Mälardalens Högskola

School of Innovation, Design and Engineering

Comparison between Two Web

Development Platforms

Master Thesis, D-Level

Author:
Magnus Holmberg
[email protected]

Supervisor/Examiner:
Frank Lüders
[email protected]

April 15, 2008

 Abstract

The demand of dynamic web pages has increased the latest year and this has resulted in a
higher demand on the developing platform and the developer. In this thesis a comparison
between Microsoft Visual Studio with ASP.NET and Netbeans IDE 6.0 using JSP tech-
nology will be done. First a website will be developed with both platforms according to
a specified website. When developing the specified website only built in components and
functions will be used except the code behind that can be written in any way using any
language that the platform supports. The two different platforms will be compared against
each other according to predefined comparison scenarios. The comparison scenarios will
hopefully show some difference between the two platforms and by the difference found this
will show which platform that is preferable. The scenarios that will be looked into are
three different categories such as design, development and manageability.
 Sammanfattning

Efterfrågan på dynamiska hemsidor har ökat markant det senaste året and detta har
resulterat i högre krav på både hemside utvecklaren och utvecklings plattformerna. I denna
avhandling kommer det att göras en jämförelse mellan Microsoft Visual Studio ASP.NET
och Sun Microsystems Netbeans IDE 6.0 som använder sig av JSP teknologin. Först
så kommer en hemsida att utvecklas i de båda plattformerna enligt en specifikation. När
hemsidan utvecklas kommer endast att inbyggda komponenter och funktioner att användas
förutom koden som ska skrivas bakom ASP och JSP där språket som stödjs av plattfor-
men får användas. The två olika plattformerna kommer att jämföras mot varandra enligt
fördefinierade jämförelse scenarion. De olika jämförelse scenarierna kommer förhoppn-
ingsvis att påvisa skillnader mellan de två plattformerna och dessa skillnader kommer att
visa vilken plattform som är bäst. Jämförelse scenarierna kommer att göras i tre kategorier
såsom design, utveckling och uppdaterings förmåga.
Contents

1 Introduction 5

2 Mirosoft Visual Studio and ASP.NET 6

2.1 .NET Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.1.1 Common Language Infrastructure (CLI) . . . . . . . . . . . . . . . 6
2.1.2 Common Language Runtime . . . . . . . . . . . . . . . . . . . . . . 6
2.1.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2 Active Server Pages (ASP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.1 Object Linking and Embedding (OLE) . . . . . . . . . . . . . . . . 8
2.2.2 Component Object Model (COM) . . . . . . . . . . . . . . . . . . . 8
2.3 Internet Information Services (IIS) . . . . . . . . . . . . . . . . . . . . . . 9
2.3.1 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3.2 Reliability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3.3 Manageability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.3.4 Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

3 Sun Microsystems Java Netbeans IDE 6.0 14

3.1 Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.1 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.1.2 Java Server Pages (JSP) . . . . . . . . . . . . . . . . . . . . . . . . 14
3.2 Netbeans IDE 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2.1 Java Platform Enterprise Edition (Java EE) . . . . . . . . . . . . . 16
3.2.2 Integrated Development Environment (IDE) . . . . . . . . . . . . . 16
3.3 Sun Java System Application Server PE 9 and GlassFish v2 . . . . . . . . 16
3.3.1 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

4 Project Methodology, Goals and Implementation 19

4.1 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.2 Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.3 Website Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
4.4 Visual Studio Implementation . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.4.1 Master Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
4.4.2 Create User Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

2
 4.4.3 Create Object Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
4.4.4 Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4.5 Show Objects Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4.4.6 Object Information Page . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.7 Show Pictures Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.8 Crypt Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.4.9 Save Picture Class . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.5 Netbeans Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.5.1 Beginning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.5.2 Navigation Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.5.3 Create User Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.5.4 Create Object Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.5.5 Login Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
4.5.6 Show Objects Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.5.7 Object Information Page . . . . . . . . . . . . . . . . . . . . . . . . 35
4.5.8 Show Pictures Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

5 Microsoft Visual Studio ASP.NET vs Sun Microsystems Netbeans IDE 36

5.1 Comparison Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.1.1 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.1.2 Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5.1.3 Manageability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.2 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.2.1 Microsoft Visual Studio ASP.NET . . . . . . . . . . . . . . . . . . . 37
5.2.2 Sun Microsystems Netbeans IDE 6.0 . . . . . . . . . . . . . . . . . 39
5.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.1 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
5.3.2 Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.3.3 Manageability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

6 Conclusions and Future work 43

6.1 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
6.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

A Visual Studio implementation 47

A.1 CreateObject.aspx.cs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
A.2 CustomerSignUp.aspx.cs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
A.3 Showobjects stored procedure . . . . . . . . . . . . . . . . . . . . . . . . . 49
A.4 SavePic.cs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
A.5 Crypt.cs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

B Netbeans IDE 6.0 implementation 55

B.1 Create User SubmitButton method . . . . . . . . . . . . . . . . . . . . . . 55

3
List of Figures

2.1 Standard Html sends a request to the server which retrievs a file and sends
it back to the client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Sends a request to the server which retrievs a file, processes it if needed and
then returns the output html code. . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Example of embedded video on YouTube . . . . . . . . . . . . . . . . . . . 9
2.4 Internet Information Service Manager . . . . . . . . . . . . . . . . . . . . . 11

3.1 Netbeans IDE 6.0 shows the IDEs. Editor, GUI, other visual tools etc. . . 17

4.1 Prototype of the Welcome page . . . . . . . . . . . . . . . . . . . . . . . . 20

4.2 Prototype of account creation page . . . . . . . . . . . . . . . . . . . . . . 21
4.3 Prototype of create object page. . . . . . . . . . . . . . . . . . . . . . . . . 22
4.4 Prototype of show objects page. . . . . . . . . . . . . . . . . . . . . . . . . 22
4.5 Entity-Relationship Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.6 Visual Studio 2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.7 GUI of database tables creation . . . . . . . . . . . . . . . . . . . . . . . . 26
4.8 The GUI of Netbeans IDE 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . 32

4
Chapter 1

Introduction

The first webpage began at CERN (Centre Européen de Recherche Nucléaire) where they
researched in how to share documents using a web browser [4]. This was the start of the
World Wide Web as we know it today. First web pages could only show static information
but later the CGI (Common gateway interface) was developed which made it possible
for an application to communicate with a server passing requests to it. This made it
possible to developing dynamic web pages with interactivity for the user. There are many
different sorts of developing environments and templates with which it is possible to create
a dynamic web page. Active Server Pages (ASP), Java Server Pages (JSP) and PHP:
Hypertext Preprocessor (PHP) are some of the most common script engines but which
one should a developer choose? This thesis will focus on comparing Microsoft ASP.NET
and Sun Microsystems Netbeans IDE. Working with a project using some kind of method
will help you to solve some problems and it also makes it easier to know what to do in a
more structural way. The method does not help with specific details but it helps setting
up goals and guidelines. There are different methodologies for different kind of projects
and for this project the case study method is preferred [1]. In a case study the project is
first presented and the goal for the project will be decided. The goal and the specifikation
will be described in the report.

5
Chapter 2

Mirosoft Visual Studio and ASP.NET

2.1 .NET Framework

2.1.1 Common Language Infrastructure (CLI)
Common Language Infrastructure (CLI) is constructed by Microsoft as the foundation of
the .NET technology. CLI allows applications to be written in a variety of high level
languages and executed in different runtime environments [3].

2.1.2 Common Language Runtime

Common Language Runtime (CLR) manages the execution that is written in any of sup-
ported languages, this allows them to share some common classes written in any of the
languages [17]. At runtime CLR is doing a just-in-time compiling of the code which
will make the code more language and hardware independent. CLR allows programmers
to ignore specific details that comes with different CPUs. The CLR also provides some
other important features such as: Memory management, garbage collection, security, per-
formance improvements and more.

2.1.3 Security
There are several ways in that the .NET Framworks protects the code and its resources
from unauthorised access. ASP.NET provides a way to use authorized roles or authorize
HTTP verbs stored in a XML file list or the file system, this to limit the access to a web site
by comparing the authenticated credentials. .NET also has a security mechanism called
Code Access Security (CAS) which uses permissions to limit the access to protect resources
and operations. To help the developers to protect the data and communication between
servers .NET offers Cryptographic services. The Cryphtographic service provides methods
to encrypt, decrypt and to secure the channels of communication. .Net have many features,
tips and tricks regarding the security, more can be read at [23, 24].

6
Figure 2.1: Standard Html sends a request to the server which retrievs a file and sends it
back to the client.

2.2 Active Server Pages (ASP)

Active Server Pages (ASP) is a script engine for the server side and is an add-on to Internet
Information Services (IIS) which is developed by Microsoft [5, 6, 7]. Instead as standard
html works seen in Figure 2.1 ASP processes the data before it sends it back as seen in
Figure 2.2 The engine makes it possible to communicate with a dynamically generated
web page server. ASP makes it possible for the developer to replace the static HTML
pages with "live data", it also makes it easier by having some built-in objects, server side
scripts, access to databases and ActiveX components which can be used when creating
a dynamic web page. Microsoft managed to make ASP scripting compliant with their
Component Object Models (COM). This resulted in that non-vendor components could
be shared through a communication mechanism OLE (Object Linking and Embedding).
From this ASP applications then could extend the functionality because of the sharing of
properties, events and methods through the components.

Active Server Pages is an open, compile-free application environment in which

you can combine HTML, scripts, and reusable ActiveX server components to
create dynamic and powerful Web-based business solutions. Active Server
Pages enables server side scripting for IIS with native support for both VB-
Script and JScript.

