Introduction to Web Site Development
Matt Mahoney,
mmahoney@cs.fit.edu
www.cs.fit.edu/~mmahoney/cse4232/web
What you need to know to set up a web site
- Web hosting services - Web pages, CGI, anonymous FTP, email, domain registration
- UNIX (Linux, SunOS, ...) - File system, processes, shell, system admin
- Networks - TCP/IP, telnet, FTP, DNS, mail
- Web Servers (NCSA, Apache, ...) - Setup, security, encryption, access logs
- Web Clients - Internet Explorer, Netscape, Hotjava, Mosaic, Lynx, ...
- Protocols - http, https, news, mailto, ftp, ...
- Plugins - MIME, PDF, Real Audio, GhostView, MPEG, ...
- HTML - Formatting, links, images, tables, forms, frames, styles
- CGI - Forms, cookies, client info, server-side includes
- Perl, C++ examples - counter, request form mailer
- JavaScript examples - date, page redirect, calculator
- Java examples - Scribble applet
Web Services
Dial-up Account
- Client access to TCP/IP via modem/PPP
- One email address (SMTP and POP server access)
- USENET news server access
- hostname/IP address assigned at connect time
- 53 Kbps download, 28K upload max
Web Server Account
- UNIX (Linux) shell account (CPU, 20+ MB disk)
- High speed network (dual OC3 or DS3, 155 Mbps)
- Web server access (NCSA, Apache, ...) with CGI
- Secure access (for credit cards, etc.)
- www.provider.net/~yourname - Optional domain registration (www.yourname.com)
- Multiple email addresses (SMTP, POP) - anything@yourname.com
- Anonymous FTP directory - ftp://ftp.yourname.com/pub/
- Development tools
- Perl 5.0
- C++ (GNU g++)
- Java compiler (javac)
UNIX
- Hierarchical file system- Files have owners, read/write/execute
permissions
- Processes - May run in background, have owners, priority levels
- Shell (sh, csh, ksh) interprets user commands -
ls, cd, mv, cp, rm, mkdir, more, vi, man, ps, kill
- System administration - root has full system access, creates
accounts, passwords
Start web server: /etc/httpd/httpd &
Edit Joe’s home page: vi ~joe/public_html/index.html
List CGI scripts: cd /etc/httpd/cgi-bin; ls -las
1 drwxr-xr-x nobody . Apr 4
1 drwx--x--x root .. Dec 12
3 -rwxr-xr-x joe getmail.pl Oct 2
Networks
Layered network model
Application-level services
Service | Client | Protocol | TCP port
|
Web | netscape, explorer, ... | HTTP | 80
|
Forward mail | sendmail | SMTP | 25
|
Receive mail | mail, ... | POP
|
Remote login | telnet, rlogin, rsh | telnet | 23
|
Transfer files | ftp | FTP | 20, 21
|
Host name = IP address | resolver, nslookup | DNS
|
USENET | rn, ... | NNTP | 119
|
Test host/network | ping | ICMP
|
Try this:
telnet www.fit.edu 80
GET /index.html
Example HTTP session captured with Snort.
Web Servers
UNIX Servers
Directory setup
- public_html - location of web pages
- secure_html - location of secure (https) web pages
(might be configured differently)
- cgi_bin - location of CGI scripts
Configuration
- CGI - on or off
- Server side includes - on or off
Logs
- Date and time
- Client hostname or IP address
- HTTP request
Web Client History
- Lynx
- Text only, runs on dumb terminal
- Mosaic
- First graphical browser, precursor to Netscape
- Page displayed after all images download
- GIF inlined, separate viewer needed for JPEG
- HotJava
- Netscape
- Windows, Macintosh, UNIX
- Integrates web, email, news
- Netscape 2.0 - frames, JavaScript 1.0
- Netscape 3.0 - fonts, Java, JavaScript 1.1
- Netscape 4.0 - JavaScript 1.2, layers, style sheets
- Microsoft Internet Explorer
- Windows, Macintosh
- Explorer 3.0 - VBScript (Win), JavaScript (Jscript) 1.0 (Win)
- Explorer 4.0 - VBScript (Mac), JavaScript 1.1 (Win/Mac)
- WebTV
- AOL 2.5
- Spyglass
Protocols
Data is received by test.pl on ice.he.net in /cgi_bin
mailform.pl would mail the information to you.
