Web components

Introduction to Internet:
The Internet is the global system of interconnected computer networks that use the
Internet protocol suite to link devices worldwide. The purpose of the internet is to
communicate between computers that are interconnected with each other. Internet
is accessible to every user all over the world.

It is a network of networks that consists of private, public, academic, business, and

government networks of local to global scope, linked by a broad array of
electronic, wireless, and optical networking technologies.

The Internet carries a vast range of information resources and services, such as the
inter-linked hypertext documents and applications of the World Wide Web
(WWW), electronic mail, telephony and file sharing.

Browser is a tool used to access the internet using WWW (World Wide Web) and
HTTP (Hyper Text Transfer Protocol). In the browser, if the user types the
domain name such as www.tn.gov.in, the browser calls a protocol name
DNS (Domain Name Server). DNS is used to get the IP address of the domain
names.
Evolution of Internet:

Internet evolved in 1969 and evolved many changes in several technologies and
Infrastructural levels.

• Internet was started by ARPANET (Advanced Research Project Agency

Network), developed by United States. Department of Defence for communication
among different government bodies, initially with four nodes.
• In 1972, the four nodes has been developed and it grown to 23 nodes located in
different countries making it Internet.

• Invented TCP/IP protocols, DNS, WWW, browsers scripting languages.

• Internet is used as a medium to publish and access the information
• In 1985, The NSFNET was composed of multiple regional networks and peer
networks

• In 1986, the NSFNET created a three-tiered network architecture.

• In 1988, updated the links to make it faster

• In 1990, Merit, IBM, and MCI started a new organization known as Advanced
Network and Services (ANS).
• By 1991, data traffic had increased tremendously, which necessitated upgrading
the NSFNET's backbone network service to T3 (45 Mbps) links.
Internet Evalution:

Internet covers almost every aspect of life. Internet allows the users to
communicate with the people sitting at remote locations. There are various
applications available on the web that uses Internet as a medium for
communication. One can find various social networking sites such : Facebook,
Twitter, Yahoo, Google+, Flickr, Orkut. One can surf for any kind of information
over the internet. Information regarding various topics such as Technology, Health
and Science, Social Studies, Geographical Information, Information Technology
and Products can be surfed with help of a search engine.

Apart from communication and source of information, internet also serves as a

medium for entertainment. Internet also allows the users to use as many services as
like E-mail, Internet Banking, Online Shopping, Online Ticket Booking, Online
Bill Payment and Data Sharing. Internet provides concept of electronic commerce,
that allows the business deals to be conducted on electronic systems.

Hardware and Software Requirements for Internet connection:

The following are the methods of connecting a computer to the Internet using
software and hardware peripherals.

Three
• Connecting a computer using Wireless Broadband

• Connecting a computer using an Ethernet Cable

• Connecting a Computer Using Dial-Up Community

Hardware Requirement :
• To connect the Internet, any one of the following is mandatory.
• Modem is used to connect Internet thorugh Telephoneconnection.
• NIC- Network Interface Card(wired/ wireless) facility is the most important
hardware required to connect Internet. For example, the Laptop can be connected
Internet through the wired/wireless.

• Dongle is used to connect the Internet using cellular network

• Wi-Fi router or Hotspot is used to connect the Internet using wireless network

• Electronic device which supports cellular network

• Internet Connectivity such as Dial-up connection, ISDN, DSL, Cable TV, wired
and wireless (Cellular) Network.

Software Requirement
• The operating system should support TCP (Transfer Control Protocol) / IP
(Internet Protocol), SMTP (Simple Mail Transfer Protocol), FTP (File Transfer
Protocol), HTTP (Hyper Text Transfer Protocol) and HTTPS (Hyper Text Transfer
Protocol Secured) protocols.

• Browsers and other Internet clients access to the web applications such as
Outlook, Gmail, Whatsapp, Facebook, Twitter and etc.

Connection Types:
The following methods are able to connect internet.

Dial-up Connection :
A dial-up connection is established when two or more data communication devices
use a Public Switched Telephone Network (PSTN) to connect to an
Internet Service Provider (ISP) from computers. Many remote locations depend on
Internet dial-up connections because broadband and cable are rare in remote areas
with low population. Internet Service Providers often provide dial-up connections,
a feasible alternative for budget-conscious subscribers.
ISDN
ISDN is the acronym of Integrated Services Digital Network. It establishes
the connection using the phone lines (PSTN) which carry digital signals instead of
analog signals. It is a set of communication standards for simultaneous digital
transmission of data, voice, video, and other services over the traditional circuits of
the public switched telephone network. There are two techniques to deliver ISDN
services such as Basic Rate Interface (BRI) and Primary Rate Interface (PRI).

The following diagram shows accessing internet using ISDN connection:

DSL:
Digital Subscriber Line (DSL) is a high-speed Internet service for homes and
businesses that competes with cable and other forms of broadband Internet. DSL
provides high-speed networking over ordinary Telephone lines using broadband
modem technology. The technology behind DSL enables Internet and telephone
service to work over the same phone line without requiring customers to
disconnect either their Voice or Internet connections.

Cable TV Internet Connection (setup box):

The cable TV network can be used for connecting a computer or a local network to
the Internet, competing directly with DSL (Digital Subscriber Line) technology.

This type of network is classified as HFC (Hybrid Fiber-Coaxial), as it uses both

fiber optics and coaxial cables. The connection between the cable TV company to
the distribution points (Optical nodes) is made using fiber optics, with distances up
to 25 miles (40 km). Each optical node is typically serves between 500 and 2,000
clients (customers).

The following diagram shows that how internet is accessed using Cable TV
connection:

Satellite Internet Connection:

Satellite Internet access is Internet access provided through satellite
communication for domestic and enterprise usage. The facility of modern
consumer grade satellite Internet service is typically provided to individual users
through geostationary satellites . It provides fairly high data speeds, along with
latest satellites using Ka-band to attain downstream data speeds up to 50 Mbps
internet speed.