ASP releases:

• ASP 1.0 (December 1996)

• ASP 2.0 (September 1997)

• ASP 3.0 (November 2000)

• ASP.NET 1.0 (January 2002)

• ASP.NET 1.1 (April 2003)

• ASP.NET 2.0 (November 2005)

7
Figure 2.2: Sends a request to the server which retrievs a file, processes it if needed and
then returns the output html code.

• ASP.NET 2.0 SP1 (November 2007)

• ASP.NET 3.0 SP1 (November 2007)

When Microsoft introduced ASP.NET in 2002 some major changes were made. Two of
the changes were: ASP.NET comes with the ability of multi-language as the .NET Common
Language Runtime (CLR) which allows web pages to be written in Csharp, jsharp and VB.
ASP.NET offers the ability of using predefined controls such as buttons, labels, etc. The
developer can choose to cache just parts of the page to improve the performance.

2.2.1 Object Linking and Embedding (OLE)

The Object Linked and embedded (OLE) technology released version 1.0 in 1990 and later
released version 2.0 with support of COM technology 1993 [10, 16]. OLE allows the
embedding and linking of other objects together. This makes it possible to import other
types object that not are a function of the own application. For example when writing
in a text editor and the editor don’t support graphs or pictures, it is possible to import
these using the OLE technology. With OLE can be used to transfer data between different
applications using drag and drop. A developer can embed multimedia in a Web Page
such as videos, animations and audios. This is used for example on the famous Website
YouTube.

2.2.2 Component Object Model (COM)

The Component Object Model technology originated from the Object Linking and Em-
bedded (OLE) technology [15, 16]. The first public version of COM became available with
OLE 2.0 in 1993 but the name COM was not commonly used by Microsoft until in 1997.
COM also includes ActiveX, Distributed COM (DCOM), COM+ and programming tools.
COM is a underlying architecture forms the foundation that provides high-level software
services like the once provided by OLE. The Component Object Model technology enables
different software components to communicate. The implementation of components with

8
 Figure 2.3: Example of embedded video on YouTube

the COM technology is language neutral so that it is possible use and reuse them in differ-
ent environments and the components can even be used across machines of different types
and different operating systems.

2.3 Internet Information Services (IIS)

Internet Information Services (IIS) is a powerful web server application for versions of
Microsoft Windows server 2003 [8, 9, 10]. The IIS 6.0 provides a reliable, manageable and
scaleable infrastructure. A dynamic scripting environment for supporting Active Server
Pages was introduced in IIS 3.0. The release of IIS 6.0 supported some features that help
lowering the system administration cost and another feature of IIS 6.0 is that Microsoft
Dynamic Systems Initiative (DSI) is included which has automated health monitoring,
process isolation and improved management capabilities. Earlier versions of IIS have had
som issues regarding the security which have been fixed and patched in different versions.
The latest release which is IIS version 7.0 have not yet reported any issues, this is the
version that will be included in Windows server 2008.

2.3.1 Security
The Internet Information Services web servers have been having some concerns about their
security [11, 12, 13, 14, 2]. They have encountered issues since the release as a part of
Windows NT. In the release of IIS 6.0 some security vulnerabilities have been patched and
now in IIS 7.0 version so far no security vulnerabilities have been detected. One security
breech came from the infamous Code Red Worm were the worm found a vulnerability in

9
the indexing software distributed with IIS. The worm used a common vulnerability called
"buffer overflow" which basically is when a buffer overflows. This specific worm used a
long string of repeating the character ’N’ to overflow the buffer. This kind of vulnerability
lets the intruder to run arbitrary code on the targeted machine.

Regarding the security IIS version 5.0 and higher supports some authentication mecha-
nisms:
Basic access authentication: This authentication is a method that lets the application
to pass information about user name and password but it have to relie on that the connec-
tion between client and the server is secure.
Digest access authentication: Basically encrypts the user identity so that it is more
secure to send the identity over a connection instead of sending it as plain text. Helps
basic access authentication not to send unencrypted information.
Integrated Windows authentication (IWA): It first tries to use the current Windows
user information on the client before it asks for user information. The Integrated Windows
authentication hashes the information before it sends information over the web. The client
browser proves its identity through a cryptographic exchange with the web server. IWA
uses the protocols SPNEGO, Kerberos and NTLMSSP.
.NET passport authentication: This is a authentication that lets the user use the
same login with different websites. The information is sent through a Secure Socket Layer
(SSL) to a Windows authentication server which in return checks if the user has a valid
GLOBALAUTH-cookie then the user receives an ID-tag encrypted with triple DES stan-
dard. The authentication server then communicates with the targeted website letting it
know of the agreed ID-tag. .NET passport is used by many popular web sites and pro-
gram such as Windows Live messenger, Hotmail and more. .NET passport also known as
Window live id is plattform-neutral and have support in Perl, PHP, Ruby, Python etc.

2.3.2 Reliability
As of Internet Information Services version 6.0 servers a single web application no longer
can cause other web applications and web sites to fail. The system is built in such way that
web sites on same server is isolated from each other into self-contained. The processes on
the server operates independently in so called worker processes so if one process fail is does
not affect the other processes. This will make the system more fault-tolerant, makes the
web sites more available and increases the number of web sites that a server can host. It is
possible to monitoring these worker processes by letting them get pinged this will help the
system to detect failures. In this way IIS 6.0 will now if something have gone wrong and
can then restart the failing application. Incoming requests to the failing application will be
queued and sent to the application when it is possible. In a IIS 6.0 server the administrator
can limit the CPU to different applications or web sites. This can be set to a predetermined
period of time so that CPU time not is wasted in low activity or low priority processes.
These are some of the features that will make the server help the applications and web
sites to increase the availability, manageability, reliability and decrease the downtime.

10
 Figure 2.4: Internet Information Service Manager

2.3.3 Manageability
Internet Information Services 6.0 uses an Extensible Markup Language (XML) to store
the Web Server configuration data. Editing the XML sheet can be done using a text
editor which will make it much easier for the administrator to understand. With IIS 6.0
the administrator can use a third party monitoring and management tool to access the
configuration data which will lead to better tool integration. Managing IIS 6.0 server
configuration can be done while the server is running. When saving the configuration
a copy of the old configuration is saved with a unique version number and then new
configuration is marked as the new "metabase.xml". This will make it easy to rollback
configurations. If the new configuration makes the system to fail, IIS 6.0 will automatically
rollback to the previous configuration XML, this to prevent the Meta database to crash
the system over and over again. The configuration XML sheet can easily be exported
and imported to different servers. Backing up the system can be made so that it can
be restored on a different server (server-independent-backup). Managing the IIS 6.0 the
administrator can use IIS Manager which is a graphical user friendly interface with full
access to the web server. With IIS Manager the administrator can access the web server
from a remote computer. IIS 6.0 supports File Transfer Protocol (FTP) to transfer files
and uploading web content. When uploading files it is possible to restrict users to specific
directories, for example the administrator can restrict the users only to have access to
their own directory which will prevent them to overwrite other user’s web content. IIS 6.0
also supports Simple Mail Transfer Protocol (SMTP) that can be used for sending e-mail
messages between servers. This is some of the features in IIS 6.0 that helps administrators
to mange their server easier.

11
2.3.4 Scalability
Security
When running multiple web sites or applications on a single server some security require-
ments are needed. IIS 6.0 separates and isolates the application pools that mange the web
sites and applications. Running a server with files with dynamic extensions such as com-
piling and executing the administrator must add these file extensions to the Web service
extension list. This will prevent dynamic extensions that not are permitted on the server.
Calling dynamic extensions that not are permitted will result in a error message with lim-
ited information which will prevent hackers potential hackers. IIS 6.0 is protected from the
most common attacks to Web servers two of these are buffer and memory overflow. The
system is configured to handle data transmissions of unknown size. This is done with a
memory-overflow protection. When a buffer or memory is over flown the affected worker
process will be shut down preventing it from interfere other processes. This protection
would have protected IIS against the infamous Red Worm which attacked IIS versions
4.0 and 5.0. User accounts in IIS 6.0 are set to lowest privilege needed for any operation.
Worker processes are running under Networkservice accounts which are limiting the system
privilege. This will lower the chances of exploiting security vulnerabilities. IIS 6.0 have
full support for Secure Socket Layer (SSL) and Transport Security Layer (TSL) exchang-
ing information between clients and servers. The administrator have full access choosing
cryptography service, it is even possible to use hardware accelerator cards. Administrators
can limit which TCP/IP and UDP ports that is open. This will prevent attacks against
ports opened unintentional. The amount of aloud data can be limited. IIS 6.0 have got
some authentication support see IIS security.

Performance
The scaling in IIS 6.0 i greatly improved so that it can host many sites at the same time.
IIS 6.0 has many options were the administrator can tune the server soo that unsatisfied
performance can be avoid. Like bottlenecks, bad response and other errors. Scaling is to
balance the system to increase the demand at an aceptable level of perfomance. When IIS
6.0 gets a peak in traffic the system then can be tuned to scale. The system is scalable in
many different aspects. Some of the aspects is shortly discribed below:

• IIS 6.0 includes scalability through Network Load balancing between servers, with
only one server it is only possible to provide a limited level of server reliability therefor
it is vice to combine the resources of more than one computer.

• To large queues is an unwanted behavior in a server that is why IIS 6.0 provides
the ability to optimize the queues, the dministrator can set theese request queues:
TCP/IP queue, ASP request queue, kernale request queue and ASP.NET request
queue.

