Professional Documents
Culture Documents
ABSTRACT
1. INTRODUCTION
2. SYSTEM ANALYSIS
3. PROJECT DESCRIPTION
4. SYSTEM DESIGN
5. SYSTEM IMPLEMENTATION
6. CONCLUSION
7. REFERENCES
TABLE OF CONTENTS
ABSTRACT
The proposed Three Tier Security Pattern system will be designed with ASP.net as the
front end with the Asp.Net and SqlServer as backend. Authentication is the first line of
defense against compromising confidentiality and integrity. Though traditional login or
password based schemes are easy to implement, they have been subjected to several attacks.
As alternative, token and biometric based authentication systems were introduced. However,
they have not improved substantially to justify the investment. Thus, a variation to the login
or password scheme, viz. graphical scheme was introduced. But it also suffered due to
shoulder-surfing and screen dump attacks. In this project, a framework of proposed Three
Tier Security System will be introduced, which is immune to the common attacks suffered
by other authentication schemes.
The most practical way to strengthen authentication is to require a three tier after the
username or password stage. Since a password is something that a user knows, ensuring that
the user also has something thwarts attackers that steal or gain access to passwords. Many
organizations protect local and remote logins with a simple username and password. Entering
these information grants access to company databases, email accounts, and other sensitive
information. But passwords are notoriously insecure. Many users choose weak passwords
which can be easily guessed or cracked. Phishing attacks trick people daily into revealing
their passwords, and users on unsecured networks can have their passwords sniffed.
Malicious viruses and spyware can capture passwords and send them over the network to
attackers. So at next step the user will be verified for one time password and at the third step
the color code is verified as authentication.
1. INTRODUCTION
The term e-Government is defined by the Organization for Economic Cooperation and
Development (OECD) as the use of new information and communication technologies (ICTs)
by governments as applied to the full range of government functions. In particular, the
networking potential offered by the Internet and related technologies have the potential to
transform the structures and operation of government
The effective management of information security is a key factor as willingness, of
the different users (citizens and other parties), to use e-Government services will heavily
depend on the trust they have on the data security of this service.
As stated in a central challenge of e-Government service is how the new technology
can be used not only to increase efficiency for public administration, but also to strengthen
confidence in privacy measures by creating mutual transparency between public
administration and citizens.
The process approach for information security management system, ISMS, presented
in encourages its users to emphasize the importance of :understanding an organization’s
information security requirements and the need to establish policy and objectives for
information security, implementing and operating controls to manage an organization's
information security risks in the context of the organization’s overall business risks,
monitoring and reviewing the performance and effectiveness of the ISMS , continual
improvement based on objective measurement.
The successful adoption of an ISMS is important to protect information assets,
allowing an organization to achieve greater assurance that its information assets are
adequately protected against information security risks on a continual basis ,maintain a
structured and comprehensive framework for identifying and assessing information security
risks, selecting and applying applicable controls, and measuring and improving their
effectiveness , continually improve its control environment and effectively achieve legal and
regulatory compliance.
When anyone wants to access the network, for security purposes every web
application provides user authentication. From ancient day’s secret data or code is used for
hiding and giving security to information. In user authentication he process which we have to
pass through is username and password. Authentication process divided into Token based
authentication, Biometric based authentication and Knowledge based authentication. Most of
the web application provides knowledge based authentication which include alphanumeric
password as well as graphical password. In today’s changing world when we are having
number of networks and personal account some sort of easy authentication schema need to be
provided.
To help protect the concern, they must be aware of commonly used types of attacks.
With that information, they can make use of several password cracking tools to audit the
organization. So with the intention to increase the security, it is planned to introduce color
codes and OTP (ONE-TIME-PASSWORD) as an authentication tool to increase the security
level. Color-code based authentication gives lot more advantages over existing systems. In
Normal, users are requested to give their password for accessing the system and thereby
gaining privilege to use the services. In the proposed system, the user while registration is
asked to select the color pattern and OTP is generated and will be sent to the registered Email
ID and it will be inserted in the database .The user entered Key will be checked against the
one stored in the database. By giving this kind of Three – level of security the system can be
more secured and is not vulnerable to any kind of attacks.
1.1 PROBLEM DEFINITION
With cloud data services, it is common place for data to be not only stored in the cloud,
but also shared across multiple users. Unfortunately, the integrity of cloud data is subject to
skepticism due to the existence of hardware/ software failures and human errors. Several
mechanisms have been designed to allow both data owners and public verifiers to efficiently
audit cloud data integrity without retrieving the entire data from the cloud server. However,
public auditing on the integrity of shared data with these existing mechanisms will inevitably
reveal confidential information identity privacy to public verifiers. In this paper, we propose
a novel privacy-preserving mechanism that supports public auditing on shared data stored in
the cloud. In particular, we exploit ring signatures to compute verification metadata needed to
audit the correctness of shared data. With our mechanism, the identity of the signer on each
block in shared data is kept private from public verifiers, who are able to efficiently verify
shared data integrity without retrieving the entire file. In addition, our mechanism is able to
perform multiple auditing tasks simultaneously instead of verifying them one by one. Our
experimental results demonstrate the effectiveness and efficiency of our mechanism when
auditing shared data integrity.
2. SYSTEM ANALYSIS
The system is vulnerable to various kinds of attacks such as packet sniffer, probe,
malware, internet infrastructure attack, denial of services attack, remote to local attack
and user to root attack.
Specific security measures like firewalls, intrusion detection software, encryption, and
secure networks have not been defined designed and implemented for government
agencies to provide appropriate levels of security.