Wireless Internet Connection:

It is a technology for wireless local area networking with devices based on the
IEEE 802.11 standards. Devices that can use Wi-Fi technology include personal
computers, video-game consoles, phones and tablets, digital cameras, smart TVs,
digital audio players and modern printers. Wi-Fi compatible devices can connect to
the Internet via a WLAN and a wireless access point. Such an access point (or
hotspot) has a range of about 20 meters (66 feet) indoors and a greater range of
outdoors. Hotspot coverage can be as small as a single room with walls that block
radio waves, or as large as many square kilometres achieved by using multiple
overlapping access points

Services Available on the Internet:

• Data Transfer

• Internet banking
• E-commerce
• E-Learning
• E-Governance

• Browsing and Chating

• E-Mail

Data Transfer:
Data transfer is the process of using computing techniques and technologies to
transmit or transfer electronic or analog data from one computer node to another.
Data is transferred in the form of bits and bytes over a internet digital or analog
medium, and the process enables digital or analog communications and its
movement between devices. Data transfer is also known as data transmission.
Internet Banking:
Traditionally, customers used to access banking services through Retail/ corporate
branch. But in this digital era Online Banking has taken vital role. The online
banking is also called as internet banking, virtual banking or e-banking. This is a
value added application to connecting the core banking system and provide the self
service bank facilities for customers via online. The Figure 15.5 is the Screen Shot
of the login screen of internet banking.

Features:
• A bank customer can perform transactional and non-transactional tasks through
online banking, including
• Viewing account balances, transactions, statements of customer

• Viewing images of paid cheques, request for cheque books

• Funds transfers between the customer's linked accounts

• Paying third parties, including bill payments and third party fund transfers

• Register utility billers and make bill payments

Advantages
• Permanent online access for the banking transactions.

• Access anywhere using the application via mobile or computer

• Less time consuming, easy to use and safe

• Customer can manage their funds instantly and accurately

E-commerce:
E-commerce application is a transaction of buying or selling good and services
through online. Electronic commerce attraction technologies such as mobile
commerce, electronic funds transfer, supply chain management, Internet
marketing, online transaction processing, electronic data interchange (EDI),
inventory management systems, and automated data collection systems.

E-commerce businesses may also employ some or all of the followings:

• Online shopping web sites for retail sales direct to consumers

• Providing or participating in online market places, which process third-party

business-to-consumer or consumer-to-consumer sales

• Business-to-business buying and selling;

• Gathering and using demographic data through web contacts and social media

• Business-to-business (B2B) electronic data interchange

• Marketing to prospective and established customers by e-mail or fax (for

example, with newsletters)

• Engaging in pretail for launching new products and services

• Online financial exchanges for currency exchanges or trading purposes.

e-Marketing: (Electronic Marketing)

E-Marketing is the process of marketing a product or service using the internet. It
also includes marketing done via e-mail and wireless media. It also called Digital
Marketing.

Professionals working in e-marketing must design and implement Internet

marketing plans. But they also must have a broad understanding of what makes
these plans effective. Those working in e-marketing must be able to carry out
many tasks:

• Following business market trends

• Consulting with companies about digital marketing needs

• Resolving issues businesses have in reaching customers oriented problems

• Creating e-marketing objectives for business challenges

• Developing marketing strategies competitive bussiness model.

• Choosing cost-effective marketing methods

• Launching digital marketing campaigns and monitoring results

E-Learning :
A learning system based on electronic resources is known as E-learning. The use
of computers and the Internet forms the major component of E-learning. The E-
learning can also be termed as a network enabled transfer of skills and knowledge
and the delivery of education is made to a large number of recipients at the same or
different times.

E-Governance:

E-governance is the application of Information and

Communication Technology (ICT) for delivering government services, exchange
of information, communication transactions, integration of various stand-alone
systems and services between government-to-citizen (G2C), Government-to-
business (G2B), Government-to-Government (G2G), Government -to-
Employees (G2E) as well as back office processes and interactions within the
entire government framework. Through e-governance, government services will be
made available to citizens in a convenient, efficient and transparent manner. The
three main target groups that can be distinguished in governance concepts are
government, citizens and businesses/ interest groups. In e-governance there are no
distinct boundaries.

It classify four basic models they are :

• Government-to-Citizen (customer)

• Government-to-Employees
• Government-to-Government
• Government-to-Business

Examples of e- Governance:

• Aadhaar Card is a 12-digit unique identity number issued to all Indian residents
based on their biometric and demographic data.

• Inspector General of Registration portal - Tamil Nadu – www.tnreginet. gov.in

used for Land and legal registrations

Online Chatting:

Online chat refers to any kind of communication via the Internet that offers a real-
time transmission of text messages from sender to receiver. The chat messages are
generally short in order to enable other participants to respond quickly. Online chat
may address point-to-point communications as well as multicast communications
from one sender to many receivers and voice and video chat and web conferencing
service.

The Role of WWW as a Service on the Internet:

The World Wide Web abbreviated as WWW or the Web. It is an information space
where documents and other web resources are identified by Uniform Resource
Locators (URLs), interlinked by hypertext links, and can be accessed through the
Internet.

Scientist Tim Berners Lee invented the World Wide Web in 1989. He introduced
the first web browser computer program in 1990 . the browsers available in general
public on the Internet in August 1991.

WWW Operation:
The World Wide Web is the universe of network-accessible information, an
expressionof human knowledge. All the resources and users on the Internet that are
using the Hypertext Transfer Protocol HTTP.

It is a way of exchanging information between computers on the Internet, tying

them together into a vast collection of interactive multimedia resources.

Internet and Web is not the same thing: Web uses internet to pass over the
information.
Web Page:
Webpage is a document commonly written in HyperText Markup Language
(HTML) that is accessible through the Internet or other network using an Internet
browser. A web page is accessed by entering a URL address and may contain text,
graphics and hyperlinks to other web pages and files. The page you are reading
now is an example of a web page.

Domain Name:
A domain name is an identification a string that defines a area of administrative
autonomy, authority or control within the Internet. Domain names are formed by
the rules and procedures of the Domain Name System (DNS). Any name registered
in the DNS is a domain name. Domain names are used in various networking
backgrounds and application-specific naming and addressing purposes. In general,
a domain name represents an Internet Protocol (IP) resource, such as a personal
computer used to access the Internet, a server computer hosting a web site.

There are several domain names available:

• Generic domain names such as .com, .edu, .gov, .net.

• Country level domain names such as au, in, za, us.