12
• Caches is used to store requested data. Without caches or caching it can be very
timeconsuming. IIS uses caches which are enabled by default and do not commonly
need any tuning. But if it is nessesary the cahces can be adjusted.

• IIS supports three different common Internet service providers (ISP) installation
strategies which can be used when IIS running in worker process isolation mode.
The three modes are:Shared static hosting, Shared static and dynamic hosting and
Dedicated hosting.

13
Chapter 3

Sun Microsystems Java Netbeans IDE

6.0

3.1 Java
3.1.1 History
The Java history started in 1991 when James Gosling made up his mind to implement
a virtual machine and language that had familiar notation as the C/C++ family [18,
19]. First release of Java 1.0 was in 1995 and Gosling promised "Written Once, Run
Anywhere"(WORA). Web browsers started to use secure Java applets in their web pages
and Java became very popular. To formalize Java Sun Microsystems approached the
ISO/IEC JTC1 and ECMA international standards this was done in 1997. As of 8 May
2007 Sun is done making the entire Java core code into open source.

3.1.2 Java Server Pages (JSP)

Java Server Pages (JSP) technology provides an easier way for the software developers to
create dynamic web pages this by generate dynamically generate HTML, XML and other
types of documents in response to requests made by the client [20, 19]. JSP works with
the most web servers, applications, browsers and development tools. JSP encapsulates
the logic that generates the content page, this done by using XML tags and scriptlets
written with Java Technology were JSP is a part of the family. To separate the page logic
from its design and display JSP passes the formatting tags directly back to the client.
The servlets which the JSP pages are compiled into may be called JavaBeans components
were the Beans performs the processing on the server. In Figure 3.1.2 the translation and
executions steps is shown. The translation is only done if it is necessary, this to get better
performance.

14
Java Servlet
The Java servlet is similar to the non-Java technologies supporting dynamically web con-
tents such as PHP and ASP.NET. The servlet can be thought of as an applet on the server
side [20]. Servlets makes it possible to maintain state through cookies and sessions or
URL rewriting. The servlet is an object that receives a request and then delivers a re-
sponse. To deliver the response the servlet goes through some translation and compiling
in the server. The servlet API defines the different interactions of the Web container and
a servlet. The web container is responsible to manage the life cycle, mapping a URL and
that the requester has the correct access rights for a specific servlet.

3.2 Netbeans IDE 6.0

Netbeans IDE is a free open source Integretad Development Environment(IDE) for devel-
opers which is developed by Sun Microsystems [20, 21]. Netbeans IDE started in 1997
and were later bought by Sun Microsystems in 1999. The name Netbeans IDE refers both
to the platform from developing Java applications and to the Integrated Development En-
vironment(IDE) for using the Netbeans platform. The platform is generic and can be used
to develope any kind of software application.

15
3.2.1 Java Platform Enterprise Edition (Java EE)
Java plattform Enterprise Edition (Java EE) is a platform for developing robust, portable,
scalable and secure serverside Java applications [20, 21]. The Java EE applications pro-
vides functionality to deploy fault-tolerant, distributed, multi-tier Java software based on
components that is deployed on application servers that can be accessed through a web
browser. Java EE provides the developer with a framework for developing and deploying
web services on the java platform. For faster solutions and to simplify the development
Java EE uses "containers". One of theese containers is the Enterpris JavaBeans (EJB)
which provides the developer with features as scaling, threading, transaction management
etc. Java EE allows freedom of choice beacause the Java EE technology use standards that
many vendors can implement. To ensure compability among the applications Java EE sup-
plies a Compability Test Suite (CTS) which makes the portability of the components and
applications written for the Java platform by the vendors much easier. Java EE simplifies
the connectivity for already existing applications and systems that can be used on the web
or in other devices.

3.2.2 Integrated Development Environment (IDE)

A Integretade Development Environment is a software programming enivronment which
often consists of a Graphical User Interface (GUI), a compiler, code editor and a debugger
[22, 21]. The IDE may be a standalone program or be included in another compatible
program. Example of IDEs is Visual Studio, Netbeans IDE, Frontpage and Dreamweaver.
As in Figure 3.1 it is shown that Netbeans IDE 6.0 consists of a GUI, an editor, other
visual tools and a compiler.

3.3 Sun Java System Application Server PE 9 and Glass-

Fish v2
The Java Enterprise Edition (Java EE) within the Netbeans IDE works with any standard
Java EE application Server. Some of the know servers it works with is Sun Java System
Application Server 8 and 9, GlassFish v1 and v2, Apache Tomcat 4, 5 and 6, JBoss 4,
BEA WebLogic 10, IBM WebSphere 6, and others. One of the servers that come with
the Netbeans IDE 6.0 is the GlassFish v2 server that is developed by Sun Microsystems.
GlassFish is an Open Source, Community Based implementation of Java EE 5 and is based
on the source code for Sun Java System Application Server PE 9 [27].

3.3.1 Security
Security within the server is about protecting data by preventing unauthorized access and
damage to it. The security is based on the Java 2 Enterprise Edition (J2EE) standards.
The J2EE standard includes some built in security as cryptography, authentication and

16
 Figure 3.1: Netbeans IDE 6.0 shows the IDEs. Editor, GUI, other visual tools etc.

authorization, and public key infrastructures. The Application server support both SSL
3.0 (Secure Socket Layer) and Transport Layer Security (TLS) 1.0 encryption protocols.
The server provides with a tool to configure the security. With this tool the security of
the entire server can be configure as to manage users, groups, and realms, and to perform
other system-wide security tasks [27, 28, 29].

Java Enterprise Edition (Java EE)

The security of the component used in Java EE web services is taken care by the components
container. The containers provides with two different kind of security, declarative and
programmatic security [28].
• Declarative security describes the security requirements of the application com-
ponents by using deployment descriptors that are external and includes information
about security roles and access requirements.
• Programmatic security makes security decisions and is embedded in the appli-
cation. The programmatic security works with the declarative security and cannot
work sufficient with out it.
• annotations(metadata) specifies the security information within a class file. This
class file can be use or overridden by the application deployment descriptor.
The Java EE components can contain both protected and unprotected resources. To
ensure that users have authorised access the resources have to be protected. That is why
Authorization is needed which provides with controlled access to protected resources.
Authorization is based on authentication and identification.

17
Java Standard Edition (Java SE)
As described in Java EE authorization is needed to have control over the protected re-
sources. This makes the use of authentication and identification crucial when protecting
the data from unauthorised users. Java SE provides support of security mechanisms. Some
of the implementation mechanisms are described below [28].

• Java Authentication and Authorization Service (JAAS): JAAS is an under-

lying technology for Java EE security mechanism. It is a service for enforcing access
and authentication control upon users.

• Java Generic Security Services (Java GSS-API): This security service provides
a secure way to exchange messages between communicating applications.

• Java Cryptography Extension (JCE): This is a framework used for implemen-

tation of encrypting data by using known algorithms. JCE supports different kinds
of ciphers, it also supports secure streams and sealed objects.

• Java Secure Sockets Extension (JSSE): Provides a framework and an implemen-

tation for a Java version of the SSL and TLS protocols and includes functionality
for data encryption, server authentication, message integrity, and optional client au-
thentication to enable secure Internet communications.

• Simple Authentication and Security Layer (SASL): SASL is an internet stan-

dard protocol for authentication optional establishment of a security layer between
client and server applications.

18
Chapter 4

Project Methodology, Goals and

Implementation

4.1 Methodology
Working with a project with some kind of method will help you to solve some problems
it also makes it easier to know what to do in a more structural way. The method does
not help with specific details but it helps setting up goals and guidelines. There are
different methodologies for different kind of projects and for this project the case study
method is preferred [1]. In a case study the case is first presented and the goal for the
project will be decided. In our case a website will be presented below and the goal is to
implement it in the easiest way with the components, methods etc. that the Web Platforms
provide. The implementation and design should be structured. The design in a case study
may be flexible, it is ok to change the question at issue and slightly change the direction
within the study. This suites this project well because within the study problems and
new questions can be found when implementing the website therefore some changes can
be necessary under the developing of the website. In a case study the primary data should
be qualitative and as in this project the data endures of the implementations made in the
two Web Platforms. This data will be the qualitative data that will be evaluated and
compared. The evaluations and conclusions that will be drawn are my own opinions and
will be as fairly judged as possible.
To study these two different Web Platforms that should be compared and evaluated it is
wise as said above to specify the website before starting to implement it. In this project
a dynamic homepage will be implemented and out of this hopefully some results and
conclusions can be drawn.

4.2 Goals
In this project there will be a comparison between two web platforms that uses different
technologies and programming languages. One of the platforms uses JSP (Java Server

19
 Figure 4.1: Prototype of the Welcome page

Pages) with java technology and the other platform uses ASP (Active Server Pages). These
two platforms will be used to implement a dynamic website as the specification seen 4.3.
The areas that will be tested are design, development/implementation and manageability.
To test these area some test scenarios have be made and can be seen in section 5.1. The
goal is to be able to compare these two platform, draw some conclusion and perhaps show
if there is some of the platforms that is preferable.