2.2.1 ADVANTAGES
`
2.3 SYSTEM REQUIREMENTS
The common language runtime manages memory, thread execution, code execution,
code safety verification, compilation, and other system services. These features are intrinsic
to the managed code that runs on the common language runtime.
With regards to security, managed components are awarded varying degrees of trust,
depending on a number of factors that include their origin (such as the Internet, enterprise
network, or local computer). This means that a managed component might or might not be
able to perform file-access operations, registry-access operations, or other sensitive functions,
even if it is being used in the same active application.
The runtime enforces code access security. For example, users can trust that an
executable embedded in a Web page can play an animation on screen or sing a song, but
cannot access their personal data, file system, or network. The security features of the
runtime thus enable legitimate Internet-deployed software to be exceptionally feature rich.
The runtime also accelerates developer productivity. For example, programmers can
write applications in their development language of choice, yet take full advantage of the
runtime, the class library, and components written in other languages by other developers.
Any compiler vendor who chooses to target the runtime can do so. Language compilers that
target the .NET Framework make the features of the .NET Framework available to existing
code written in that language, greatly easing the migration process for existing applications.
While the runtime is designed for the software of the future, it also supports software
of today and yesterday. Interoperability between managed and unmanaged code enables
developers to continue to use necessary COM components and DLLs.
The .NET Framework class library is a collection of reusable types that tightly
integrate with the common language runtime. The class library is object oriented, providing
types from which your own managed code can derive functionality. This not only makes
the .NET Framework types easy to use, but also reduces the time associated with learning
new features of the .NET Framework. In addition, third-party components can integrate
seamlessly with classes in the .NET Framework.
For example, the .NET Framework collection classes implement a set of interfaces
that you can use to develop your own collection classes. Your collection classes will blend
seamlessly with the classes in the .NET Framework.
As you would expect from an object-oriented class library, the .NET Framework types
enable you to accomplish a range of common programming tasks, including tasks such as
string management, data collection, database connectivity, and file access. In addition to
these common tasks, the class library includes types that support a variety of specialized
development scenarios. For example, you can use the .NET Framework to develop the
following types of applications and services:
Console applications.
Windows GUI applications (Windows Forms).
ASP.NET applications.
XML Web services.
Windows services.
For example, the Windows Forms classes are a comprehensive set of reusable types that
vastly simplify Windows GUI development. If you write an ASP.NET Web Form
application, you can use the Web Forms classes.
Another kind of client application is the traditional ActiveX control (now replaced by
the managed Windows Forms control) deployed over the Internet as a Web page. This
application is much like other client applications: it is executed natively, has access to local
resources, and includes graphical elements.
In the past, developers created such applications using C/C++ in conjunction with the
Microsoft Foundation Classes (MFC) or with a rapid application development (RAD)
environment such as Microsoft® Visual Basic®. The .NET Framework incorporates aspects
of these existing products into a single, consistent development environment that drastically
simplifies the development of client applications.
The Windows Forms classes contained in the .NET Framework are designed to be
used for GUI development. You can easily create command windows, buttons, menus,
toolbars, and other screen elements with the flexibility necessary to accommodate shifting
business needs.
The following illustration shows a basic network schema with managed code running
in different server environments. Servers such as IIS and SQL Server can perform standard
operations while your application logic executes through the managed code.
ASP.NET is the hosting environment that enables developers to use the .NET
Framework to target Web-based applications. However, ASP.NET is more than just a
runtime host; it is a complete architecture for developing Web sites and Internet-distributed
objects using managed code. Both Web Forms and XML Web services use IIS and ASP.NET
as the publishing mechanism for applications, and both have a collection of supporting
classes in the .NET Framework.
The .NET Framework also provides a collection of classes and tools to aid in
development and consumption of XML Web services applications. XML Web services are
built on standards such as SOAP (a remote procedure-call protocol), XML (an extensible data
format), and WSDL (the Web Services Description Language). The .NET Framework is built
on these standards to promote interoperability with non-Microsoft solutions.
For example, the Web Services Description Language tool included with the .NET
Framework SDK can query an XML Web service published on the Web, parse its WSDL
description, and produce C# or Visual Basic source code that your application can use to
become a client of the XML Web service. The source code can create classes derived from
classes in the class library that handle all the underlying communication using SOAP and
XML parsing. Although you can use the class library to consume XML Web services
directly, the Web Services Description Language tool and the other tools contained in the
SDK facilitate your development efforts with the .NET Framework.
If you develop and publish your own XML Web service, the .NET Framework
provides a set of classes that conform to all the underlying communication standards, such as
SOAP, WSDL, and XML. Using those classes enables you to focus on the logic of your
service, without concerning yourself with the communications infrastructure required by
distributed software development.
Finally, like Web Forms pages in the managed environment, your XML Web service
will run with the speed of native machine language using the scalable communication of IIS.
COMMON LANGUAGE RUNTIME
Compilers and tools expose the runtime's functionality and enable you to write code
that benefits from this managed execution environment. Code that you develop with a
language compiler that targets the runtime is called managed code; it benefits from features
such as cross-language integration, cross-language exception handling, enhanced security,
versioning and deployment support, a simplified model for component interaction, and
debugging and profiling services.
To enable the runtime to provide services to managed code, language compilers must emit
metadata that describes the types, members, and references in your code. Metadata is stored
with the code; every loadable common language runtime portable executable (PE) file
contains metadata. The runtime uses metadata to locate and load classes, lay out instances in
memory, resolve method invocations, generate native code, enforce security, and set run-time
context boundaries.