The following table shows the Generic Top-Level Domain names:

Table 15.1 Top-Level Domain names

Web Browser:
A web browser also called browser. It is a software application for retrieving,
presenting and traversing information resources on the World Wide Web. An
information resource (web data) is identified by a Uniform Resource Identifier
(URI/URL) that may be a web page, image, video or other piece of content
available in web server. Browsers are primarily use the World Wide Web, they can
also be used to access information provided by web servers in private networks or
files in file systems.
Web Server:
Aweb server is a computer system application that processes requests via HTTP,
the basic network protocol used to distribute information on the World Wide Web.
The term can refer to the entire system, or specifically to the software that accepts
and supervises the HTTP requests
Following table describes the most leading web servers available today:
Web Hosting:
Web Facilitating is an administration of give online space to capacity of site pages
.These Site pages are made accessible by means of WWW.The organizations
which offer site facilitating are known as web host

Examples of Web Hosting Companies:

• Go Daddy
• Amazon Web service

• Digital Ocean
• Free webhostingarea.com

Working of Search Engine

A 'web search engine' is a software system that is designed to search for

information on the World Wide Web. A huge information available on internet on
various topics. The information may be a mix of web pages, images, and other
types of files. Some search engines also mine data available in databases or open
directories. Search engines also maintain real-time information by running an
algorithm on a web crawler.

There are many different search engines available.

Structure and Working of E-Mail:

Electronic Mail (email or e-mail) is a method of exchanging messages between

people using electronic devices. Email first entered limited use in the 1960s and by
the middle of 1970s had taken the form now recognized as email. Email operates
across computer networks, which is primarily called as Internet.

Earlier email systems required the sender and the recipient to both be online at the
same time, in common with instant messaging. Today's email systems are based on
a store-and-forward model. Email servers accept, forward, deliver, and store
messages.

The structure of the E-mail address is username@domain name

An example of E-mail address is [email protected]
An E-mail address consists of two parts separated by @ symbol. The first part
Raman is the user name that identifies the address and the second part gmail.com is
the domain name of the E-mail server.

Sample E-mail Application

How Email works on the Internet :

To send Internet e-mail, requires an Internet connection and access to a mail
server. The standard protocol used for sending Internet e-mail is called
SMTP (Simple Mail Transfer Protocol). The SMTP protocol is used to both send
and receive email messages over the Internet.

When a message is sent, the email client sends the message to the SMTP server. If
the recipient of the email is local the message is kept on the server for accessing by
the POP, IMAP or other mail services for later retrieval.
If the recipient is remote (i.e. at another domain), the SMTP server communicates
with a Domain Name Server (DNS) to find the corresponding IP address for the
domain being sent to. Once the IP address has been resolved, the SMTP server
connects with the remote SMTP server and the mail is delivered to this server for
handling.
If the SMTP server sending the mail is unable to connect with the remote SMTP
server, then the message goes into a queue. Messages in this queue will be retried
periodically. If the message is still undelivered after a certain amount of time (30
hours by default), the message will be returned to the sender as undelivered.

Structure of an Email message:

To: This field consists of the address to whom the message has to be sent. This is
mandatory.
CC: Short for carbon copy. This is optional. The people who were mailed copies of
the message. The recepients of the message will know to whom all the copies have
been sent.

BCC: Its stands for Black Carbon Copy. It is used when we do not want one or
more of the recipients to know that someone else was copied on the message. This
is optional.

Subject : The Subject field indicates the purpose of e-mail.

Attachment: Attachment contains files that you are sending, linked documents,
pictures, etc. along with an e-mail.

Body: The email body is the main part of an email message. It contains the
message’s text, images and other data (such as attachments). The email’s body is
distinct from its header, which contains control information and data about the
message (such as its sender, the recipient and the path an email took to reach its
destination).
Signature: Name of the sender

Advantages and Disadvantages of Email:

Advantages:
• Reliable: Because it notifies the sender if not delivered.

• Speed: E-mail is very fast delivered in fraction of seconds.

• Inexpensive: Its very cheap.

• Waste Reduction: Helps in paperless communication thus eco-friendly.

Disadvantages:
• Forgery: Anyone who hacks the password of the sender can send a message to
anyone.
• Overload: Because it is cheap loads and loads of messages keeps coming.

• Junk: Junk emails are not intended mails and is inappropriate also. Junk emails
are sometimes referred to as spam.

Different Types of Social Media:

Social media are computer-mediated technologies that facilitate the creation and
sharing of information, ideas, career interests and other forms of expression via
virtual communities and networks. The variety of stand-alone and built-in social
media services currently available introduces challenges of definition; however,
there are some common features
• Social media are interactive Web Internet-based applications.

• User-generated content, such as text posts or comments, digital photos or videos,

and data generated through all online interactions, is the lifeblood of social media.

• Users create service-specific profiles for the website or app that are designed and
maintained by the social media organization.

• Social media facilitate the development of online social networks by connecting a

user's profile with those of other individuals or groups.
The following table shows some of the popular social media services:
SOCIAL MEDIA ADVANTAGES AND DISADVANTAGES

Advantages of Social Media for the Society:

Connectivity – The lifeline of the social media is connectivity. It connects with

people living anywhere in the world.
Education – Nowadays lots of classes are taken online through Skype. Tuitions
are taken through online. Even post graduation also done online.

Information and Updates – The boon of the social media is that getting updated
on real time from the latest happenings around in the world.

Disadvantages of Social Media for the Society:

Addiction –Though we have many advantages but the major drawback is that
people get addicted to the social medias.
Security Issues –Since everything has become online, right from payment of bill
to bank transaction, there are many possibilities to get hacked.
Reputation – Social media being viral it affects the reputation of others
• Instagram, Photo Sharing and Social Networking came into existence in 2010

• The inventor of facebook is Mark Zucker Berg

• Google was invented by Larry Page and Sergey Brin

Threats to Network Security:

Network Security plays very critical factor in almost every field either it is an
organization, a governmental entity, a country, or even your house. Computers,
mobile devices, and Internet are also facing surplus amount of network security
challenges day by day.

As far as the security risks in mobiles/ computers are concerned, virus attacks,
stealing of data, deletion of data and damage to hardware can be taken into
consideration.

Network security is not only that blocking unauthorized access, denial of service to
an unauthorized user, but also includes the virus attack, hacking, trojans etc.
Types of threats

Malware:
Malware is a software designed by hackers to gain illegal access to software and
cause damage.
Viruses:

A virus is a small piece of computer code that can repeat itself and spreads from
one computer to another by attaching itself to another computer file.