4.3 Website Specification

The website that will be implemented is a site where a customer can put their apartment,
house or summerhouse out for sale. First the site of course must have a welcome page
with information about the site, see Figure 4.1. The welcome page should have a banner
with a logo and the name of the site. On the left side the menu will be presented and will
be shown on almost every page of the site. The customer should then be able to make
an account which will contain information about themselves. When creating the account
the user have to write the following information: Forename, Last name, city, email and
a password as seen in figure 4.2. When typing in the email address the website should
check if it is a valid email address. To verify that the customer have written right email
and password the customer have to write it twice and then they will be check against each
other to verify that it is correct. When the user has created an account the user should
then be able to create an object. The object creation page is the page that gathers the
information about the object that will be shown in the show objects page. The customer
will provide the website with the information needed about the object. The information
that is needed is for example living area, site are, which year the object was built and
repaired, address etc. The GUI (Graphical User Interface) of this page can be seen in

20
 Figure 4.2: Prototype of account creation page

figure 4.3. On the create object page the customer should be given the opportunity to add
some picture of the object if it is desired. To view the objects on the website simply press
the link to show objects from the menu on the left side. On this page the customer should
be presented with for example a table with the objects that exists on the website as seen
in figure 4.4. From this page the customer should be able to choose one of the objects to
get more information about the chosen object. On the page that shows the chosen object
the information should be presented in a way that it is easy to read the information. On
the page the customer should be able to press a button or something to be redirected to
a page that shows the pictures of the object. The website also got a login page. On this
page the customer can login which is necessary for getting access to the object creation
page. The idea of having the login page is to test if the web platform has some built in or
some other way any implementation to encrypt a password. The website should contain a
database where all the information from the customer, object and the pictures belonging to
the objects should be saved. The design and relations of the database is describe with an
ER (Entity-Relationship) model shown in figure 4.5. Which database that should be used
in the different Web Platforms will be chosen when implementing. A good choice would
be to pick a database that is produced by the same manufacture as the Web Platform
this should give the best performance because the manufacture hopefully have made it in
every way compatible and taken in consideration to have the best performance for its own
development program. The website will be implemented by the two web platforms on the
same computer. The system specifiaction of the computer is: AMD Turion 64bits 1.8GHz
processor with one gigabyte DDR ram memory running on Windows XP Home edition.

21
Figure 4.3: Prototype of create object page.

Figure 4.4: Prototype of show objects page.

22
Figure 4.5: Entity-Relationship Model

23
4.4 Visual Studio Implementation
Before starting implementing in Visual Studio I first had to install the program. Installing
Visual Studio 2005 was very easy and no problem was encountered. After installing the
program some new updates was automatically installed. At the first glance of Visual Stu-
dio it looks very professional with a good design and menus easy to understand and read.
I have had no previous experiences with Visual Studio 2005 Asp.net website development
so I started to search information on the web. Searching Google I found MSDN (Microsoft
Development Network) and ASP.NET websites which had a lot of information about de-
veloping in Asp.net Visual Studio. At the Asp.net there are many tutorials for beginners
and more advanced developers. The tutorials can be watched as videos where a Microsoft
developer tries to learn how to develop in Visual Studio and there is also possible to view
the source code from tutorials. After watching some videos and going through tutorials I
was ready to start my website project in Visual Studio. The GUI(Graphical User Interface)
of Visual Studio as can be seen in figure 4.6. On the left hand there is a Toolbox which
holds all the .net components that the developer can use in the design mode. If there is
something the developer would like to use it is only to drag and drop it on the design surface
and then the developer can use the component for example a button to click on. On the
design surface the developer can for example change the size and position of the button.
Highlighting a component on the design layout properties of the component can be seen
in the properties tab to the right see figure 4.6. In the properties tab the developer can
see and change some information, the properties are: ID, back color, css class, font, font
color etc. The ID is the name of component which the developer uses when writing source
code. Also on the right side in Visual Studio there is a solution explorer which shows your
project with the files associated to it. Here you can alter the associated files, for example
add data files etc. Above the solution explorer there is a Server Explorer which contains
information about your servers and data connections. In this tab you can find information
about your database if you have one. The information that can be seen in the database is
the tables, stored procedures etc. On the bottom of the window an output and an error
list is presented, here is the information about your project is presented for example when
the project is built and some error have been found when debugging it. All these different
tools and tabs can be chosen to be shown or not by the programme. There is also a lot of
other different that can come in handy. Now I was well known with or rather I had an idea
about how the Visual Studio layout was working and if I were to encounter some problem
I knew that more information could be found [25, 26].

4.4.1 Master Page

I started to make the design as the specification of the website see figures 4.1, 4.2, 4.3,
4.4. In ASP.NET there is something called master page which is a page that holds other
pages in a content placeholder as seen in figure 4.6. The master page is shown all the
time and within the content placeholder I can show all the other pages. The idea of the
master page is that I can show the menus and banner all the time without redrawing them

24
Figure 4.6: Visual Studio 2005

25
Figure 4.7: GUI of database tables creation

26
all the time. The layout I fixed with a table so that everything had its own place. The
banner had its space on the top, the menu to the left and the content placeholder had
its space to the right of the menu and below the banner as seen in figure 4.6. From the
toolbox navigation tab I dragged and dropped a menu onto the area for the menu. To get
the menu to work and so that the user can click a link and that the page will be shown in
the content placeholder I had to add an Xml file. I named the xml file Web.sitemap this
because it is the default name of a sitemap and the program will then automatically know
where it belongs to, this can be change in the sitemap datasource. The sitemap contains
the name that will be shown in the menu and the URL to the page that will be shown
in the content placeholder. Now basically the master page is finished and now only the
other pages specified needed to be implemented. I knew that a database was going to be
needed in the project so I started to search information in how to implement a database in
Visual Studio 2005. I found some information and tutorials [25, 26] that I read through.
I added a new database item to my project. Here it is possible to add tables and stored
procedures. I created the tables that were specified in the ER diagram. The creation of
data tables can be seen in figure 4.7. In the creation I added all the columns needed and
chose a data type for the column. Now I had a working database and could then continue
to create the rest of the specified pages.

4.4.2 Create User Page

I then started to implement the page that should create a user. The customer should be
able to create an own account and the information about the customer should be saved in
the database table Customer. I first dragged and dropped all the components in the design
window. The components used was labels, textboxes, regular expression validator, required
field validators, compare validators, validation summary and a button. When I had all the
components that were going to be needed I named them with easy to understand names.
The labels were used for information to the customer of what to write in the textboxes
except one label that is for different information purposes. The email textbox has a regular
expression validator and required field validators. The regular expression validator checks
if the information written in the email textbox is a valid email. The regular expression is
easy to implement because there exists some premade regular expressions and one of them
is a regular expression for valid email addresses. And if the customer does not provide
with a valid email address I implemented so that an error message is sent to the validation
summary. Associated to the email textbox I got a textbox were the customer has to repeat
their email. This textbox has got a compare validator component which compares the two
email textboxes and if they don’t match an error message is sent to the validation summary.
Below the email textboxes there is two password textboxes and is implemented almost like
the email textboxes except that there is no regular expression. Another difference is that
when the customer types in the password only the information shown is asterix instead
of the real password. And before saving the password to the database the password is
crypted. In Visual studio I found information about System.Security.Cryptography at
[26]. With this information I began to implement a crypt class (see 4.4.8). When the

27
customer presses the submit button on the page all the information is processed within the
submit button_click method, see appendix A.2. First I create a sql [32, 33] datasource
and set the connection string to the database. Then I set the data source to use a premade
stored procedure that I made earlier. The stored procedure holds the sql insert query that
is going to be used. Then the method is implemented to fetch the data from the textboxes
and inserts them into the database table customer. When inserting the information into
the database I decided to save the customers Ip address and a date time stamp, this to
protect the site if the customer does anything illegal or if any problems happens with an
account it is easy to show who signed up for this account.

4.4.3 Create Object Page

Next task was going to be to implement the create objects page. This is the page were
the customer types in the information about their house, apartment or summer house that
they want to sell. On this page I also used textboxes, labels, required fields and a regular
expression for the email but I also needed some new components like dropdown lists, a file
upload component and two bulleted lists. To access the create objects page the customer
must be logged in therefore when the page loads it must be checked if the customer have
logged in. So then I created a cookie that will be checked and if the cookie is null I set
another cookie that tells that the customer last visited the create objects page and then
the customer will be transferred to the login page, see A.1. If the customer is logged in
the page will be successfully loaded. The dropdown list components help the customer to
provide the page with valid data. Dropdown lists can be configured to fetch the data that
will be shown from a data source or the data items can be entered manually. I chose to
enter the data manually because it will always be the same data in the dropdown list and
the amount of choices is limited. For example I used the dropdown lists to enter amount
of rooms and I also used it to enter in which county the object will be sold. On this page
the customer also should be able to add multiple pictures of the object. To do this I added
a file upload component where the customer will be able to browse to a picture and choose
to add it. The customer can choose to add a description to the picture by typing in the
description in the description textbox. Then when pushing the add picture button the
button method will be called, the picture will be saved and the two bulleted lists will be
filled with the name of the file and the description. To save the file I implemented a save
picture class (see 4.4.9). This class will resize the picture to the right size and then save
the file in the right catalogue. When the customer have added the pictures and pushes
the create object button all the information provided on the page will be save into the
database. This works much like described about the information saved to the database in
the implementation of create user page except that here the information is saved into two
separate data tables, object table and picture table. When saving the information about
the pictures the bulleted lists will be iterated through and saved. The only information
saved into the picture table is the file name and the description because the picture file is
already save and the path is known.

28
4.4.4 Login Page
The login page uses textboxes, labels and a button. When the page is loaded the cookie
that holds the information if a user is logged in is checked. If the cookie is not null the
visible flag of the labels, textboxes and buttons is set to false and an information text
that says "You are already logged in!". Another check that is performed when the page
is loaded is that it checks the cookie with information about which page the customer
were transferred from. If the cookie says that the last visited page was the create objects
page the information text "You must be logged in to create an object!" is shown. When
the customer presses the login button a sql query fetches the email, password, ip address
and the customer id from the database customer table where the email from the textbox
matches an email in the customer table. Then instead of decrypting the password in the
textbox it will be crypted with the crypt class (see 4.4.8) and check if it matches the
crypted password from the database. If the customer provided with the right password
the username and customer id cookie is set and the information text that the customer
has successfully logged in is shown. The username and customer id cookie is used to know
who is logged in.