The runtime automatically handles object layout and manages references to objects, releasing
them when they are no longer being used. Objects whose lifetimes are managed in this way
are called managed data. Garbage collection eliminates memory leaks as well as some other
common programming errors. If your code is managed, you can use managed data,
unmanaged data, or both managed and unmanaged data in your .NET Framework application.
Because language compilers supply their own types, such as primitive types, you might not
always know (or need to know) whether your data is being managed.
The common language runtime makes it easy to design components and applications whose
objects interact across languages. Objects written in different languages can communicate
with each other, and their behaviors can be tightly integrated. For example, you can define a
class and then use a different language to derive a class from your original class or call a
method on the original class. You can also pass an instance of a class to a method of a class
written in a different language. This cross-language integration is possible because language
compilers and tools that target the runtime use a common type system defined by the runtime,
and they follow the runtime's rules for defining new types, as well as for creating, using,
persisting, and binding to types.
As part of their metadata, all managed components carry information about the
components and resources they were built against. The runtime uses this information to
ensure that your component or application has the specified versions of everything it needs,
which makes your code less likely to break because of some unmet dependency. Registration
information and state data are no longer stored in the registry where they can be difficult to
establish and maintain. Rather, information about the types you define (and their
dependencies) is stored with the code as metadata, making the tasks of component replication
and removal much less complicated.
Language compilers and tools expose the runtime's functionality in ways that are intended
to be useful and intuitive to developers. This means that some features of the runtime might
be more noticeable in one environment than in another. How you experience the runtime
depends on which language compilers or tools you use. For example, if you are a Visual
Basic developer, you might notice that with the commonlanguage runtime, the Visual Basic
language has more object-oriented features than before. Following are some benefits of the
runtime.
Performance improvements.
The ability to easily use components developed in other languages.
Extensible types provided by a class library.
New language features such as inheritance, interfaces, and overloading for object-
oriented programming; support for explicit free threading that allows creation of
multithreaded, scalable applications; support for structured exception handling and
custom attributes.
If you use Microsoft® Visual C++® .NET, you can write managed code using the
Managed Extensions for C++, which provide the benefits of a managed execution
environment as well as access to powerful capabilities and expressive data types that you are
familiar with. Additional runtime features include:
ADO.NET Architecture
The design of the Dataset enables you to easily transport data to clients over the Web
using XML Web services, as well as allowing you to marshal data between .NET components
using .NET Remoting services. You can also remote a strongly typed Dataset in this fashion.
For an overview of XML Web services..
The following table outlines the four core objects that make up a .NET Framework
data provider.
Object Description
Connection Establishes a connection to a specific data
source.
Command Executes a command against a data source.
Exposes Parameters and can execute within
the scope of a Transaction from a
Connection.
Data Reader Reads a forward-only, read-only stream of
data from a data source.
Data Adapter Populates a Dataset and resolves updates with
the data source.
The .NET Framework includes the .NET Framework Data Provider for SQL Server
(for Microsoft SQL Server version 7.0 or later), the .NET Framework Data Provider for OLE
DB, and the .NET Framework Data Provider for ODBC.
Note The .NET Framework Data Provider for ODBC is not included in the .NET
Framework version 1.0. If you require the .NET Framework Data Provider for ODBC and are
using the .NET Framework version 1.0, you can download the .NET Framework Data
Provider for ODBC at http://msdn.microsoft.com/downloads. The namespace for the
downloaded .NET Framework Data Provider for ODBC is Microsoft.Data.Odbc.
The .NET Framework Data Provider for SQL Server uses its own protocol to
communicate with SQL Server. It is lightweight and performs well because it is optimized to
access a SQL Server directly without adding an OLE DB or Open Database Connectivity
(ODBC) layer. The following illustration contrasts the .NET Framework Data Provider for
SQL Server with the .NET Framework Data Provider for OLE DB. The .NET Framework
Data Provider for OLE DB communicates to an OLE DB data source through both the OLE
DB Service component, which provides connection pooling and transaction services, and the
OLE DB Provider for the data source.
Comparison of the .NET Framework Data Provider for SQL Server and the .NET
Framework Data Provider for OLE DB
Comparison of .NET Framework Data Provider for SQL Server and OLEDB
To use the .NET Framework Data Provider for SQL Server, you must have access to
Microsoft SQL Server 7.0 or later. .NET Framework Data Provider for SQL Server classes
are located in the System.Data.SqlClient namespace. For earlier versions of Microsoft SQL
Server, use the .NET Framework Data Provider for OLE DB with the SQL Server OLE DB
Provider (SQLOLEDB).
VISUAL C# LANGUAGE
C# has a unified type system. All C# types, including primitive types such as int and
double, inherit from a single root object type, Thus, all types share a set of common
operations, and values of any type can be stored, transported, and operated upon in a
consistent manner. Furthermore, C# supports both user-defined reference types and value
types, allowing dynamic allocation of objects as well as in-line storage of lightweight
structures.
To ensure that C# programs and libraries can evolve over time in a compatible
manner, much emphasis has been placed on versioning in C#’s design. Many programming
languages pay little attention to this issue, and, as a result, programs written in those
languages break more often than necessary when newer versions of dependent libraries are
introduced. Aspects of C# ’s design that were directly influenced by versioning
considerations include the separate virtual and override modifiers, the rules for method
overload resolution, and support for explicit interface member declarations.
ASP.NET
The .NET framework includes tools that ease the creation of web services.