Worms:

Worms are self- repeating and do not require a computer program to attach
themselves. Worms continually look for vulnerabilities and report back to the
author of the worm when weaknesses are discovered.
Spyware/adware:
Spyware/adware can be installed on the computer automatically when the
attachments are open, by clicking on links or by downloading infected software.

Trojans:

A Trojan virus is a program that appears to perform one function (for example,
virus removal) but actually performs hateful activity when executed.

Preventing network attacks:

1. Chang your password frequently to prevent password hacking.
2. Take a backup of important files and programs regularly.
3. Do not open the unknown or spam email without security.
4. Use antivirus program to detect and prevent from the viruses.

5. Uses strong encryption to perform daily transaction on the web when you
transfer your personal information, can use SSL (Digital Certificate) which being
hard for intruders.

6. Using firewall, it is a machine between your system’s network and internet that
filtering the traffic which might be unsafe.

Guidelines for Using Internet and Computer Ethics:

Guidelines for Using on internet:
• Do not use the computer in ways that may harm other people.

• Do not use computer technology to cause interferenwce in other users' work.

• Do not peep into on another person's computer data.

• Do not steal information.

• Do not spread wrong information using computer technology.

• Do not copy software or buy pirated copies. Pay for software unless it is free.
• Do not use someone else's computer resources unless authorized to.

• Do not claim other’s work to be yours.

• Before developing a software, think about the social impact it can have.

• In using computers for communication, be respectful and courteous with the

fellow members.

Computer Ethics:
Computer ethics deals with the procedures, values and practices that govern the
process of consuming computer technology and its related disciplines without
damaging or violating the moral values and beliefs of any individual, organization
or entity. It also promotes the discussion of how much influence areas such
as Artificial Intelligence can have on the human society.

The following are the morals that society adheres to:

1. Honesty: A decent behavior, the user should be truthful while using the internet.

2. Confidentiality: The user maintains confidentiality and does not share any
important information to unauthorized persons.

3. Respect: A user should respect the privacy of other users.

4. Professionalism: A user should maintain professional conduct and well
mannered approach.

5. Obey The Law: A user should strictly obey the law in computer usage.

6. Responsibility: The user should take ownership and responsibility to ensure

authenticity and truth.
Points to Remember:

• Connecting more than one computer is called Network.

• Intranet-Connecting computers within the same oraganisastion or home

• Internet-Connecting computers World Wide irrespective of the network.

• The orgin of Internet has started by Advanced Reasarch Project Agency Network
was developed by united states department of Depense.

• Various Hardware required to connect the Internet are TCP/IP protocol,browser

and other client application.

• There are several services available on the Internet ,they are Data transfer,
Internet Banking, E-commerce, E-Learning, E-governance, Browsing and Chating
and E-mail.
• WWW stands for World Wide Web
• Web page-A document on website

• Web site-A collection of web pages

• Domain name-The last part of the Internet address is the domain name which is
associated with IP Address.
• Web Browser-A software that enables us to look and search for their interested
topic on the Internet.

• Web Server-Computer that stores all the Information

• Search engine-A special program which functions on the keywords used.

• E-mail- A text message sent to a person in any part of the world in fraction of
second.

• Social Media- A place where people are connected to share their thoughts ,ideas
with each other.
• Threads are those attacks on mobile or computers to steal the data or to damage
others computers.

• Computer Ethics-Doing what is Right morally according to the standards of cyber

world.

Client-Server Model
The Client-server model is a distributed application structure that partitions task
or workload between the providers of a resource or service, called servers, and
service requesters called clients. In the client-server architecture, when the
client computer sends a request for data to the server through the internet, the
server accepts the requested process and deliver the data packets requested
back to the client. Clients do not share any of their resources. Examples of
Client-Server Model are Email, World Wide Web, etc.
How the Client-Server Model works ?
In this article we are going to take a dive into the Client-Server model and have
a look at how the Internet works via, web browsers. This article will help us in
having a solid foundation of the WEB and help in working with WEB
technologies with ease.
 Client: When we talk the word Client, it mean to talk of a person or an
organization using a particular service. Similarly in the digital world
a Client is a computer (Host) i.e. capable of receiving information or using a
particular service from the service providers (Servers).
 Servers: Similarly, when we talk the word Servers, It mean a person or
medium that serves something. Similarly in this digital world a Server is a
remote computer which provides information (data) or access to particular
services.
So, its basically the Client requesting something and the Server serving it as
long as its present in the database.
How the browser interacts with the servers ?
There are few steps to follow to interacts with the servers a client.
 User enters the URL(Uniform Resource Locator) of the website or file. The
Browser then requests the DNS(DOMAIN NAME SYSTEM) Server.
 DNS Server lookup for the address of the WEB Server.
 DNS Server responds with the IP address of the WEB Server.
 Browser sends over an HTTP/HTTPS request to WEB Server’s IP (provided
by DNS server).
 Server sends over the necessary files of the website.
 Browser then renders the files and the website is displayed. This rendering
is done with the help of DOM (Document Object Model)
interpreter, CSS interpreter and JS Engine collectively known as the JIT or
(Just in Time) Compilers.
 Advantages of Client-Server model:
 Centralized system with all data in a single place.
 Cost efficient requires less maintenance cost and Data recovery is possible.
 The capacity of the Client and Servers can be changed separately.
Disadvantages of Client-Server model:
 Clients are prone to viruses, Trojans and worms if present in the Server or
uploaded into the Server.
 Server are prone to Denial of Service (DOS) attacks.
 Data packets may be spoofed or modified during transmission.
 Phishing or capturing login credentials or other useful information of the user
are common and MITM(Man in the Middle) attacks are common.

Server side and Client side

Programming
 Difficulty Level : Easy
 Last Updated : 26 Oct, 2017

 Read

 Discuss
Server-side Programming :
It is the program that runs on server dealing with the generation of content of web page.
1) Querying the database
2) Operations over databases
3) Access/Write a file on server.
4) Interact with other servers.
5) Structure web applications.
6) Process user input. For example if user input is a text in search box, run a search
algorithm on data stored on server and send the results.
Examples :
The Programming languages for server-side programming are :
1) PHP
2) C++
3) Java and JSP
4) Python
5) Ruby on Rails
Refer PHP articles for example server side codes.
Client-side Programming :
It is the program that runs on the client machine (browser) and deals with the user
interface/display and any other processing that can happen on client machine like
reading/writing cookies.
1) Interact with temporary storage
2) Make interactive web pages
3) Interact with local storage
4) Sending request for data to server
5) Send request to server
6) work as an interface between server and user
The Programming languages for client-side programming are :
1) Javascript
2) VBScript
3) HTML
4) CSS
5) AJAX

The Web Communication Protocols

Most of the time, people browse the internet by using a web browser. A web browser is
a software application for retrieving, presenting, and traversing information resources on
the World Wide Web. An information resource is identified by a Uniform Resource
Identifier (URI) and may be a web page, image, video, or other piece of content.

