Software Engineering for Internet Applications - Student Community

More documents

Recommendations

Info

user. There are 86,400 seconds in a day. Thus we're talking roughlyabout enough work to keep a 3-CPU multiprocessor machine busyfor an entire day. What if 500 documents are uploaded every day?We'll need 1500 CPUs to compute personalization scores.4.5 User/User MapRelationships among users become increasingly important ascommunities grow. Someone who is in a discussion forum with 100others may wish to say "I am offended by User #45's perspective; Iwant the system to suppress his contributions in pages served to meor email alerts sent to me". The technical term for this is bozofiltration and it dates back at least to the early 1980s and theUSENET (Netnews) distributed discussion forum system. Someonewho is in a discussion forum with 100,000 others may wish to say "Iam overwhelmed; I never want to see anything more from this forumunless User #67329 has contributed to a thread."Grouping of users is the most fundamental operation within theUser/User database. In a collaborative medical records system, youneed to be able say "All of these users work at the same hospital andcan have access to records for patients at that hospital." In acorporate knowledge sharing system you need to be able to say "Allof these users work in the same department and therefore shouldhave access to private departmental documents, a private discussionforum devoted to departmental issues, and should receive emailnotifications of departmental events."Let's move on from the core data model to some tips for the softwarethat you're soon to be building on top of the database...4.6 Send SQL to the Database's SQL Parser, NotDataIn the Basics chapter you might have written scripts that took userinput combined them with bits of SQL and sent a final single stringcommand to the relational database management system (RDBMS).Here's a C# example stolen from one of our students:string cmd = "Insert into quotations(author_name,category, quote) values ('" +txtAuthor.Text.Replace("'", "''") +"', '" + ctg.Replace("'", "''") +"', '" +6615.12 Exercise 8: Explain the Concurrency Problemin Exercise 7Given an implementation of object-view-one that does its loggingon the server's time, explain the concurrency problem that arises inExercise 7 and talk about ways to address it.Write up your solutions to these non-coding exercises either in yourkm module overview document or in a file named metadataexercisesin the same directory.15.13 Exercise 9: Do a Little Performance TuningCreate an index on km_object_views that will make the code inExercises 6 and 7 go fast.15.14 Exercise 10: Display StatisticsBuild a summary page, e.g., at /km/admin/statistics to show,by day, the number of objects viewed and reused. This report shouldbe broken down by object type and all the statistics should be links to"drill-down" pages where the underlying data are exposed, e.g.,which actual users viewed or reused knowledge and when.15.15 Exercise 11: Think About Full-text IndexingWrite up a strategy for adding the objects authored in this system tothe site-wide full-text index.15.16 Exercise 12: Think About Unifying with YourContent TablesWrite up a strategy for unifying your pre-existing content tables withthe system that you built in this chapter. Discuss the pros and cons ofusing new tables for the knowledge management module orextending old ones.15.17 Feel Free to Hand-editSuppose that an autogenerated application is more or less completeand functional but you can see some room for improvement. Is itacceptable practice to pull some of the generated code into a texteditor and change it by hand? Absolutely! The point of usingmetadata is to tackle extreme requirements and get a prototype infront of real users as quickly as possible. Don't feel like a failurebecause you haven't solved the 50-year-old research problem ofautomating programming altogether.283
select 227, 891, 'algorithm', current_timestampwhere 0 = (select count(*)from km_object_viewswhere user_id = 227and object_id = 891and datediff(hour, view_time,current_timestamp) < 24)There are minor syntatic differences from the Oracle statementabove, but the structure is the same. A new row is inserted only if nomatching rows are found within the last 24 hours.SQL Server achieves the same isolation level as Oracle ("ReadCommitted"), but in a different way. Instead of creating virtualversions of the database, SQL Server holds exclusive locks duringdata-modification operations. In the example above, Session B'sINSERT cannot begin until Session A's INSERT has completed.Once it is allowed to begin, Session B will see the result of SessionA's insert, and will therefore not insert a duplicate row.More: See the "Understanding Locking in SQL Server" chapter ofSQL Server Books Online.Whenever you are performing logging it is considerate to do it on theserver's time, not the user's. In many Web developmentenvironments you can do this by calling an API procedure that willclose the TCP connection to the user, which stops the upper-rightbrowser corner icon from spinning/waving. Meanwhile your thread(IIS, AOLserver, Apache 2) or process (Apache 1.x) is still alive onthe server and can run whatever code is necessary to perform thelogging. Many Web servers allow you to define filters that run afterthe delivery of a page to the user.Help with date/time arithmetic: seehttp://philip.greenspun.com/sql/dates.15.11 Exercise 7: Gather More StatisticsModify object-view-one to add a "I reused this knowledge"button. This should link to object-mark-reused, a page thatupdates the reuse_p flag of the most recent relevant row inkm_object_views. The page should raise an error if it can't find arow to update.txtQuotation.Text.Replace("'", "''") + "')";UpdateDB(cmd); // ship that big string to//SQL ServerThere are several minor things wrong with this approach, whichmixes SQL and string literals obtained from the user:• the programmer must remember to escape any single quotecharacters in the uploaded string, replacing ' with '' [theseare two single