ASP.NET is the latest offering from Microsoft toward the creation of a new paradigm for
server-side scripting. The systemwill see the basics of ASP.NET, which provides a
complete framework for the development of web applications. Here the systemget
introduced into ASP.NET, the platform requirements for ASP.NET applications, and the
ASP.NET architecture. In addition, the systemget introduced to web forms of ASP.NET
applications, a new addition to ASP.NET.
ASP .NET differs in some ways from earlier versions Os ASP. ASP.NET has new
features such as better language support, a new set of controls, XML-based components, and
more secure user authentication. ASP.NET also provides increased performance by executing
ASP code.
Usually a software product undergoes many evolutionary phases. In each release
version of the software product, the software vendor fixes the bugs form previous versions
and adds new features. ASP 1.0 was released in 1996. Since then, two more versions of ASP
(2.0 AND 3.0) have been released. In various versions of ASP, new features have been
added. However, the basic methodology used for creating applications has not changed.
BENEFITS OF ASP.NET
Support for various programming language ASP.NET provides better programming-
language support than ASP. It uses the new ADO.NET earlier versions of ASP support only
scripting language such as VBScript and Jscript. Using this scripting language, the system
can write applications used to perform server-side processing, but this has two major
drawbacks. First, scripting language is interpreted and not complied. Therefore, the errors can
only be checked at runtime. This affects the performance of web applications. Second,
scripting language is not strongly typed. The scripting languages do not have a built –in set of
predefined data types. This requires developers to cast the existing objects of the language to
their expected data type. Thus, these objects can be validated only at runtime. This validation
leads to a low performance of web applications. ASP.NET continues to support scripting
languages, but it supports complete Visual Basic for server-side programming ASP.NET also
provides support for c# (pronounced c sharp) and C++.
ASP.NET provides flexibility to extend created in one language to another language. For
example, if the system has an object in C++, ASP.NET enables us to extend this object in
Visual Basic.
DIRECTIVES
<%
[inline code or expressions]
%>
HTML Control Syntax
<HTML element runat=”server” [attribute(s)]>
</HTML element>
SUB PROPERTY
The term server controls always means Web Forms server controls, because they are
specially designed to work with Web Forms.
DATA BINDING
The systemcan bind Web Forms control properties to any data in a data store. This so-
called data binding gives us nearly complete control over how data moves to the page and
back again to the data store.
PAGE CLASS
When a page is loaded, the ASP.NET runtime generates and instantiates a page class.
This object forms a collection of our separate components (like visual elements and business
logic). So all (visual and code) elements are accessible through this object.
The system can convert simple HTML elements to HTML server controls, let the
ASP.NET engine create an instance on the server, and now they are programmable on the
server. The conversion is done by simply adding attributes to the HTML tag. The attributes
runat=server informs the framework to create a server-side instance of the control. If the
system additionally assigns an ID, the system can reference the control in our code.
For example, the system can use the HTMLAnchor control to program against the
HTML <a> tag to dynamically generate the H Ref values, or use HtmlTable (HTML
<table>) to dynamically create tables and their content.
Another feature is the typed object model. This gives us the potential for type-safe
programming. Server controls can automatically detect what browser the system is using and
generate the proper version of HTML output.
BUTTON
This is way to enable the user to finish editing a form. A Button enforces the
submitting of the page, and the systemcan additionally raise events like the Click event.
TEXTBOX
A Textbox is an input box where the user can enter information like numbers, text, or
dates formatted as single line, multilane, or password. This control raises a Text Changed
event when the focus “leaves” the control.
VALIDATION CONTROLS
Another group of server controls are validation controls. These can be used to check
the user’s entries. Validation can be processed on the client and on the server.
Validation on the client side can be performed using a client script. In that case, the
user will be confronted with immediate feedback-without a roundtrip to the server. Server-
side validation in addition provides, for example, security against users bypassing client-side
validation.
ASP.NET PROVIDES THE FOLLOWING TYPES OF VALIDATION
Required entry- the field must be filled in by the user. Comparison to a value- the
entered value is checked against another value of another field, a database, or a constant
value by using comparison operators. Range checking – the user’s entry is checked to see
whether it resides between given boundaries. Pattern matching- a regular expression is
defined that the entered value must match. User’s defined- implement our own validation
logic. When the validation fails, an error message is generated and sent back to the client
browser. This can be done in several ways. For example, all error messages related to a
specific transaction could be collected and presented to the user in summary.
For example
Select first, last, city
From empinfo
Where first LIKE ‘Er%’;
This SQL statement will match any first names that start with ‘Er’. Strings must be in
single quotes. Or the systemcan specify
Select first, last
From empinfo where last LIKE ‘%s’;
This statement will match any last names that end in‘s’.
Select * from user
Where first = ‘Erie’;
This will only select rows where the first name equals ‘Erie’ exactly.
CREATING TABLES
The create tables statement is used to create a new table. Here is the format of a
simple create table statement.
What are constraints? When tables are created, it is common for one or more
columns to have constraints associated with them. A constraint is basically a rule associated
with a column that the data entered into that column must follow. For example, a ‘unique”
constraints specifies that no two records can have the same value in a particular column. They
must all be unique.
The other two most particular constraints are “not null” which specifies that a column
can’t be left blank, and “primary key”. A “primary key” constraint defines a unique
identification of each record (or row) in a table. Constraints can be entered in this SQL
interpreter, however, they are not supported in this Intro to SQL tutorial & interpreter. They
will be covered and supported in the future release of the Advanced SQL tutorial- that is, if
“response” is good.