A web browser lets your computer communicate with web servers around the world and
giving you the right informations with just a few clicks away. Different web browsers
have different way of retrieving informations, but one thing they have in common is web
communication protocols.

Web communication protocols are technology used to transfer information across the
internet. For example, a web browser uses these protocols to request information from
a web server, which is then displayed on the browser screen in the form of text and
images. The degree to which users can interact with that information depends on the
protocol.

Types
Below are some of web communication protocols used:

HyperText Transfer Protocol (HTTP)

HyperText Transfer Protocol (HTTP) is the most widely used web communications
protocol. If you look in the Address field of your web browser right now, it's likely you'll
see "http://" at the front.

HTTP is a classic "client-server" protocol. Users click a link on their web browser (the
client), and the browser sends a request over the internet to a web server that houses
the site the user requested. The server sends back the content of the site, such as text
and images, which display in users' web browsers. HTTP is an unsecure
communications protocol because the data it sends back and forth between a browser
and a server is unencrypted and can be intercepted by third parties.

Telnet

Telnet is one of the oldest communication protocols. Like HTTP, a Telnet client is used
to access remote servers. However, unlike HTTP, where you only request specific files,
Telnet is used to actually log on to the remote server and perform functions as if you
were sitting in front of the server terminal. Telnet is rarely used now since it is an
unsecure protocol that does not encrypt data sent between remote computers.

File Transfer Protocol (FTP)

As the name implies, the File Transfer Protocol (FTP) is primarily used to transfer files
such as documents, images, music, etc., between remote computers. Users have to log
on to an FTP server either through a command line interface or through one of the
many FTP graphical client programs available. Once logged on, users can navigate
through the remote server's file structure, moving, renaming, deleting, and copying files
as if it were their own computer.

Hypertext Transfer Protocol Secure (HTTPS)

HTTPS is similar to HTTP, but different in that it combines with a security protocol called
SSL/TLS to provide secure client-server communications over unsecure networks such
as the internet. You're most likely to see HTTPS protocols on ecommerce websites that
ask for personal financial information like credit card numbers. You know a website is
using HTTPS protocols when you see the "https://" in the web address displayed in your
browser's Address field.

IP Security (IPSec)

IP Security (IPSec) protocols encrypt packets of data and send them between two
computers that share the same cryptographic keys. In other words, the IPSec protocol
is like a hallway with no doors linking two rooms. The only place the data can go is
between those two rooms. IPSec protocols are used in Virtual Private Networks, which
allow employees of a company to log on to their company's secure network through a
public network (e.g. from home or a coffee shop.)

Security
Internet communications that are based on the Transfer Control Protocol/Internet
Protocol (TCP/IP), such as the Hypertext Transfer Protocol (HTTP), Telnet, and File
Transfer Protocol (FTP), are not secure because all communication occurs in plaintext.
Confidential or sensitive information that is transmitted with these protocols can easily
be intercepted and read unless the information is protected by encryption technology.

In addition, because any web client can send HTTP requests to a web server and
exploit weaknesses in the HTTP protocol or its implementation, web servers that use
only standard HTTP to communicate with web clients are easy targets for denial-of-
service attacks and other types of attacks. Moreover, web clients that communicate by
using standard HTTP are easy targets for unauthorized web servers, which can
impersonate legitimate websites and which might contain either virus-laden software for
download by users or malicious scripts and programs.

Secure web communication protocols provide a way to authenticate clients and servers
on the web and to protect the confidentiality of communication between clients and
servers. A variety of secure communication standards that use public key technology
have been developed, including Hypertext Transfer Protocol (SHTTP), IP Security
(IPSec), PPTP, and L2TP. The leading general-purpose, secure web communication
protocols are SSL 3.0 and the open TLS protocol that is based on SSL. The SSL and
TLS protocols are widely used to provide secure channels for confidential TCP/IP
communication on the web.

One disadvantage of SSL and TLS, however, is that the strength of the cryptography
that is used for secure channels is subject to government export and import restrictions.
For example, the strength of symmetric key encryption that is used by technology that is
nonexportable is much higher (128 bits) than the strength of the symmetric key
cryptography that is used by technology that is exportable (40 bits or 56 bits). Both
servers and clients must use the same cryptographic strength and the same
cryptography algorithms when they communicate over a secure channel. At the
beginning of SSL and TLS sessions, the server chooses the strongest cryptography that
is available to both the server and the client. Maximum security for secure SSL and TLS
communication is available only between servers and clients that can both support the
higher-strength nonexportable cryptography.

For secure web communication with banks and other financial institutions, other
specialized protocols that use strong cryptography have been developed (as allowed by
import or export restrictions on cryptography). Qualifying institutions can use these
special protocols to provide strong cryptography for web transactions, and at the same
time circumvent the import and export restrictions that apply for SSL and TLS. Two of
the leading secure web communication protocols of this type are the secure electronic
transaction (SET) protocol and the SGC protocol. The SGC protocol is an extension of
SSL, which requires a special SGC certificate to enable strong, 128-bit secure
communication for the web server. Internet Explorer and many other web clients
support SGC for both exportable and nonexportable versions of web clients. Web
clients do not need certificates for SGC communication. However, to use SGC
communication with a web server, you must obtain an SGC server certificate from an
authorized, commercial CA. The commercial CA that issues your SGC certificate
verifies that you are qualified to use SGC. Currently, many financial institutions and
institutions in other specific industries can qualify for SGC certificates.

Understanding Web server IIS

Introduction

Internet Information Services (IIS) 7 and later provide a request-processing architecture which
includes:

 The Windows Process Activation Service (WAS), which enables sites to use protocols
other than HTTP and HTTPS.
 A Web server engine that can be customized by adding or removing modules.
 Integrated request-processing pipelines from IIS and ASP.NET.

