PROJECT

Web-based Database Applications

Lecture 3:
Client/Server Databases Environment

1
CLIENT/SERVER
ARCHITECTURE

2
 Evolution of DBMSs - Modeling
 Flat-file system
 Often text files for sequential access

 Relational Database Management System (RDBMS)

 Informix, Oracle, Sybase, DB2, etc.

 Object-oriented Database Management System

(OODBMS)
 Gemstone, O2, ObjectStore, Matisse, Jasmine,
Versant, etc.
 Object-relational Database Management System
(ORDBMS)
 Informix, Oracle, DB2, Illustra, UniSQL, Matisse, etc.
3
© H. Afsarmansesh, 2003
 Evolution of DB system - Architecture
 Stand-alone to Network-based DBs
 Centralized DBs
 Stand-alone, on a mainframe or workstations

e.g. Manufacturing industry, SMEs
 Distributed DBs
 Network-based
 Supporting geographic dispersion of sites

e.g. Banking, Service provision industry
 Federated DBs
 Network-based
 Supporting heterogeneity & autonomy of sites

e.g. Virtual organizations, Virtual Laboratories 4

© H. Afsarmansesh, 2003
Evolution of multi-user DB environment
 Mainframe-based environment
 All applications run directly on the main system

 Client/Server environment
 Operates in networked environments

 Splits the processing of an application between:

 A Front-end Client
 A Back-end Processor (server)
 Client process requires some resources that the server
provides
 Clients and servers can reside on the same computer, or

locate on different computers in the network

 Client and Server are intelligent and programmable 5
© H. Afsarmansesh, 2003
Designing the DB architecture and environment

 Good balance between Centralization & Distribution

 Mainframe-based or Client/Server based databases

 Client/Server architectures

1- File Server architecture

2- Database Server (two-tier) architecture
3- three-tier architecture

Hoffer © Prentice Hall, 2002

Client/Server Systems

 A networked computing model (with LAN / WAN)

 Processes distributed between clients and servers

 Client – application running on a workstation or a

PC, that requests and uses a service
 Server – application running on a computer
(PC/mini/mainframe), that provides a service

 Client/server architectures differ in their

distribution of Application Logic components
across clients and servers
7

Hoffer © Prentice Hall, 2002

Application Logic in Client/Server Systems
Application Logic consists of 3 components
 Presentation Logic component
 Input – keyboard/mouse GUI Interface
 Output – monitor/printer

 Processing Logic component

 I/O processing Procedures, functions,
 Business rules (validity checks) programs
 Managing Data

 Storage Logic component

 Data storage
DBMS actions
 Data retrieval

Hoffer © Prentice Hall, 2002

1- File server (two-tier) architecture
 File server is a device that manages file operations and is shared
by each of the client PCs attached to the LAN / WAN

FAT CLIENT

LAN/
WAN

Hoffer © Prentice Hall, 2002

 Limitations of file server architecture
 Network is a bottleneck – high traffic load
 Tight-coupling among the application and the data
 Considerable processing burden on the client PC
 Large memory for the client PC (full DBMS transferred!)
 For multi-user environments - Expert application
programmers are needed
 Request to set locks for shared data(base) integrity

 Understand and consider how their application affects the

concurrency, recovery and security of the shared data(base)

 Handling shared data(base) problems becomes the

responsibility of the application program
10
© H. Afsarmansesh, 2003
2- Database server (two-tier) architecture
 Database server is a computer responsible for database storage
access and processing, constituting a 2-tier client/server
architecture

Thinner CLIENT

LAN/
WAN

Selected

Fatter DB SERVER Database

Server

11

Hoffer © Prentice Hall, 2002

 Advantages of two-tier database architecture
 Data traffic load is reduced

 Thinner Client:
 Processing power only required at the Database server
 Authorization, integrity, query/update only at Database
server

 Fatter Server:
 Processing power and larger memory in one location
 Stored procedures can be defined and run at Database
server
 A piece of code in the DBMS language (e.g. Oracle’s PL/SQL)
 Creates DBMS dependency
 Decreased performance
12
© H. Afsarmansesh, 2003
Two-Tier Database Server Architecture – 2 layers