INSERTING INTO A TABLE
The insert statement is used to insert or add a row of data into the table. To insert
records into a table, enter the key words insert into followed by the table name, followed by
an open parenthesis, followed by a list of column names separated by commas, followed by a
closing parenthesis, followed by the keyword values, followed by the list of values enclosed
in parenthesis. The values that you enter will be held in the rows and they will match up with
the column names that you specify. Strings should be enclosed in single quotes, and numbers
should not.
Insert into “table name”
(First column...last column)
Values (first value...last value);
UPDATING RECORDS
The update statement is used to update or change records that match specified criteria.
This is accomplished by carefully constructing a where clause.
Update “table name”
Set “column name”= “new value”
[ ,”next column” = “newvalue2”...]
Where “column name” OPERATOR “value”
[and/or “column” OPERATOR “value”];
DELETING RECORDS
The delete statement is used to delete records or rows from the table.
Delete from “table name”
Where “column name”
OPERATOR “value”
[and/or “column”
OPERATOR “value”]
To delete an entire record/row from a table, enter “delete form” followed by the table
name, followed by the where clause which contains the conditions to delete. If you leave off
the where clause, all records will be deleted.
DROP A TABLE
The drop table command is used to delete a table and all rows in the table. To delete
an entire table including all of its rows, issue the drop table command followed by the table
name. Drop table is different from deleting all of the records in the table. Deleting all of the
records in the table leaves the table including column and constraint information. Dropping
the table removes the table definition as well as all of its rows.
Drop table “table name”
TABLE JOINS
All of the queries up until this point have been useful with the exception of one major
limitation- that is, you’ve been selecting from only one table are a time with your SELECT
statement. It is time to introduce you to one of the most beneficial features of SQL &
relational database system – the
Joins allow you to link data from two or more tables together into a single query result
– from one single SELECT statement. A “join” can be recognized in a SQL SELECT
statement if it has more than one table after the FROM keyword.
3. PROJECT DESCRIPTION
3.1 MODULES
Registration
Login
Generation of otp
Authenticating the user
Change of password/colour code
Availing services
Generating reports
REGISTRATION:
In this module registration of new user who wants to access the service takes
place. When a user wants to create account they can make use of this module. It involves
collection of details such as their name, address, phone number, date of birth, city and the
user is also asked to choose the color codes .On the end of the phase user will be given
userId, password and color code. All the details will be stored in to database. The user can
then use these credentials to log into the system.
LOGIN:
In this module, the user will be asked to give his user ID and password .When the user
fed password matches with one corresponding to that userid ,he will prompted to next phase
i.e. choosing color code. Either the password or the color code is not valid the user will not be
allowed to continue log into the systems. Session validations are also given. So no one can
gain access to some other page without having right credentials.
GENERATION OF OTP:
After successful login, a random OTP will be generated and is send to the registered
Emailed and it will be stored into the database for future reference. The user can use that OTP
to log into the system. The user entered OTP will be checked with the one that is stored in the
DB. This OTP can be used for that login session only. Once logged out the user again need to
give his password, color code and OTP will be generated again and is send to the mail ID.
Thus by giving three level of security the system can be less vulnerable to get attacked.
AUTHENTICATING THE USER:
Authentication is an important thing whenever the information holds high value. In
this system the user has to be authenticated as it involves transaction of money. The user
entered password, OTP and color code will be validated against the one stored in the
database. If the credentials are correct the user can able to do the transactions and generate
reports. Otherwise the user will be given ‘invalid user’ message.
CHANGE OF PASSWORD/COLOUR CODE:
The user will be given the provision of changing his/her password or color code if he
forgets the password. The user will be asked for some security questions which he has given
during registration. If he answered right some verification code will be sent to the registered
mail id. The user has to feed that verification code to the system , if correct he can change his
password /color code.
AVAILING SERVICES:
The user after giving his credentials, he can able to do use the services provided by
the E-governance system. He can exit the application by clicking exit button. Thus by
enhancing the security features, the services can be used by the valid persons and the integrity
of the system is thus maintained. The system is implemented with session validations. So no
one is given the access to move direct to the page without login
GENERATING REPORTS:
The Admin can view all the reports of the customers. The admin is having separate
Login as he holds the power of viewing all the transactions for a particular user and even for
all the users. The user can able to view reports for the usage of services by customers in
previous month and the current month. By giving date as input the user can view the reports
for that particular date.
4. SYSTEM DESIGN
4.1 SYSTEM ARCHITECTURE
4.2 UML DIAGRAMS
+authenticate() +sendotp()
Authentication
+userid
+pwd
+otp
+colorcode
+validatepwd()
+validateotp()
+validatecolorcode()
REGISTRATION
GENERATE REPORTS
1 : registration of user() 8
7
LOGIN
GENERATION OF SECURITY QUESTION
: User
4 : user logs in to the system()
6 : requests for change of pwd/color code()
Login
Entry of OTP
Avail Services
Generate Reports
: User
1 : Registration of user()
3
4 : validates password()
8 : user will enter the OTP generated by the admin from mailID()
9
10 : validation of OTP()
11
15 : Generation of reports()
CASE Tools
Integration Framework
Portability Services
Operating System
Hardware Platform
Environment Architecture
The compilers, editors and debuggers those are available to support most
conventional programming languages. Web development tools include to the generation of
text, graphics, forms, scripts and other elements of a web page.
UML
INPUT DESIGN
The input design is the link between the information system and the user. It comprises
the developing specification and procedures for data preparation and those steps are
necessary to put transaction data in to a usable form for processing can be achieved by
inspecting the computer to read data from a written or printed document or it can occur by
having people keying the data directly into the system. The design of input focuses on
controlling the amount of input required, controlling the errors, avoiding delay, avoiding
extra steps and keeping the process simple. The input is designed in such a way so that it
provides security and ease of use with retaining the privacy. Input Design considered the
following things:’
OBJECTIVES
1. Input Design is the process of converting a user-oriented description of the input into a
computer-based system. This design is important to avoid errors in the data input process and
show the correct direction to the management for getting correct information from the
computerized system.