Components in IIS

IIS contains several components that perform important functions for the application and Web
server roles in Windows Server® 2008 (IIS 7.0) and Windows Server 2008 R2 (IIS 7.5). Each
component has responsibilities, such as listening for requests made to the server, managing
processes, and reading configuration files. These components include protocol listeners, such as
HTTP.sys, and services, such as World Wide Web Publishing Service (WWW service) and
Windows Process Activation Service (WAS).

Protocol Listeners

Protocol listeners receive protocol-specific requests, send them to IIS for processing, and then
return responses to requestors. For example, when a client browser requests a Web page from the
Internet, the HTTP listener, HTTP.sys, picks up the request and sends it to IIS for processing.
Once IIS processes the request, HTTP.sys returns a response to the client browser.

By default, IIS provides HTTP.sys as the protocol listener that listens for HTTP and HTTPS
requests. HTTP.sys was introduced in IIS 6.0 as an HTTP-specific protocol listener for HTTP
requests. HTTP.sys remains the HTTP listener in IIS 7 and later, but includes support for Secure
Sockets Layer (SSL).
To support services and applications that use protocols other than HTTP and HTTPS, you can
use technologies such as Windows Communication Foundation (WCF). WCF has listener
adapters that provide the functionality of both a protocol listener and a listener adapter. Listener
adapters are covered later in this document. For more information about WCF, see Windows
Communication Foundation on MSDN.

Hypertext Transfer Protocol Stack (HTTP.sys)

The HTTP listener is part of the networking subsystem of Windows operating systems, and it is
implemented as a kernel-mode device driver called the HTTP stack (HTTP.sys). HTTP.sys
listens for HTTP requests from the network, passes the requests onto IIS for processing, and then
returns processed responses to client browsers.

In IIS 6.0, HTTP.sys replaced Windows Sockets API (Winsock), which was a user-mode
component used by previous versions of IIS to receive HTTP requests and send HTTP responses.
IIS 7 and later continue to rely on HTTP.sys for HTTP requests.

HTTP.sys provides the following benefits:

 Kernel-mode caching. Requests for cached responses are served without switching to user
mode.
 Kernel-mode request queuing. Requests cause less overhead in context switching because
the kernel forwards requests directly to the correct worker process. If no worker process is
available to accept a request, the kernel-mode request queue holds the request until a
worker process picks it up.
 Request pre-processing and security filtering.
World Wide Web Publishing Service (WWW service)

In IIS 7 and later, functionality that was previously handled by the World Wide Web Publishing
Service (WWW Service) alone is now split between two services: WWW Service and a new
service, Windows Process Activation Service (WAS). These two services run as LocalSystem in
the same Svchost.exe process, and share the same binaries.

Note

You may also see the WWW Service referred to as W3SVC in documentation.

How WWW Service works in IIS 6.0

In IIS 6.0, WWW Service manages the following main areas in IIS:

 HTTP administration and configuration

 Process management
 Performance monitoring
HTTP Administration and Configuration

The WWW Service reads configuration information from the IIS metabase and uses that
information to configure and update the HTTP listener, HTTP.sys. In addition, WWW service
starts, stops, monitors, and manages worker processes that process HTTP requests.

Performance Monitoring

The WWW Service monitors performance and provides performance counters for Web sites and
for the IIS cache.

Process Management

The WWW Service manages application pools and worker processes, such as starting, stopping,
and recycling worker processes. Additionally, the WWW Service monitors the health of the
worker processes, and invokes rapid fail detection to stop new processes from starting when
several worker processes fail in a configurable amount of time.

How the WWW Service works in IIS

In IIS, the WWW service no longer manages worker processes. Instead, the WWW Service is the
listener adapter for the HTTP listener, HTTP.sys. As the listener adapter, the WWW Service is
primarily responsible for configuring HTTP.sys, updating HTTP.sys when configuration
changes, and notifying WAS when a request enters the request queue.

Additionally, the WWW Service continues to collect the counters for Web sites. Because
performance counters remain part of the WWW Service, they are HTTP specific and do not
apply to WAS.

Windows Process Activation Service (WAS)

In IIS 7 and later, Windows Process Activation Service (WAS) manages application pool
configuration and worker processes instead of the WWW Service. This enables you to use the
same configuration and process model for HTTP and non-HTTP sites.

Additionally, you can run WAS without the WWW Service if you do not need HTTP
functionality. For example, you can manage a Web service through a WCF listener adapter, such
as NetTcpActivator, without running the WWW Service if you do not need to listen for HTTP
requests in HTTP.sys. For information about WCF listener adapters and about how to host WCF
applications in IIS 7 and later by using WAS, see Hosting in WCF on MSDN.

Configuration Management in WAS

On startup, WAS reads certain information from the ApplicationHost.config file, and passes that
information to listener adapters on the server. Listener adapters are components that establish
communication between WAS and protocol listeners, such as HTTP.sys. Once listener adapters
receive configuration information, they configure their related protocol listeners and prepare the
listeners to listen for requests.

In the case of WCF, a listener adapter includes the functionality of a protocol listener. So, a WCF
listener adapter, such as NetTcpActivator, is configured based on information from WAS. Once
NetTcpActivator is configured, it listens for requests that use the net.tcp protocol. For more
information about WCF listener adapters, see WAS Activation Architecture on MSDN.

The following list describes the type of information that WAS reads from configuration:

 Global configuration information

 Protocol configuration information for both HTTP and non-HTTP protocols
 Application pool configuration, such as the process account information
 Site configuration, such as bindings and applications
 Application configuration, such as the enabled protocols and the application pools to which
the applications belong

If ApplicationHost.config changes, WAS receives a notification and updates the listener adapters
with the new information.

Process Management

WAS manages application pools and worker processes for both HTTP and non-HTTP requests.
When a protocol listener picks up a client request, WAS determines if a worker process is
running or not. If an application pool already has a worker process that is servicing requests, the
listener adapter passes the request onto the worker process for processing. If there is no worker
process in the application pool, WAS will start a worker process so that the listener adapter can
pass the request to it for processing.

Note

Because WAS manages processes for both HTTP and non-HTTP protocols, you can run
applications with different protocols in the same application pool. For example, you can develop
an application, such as an XML service, and host it over both HTTP and net.tcp.

Modules in IIS

IIS provides a new architecture that is different from previous versions of IIS. Instead of keeping
the majority of functionality within the server itself, IIS include a Web server engine in which
you can add or remove components, called modules, depending on your needs.