Stored procedures:
 Reduce the network
traffic
 Improve security

 Improve data integrity

13

Connolly © Addison Wesley, 2002

3- Three-tier Database architecture
 A Client/server configuration that includes: client layer,
application layer (also called application server) and database
server layer
Client layer

Thin CLIENT
LAN/
WAN
Application layer
Application
Server

Database
Server

DB server layer
14

Hoffer © Prentice Hall, 2002

Three-Tier Database Architecture - 3 layers

 Client only performs a little processing with limited or

no data storage
 Application server performs the data processing and
applies the business rules
 Database server performs the data validation & data
access

 Database connectivity provides a link between the

application logic and the DBMS

15
A. Benabdelkader ©UvA,
2002/2003
 Advantages of 3-tier compared to 2-tier
3-tier architecture is a popular choice for Internet
applications and Net-centric information systems
 The architecture provides an increased level of:
 Scalability
 The load between layers can be measured and adjusted
 Flexibility /Reusability
 Loose coupling among the data and application
 Less reliance on proprietary DBMS languages
 Easier to change the DBMS
 Performance / Reduced risks
 Lower load on client and division of load between the application
layer and the server layer
 Lower long term costs
 For maintenance and changes in the configuration 16
© H. Afsarmansesh, 2003
Client/Server Architecture - Types of Clients
 Fat clients
 Client does most of the work
 Relatively large and complex

 Responsible for user interfaces, application

logic and many of the DBMS functions

 Thin clients
 Client is simple and light
 A PC configured for handling user interfaces

 Limited storage

17
© H. Afsarmansesh, 2003
Client/Server Architecture – Application partitioning
 Partitioning a Database application
 There is no one optimal client/server architecture

solution for all database applications

 A main goal is to reach better performance and

interoperability
 Decisions must be made about the placement of the

processing logic
 How to partition the environment into two-, three-,

or n-tier architecture

 In each case, storage logic is always handled by the

DB server, and the presentation logic by the Client 18
© H. Afsarmansesh, 2003
WEB-DATABASES

19
Data on the Web sites

 Many Web sites are file-based, where each Web

document is stored in a separate file
 For large sites, this can lead to significant data
management problems

 Also many Web sites now contain more dynamic

information, e.g. products and pricing data
 Maintaining updated data in both a database and
separate static HTML files is problematic
 Accessing database directly from Web would be a
better approach

20

Connolly © Addison Wesley, 2002

Management of data at Web servers

 Static Web page is an HTML documents stored in a

file
 Content of a dynamic Web page is generated each
time it is accessed
 Can respond to user input from browser

 Can be customized for each user

 Hypertext formatting of the page is used by the

server to generate it
 Needs scripts that perform conversions from
different data formats (of the databse) into the
HTML ‘on-the-fly’
21

Connolly © Addison Wesley, 2002

Web-Databases (or Web-based databases)

 Web-databases are structured information

repositories that can dynamically interact with a Web
Server
 Web-databases allow for storing data content, in a

Web-structured format and let user publish

information on the web
 Web-databases provide a set of high-level
functionality tools that support the development,
maintenance, and deployment of applications with
relative ease and speed

22
A. Benabdelkader ©UvA, 2002
/2003
Advantages of Web-Databases
 DBMS support
 data structure, security for access, query languages,
etc.
 Platform independence
 Standardization
 through standard database connectivity layers

 Open-architecture that allows interoperability with a

variety of systems and technologies.
 Cost-effective solution that allows for scalability,
growth, and changes in strategic directions, and helps
reduce applications development costs
…
23

Connolly © Addison Wesley, 2002

Disadvantages of Web-Databases
 Reliability / Availability
 Web Security
 Immaturity of development tools
 Performance / load balancing
 Statelessness

 Statelessness - no information about

transactions is maintained on the server (cookies
can be used if necessary)
 Maintaining State - server tracks the state, e.g.
location, selections made, user information
24
© H. Afsarmansesh, 2003
 Web-Databases Applications