2.It is achieved by creating user-friendly screens for the data entry to handle large volume of
data. The goal of designing input is to make data entry easier and to be free from errors. The
data entry screen is designed in such a way that all the data manipulates can be performed. It
also provides record viewing facilities.
3. When the data is entered it will check for its validity. Data can be entered with the help of
screens. Appropriate messages are provided as when needed so that the user will not be in
maize of instant. Thus the objective of input design is to create an input layout that is easy to
follow
OUTPUT DESIGN
A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the users and to
other system through outputs. In output design it is determined how the information is to be
displaced for immediate need and also the hard copy output. It is the most important and
direct source information to the user. Efficient and intelligent output design improves the
system’s relationship to help user decision-making.
1. Designing computer output should proceed in an organized, well thought out manner; the
right output must be developed while ensuring that each output element is designed so that
people will find the system can use easily and effectively. When analysis design computer
output, they should Identify the specific output that is needed to meet the requirements.
2. Select methods for presenting information.
3. Create document, report, or other formats that contain information produced by the system.
The output form of an information system should accomplish one or more of the following
objectives.
Registration
Send OTP
Gmail Inbox
OTP
Color Code
5.2 SOURCE CODE
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
publicpartialclassuserregistration : System.Web.UI.Page
{
protectedvoid Page_Load(object sender, EventArgs e)
{
}
protectedvoid TextBox1_TextChanged(object sender, EventArgs e)
{
SqlConnection con = newSqlConnection("Data Source=admin-pc;initial
catalog=goverment;user id=sa;pwd=123");
con.Open();
SqlCommand cmd = newSqlCommand("select*from regform where
username='" + TextBox1.Text + "'", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
Label1.Text = "User Name is Already Exist";
this.Label1.ForeColor = Color.Red;
}
else
{
Label1.Text = "UserName is Available";
this.Label1.ForeColor = Color.Red;
}
}
protectedvoid Button1_Click(object sender, EventArgs e)
{
try
{
Session["username"] = TextBox1.Text.Trim();
Session["mail"] = TextBox5.Text.Trim();
Response.Redirect("typecolor.aspx");
}
catch (Exception ex)
{
string msg = ex.Message;
Response.Write(msg);
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Web.Services;
using System.Web;
using System.Data;
publicpartialclasstypecolor : System.Web.UI.Page
{
protectedvoid Page_Load(object sender, EventArgs e)
{
}
[WebMethod]
publicstaticstring InsertMethod(string Name, string Email)
{
SqlConnection con = newSqlConnection("Data Source=.;Initial
Catalog=adt;User ID=sa;Password=123");
{
SqlCommand cmd = newSqlCommand("update mani set name='"+Name+"'
where email='"+Email+"'", con);
{
con.Open();
cmd.ExecuteNonQuery();
return"True";
}
}
}
}
protectedvoid Button1_Click(object sender, System.EventArgs e)
{
Response.Redirect("homepage.aspx");
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
publicpartialclassclient1login : System.Web.UI.Page
{
SqlConnection con = newSqlConnection();
SqlCommand cmd = newSqlCommand();
SqlDataAdapter da;
DataSet ds;
DataTable dt;
SqlDataReader dr;
con.Open();
cmd = newSqlCommand("select * from regform where mail='" +
TextBox1.Text + "'and password ='" + TextBox2.Text + "'", con);
dr = cmd.ExecuteReader();
if (dr.Read())
{
Response.Redirect("regform.aspx");
}
else
{
Page.RegisterStartupScript("UserMsg",
"<script>alert('Invalid User');</script>");
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System;
using System.Data.SqlClient;
using System.IO;
using System.Web.UI.WebControls;
publicpartialclassservice : System.Web.UI.Page
{
string strCon = "Data Source=admin-pc;user id=sa;pwd=123;Initial
Catalog=threetier";
protectedvoid Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
BindGridviewData();
}
if (Session["s1"] == ""&& Session["s2"] == "")
{
Response.Redirect("client1login.aspx");
}
}
// Bind Gridview Data
privatevoid BindGridviewData()
{
using (SqlConnection con = newSqlConnection(strCon))
{
using (SqlCommand cmd = newSqlCommand())
{
cmd.CommandText = "select * from userfiles";
cmd.Connection = con;
con.Open();
gvDetails.DataSource = cmd.ExecuteReader();
gvDetails.DataBind();
con.Close();
}
}
}
// Save files to Folder and files path in database
protectedvoid btnUpload_Click(object sender, EventArgs e)
{
}
// This button click event is used to download files from gridview
protectedvoid lnkDownload_Click(object sender, EventArgs e)
{
LinkButton lnkbtn = sender asLinkButton;
GridViewRow gvrow = lnkbtn.NamingContainer asGridViewRow;
int fileid =
Convert.ToInt32(gvDetails.DataKeys[gvrow.RowIndex].Value.ToString())
;
string name, type;
using (SqlConnection con = newSqlConnection(strCon))
{
using (SqlCommand cmd = newSqlCommand())
{
cmd.CommandText = "select FileName, FileType,
FileData from userfiles where Id=@Id";
cmd.Parameters.AddWithValue("@id", fileid);
cmd.Connection = con;
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
Response.ContentType =
dr["FileType"].ToString();
Response.AddHeader("Content-Disposition",
"attachment;filename=\"" + dr["FileName"] + "\"");
Response.BinaryWrite((byte[])dr["FileData"]);
Response.End();
}
}
}