Modules are individual features that the server uses to process requests. For example, IIS uses
authentication modules to authenticate client credentials, and cache modules to manage cache
activity.
The new architecture provides the following advantages over previous versions of IIS:

 You can control which modules you want on the server.

 You can customize a server to a specific role in your environment.
 You can use custom modules to replace existing modules or to introduce new features.

The new architecture also improves security and simplifies administration. By removing
unnecessary modules, you reduce the server's attack surface and memory footprint, which is the
amount of memory that server worker processes use on the machine. You also eliminate the need
to manage features that are unnecessary for your sites and applications.

Native Modules

The following sections describe the native modules that are available with a full installation of
IIS 7 and later. You can remove them or replace them with custom modules, depending on your
needs.

HTTP Modules

Several modules in IIS 7 and later perform tasks specific to Hypertext Transfer Protocol (HTTP)
in the request-processing pipeline. HTTP modules include modules to respond to information
and inquiries sent in client headers, to return HTTP errors, to redirect requests, and more.

Module Name Description Resource

CustomErrorModule Sends default and configured HTTP error messages Inetsrv\Custerr.dll

when an error status code is set on a response.

HttpRedirectionModule Supports configurable redirection for HTTP Inetsrv\Redirect.dll

requests.

ProtocolSupportModule Performs protocol-related actions, such as setting Inetsrv\Protsup.dll

response headers and redirecting headers based on
configuration.

RequestFilteringModule Added in IIS 7.5. Filters requests as configured to Inetsrv\modrqflt.dll

control protocol and content behavior.

WebDAVModule Added in IIS 7.5. Allows more secure publishing of Inetsrv\WebDAV.dll

content by using HTTP over SSL.
Security Modules

Several modules in IIS perform tasks related to security in the request-processing pipeline. In
addition, there are separate modules for each of the authentication schemes, which enable you to
select modules for the types of authentication you want on your server. There are also modules
that perform URL authorization, and a module that filters requests.

Module Name Description Resource

AnonymousAuthenticationModule Performs Anonymous Inetsrv\Authanon.dll

authentication when no other
authentication method
succeeds.

BasicAuthenticationModule Performs Basic authentication. Inetsrv\Authbas.dll

CertificateMappingAuthenticationModule Performs Certificate Mapping Inetsrv\Authcert.dll

authentication using Active
Directory.

DigestAuthenticationModule Performs Digest authentication. Inetsrv\Authmd5.dll

IISCertificateMappingAuthenticationModule Performs Certificate Mapping Inetsrv\Authmap.dll

authentication using IIS
certificate configuration.

RequestFilteringModule Performs URLScan tasks such Inetsrv\Modrqflt.dll

as configuring allowed verbs
and file name extensions,
setting limits, and scanning for
bad character sequences.

UrlAuthorizationModule Performs URL authorization. Inetsrv\Urlauthz.dll

WindowsAuthenticationModule Performs NTLM integrated Inetsrv\Authsspi.dll

authentication.

IpRestrictionModule Restricts IPv4 addresses listed Inetsrv\iprestr.dll

in the ipSecurity list in
configuration.
Content Modules

Several modules in IIS perform tasks related to content in the request-processing pipeline.
Content modules include modules to process requests for static files, to return a default page
when a client doesn't specify a resource in a request, to list the contents of a directory, and more.

Module Name Description Resource

CgiModule Executes Common Gateway Interface (CGI) Inetsrv\Cgi.dll

processes to build response output.

DefaultDocumentModule Attempts to return a default document for requests Inetsrv\Defdoc.dll

made to the parent directory.

DirectoryListingModule Lists the contents of a directory. Inetsrv\dirlist.dll

IsapiModule Hosts ISAPI extension DLLs. Inetsrv\Isapi.dll

IsapiFilterModule Supports ISAPI filter DLLs. Inetsrv\Filter.dll

ServerSideIncludeModule Processes server-side includes code. Inetsrv\Iis_ssi.dll

StaticFileModule Serves static files. Inetsrv\Static.dll

FastCgiModule Supports FastCGI, which provides a high- Inetsrv\iisfcgi.dll

performance alternative to CGI.

Compression Modules

Two modules in IIS perform compression in the request-processing pipeline.

Module Name Description Resource

DynamicCompressionModule Compresses responses and applies Gzip Inetsrv\Compdyn.dll

compression transfer coding to responses.

StaticCompressionModule Performs pre-compression of static content. Inetsrv\Compstat.dll

Caching Modules

Several modules in IIS perform tasks related to caching in the request-processing pipeline.
Caching improves the performance of your Web sites and Web applications by storing processed
information, such as Web pages, in memory on the server, and then reusing that information in
subsequent requests for the same resource.
Module Name Description Resource

FileCacheModule Provides user mode caching for files and file handles. Inetsrv\Cachfile.dll

HTTPCacheModule Provides kernel mode and user mode caching in Inetsrv\Cachhttp.dll

HTTP.sys.

TokenCacheModule Provides user mode caching of user name and token Inetsrv\Cachtokn.dll
pairs for modules that produce Windows user principals.

UriCacheModule Provides user mode caching of URL information. Inetsrv\Cachuri.dll

Logging and Diagnostics Modules

Several modules in IIS perform tasks related to logging and diagnostics in the request-processing
pipeline. The logging modules support loading of custom modules and passing information to
HTTP.sys. The diagnostics modules follow and report events during request processing.

Module Name Description Resource

CustomLogging Loads custom logging modules. Inetsrv\Logcust.dll

Module

FailedRequestsTracing Supports the Failed Request Tracing feature. Inetsrv\Iisfreb.dll

Module

HttpLoggingModule Passes information and processing status to HTTP.sys Inetsrv\Loghttp.dll

for logging.

RequestMonitorModule Tracks requests currently executing in worker Inetsrv\Iisreqs.dll

processes and reports information with Runtime Status
and Control Application Programming Interface
(RSCA).

TracingModule Reports events to Microsoft Event Tracing for Inetsrv\Iisetw.dll

Windows (ETW).
Managed Support Modules

A couple of modules in IIS support managed integration in the IIS request-processing pipeline.

Module Name Description Resource

ManagedEngine Provides integration of managed code Microsoft.NET\Frame

modules in the IIS request-processing work\v2.0.50727\webe
pipeline. ngine.dll

ConfigurationValidation Validates configuration issues, such as Inetsrv\validcfg.dll

when an application is running in
Module Integrated mode but has handlers or
modules declared in the system.web
section.