 Catalogs
 Directories (e.g. Yellow pages)
 Online-Shopping
 Online Auctions
 Training courses
 Resource libraries
 Surveys
 Financial Analysis
…

25
© H. Afsarmansesh, 2003
Approaches to Integrate Web and DBMSs

Client/server architecture development, using:

 Java, JDBC, SQLJ, Servlets, and JSP

 Common Gateway Interface (CGI)
 Extending the Web Server
 e.g. database request handling middleware

 Microsoft Web Solution Platform

 ASP and ADO

…

26

Connolly © Addison Wesley, 2002

Two-tier vs. three-tier architectures

Presentation Logic
Web browser Tier 1

Presentation Logic & Presentation Logic & Processing Logic

Processing Logic
(Java, JavaScript,
Tier 1
ActiveX, plug-ins, etc)
Processing Logic WebServer
(Java, JavaScript, (CGI, HTTP server API,
Tier 2
ActiveX, plug-ins, etc) HTTP server module,
etc.)

Storage Logic Storage Logic

Tier 2 Storage Logic Tier 3
Files DBMS DBMS

27
A. Benabdelkader ©UvA, 2002
/2003
Three-Tier Database Architecture

 Three layers:
 Client (GUI interface, I/O
processing)
 the Browser
 Application server (Business
rules)
 the Web Server
 Database server (Data
storage)
 the DBMS

28
Connolly © Addison Wesley, 2002
Client/Server Database Environment
 ‘Thin’ client, requires less power/cost hardware at
the client side
 Application maintenance is centralized
 Easier to modify or replace one tier without
affecting the others
 Separating business logic from database functions,
makes it easier to implement load balancing
 Maps quite naturally to the Web environment
…

29

Connolly © Addison Wesley, 2002

C/S Database Environment – advantages/disadvantages
Advantages:
 Scalability
 Technological flexibility
 Long-term cost reduction
 Better match of systems to business needs
 Reduced risk

Challenges:
 High short-term costs
 Tools and training
 Incompatible standards
 Interaction with Legacy databases
30

Hoffer © Prentice Hall, 2002

C/S Database Environment - Middleware

 Software which allows an application to interoperate

with other software
 No need for programmer/user to understand and code
low-level operations for interoperability and internal
processing
 Accomplished via Application Program Interface
(API) utilities

The “glue” that holds different layers of the

client/server applications together

31

Hoffer © Prentice Hall, 2002

Classification of base tools/approaches to build Middleware
 Remote Procedure Calls (RPC) - synchronous / asynchronous
 Client makes calls to procedures running on remote
computers
 Similar to Remote Method Invocation (RMI)
 Message-Oriented Middleware (MOM)
 Asynchronous calls between the client via message queues
 Publish/Subscribe
 Push technology  server publishes information, to
subscribed clients, when available
 Object Request Broker (ORB)
 Object-oriented management of communications between
clients and servers
 SQL-oriented Data Access
 SQL-based Middleware between applications and database
servers 32

Hoffer © Prentice Hall, 2002

Types of Middleware access to Databases
 Application Program Interface (API) for Native
database
 A set of operations to access/manipulate the data
 Efficient
 Application developers use APIs, and so do not need

to develop low level DB operations

 ODBC & JDBC

 Provide database connectivity standards supported by

most popular databases

 Fast and have high flexibility
 Complexity in learning
33
© H. Afsarmansesh, 2003
 MANAGING WEBSITES
AND
WEB-DATABASE SECURITY

34
Challenges in Managing Websites

 Web-based systems Security Issues

 Prevent unauthorized access and malicious data destruction

 User’s Privacy Issues

 Protect users’ privacy rights
 Coping with the Rate-of-Change of Internet
Technology
 Deal with rapid advances in technology

35

Hoffer © Prentice Hall, 2002

Security in Client/Server Database Environment
 An important inhibitor to the growth of e-commerce:
lack of user’s confidence in the security of web-
transactions
 Protection of sensitive information and preservation
of user’s access rights, through the web-related
database access