quotes, not one double quote]• the statement might become too long for some RDBMSSQL parsers to handle and/or the string literals mightexceed limits (Oracle 9.x imposes a 4000-character limit onstring literals) if the user is waxing expansive at the browser• repeated invocations of this script will result in the RDBMSbeing fed versions of this SQL statement that aremorphologically the same but differ in actual text; dependingon how the RDBMS is implemented this might prevent thequery plan from being reusedMuch more serious, however, is the possibility that a malicious usercould craft a form submission that would result in destruction of dataor violation of privacy. For example, consider the following code:string EventQuery = "select *from eventswhere event_id = " +EventIDfromBrowser;Expecting a numeric event ID and knowing that numbers do not needto be wrapped in quotes like a string literal, the programmer does noprocessing on EventIDfromBrowser, a variable read from theopen Internet.Suppose that an evil-minded person submits a form withEventIDfromBrowser set to "42; select * fromuser_passwords"? The semicolon near the beginning of this stringcould potentially terminate the first SELECT and the unauthorized"select * from user_passwords" query might then be executed. If theunauthorized query is well-crafted the information resulting from itmight be presented in a browser window. Another scary constructwould be "42; delete from customers".28267
Page 1 and 2:
SoftwareEngineering forInternetAppl
Page 3 and 4:
Signature: ________________________
Page 5 and 6:
end-users. We use every opportunity
Page 7 and 8:
• availability of magnet content
Page 9 and 10:
• we want to see if a student is
Page 11 and 12:
you supply English-language queries
Page 13 and 14:
What to do during lecturesWe try to
Page 15 and 16: The one-term cram courseWhen teachi
Page 17 and 18: 332• spend a term learning how to
Page 19 and 20: Once we've taught students how to b
Page 21 and 22: has permission to perform each task
Page 23 and 24: UDDIUnixcustomer's credit card. If
Page 25 and 26: thousands of concurrent users. This
Page 27 and 28: OraclePerlnamed XYZ" without the pr
Page 29 and 30: LDAPLinuxbits per color, a vastly s
Page 31 and 32: FilterFirewallFlat-fileGIF318functi
Page 33 and 34: when there is an educational dimens
Page 35 and 36: system. The authors of the core pro
Page 37 and 38: Sign-OffsTry to schedule comprehens
Page 39 and 40: scheduling goals that both you and
Page 41 and 42: Client Tenure In Job (new, mid-term
Page 43 and 44: ReferencesEngagement ManagementSQL*
Page 45 and 46: Decision-makers often bring senior
Page 47 and 48: presentation to a panel of outsider
Page 49 and 50: 300always been written by programme
Page 51 and 52: 17.3 Professionalism in the Softwar
Page 53 and 54: Try to make sure that your audience
Page 55 and 56: Chapter 17WriteupIf I am not for my
Page 57 and 58: Suppose that an RDBMS failure were
Page 59 and 60: analysis programs analyzing standar
Page 61 and 62: at 9 hours 11 minutes 59 seconds pa
Page 63 and 64: found" will result in an access log
Page 65: 15.18 Time and MotionThe team shoul
Page 69 and 70: create table km_object_views (objec
Page 71 and 72: • object-create• object-display
Page 73 and 74: The trees chapter of SQL for Web Ne
Page 75 and 76: );274-- ordering within a form, low
Page 77 and 78: and start the high-level document f
Page 79 and 80: Example Ontology 2: FlyingWe want a
Page 81 and 82: systems. What would a knowledge man
Page 83 and 84: spreadsheet". Other users can comme
Page 85 and 86: Chapter 15Metadata (and Automatic C
Page 87 and 88: {site url}{site description}en-usCo
Page 89 and 90: drawing on the intermodule API that
Page 91 and 92: At this point you have something of
Page 93 and 94: • description• URL for a photo
Page 95 and 96: Here's a raw SOAP request/response
Page 97 and 98: Chapter 14Distributed Computing wit
Page 99 and 100: conduct programmer job interviews h
Page 101 and 102: Most admin pages can be excluded fr
Page 103 and 104: content that should distinguish one
Page 105 and 106: Chapter 13Planning ReduxA lot has c
Page 107 and 108: the Internet-specific problem of no
Page 109 and 110: wouldn't see these dirty tricks unl
Page 111 and 112: 12.8 Exercise 4: Big BrotherGeneral
Page 113 and 114: than one call to contains in the sa
Page 115 and 116: A third argument against the split
Page 117 and 118:
way 1 1/16One might argue that this
Page 119 and 120:
absquatulate 612bedizen 36, 9211cry
Page 121 and 122:
What if the user typed multiple wor
Page 123 and 124:
Chapter 12S E A R C HRecall from th
Page 125 and 126:
long as it is much easier to remove
Page 127 and 128:
features that are helpful? What fea
Page 129 and 130:
made it in 1938)? Upon reflection,
Page 131 and 132:
environment, we identify users by t
Page 133 and 134:
those updates by no more than 1 min
Page 135 and 136:
Balancer and mod_backhand, a load b
Page 137 and 138:
translation had elapsed--the site w
Page 139 and 140:
It seems reasonable to expect that
Page 141 and 142:
11.1.5 Transport-Layer EncryptionWh
Page 143 and 144:
such as ticket bookings would colla
Page 145 and 146:
give their site a unique look and f
Page 147 and 148:
It isn't challenging to throw hardw
Page 149 and 150:
Chapter 11Scaling GracefullyLet's l
Page 151 and 152:
10.15 Beyond VoiceXML: Conversation
Page 153 and 154:
Consider that if you're authenticat
Page 155 and 156:
In this example, we:194• ask the
Page 157 and 158:
As in any XML document, every openi
Page 159 and 160:
(http://www.voicegenie.com). These
Page 161 and 162:
Chapter 10Voice (VoiceXML)questions
Page 163 and 164:
9.15 MoreStandards information:•
Page 165 and 166:
9.14 The FutureIn most countries th
Page 167 and 168:
9.10 Exercise 7: Build a Pulse Page
Page 169 and 170:
9.6 Keypad HyperlinksLet's look at
Page 171 and 172:
text/xml,application/xml,applicatio
Page 173 and 174:
Protocol (IP) routing, a standard H
show all

Software Engineering for Internet Applications - Student Community

Create successful ePaper yourself

Delete template?

Save as template?