Use <form method=POST>
Other URL protocols
- Secure (encrypted) transfer - https://www.company.com/
- Local file - file://c|/windows/system.ini
- Anonymous FTP - ftp://www.company.com/pub/readme.txt
- USENET - news:misc.jobs.offered
- Open telnet window - telnet://www.company.com/
- Send mail - mailto:mmahoney@cs.fit.edu
HTTP Protocol
File Type | MIME Type | Viewer/Plugin
|
---|
.html, .htm | text/html
|
.gif | image/gif
|
.jpeg, .jpg | image/jpeg
|
.pdf | application/pdf | acrobat
|
.ps | application/postscript | ghostview
|
.gz | application/x-gzip | gunzip
|
.Z | application/x-compress | uncompress
|
.zip | application/x-zip | unzip, pkunzip
|
.ra, .ram | audio/x-pn-realaudio | realaudio
|
.qt, .mov | video/quicktime | quicktime
|
HTTPS Protocol
Encrypted transfers to prevent interception at intermediate hosts.
Netscape displays a blue border and solid key.
- RSA - Rivest, Shamir, Adelman. Uses separate keys for encryption and decryption. Encryption key is public, cannot be used to learn decryption key.
- DES - Data Encryption Standard. Uses same 56-bit key for encryption and decryption. Faster than RSA.
- Client generates random RSA key pair, sends its public key to server.
- Server generates another random RSA key pair, sends its public key to
client.
- Client encrypts request using server's public key.
- Server decrypts using private key.
- Server encrypts response using client's public key.
- Client decrypts response using private key.
- Because RSA public key encryption is slow, RSA is used just to transfer
DES secret key securely.
HTML Examples
After viewing each page, click on View/Source in your browser to
examine the HTML.
Cookies
- Allows a CGI program to store and retrieve a string of text on your computer (usually to identify you).
- Retrieved automatically when you revisit that site.
- Accessible only within the same second level domain (domain.com).
- Server may set an expiration date. Default expiration is current session.
- Cookie string cannot contain spaces or semicolon. Max length 4K.
- Browser can be set to warn you when cookies are stored, option to reject.
- See
http://www.netscape.com/newsref/std/cookie_spec.html
#!/usr/bin/perl
# Read the cookie
$cookie = $ENV{HTTP_COOKIE}; # "name=Matt;"
# Write a cookie
print "Content-type: text/html
set-cookie: name=Matt; expires: Sat Jan 1 00:00:00 2001;
<HTML> etc...";
# Read other useful data
$host = $ENV{REMOTE_HOST}; # "net2-209.ix.netcom.com"
$addr = $ENV{REMOTE_ADDR}; # "218.83.2.209"
\windows\cookies directory (Internet Explorer) or
\program files\netscape\navigator\cookies.txt
(Netscape)
JavaScript
- Interpreted language, embedded in HTML
- Netscape 2.0+, Internet Explorer 3.0+ (4.0+ on Macintosh)
- Runs on client computer
JavaScript CANNOT
- Read or write files
- Communicate over the network
- Run other programs
Javascript CAN
- Read and update contents of an HTML form
- Prompt user for input
- Detect mouse clicks and movement over HTML objects
- Load a new web page
- Generate web page contents as it loads
- Read the date/time
- Write to the status bar
Javascript 1.1 (Netscape 3.0, IE 4.0)
- Create a new browser window
- Replace images on a loaded page
- Communicate with Java applets
Examples
Use View/Source in your browser to see the JavaScript source code.
Continue to next section (Java)