4.4.5 Show Objects Page

Now it was time to make the page that will present the objects. For this I used a grid
view which shows the information in a table. To know what the grid view should show
a data source is created and connected to the grid view. If the database contains many
objects it will be hard to get a hold of all the objects therefore I added three dropdown
lists where the customer can narrow the search area. The search dropdown lists were going
to let the customer to choose between which house type, county and city to be shown in
the grid view table. The dropdown lists were connected to a data source but also has a
default value. The house type dropdown lists always shows all different choices in the list
in difference of the county and city dropdown lists that uses stored procedures which takes
an in value from the dropdown list to the left. County dropdown list takes the in value
from house type and the city dropdown list takes in values both from the county and house
type dropdown list. The data source that is connected to the grid view is using a stored
procedure and takes the in value from house type, county and city dropdown lists. The sql
query that the grid view stored procedure is going use is selected by some if statements, see
A.3. There are some auto formatted design selections for easier changing the appearance of
the grid view. In the design mode of the grid view I choose which columns that were going
to be shown in the grid view and I also added a hyperlink field that was going to be used
to transfer the customer to the object information page if clicked. When the hyperlink is
clicked a method is called and within this method I fetch in which row that the button
were clicked. With this information I can pass it on to the Object information page. I
configured so that a blank browser windows opens and the objects information page opens
in that window with information about which object that were clicked.

29
4.4.6 Object Information Page
This page will show the object information. For showing the information about the oject I
used labels. On the page there is also a picture of the object that is shown and a hyperlink
which will transfer the customer to a page that shows all pictures of the object with the
belonging description. Implementing the code of the page I created a sql query that will
join the object database table with the picture table, doing this I only have to operate on
one table. The sql query fetches the object with the same object id that were passed from
the previous page 4.4.5. Having the query string i made the connection to the database.
A sql command were created and the parameter objectid were added to the sql command.
I then executed the sql command into a sql data reader that helps reading the information
from the database. Then i started to read the reader to get the object informatin that i
needed. The labels on the page were set with information by the data reader. After closing
the database connection I sat the object id cookie so the object id information could be
accessed from the show pictures page.

4.4.7 Show Pictures Page

The show pictures page only have on purpose and that is to show the pictures with belong-
ing description. I wanted the page to show the pictures as one column with the picture
first and the decsription under the picture. For this I placed a datalist in the design view
and to know which pictures to show I also added a sql data source. The sql query of the
data source should only get the name of the picture and the description. For adding a
image to the datalist I had to implement some asp code. This code changed the datalist
so it first shows an image followed by a description.

4.4.8 Crypt Class

The crypt class is for crypting information. The way I used the crypt class is to crypt the
password string. It takes the password as a string and another string to salt the password.
First the password string is converted into a byte array. Then the password is turned into
a key and an IV (Initialization vector) and then the password is salted with the user’s
ip and a word. I used the Rijndael algorithm for decrypting the password. The Rijndael
algorithm uses the key length of 256 bits and is available in all platforms. The crypt class
can be seen in appendix A.5.

4.4.9 Save Picture Class

The save picture class resizes the picture, checks if the name already exists and then saves
the file to disk. First some information is set, like the path and filename. Then a check is
preformed to check if a file with the same name already exists. If the file already exists the
new filename is prefixed with a number. Save the file to disk and then load the file into
a bitmap image. If the bitmap image is to big resize it to the preferred size. Then delete

30
the first file saved on the disk and save the new resized image. The save picture class is
available in appendix A.4.

4.5 Netbeans Implementation

First I had to install the developing software before starting to implement. I browsed
through Sun Microsystems website and found Sun Java Studio Creator 2 which I installed.
That was not enough to get the program to work because I also had to install the Java EE
SDK to be able to implement in Sun Java Studio Creator 2. String up the program it looked
like a little bit old and had not so many functions. I then started to search more information
about the program and found out that Sun Microsystems recommended migrating from
Sun Java Studio Creator 2 to Netbeans IDE 6.0. So I downloaded Netbeans IDE and it
already contained all files and Java EE that were needed. This time opening the program
Netbeans IDE 6.0 I was satisfied with the GUI and a quick look at functions it contained all
that I were going to need. Now I started to research in how this program works. I searched
through Sun Microsystems and Netbeans websites but found only limited documentations
and tutorials about it. But reading through the documentations and looking at some
tutorials I had an idea in how I would start the project. I started a new project and looked
through the GUI of the developing surface. The GUI has a good design that is easy to
understand and use as seen in figure 4.8. To the right in the window there is a palette
with all the components like buttons and labels that the developer can drag and drop onto
the design surface. On the design surface the developer can for example change the size
and position of the buttons, labels etc. Under the palette there is a properties window
that show information about for example components that are highlighted when clicked
upon. When the component is highlighted the developer can change the properties of the
highlighted component for example it show the id, text, style etc. The id properties is the
name of the component that can be used when for example the developer is implementing
code and want to use that component. To the left side there is window for services. The
service window shows databases, web services and the server. Here it is possible to create
a database with existing tables etc. Beside the service window there is a projects window.
In this window all the files of the project is shown. Here the developer can add new and
existing files to the project. Also on the left side there is a navigator window which shows
where the components on the design surface belongs to for example that a textbox lies
within a layout panel. On the GUI there is a window that shows the output from the
debugging etc. Here the developer gets information about errors and warnings. Instead
of the design surface window the developer can click a tab to change to JSP (Java Server
Pages) or java code window. In the JSP tab window it is possible to implement the website
page with jsp code. The java tab window is where the developer can write code behind.
Here the developer can implement java code to make the website to work like an ordinary
program. When changing to these code windows the palette changes its contents. In the
jsp palette window java script code parts can be found and in the java window java code
parts. Browsing through the Netbeans IDE 6.0 I now could start implementing the pages

31
 Figure 4.8: The GUI of Netbeans IDE 6.0

needed for the website.

4.5.1 Beginning
I know could start my project. I started by creating the visual design of all the pages by
working in the design mode see figures 4.1, 4.2, 4.3, 4.4. Now having a prototype of
the desing I knew that I needed a database to save all the information about customers,
objects and pictures. I then started implement a database as specified in section 4.3. In
the service window I created a new connection and here I chosed to se the Apache Derby
database which is developed by Sun Microsystems. It know existed a database with a
connection and under this connection I added the tables that I needed. Within the tables
I created all the columns that I earlier had specified. Know I had a database were I could
save all the information.

4.5.2 Navigation Bar

The menu that as in the specification is on the right side is implemented in a fragment.
A fragment is a piece of a page such as a header, footer, or navigation bar, that can be
reused in other pages. In the fragment I implemented a hyperlink to all pages. I sat the

32
propertie of the hyperlink url to the page the link should redirect the customer to when
clicked. Now I could use this fragment as an navigation bar in all my pages.

4.5.3 Create User Page

This page is where the customer should be able to sign up for an account. The components
that I needed to use on this page were text fields, password fields, a button, a static text and
the menu that I created see section 4.5.2. The components were put inside a layout panel
all except the menu. This layout panel made it possible to move the panel around without
interfere with the layout inside the panel. In the text fields the customer should write some
information like their name, email and a password. The text fields have some properties I
had to change to have the behaviour that I wanted. I change the label properties so that
the customer should know what to write in the text field. I checked the checkbox required
field properties for some text fields to know that the text field contains information and
that it is required. The email text field needed to be checked that it contains a valid email
address for this I changed the events properties so when an event happens this method
will be triggered. Within this validate method I implemented some code that checked
the email text field against a regular expression. If the email is invalid an error messages
shows in the error static text. Under the email text field there is an email confirmation
text field. This text field also has a validate method and it compares the data within the
two email text fields and compares them against each other. If the not match an error
message is displayed. The password field is where the customer writes the password that
is desired. Writing the password in this field the only visible information is asterisks. This
password field is compared against the confirm password field within the validate method
of the confirm password field. When the create account button is pushed the submit
button_action method is called. In this method the data from the text fields is saved into
the database as seen in B.1. First a row key is set to an empty row in the database table.
The ip address of the customer is sat into a local variable, then all data from the text fields
is set into the data provider for the customer. The value set is first name, last name, email,
password and the ip address is set from the local variable. The data provider commits the
changes, this is the step where the data provider saves the data into the database. If
anything goes wrong the method catches the error and an error messages it written to the
log.

4.5.4 Create Object Page

This is the page where the customer can create the object that is for sale. Here all the
information is gathered and stored in the database. First when loading the page checks
if the customer have logged in at the login page. This is done by checking if the "fname"
session cookie is not null and if the cookie is equal to null the customer is redirected to
the login page. For this page I used text fields, dropdown lists, the navigation fragment, a
button and a layout panel. In the text fields is where the customer should provide with the
information about the object. The dropdown lists is also for providing with information

33
about the object, for example the dropdown lists is for choosing how many rooms the
object have. The data that the customer can choose in the dropdown lists is configured
into the default option of the lists. Here it is possible to configure the text that is displayed
for the customer and the output value that each text gives when chosen, when the customer
chooses the text 3 in the dropdown lists I sat the output value to be 3 and this is the value
that will later be saved into the database. I also used a dropdown lists for choosing in
which county the object lies. Here the customer can choose between all counties in Sweden
and the output value is equal to the text that the customer chooses. When pressing the
submit button the data provider row key is set to the next empty row in the database
table. All values from the text fields and dropdown lists are put into the data provider.
The customer id I sat to the customer that is logged in. The data provider commits the
changes made to the database, this is the step where the data provider actually saves the
data into the database. The customer is then redirected to the add picture page 4.5.4.