}
protectedvoid ImageButton1_Click(object sender, ImageClickEventArgs
e)
{
string filename = Path.GetFileName(fileUpload1.PostedFile.FileName);
Stream str = fileUpload1.PostedFile.InputStream;
BinaryReader br = newBinaryReader(str);
Byte[] size = br.ReadBytes((int)str.Length);
using (SqlConnection con = newSqlConnection(strCon))
{
using (SqlCommand cmd = newSqlCommand())
{
cmd.CommandText = "insert into
userfiles(FileName,FileType,FileData) values(@Name,@Type,@Data)";
cmd.Parameters.AddWithValue("@Name", filename);
cmd.Parameters.AddWithValue("@Type",
"application/.jpg/doc/pdf");
cmd.Parameters.AddWithValue("@Data", size);
cmd.Connection = con;
con.Open();
cmd.ExecuteNonQuery();
con.Close();
BindGridviewData();
}
}
}
protectedvoid Button1_Click(object sender, System.EventArgs e)
{
//Response.Redirect("homepage.aspx");
}
protectedvoid Button2_Click(object sender, System.EventArgs e)
{
Session["s1"] = "";
Session["s2"] = "";
Response.Redirect("homepage.aspx");
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Configuration;
publicpartialclassuserregistration : System.Web.UI.Page
{
protectedvoid Page_Load(object sender, EventArgs e)
{
}
protectedvoid TextBox1_TextChanged(object sender, EventArgs e)
{
SqlConnection con = new
SqlConnection(ConfigurationManager.ConnectionStrings["three"].Connec
tionString);
con.Open();
SqlCommand cmd = new SqlCommand("select*from userdetails
where username='" + TextBox1.Text + "'", con);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
Label1.Text = "User Name is Already Exist";
this.Label1.ForeColor = Color.Red;
}
else
{
Label1.Text = "UserName is Available";
this.Label1.ForeColor = Color.Red;
}
}
protectedvoid Button1_Click(object sender, EventArgs e)
{
try
{
Session["username"] = TextBox1.Text.Trim();
Session["mail"] = TextBox5.Text.Trim();
con.Open();
String str = "insert into userdetails values('" +
TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox4.Text +
"','" + TextBox5.Text + "','" + TextBox6.Text + "','" +
TextBox7.Text + "')";
SqlCommand cmd = new SqlCommand(str, con);
cmd.ExecuteNonQuery();
Response.Redirect("typecolor.aspx");
}
catch (Exception ex)
{
string msg = ex.Message;
Response.Write(msg);
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Web.Services;
using System.Web;
using System.Data;
using System.Configuration;
publicpartialclassmax : System.Web.UI.Page
{
SqlConnection con =
newSqlConnection(ConfigurationManager.ConnectionStrings["three"].Con
nectionString);
SqlCommand cmd = newSqlCommand();
SqlCommand cmd1 = newSqlCommand();
SqlDataAdapter da;
SqlDataReader dr;
DataSet ds;
protectedvoid Page_Load(object sender, EventArgs e)
{
con.Open();
Label1.Text = ds.Tables[0].Rows[i][1].ToString();
Label2.Text = ds.Tables[0].Rows[i][2].ToString();
}
}
try
{
Session["s1"] = Label1.Text.ToString();
Session["s2"] = Label2.Text.ToString();
SqlCommand cmd2 = newSqlCommand("select * from inputcolor where
name='" + Label1.Text + "' and email='" + Label2.Text + "' ", con);
dr = cmd2.ExecuteReader();
if (dr.Read())
{
Response.Redirect("service.aspx");
}
else
{
Response.Redirect("error.aspx");
}
}
catch (Exception ex)
{
string msg;
msg = ex.ToString();
Response.Write(msg.ToString());
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Web.Services;
using System.Web;
using System.Data;
using System.Configuration;
publicpartialclassmani : System.Web.UI.Page
{
protectedvoid Page_Load(object sender, EventArgs e)
{
Label1.Visible = false;
Label2.Visible = false;
}
[WebMethod]
publicstaticstring InsertMethod(string Name, string Email)
{
SqlConnection con =
newSqlConnection(ConfigurationManager.ConnectionStrings["three"].Con
nectionString);
con.Open();
{
SqlCommand cmd = newSqlCommand("insert into outputcolor values ('"
+ Name + "','" + Email + "')", con);
{
cmd.ExecuteNonQuery();
return"True";
{
}
}
}
}
protectedvoid Button1_Click(object sender, System.EventArgs e)
{
Response.Redirect("max.aspx");
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
publicpartialclassDefault2 : System.Web.UI.Page
SqlConnection con =
newSqlConnection(ConfigurationManager.AppSettings["ConnectionString"]);
protectedvoid Page_Load(object sender, EventArgs e)
con.Open();
cmd.ExecuteNonQuery();
con.Close();
//Label8.Text = "";
TextBox1.Text = "";
TextBox2.Text = "";
TextBox3.Text = "";
DropDownList3.Text = "";
TextBox4.Text = "";
//DropDownList1.Text = "";
TextBox5.Text = "";
TextBox6.Text = "";
DropDownList2.Text = "";
TextBox7.Text = "";
// RegisterStartupScript("msg", "<script>alert('Registered Successfully...!')</script>");
}
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
publicpartialclassDefault2 : System.Web.UI.Page
SqlConnection con =
newSqlConnection(ConfigurationManager.AppSettings["ConnectionString"]);
{
}
con.Open();
cmd.ExecuteNonQuery();
con.Close();
//Label8.Text = "";
TextBox1.Text = "";
TextBox2.Text = "";
TextBox3.Text = "";
DropDownList3.Text = "";
TextBox4.Text = "";
//DropDownList1.Text = "";
TextBox5.Text = "";
TextBox6.Text = "";
DropDownList2.Text = "";
TextBox7.Text = "";
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
publicpartialclassDefault2 : System.Web.UI.Page
SqlConnection con =
newSqlConnection(ConfigurationManager.AppSettings["ConnectionString"]);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
//Label8.Text = "";
TextBox1.Text = "";
TextBox2.Text = "";
DropDownList4.Text = "";
DropDownList3.Text = "";
TextBox4.Text = "";
//DropDownList1.Text = "";
TextBox5.Text = "";
TextBox6.Text = "";
DropDownList2.Text = "";
TextBox7.Text = "";
LoadUserType();
}
}
db.OpenDB();