Managed Modules

In addition to native modules, IIS enables you to use managed code modules to extend IIS
functionality. Some of the managed modules, such as UrlAuthorization, have a native module
counterpart that provides a native alternative to the managed module.

Note

Managed modules depend on the ManagedEngine module.

The following table lists the managed modules that are available with a full installation of IIS 7
and later. For more information about the managed modules, see the .NET Framework SDK
2.0 on MSDN.

Module Name Description Resource

AnonymousIdentifica Manages anonymous identifiers, System.Web.Security.AnonymousIdentificati

tion which are used by features that onModule
support anonymous identification
such as ASP.NET profile.
 Module Name Description Resource

DefaultAuthenticatio Ensures that an authentication object System.Web.Security.DefaultAuthentication

n is present in the context. Module

FileAuthorization Verifies that a user has permission to System.Web.Security.FileAuthorizationMod

access the requested file. ule

FormsAuthentication Supports authentication by using System.Web.Security.FormsAuthentication

Forms authentication. Module

OutputCache Supports output caching. System.Web.Caching.OutputCacheModule

Profile Manages user profiles by using System.Web.Profile.ProfileModule

ASP.NET profile, which stores and
retrieves user settings in a data source
such as a database.

RoleManager Manages a RolePrincipal instance for System.Web.Security.RoleManagerModule

the current user.

Session Supports maintaining session state, System.Web.SessionState.SessionStateModu

which enables storage of data specific le
to a single client within an
application on the server.

UrlAuthorization Determines whether the current user System.Web.Security.UrlAuthorizationModu

is permitted access to the requested le
URL, based on the user name or the
list of roles of which a user is a
member.

UrlMappingsModule Supports mapping a real URL to a System.Web.UrlMappingsModule

more user-friendly URL.

WindowsAuthenticati Sets the identity of the user for an System.Web.Security.WindowsAuthenticatio

on ASP.NET application when Windows nModule
authentication is enabled.
Request Processing in IIS

In IIS, the IIS and ASP.NET request pipelines combine to process requests with an integrated
approach. The new request-processing architecture consists of an ordered list of native and
managed modules that perform specific tasks in response to requests.

This design provides several benefits over previous versions of IIS. First, all file types can use
features that were originally available only to managed code. For example, you can now use
ASP.NET Forms authentication and Uniform Resource Locator (URL) authorization for static
files, Active Server Pages (ASP) files, and all other file types in your sites and applications.

Second, this design eliminates the duplication of several features in IIS and ASP.NET. For
example, when a client requests a managed file, the server calls the appropriate authentication
module in the integrated pipeline to authenticate the client. In previous versions of IIS, this same
request would go through an authentication process in both the IIS pipeline and in the ASP.NET
pipeline.

Third, you can manage all of the modules in one location, instead of managing some features in
IIS and some in the ASP.NET configuration. This simplifies the administration of sites and
applications on the server.

Application Pools in IIS

Application pools separate applications by process boundaries to prevent an application from

affecting another application on the server. In IIS 7 and later, application pools continue to use
IIS 6.0 worker process isolation mode. In addition, you can now specify a setting that determines
how to process requests that involve managed resources: Integrated mode or Classic mode.

Note

In IIS 6.0, worker process isolation mode and IIS 5.0 isolation mode are set at the server level.
This makes it impossible to run both isolation modes on the same server. However, in IIS 7 and
later, Integrated mode and Classic mode are set at the application pool level, which enables you
to run applications simultaneously in application pools with different process modes on the same
server.

Integrated application pool mode

When an application pool is in Integrated mode, you can take advantage of the integrated
request-processing architecture of IIS and ASP.NET. When a worker process in an application
pool receives a request, the request passes through an ordered list of events. Each event calls the
necessary native and managed modules to process portions of the request and to generate the
response.

There are several benefits to running application pools in Integrated mode. First the request-
processing models of IIS and ASP.NET are integrated into a unified process model. This model
eliminates steps that were previously duplicated in IIS and ASP.NET, such as authentication.
Additionally, Integrated mode enables the availability of managed features to all content types.

Classic application pool mode

When an application pool is in Classic mode, IIS 7 and later handles requests in the same way as
in IIS 6.0 worker process isolation mode. ASP.NET requests first go through native processing
steps in IIS and are then routed to Aspnet_isapi.dll for processing of managed code in the
managed runtime. Finally, the request is routed back through IIS to send the response.

This separation of the IIS and ASP.NET request-processing models results in duplication of
some processing steps, such as authentication and authorization. Additionally, managed code
features, such as Forms authentication, are only available to ASP.NET applications or
applications for which you have script mapped all requests to be handled by aspnet_isapi.dll.

Be sure to test your existing applications for compatibility in Integrated mode before upgrading a
production environment to IIS 7 and later and assigning applications to application pools in
Integrated mode. You should only add an application to an application pool in Classic mode if
the application fails to work in Integrated mode. For example, your application might rely on an
authentication token passed from IIS to the managed runtime, and, due to the new architecture in
IIS 7 and later, the process breaks your application.

HTTP Request Processing in IIS

IIS 7 and later have a similar HTTP request-processing flow as IIS 6.0. The diagrams in this
section provide an overview of an HTTP request in process.

The following list describes the request-processing flow that is shown in Figure 1:

1. When a client browser initiates an HTTP request for a resource on the Web server,
HTTP.sys intercepts the request.
2. HTTP.sys contacts WAS to obtain information from the configuration store.
3. WAS requests configuration information from the configuration store, application Host.
config
4. The WWW Service receives configuration information, such as application pool and site
configuration.
5. The WWW Service uses the configuration information to configure HTTP.sys.
6. WAS starts a worker process for the application pool to which the request was made.
7. The worker process processes the request and returns a response to HTTP.sys.
8. The client receives a response.
Figure 1: Overview of an HTTP Request

In a worker process, an HTTP request passes through several ordered steps, called events, in the
Web Server Core. At each event, a native module processes part of the request, such as
authenticating the user or adding information to the event log. If a request requires a managed
module, the native Managed Engine module creates an App Domain, where the managed module
can perform the necessary processing, such as authenticating a user with Forms authentication.
When the request passes through all of the events in the Web Server Core, the response is
returned to HTTP.sys. Figure 2, below, shows an HTTP request entering the worker process.
Figure 2: Detail of a HTTP request inside the Worker Proces