannot
Than 3rdpaa-iycooy.es/ access
the cookies
Third-party cookies, which Moans
follow users from site to site websites
tracing their browsing habits,
have also been banned by
Apple, Microsoft and Mozilla.
Websites will still be able to
use their own first-party
cookies to track users.

Privacy vs Precise marketing

cookies

{
on
the websites trace their users /
45
canbetsaced keep track
for data Arthur sessions
analysis
WEB SERVER AND E-COM SERVER: SUMMARY
delivery
Warehouse
Web server(server view):
Platform Neutrality
newsletter http request
Dynamic page
Multi-tier architecture
Email Catalog
Choosing web server
Login Shopping
server display
cart Choosing database

E-com server(business
processes view):
Web hosting
User authentication
Customer Catalog
Catalog display
Order Warehouse
database database database database Shopping cart
46