Add Picture Page

On this page the customer can add pictures and description to the picture that shows the
object. This page contains a file upload component, a text area, static text fields and two
buttons. In the file upload component the customer can browse through their computer to
the picture file they want to add. Then in the text area a text that describes the picture can
be written. The static text fields show information about the file like the size and name.
When pushing the add picture button the code within the add picture button method is
processed. This method gets the filename from the file in the file upload component. Then
it gets and sets the information about the file into the static text fields. The path where
the file should be saved to I set and then the files is saved onto the server. The filename,
description and object id is then saved into the database. When added all the pictures for
the object the customer then should press the finished button and will be redirected to the
object information page (see 4.5.7) where the added object now should exist.

4.5.5 Login Page

The login page is as it sounds the page where the customer can login to their account. On
this page I used a text field for the user name, a password field for the password, a static
text for showing information text, the navigation fragment so it is possible to navigate to
the other pages and a login button. When pushing the login button a method I called. In
this method the password that is provided in the password text field is compared against
the password in the database belonging to the email written in the email text field. If
it matches the status static text field shows that the customer now is logged in, the first
name and email of the customer is stored in a session cookie.

34
4.5.6 Show Objects Page
In the show objects page a table is used. In the table all the objects is shown. Some of
the objects information is shown in different columns and in one column there is a button
called information. If the customer clicks this information button the pages redirects
the customer to the object information page (see 4.5.7). In the method called when the
information button is clicked the row key is sat to the right row and the object id of that
row is written into the session cookie. On this page there are two dropdown lists where the
customer can narrow the shown objects in the table. The two dropdown lists is narrowing
the search in the categories county and city. The county dropdown lists is bound to a data
provider which get data from the county column from the object table in the database,
this is the alternatives it shows in the list. The city dropdown list gets in data from the
county dropdown list to only show the cities that lie within that county. This dropdown
list also gets its data from the database.

4.5.7 Object Information Page

Here all the information about the object is shown with a nice design. The page contains
labels, static text fields and a hyperlink. The labels are information text about what is
shown in the static text fields. In the static text field data is fetched from the database and
is shown. When the page loads the object that has the same object id as the session scope
is fetched by the data provider. Then all the static text fields are set with information from
the data provider that fetched the object from the database. When pressing the hyperlink
the customer is redirected to the show pictures page (see 4.5.8).

4.5.8 Show Pictures Page

In this page I implemented a table that shows the picture and the description belonging
to it. When the page loads the session scope is fetched and a variable is set with that
information. In the table I implemented so that an image would show in the first column.
The path to the image is configured and the file name is fetched by the data provider that
was initialized when the page were loaded. The description column also gets its data from
the data provider.

35
Chapter 5

Microsoft Visual Studio ASP.NET vs

Sun Microsystems Netbeans IDE

5.1 Comparison Scenarios

To compare the two web platforms some specific comparison scenarios within different
areas are created. This is done to give a better control over what is tested and compared.
There are three main areas that will be deeper checked within the web platforms. The
three areas are design, development and manageability. Design is in how the appearance of
the website can be altered and how it is possible to make the design attractive for the users.
Development will show how difficult it is to implement the web site mostly implementing
code behind for example the database. Manageability is how the web site can be altered,
maintained and in which way pictures and data may be substituted. Working with different
components I had limited time to figure out of they work. So when when properties and
diferent functions of the components could not be found you have to have in mind that
they may exists but takes a larger amount of time to find than this project had for each
platform.

5.1.1 Design
This testing will give a better idea in how the design can be configured. The main idea
of this website is that it should have a design that is attractive and that the site is easy
to navigate. In the comparison the different design of the components used for the con-
struction of the website will be compared in how they can be changed to give an attractive
appearance. Is it possible to change the components in every way? Which different layout
tools does the developer have access to and how can they be used.

5.1.2 Development
This area will show in how the developing tools as the components and other tools are easy
to understand and use. It will also give a better idea in how writing code as the methods

36
etc. What properties do the components have to help us to develop the website to have
the functions that we want? Is the data within the components easy to access and in what
way is it possible to alter the properties? In what way can we write the code for methods
like a button? Is it easy to store, retrieve and access data from the database?

5.1.3 Manageability
To keep a website updated there must be some way to manage the website to change the
information and pictures that the website holds. How is it possible to change information
and pictures within the website? Can the admin delete customers, objects and pictures
from the database? Is it much work to change the appearance of the website without
changing the functionality of the website?

5.2 Evaluation
5.2.1 Microsoft Visual Studio ASP.NET
At a first glance at Visual Studio the program seems very proffesional with a neat design.
Visual Studio have a rich toolbox with many components that may come in handy and I am
satisfied at what I see. Clicking around in the program it seems to have many functions
and options to help developing a website. Here is some of the components that I used
developing the website:

• TextBox The textbox is in it self a simple component that lets the user to write
text in it. In the properties window the textmode of the textbox can be singleline,
multiline or password.

• Label This component can hold text messages and can be changed whenever the
developer wants. Not much to talk about this component.

• RequiredFieldValidator This is used when it is requried that the user writes some-
thing in a textbox before submitting it. The component have a field which is set to
what component it should check. There is properties which in an error message can
be written that will be displayed in a validation summary when the validated control
is invalid.

• RegularExpressionValidator This component is set in the propertis window to

belong to an existing component and it checks if the information written in the
textbox matches the regular expression. In the components propertie it exists a
bunch of regular expressions to choose from, for example phone numbers and email
address.

• Button The button can be set to cause the validation to trigger. It can be set which
URL the button should post back to when clicked and other useful properties.

37
 • ValidationSummary is where all the error messages appear and is shown. The
display mode of the component can be set so single line or bulleted list.

• DropDownList The data within the dropdown list can be configure to be static,
come from a datasource or to be hold both static and datasource values. The com-
ponent can be set to auto postback to the server after selection is changed.

• FileUpload is a useful component for uploading files.

• GridView shows the data in a table. The grid view shows the data from a datasource
which set in the propertie window. The grid view can be configured to have some
buttons. The buttons is delete, select and edit. The grid view also has a paging
function if wanted. There are a variety of other properties that can be change as the
spacing between columns and rows, cell spacing and cell padding and even more.

• DataList show the data as a list. The data list is set to a data source which shows
the data in the list.

• SqlDataSource The datasource is set to which database table it should get data
from and which sql query it should have. The sql query can either come from a stored
procedur or just plain text [32, 33].

Design
Designing the website there are many different tools to help getting the wanted appear-
ance. In Visual Studio the developer can choose to use Cascading Style Sheets which the
components can use to change the apperance [30, 31]. There are tables, divs, and other
tools to divide the page so that all the information ends up at the right place. In all these
page separators it is possible to set a background either a color or background picture. All
the components used to created the page can be configured in the propertie window which
CSS class name that will be applied to the control. The developer have full controll of
changing fonts, colors and borderstyles of the components. The different ways of showing
data as the grid view table and the data list table can be autoformated to different designs
but it is also possible to create the design of the table by hand. Designing a website in
Visual Studio is much fun and easy because there is many different ways you can alter it.
Having all this options makes it possible to make website that have different appearance
instead of having all websites looking the same.

Development
When starting developing using the tool box with all the components I think it has all
the most necessary components that can be used in the website. The toolbox consists of
different categories. The categories are standard, data, validation, navigation, login, web
parts, HTML, crystal reports, general and one categorie for AJAX extensions but that will
not be included in this report. As I said it has a very rich toolbox which I like. Using the

38
components there are a variety of properties to change the behaviour and appearance of it.
The data categorie where it is possible to show dynamic content from databases in Visual
Studio have many different approaches. For example the grid view shows the data as an
ordinary table and it can be configured in different ways to show columns and rows. The
rows can be deleted, selected and edited. The columns can be sorted in alphabetic order
and the table can be configured to use paging. That there is many different ways to present
the data gives the developer liberty to almost do what he wants. For validating data the
validation is used. These components is used when to ensure that the user types in the
right sort of data. For example the required field validator is used to ensure that the user
does not skip an entry and the regular expressions validator checks that the input data is
matches for example an email address. Implementing code in the website the developer can
choose to write the code in Visual Basic (VB) or Csharp (C#). Implementing the website
for this project I wrote the code in c#. Implementing the code I did not encountered
any problems. It was easy to implement getting the data from the database, this from
having a useful data source and good documentations from MSDN. One flaw is that when
deleting for example a method an error occurs when building the project because that in
the ASP code area of the component that the method belongs to the ASP code says that
this method should exist. But a big plus to this is that the debugger point out exactly
where the problem exists.

Manageability
Managing the website by updating it and changing the appearance should not be a problem.
Changing the appearance is not much work using Cascading Style Sheets (CSS) [30, 31] and
that the components are associated with a different class in the CSS. Then the developer
just has to change the attributes in the CSS to change the wanted appearance. If the
information that is written on the website should be altered the text can be read in from a
file that can be edited by some text editor. Changing images that are visible in the website
can be done by just replacing the image or having different numbers of images the images
can be loaded from a database and shown with some sort of data viewer.