db.Execute(strQuery);
db.CloseDB();
Response.Write("<script>alert('Your details has been
sucessfully Updated')</script>");
Response.Redirect("Login.aspx");
}
catch (Exception ex)
{
}
}
publicvoid LoadUserType()
{
DataTable dtUserType = newDataTable();
string strQuery = "";
DatabaseClass db = newDatabaseClass();
try
{
db.OpenDB();
strQuery = "select * from UserTypes where UserType
<> 'Admin' ";
dtUserType = db.OpenTable(strQuery);
db.CloseDB();
ddlUserType.Items.Clear();
if (dtUserType.Rows.Count > 0)
{
ddlUserType.Items.Add(newListItem("Select
UserType", "0"));
ddlUserType.DataSource = dtUserType;
ddlUserType.DataTextField = "UserType";
ddlUserType.DataValueField = "UserTypeId";
ddlUserType.DataBind();
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
namespace bhel
{
publicpartialclassProductSelection : System.Web.UI.Page
{
protectedvoid Page_Load(object sender, EventArgs e)
{
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
publicpartialclassPaymentProcess : System.Web.UI.Page
{
SqlConnection con =
newSqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].Co
nnectionString);
string selection = "";
The testing phase involves the testing of the developed system using various test data.
Preparation of test data plays a vital role in the system testing. After the preparing the test
data system under study was tested using those test data. While testing the system by using
test data, errors were found and corrected by using following testing steps and corrections are
also noted for future use.
Thus, a series of testing was performed for the proposed system before the system
was ready for the implementation.
Testing Objectives:
There are several rules that can server as testing objectives. They are
Testing is a process of executing a program with the intent of finding an
error.
A good case is one that has a high probability of finding an undiscovered
error.
A successful test is one that uncovers an undiscovered error.
If testing is conducted successfully according to the objectives stated
above, it will uncover errors in the software. Also testing demonstrates that
software functions appear to the working according to specifications that
performance requirements appear to have been set.
Types of Testing:
The various types of testing done on the system are:
Unit Testing
Integration Testing
Validation Testing
Output Testing
System Testing
Performance Testing
User Acceptance Testing
Unit Testing:
Unit testing focuses verification effort on the smallest unit of software design the
module. This is also known as module testing. The unit testing is always white box oriented
and the step can be contacted in parallel for modules. In this testing each module is found to
be working satisfactory as regards to the expected output from the module.
Integration Testing:
Integration testing is a symmetric technique for constructing the program structure
while at the same time conducting tests to uncover errors associated with interfacing. The
objectives is to take unit tested modules and build a program structure that has been dictated
by design.
A set of errors encountered. Correction is difficult because the isolation of causes is
complicated by the vast expense of the entire program. Using integrated test plans prepare in
the design phase of the system development as guide, the integration testing was carried out.
All the errors found in the system were corrected of the next testing steps.
Validation Testing:
All the culmination of integration testing, software is completely assembled as
package, interfacing error have been uncovered and corrected and a final series of software
tests – the validation testing begins. Validation testing can be defined in many ways, but a
simple definition is that validation succeeds when the software functions in a manner that can
be reasonably expected by the user/customer. Software validation conformity is followed
with the following requirements
The function or performance characteristics conform to specification and are
accepted.
A deviation from specification uncovered and a deficiency list is created.
Output Testing:
The output generate or displayed by the system under consideration are tested by
asking the users about the format required by them. Here, the format is considered into two
ways. One is on the screen and the other is printed format.
The output format on the screen is found to be correct as the format was designed in
the system design phase according to the user needs. The output testing does not result any
correction in the system.
System Testing:
System testing is series of different tests whose primary purpose is to fully exercise
the computer based system. Although each test has a different purpose, all the work should
verify that all system elements have been properly integrated and perform allocated
functions.
Performance Testing:
This testing is designed to test the runtime performance of software within the context
of an integrated system. This testing occurs throughout all steps in the testing process.
[1] Message Security Using Armstrong Numbers and Authentication Using Colors-Gayatri
Kulkarni , Pranjali Gujar, Madhuri Joshi, Shilpa Jadhav.
[2] Authentication Schemes For Session Passwords Using Color And Images- M Sreelatha ,
M Shashi, M Anirudh ,Md Sultan Hamer V Manoj Kumar
[3] A Novel 2 Step Random Colored Grid Graphical Password Authentication System -
P.V.S Sriram G.Sri Swetha
[5] A File Authentication System Using Hand Gesture Passcodes- Karthik, K.Varalakshmi,
Dr.S.Ravi.