 Risk assessment and regular monitoring & testing

for intrusion

 Even new software tools/techniques may break the

security of the site
36
A. Benabdelkader ©UvA, 2002
/2003
Establishing Internet security

Routers to transmit Firewall to limit IDS to monitor and

and distribute external access recognize security
message packets to to data breach attempts
correct destination 37

Hoffer © Prentice Hall, 2002

Website Security enablers

 Firewall – hardware/software security component that

limits the external access to company’s data
 Proxy server – firewall component that manages
Internet traffic to and from a LAN
 Router – intermediate device that transmits message
packets to correct destination over most efficient
pathway
 Intrusion detection system (IDS) – system that
identifies attempt to hack or break into a system

38

Hoffer © Prentice Hall, 2002

Variety of Security levels for C/S Environment -1
 Network environments create 
multi-layer security issues
(Network, OS, Web-server, Database, Communication)

1- Network-level security
 create an account with a user name and password
 Web server and DB server on separate LAN away from
other business systems
 Minimize sharing of hard disks among servers
 Regular monitoring of network and firewall logs
 Install probe (attack)-monitor software
39
© H. Afsarmansesh, 2003
Variety of Security levels for C/S Environment -2
2- Operating system-level security
 Patch (fix) all known OS vulnerabilities and look
for new ones
 Install anti-virus software for: the system boot-
time, file download time, and the email reception
time, for virus detection
 Monitor server logs for unauthorized activity, e.g
using IDS Intrusion detective system
 Disable non-required services to reduce risk of
unauthorized access, e.g. sending automatic emails during an
Internet access, that is allowed by the OS, should be disabled

40
© H. Afsarmansesh, 2003
Variety of Security levels for C/S Environment - 3
3- Web-server-level security
 Restrict number of users on Web server
- Give as few as possible “super users” and administrator
rights
 Restrict the access (minimize number of open ports)
- http and https only, if possible
 Remove unneeded programs that load automatically when
setting up the server
- Delete demo programs that give hackers the access
details
desired
- Restrict CGI scripts (have security problems) to one
subdirectory
 For Unix, only install minimum software for Web server
- Do not boot the default OS that provides a lot of added 41

functionality © H. Afsarmansesh, 2003

Variety of Security levels for C/S Environment - 4

4- Database level security

To restrict access/manipulations rights of users to the DBs.
 Login/Password check
 Creating user roles and privileges assigned to
user roles
 Views
 Access, authorization, rights preservation
 Other measures:
- Extra check when executing
user-defined
procedures
- Asking extra information
(Mother’s maiden 42
© H. Afsarmansesh, 2003
name)
Variety of Security levels for C/S Environment -5

5- Data communication level security

 TCP/IP is not a very secure protocol
 Encryption/decryption processes
- transforming readable (plain text) data into unreadable
(ciphertext)
 A standard encryption method is the Secure Socket Layer
(SSL), that is used by the “https” (not with the http)
Public key / Private key
Authentication / bio-metric devices (finger-print, eye pictures,
voice recognition)
Digital signature
 the Virtual Private Network (VPN)
43
© H. Afsarmansesh, 2003
 Anonymity vs. Security of Internet communication
 Internet communication must be secure
&
 Internet communication must remain anonymous
 Chat rooms
 E-mail
 Access to public data (web-pages)

 Tracking devices installed on the servers for National

security reasons (e.g. FBI’s email monitoring devices installed
on email servers, Carnivor and DCS1000)
 Advertisement agencies tracking down users access for their
data collection purposes
44
© H. Afsarmansesh, 2003
References to books

 DATABASE SYSTEMS - A practical Approach to Design,

Implementation, and Management, T. Connolly, C. Begg, Third
Edition, Addison Wesley, 2002.

 MODERN DATABASE MANAGEMENT, J. A. Hoffer, M.

B. Prescott, F. R. McFadden, Sixth Edition, Prentice Hall,
2002.

 Core SERVLETS and JAVASERVER PAGES, M. Hall,

Java 2 Platform, Enterprise Edition Series, Prentice Hall 2002.

45