5.2.2 Sun Microsystems Netbeans IDE 6.0

Starting up my first Netbeans IDE 6.0 project the program seems appelaing but with a
little out of date design (it looks old). The design has characteristic apperance as an old
linux opertating system. But beside that it looks very proffesional and the palette with
all the components seems to be satisfied when developing a website. Below is some of the
components used in the website:

• TextField is the component where the user types in information. The text field
have built in label in the propertie window where the component can be described
for the user. The label can be set to be placed over the text field or to the left of it.

• PasswordField the data in this text field will not be visible for the user.

39
 • Label This component can hold text messages and can be changed whenever the
developer wants. This component is usually associated with another component.

• DropDownList has also an built in label. This component can be configured to

show objects from the database or just static objects. Showing objects from database
it have to be configured to have a data provider. The component can be set auto
submit on change or not.

• Table is the component that can show data from example a database. The table is
associate with an data provider to show database objects. The table can be configured
to have paging, sorting and other properties. There are also other properties that
can be change as cell padding, cell spacing, etc.

Design
Designing the website in Netbeans IDE Cascade Style Sheets is the way that is preferred.
To make the layout divs is the best way to do it. This is shown in some tutorials on the
Netbeans website [21]. It is also possible to use tables but what I found there where no
component for this so the way to do it is to write JSP or HTML tags. But there is enough
with components to draw a fine design and layout. Implementing the design in Netbeans
IDE some problems was encountered. The problems is that when drawing the design in
layout mode sometimes the layout shows faults as components, divs etc showing up on the
wrong place. Another problem is when using fragment the fragment can end up in wrong
place when using the website even if it lies in the right place in the layout mode. Having
these small bugs makes it pretty difficult to know what to do and if there is something
wrong. Restarting the program often solves the problems. This layout mode window has
too many faults and this gives it a big minus.

Development
Developing in Netbeans IDE there is a useful palette that contains all the main components
needed for developing a website. The palette have different catgories which holds the
different component, the catgories are basic, layout, composite, validators, converters,
standard, advanced, data providers and advanced data providers. Netbeans have also the
option where you can add AJAX components but that will not be included in this report.
Developing using the components text field, dropdown list and some other components have
a useful propertie that it is possible to have the label ontop of the different components.
This label exists in the component and are not a standalone component. When showing
data from the database there are not any different ways to do this what I could found.
Using the dropdown list I had some problem because it can not have static objects in
the list and at the same time have data objects from the database. And when using the
auto submit on changes option in the dropdown list it calls all dropdown list methods
instead of just call the dropdown list method that invoked the change. This is of course
a matter of taste. The components that exists are not that many and the documentation

40
how they work is not well documented this makes that developing for the first time with
Netbeans takes little longer than having documentation. Beside that and have learned the
components I think i works just fine. When writing code in Netbeans the language used
is Java. The code part works without any major problems. One big set back is that when
an error is made in the coding part it is not possible to change view to the design and JSP
view. I came accros another problem which is that sometimes deleting components and
code parts the debugger warnes for error that is inside parts that is written by the program
and these problem is very hard to find and sometimes impossible. When developing a longer
amount of time with Netbeans it becomes very slow and sometimes it stops working and
the program have to be rebooted. Switching between the different developing views when
changes have been made is also very slow.

Manageability
Managing a website by using Netbeans should not be a problem. Updating and changing
the apperance is not that hard if Cascade Style Sheets are used, then the developer only
have to change the CSS to get another apperance of the website. All images belonging to
the website can be saved in the same folder then when changing pictures they just have to
be owerwritten by the new one. Have a dynamic amount of pictures they can be saved on a
database and showed with an table component the flaw here with Netbeans is that they by
default dont have many different ways of showing dynamic content. The text information
can be loaded from a text file of any sort, then it is easy to change the content on the page
by just editing the text file by using a text editor.

5.3 Results
The overall winner in comparing the both is the Microsoft Visual Studio ASP.NET plat-
forms. The Visual Studio platform have a much better performance than Netbeans IDE
that I found a bit slow and encountered a numerous of bugs. Visual Studio also has a much
more complete set of useful components. The documentation in Netbeans is very poor com-
pared to the Visual Studio that has a complete set of documentation of all components
and other stuff within the developing and implementation area. But with consideration
that Netbeans IDE is an open source platform I think it is pretty useful apart from the
annoying bugs. But having this in mind Microsoft also have a free web developing platform
called Visual Web Developer 2005 Express Editions that works just like the one found in
Visual Studio 2005.

5.3.1 Design
When designing both Websites with the different platforms I could draw the conclusion
that Visual Studio is clear winner of this. Both platforms have the right prerequisite
to designing a good website. They both support Style Cascade Sheets (CSS) and got

41
properties to alter the looks of a website. But Netbeans IDE have many issues of creating
the visual guidance for the developer. It exists too many bugs such as that the visual
layout window doesn’t update like it should and components end up with wrong attributes
and in the wrong place. This is a big disadvantage not seeing how the website should look
when running it.

5.3.2 Development
Developing the website using the included components of the platforms helps a lot and
both platforms have many functional components. Some of the components are harder to
use than others and here documentation is a big help. Visual studio have a much better
documentation of their components than Netbeans IDE but some of the Netbeans com-
ponents are easier to understand than the Visual studios. Implementing the code behind
buttons etc Visual studio have a big advantage with a better debugger than Netbeans
because Netbeans sometimes have problem with pointing out the errors and when error
occurs it is not possible to change to the layout mode in Netbeans. This I would also say
that Visual studio takes home a narrow victory.

5.3.3 Manageability
Managing the websites using the different platforms is pretty easy because of the use of
CSS. This helps allot when changing appearance of the website. Changing and updating
image is neither any problem in any of the platforms. This comparison scenario is a tie
between both the platforms with not finding any difference between them.

42
Chapter 6

Conclusions and Future work

6.1 Conclusions
The conclusion from the comparing is that Visual Studio with its web development platform
is ahead of Sun Microsystems Netbeans IDE. Even though Netbeans seems to be a fine
development program it has too many bugs. The web development area is bigger than it
seems. Today it is possible to develop programs from on the internet that works just like a
local program on you computer and the area is growing. Working with this project I have
learned to created dynamic web pages in both JSP and ASP platforms. I would say that
there is not much difference between developing a website in any of them. The thing that
was much work with and I had to read a lot about is the mastering of database and sql
queries. But when I got a grip on the basics it was not much work learning the rest. But
to create a website with nice looks and design a designer is almost needed. I found doing
this project that it could be much fun implementing a website and I have also learned a
lot during these weeks.

6.2 Future Works

The future work that can be done in this area is to compare these two platforms against
other platforms. It could be possible to compare AJAX component and see if there is any
difference between how the platforms uses AJAX components. It could alse be interesting
to take a closer look into plug-ins. Other things that could be to do a deeper research in
the different web servers that exist.

43
Bibliography

[1] Martin Höst, Björn Regnell and Per Runeson, 2006, Att genomföra examensarbete,
Printed by Narayana Press

[2] IDG.se, IIS, last checked 2008-02-25,

URL: http://linuxworld.idg.se/2.1014/1.116952

[3] ecma INTERNATIONAL, CLI, last checked 2008-02-25,

URL: http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-
335.pdf

[4] HiTMilL (Cheryl Gribble), Updated 06 March 2007, Introduction, last checked 2008-
02-25,
URL: http://www.hitmill.com

[5] DEVELOPERfusion (James Crowley), ASP, last checked 2008-02-25,

URL: http://www.developerfusion.co.uk

[6] Microsoft Corporation, ASP, last checked 2008-02-25,

URL: http://msdn2.microsoft.com/en-us/library/aa155073.aspx

[7] DevGuru, ASP, last checked 2008-02-25,

URL: http://www.devguru.com/

[8] Microsoft Corporation, IIS, last checked 2008-02-25,

URL: http://www.microsoft.com/windowsserver2003/iis/default.mspx

[9] Microsoft Corporation, IIS, last checked 2008-02-25,

URL: http://www.iis.net

[10] TechTarget, IIS, last checked 2008-02-25,

URL: http://searchwindowssecurity.techtarget.com/

[11] CERT, IIS, last checked 2008-02-25,

URL: http://www.cert.org/advisories/CA-2001-13.html

[12] Microsoft Corporation, IIS, last checked 2008-02-25,

URL: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS

44
[13] Microsoft Corporation, IIS, last checked 2008-02-25,
URL: http://msdn.microsoft.com/msdnmag/issues/02/09/Passport/

[14] IETF Tools, IIS, last checked 2008-02-25,

URL: http://tools.ietf.org/html/rfc2617

[15] Microsoft Corporation, Com, last checked 2008-02-25,

URL: http://www.microsoft.com/com/default.mspx

[16] Microsoft Corporation, Com, last checked 2008-02-25,

URL: http://msdn2.microsoft.com/en-us/library/ms877981.aspx

[17] Microsoft Corporation, Com, last checked 2008-02-25,

URL:http://msdn2.microsoft.com/en-us/library/ddk909ch(VS.71).aspx

[18] CS Dept. NSF-Supported Education Infrastructure Project,Java, last checked 2008-

02-25,
URL:http://ei.cs.vt.edu/book/chap1/java_hist.html

[19] Sun Microsystems , Java, last checked 2008-02-25,

URL: http://www.java.com/sv/

[20] Sun Microsystems , Java, last checked 2008-02-25,

URL: http://java.sun.com/

[21] Sun Microsystems , Java, last checked 2008-02-25,

URL: http://www.netbeans.org/index.html

[22] TechTarget , Java, last checked 2008-02-25,

URL: http://searchsoftwarequality.techtarget.com/sDefinition/0„sid92_gci754848,00.html

[23] Microsoft Corporation, ASP, last checked 2008-02-25,

URL: http://msdn2.microsoft.com/en-us/library/930b76w0(VS.71).aspx

[24] Microsoft Corporation, ASP, last checked 2008-02-25,

URL: http://msdn2.microsoft.com/en-us/library/aa720329(VS.71).aspx

[25] Microsoft Corporation, Implementation, last checked 2008-02-26,

URL: http://www.asp.net/

[26] Microsoft Corporation , Implementation, last checked 2008-02-26,

URL: http://msdn2.microsoft.com/sv-se/default(en-us).aspx

[27] Sun Microsystems, Sun Java System Application Server Platform Edition 9, last
checked 2008-03-07,
URL: http://docs.sun.com/app/docs/coll/1343.3

45
[28] Sun Microsystems, Java Information, last checked 2008-03-07,
URL: http://java.sun.com/javaee/5/docs/tutorial/doc/docinfo.html

[29] Sun Microsystems, Sun Java System Application Server Platform Edition 9,last
checked 2008-03-25,
URL: Sun Java System Application Server Platform Edition 9

[30] W3C , Cascading Style Sheets,last checked 2008-03-28,

URL: http://www.w3.org/Style/CSS/

[31] Web Design Group, Cascading Style Sheets,last checked 2008-03-28,

URL: http://htmlhelp.com/reference/css/

[32] W3 Schools, Structured Query Language,last checked 2008-03-28,

URL: http://www.w3schools.com/sql/default.asp

[33] Mälardalens Högskola IDt, Structured Query Language and Database,last checked
2008-03-28,
URL: http://www.idt.mdh.se/kurser/cd5430/

46
Appendix A

Visual Studio implementation

A.1 CreateObject.aspx.cs
protected void Page_Load(object sender, EventArgs e)
{
// If no user is logged in
if (Request.Cookies["UserName"] == null)
{
HttpCookie myCookie = Request.Cookies["PreviousPage"];
myCookie["PreviousPage"] = "CreateObjecNotMember.aspx";
Response.Cookies.Add(myCookie);
Server.Transfer("Login.aspx");
}
}

A.2 CustomerSignUp.aspx.cs
public partial class CustomerSignUp : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
HttpCookie myCookie = Request.Cookies["PreviousPage"];

if ( Request.Cookies["PreviousPage"] != null)
{
if (myCookie["PreviousPage"] == "CreateObjecNotMember.aspx")
{
InformationLabel.Visible = true;

47
 }
myCookie["PreviousPage"] = "CustomerSignUp.aspx";
Response.Cookies.Add(myCookie);
}

protected void SubmitButton_Click(object sender, EventArgs e)

{
SqlDataSource PHDataSource = new SqlDataSource();
PHDataSource.ConnectionString = ConfigurationManager.
ConnectionStrings["PHDatabaseConnectionString1"].ToString();

PHDataSource.InsertCommandType = SqlDataSourceCommandType.StoredProcedure;
PHDataSource.InsertCommand = "InsertCustomerInformation";

PHDataSource.InsertParameters.Add("Firstname", FirstnameTextBox.Text);
PHDataSource.InsertParameters.Add("Lastname", LastnameTextBox.Text);
PHDataSource.InsertParameters.Add("Email", EmailTextBox.Text);
PHDataSource.InsertParameters.Add("IPAddress", Request.UserHostAddress.ToStrin

// Encrypt the password

string PassWord = Crypt.Encrypt(PasswordTextBox.Text, Request.UserHostAddress.
PHDataSource.InsertParameters.Add("Password", PassWord);

int rowsAffected = 0;

try
{
rowsAffected = PHDataSource.Insert();
}
catch (Exception ex)
{
// Att göra: Skicka till windows error log

Server.Transfer("Problem.aspx");
}
finally
{
PHDataSource = null;
}

if (rowsAffected != 1)
{
Server.Transfer("Problem.aspx");

48
 }
else
{
Server.Transfer("Welcome.aspx");
}
}
}

A.3 Showobjects stored procedure

ALTER PROCEDURE dbo.Showobjects
@Housetype varchar (50),
@City varchar (50),
@County varchar (50)

AS
BEGIN IF @Housetype != ’1’ AND @City != ’1’ AND @County != ’1’
SELECT * FROM Object
WHERE Housetype = @Housetype AND City = @City AND County = @County
ELSE IF @Housetype != ’1’ AND @City = ’1’ AND @County = ’1’
SELECT * FROM Object
WHERE Housetype = @Housetype
ELSE IF @Housetype = ’1’ AND @City != ’1’ AND @County = ’1’
SELECT * FROM Object
WHERE City = @City
ELSE IF @Housetype = ’1’ AND @City = ’1’ AND @County != ’1’
SELECT * FROM Object
WHERE County = @County
ELSE IF @Housetype != ’1’ AND @City != ’1’ AND @County = ’1’
SELECT * FROM Object
WHERE City = @City AND Housetype = @Housetype
ELSE IF @Housetype != ’1’ AND @City = ’1’ AND @County != ’1’
SELECT * FROM Object
WHERE County = @County AND Housetype = @Housetype
ELSE IF @Housetype = ’1’ AND @City != ’1’ AND @County != ’1’
SELECT * FROM Object
WHERE City = @City AND County = @County
ELSE
SELECT * FROM Object
END
RETURN

49
A.4 SavePic.cs
public class SavePic
{
public static string Save(FileUpload file)
{
// Specify the path to save the uploaded file to.
string savePath = "~\\Images\\";

// Get the name of the file to upload.

string fileName = file.FileName;

// Create the path and file name to check for duplicates.

string pathToCheck = savePath + fileName;

// Create a temporary file name to use for checking duplicates.

string tempfileName = "";

// Check to see if a file already exists with the

// same name as the file to upload.
if (System.IO.File.Exists(pathToCheck))
{
int counter = 2;
while (System.IO.File.Exists(pathToCheck))
{
// if a file with this name already exists,
// prefix the filename with a number.
tempfileName = counter.ToString() + fileName;
pathToCheck = savePath + tempfileName;
counter++;
}
fileName = tempfileName;
}

// Append the name of the file to upload to the path.

savePath += fileName;
file.SaveAs(savePath);

System.Drawing.Image.GetThumbnailImageAbort myCallback =
new System.Drawing.Image.GetThumbnailImageAbort(ThumbnailCallback);
Bitmap myBitmap = new Bitmap(savePath);

int width = 0;

50
 int Height = 400;

if (myBitmap.Height > Height)

{
double temp = Convert.ToDouble(myBitmap.Height) / 400.0;
temp = Convert.ToDouble(myBitmap.Width) / temp;
width = Convert.ToInt32(temp);
}
else
{
width = myBitmap.Width;
}
System.Drawing.Image myThumbnail = myBitmap.GetThumbnailImage(
width, Height, myCallback, IntPtr.Zero);

myBitmap.Dispose();

try
{
using (StreamWriter sw = File.CreateText(savePath)) { }

File.Delete(savePath);
}
finally
{
myThumbnail.Save(savePath);
}
return fileName;
}
public static bool ThumbnailCallback()
{
return false;
}
public void Save()
{
// Add constructor here
}
}

51
A.5 Crypt.cs
public class Crypt
{
// Encrypt a byte array into a byte array using a key and an IV
public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
{
// Create a MemoryStream to accept the encrypted bytes
MemoryStream ms = new MemoryStream();

// Create a symmetric algorithm.

// Use Rijndael because it is strong and
// available on all platforms.
// You can use other algorithms, to do so substitute the
// next line with something like
// TripleDES alg = TripleDES.Create();
Rijndael alg = Rijndael.Create();

// Now set the key and the IV.

// We need the IV (Initialization Vector) because
// the algorithm is operating in its default
// mode called CBC (Cipher Block Chaining).
// The IV is XORed with the first block (8 byte)
// of the data before it is encrypted, and then each
// encrypted block is XORed with the
// following block of plaintext.
// This is done to make encryption more secure.

// There is also a mode called ECB which does not need an IV,
// but it is much less secure.
alg.Key = Key;
alg.IV = IV;

// Create a CryptoStream through which we are going to be

// pumping our data.
// CryptoStreamMode.Write means that we are going to be
// writing data to the stream and the output will be written
// in the MemoryStream we have provided.
CryptoStream cs = new CryptoStream(ms,
alg.CreateEncryptor(), CryptoStreamMode.Write);

// Write the data and make it do the encryption

cs.Write(clearData, 0, clearData.Length);

52
 // Close the crypto stream (or do FlushFinalBlock).
// This will tell it that we have done our encryption and
// there is no more data coming in,
// and it is now a good time to apply the padding and
// finalize the encryption process.
cs.Close();

// Now get the encrypted data from the MemoryStream.

// Some people make a mistake of using GetBuffer() here,
// which is not the right way.
byte[] encryptedData = ms.ToArray();

return encryptedData;
}

// Encrypt a string into a string using a password

// Uses Encrypt(byte[], byte[], byte[])

public static string Encrypt(string clearText, string Password)

{
// First we need to turn the input string into a byte array.
byte[] clearBytes =
System.Text.Encoding.Unicode.GetBytes(clearText);

// Then, we need to turn the password into Key and IV

// We are using salt to make it harder to guess our key
// using a dictionary attack -
// trying to guess a password by enumerating all possible words.
PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d,
0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76});

// Now get the key/IV and do the encryption using the

// function that accepts byte arrays.
// Using PasswordDeriveBytes object we are first getting
// 32 bytes for the Key
// (the default Rijndael key length is 256bit = 32bytes)
// and then 16 bytes for the IV.
// IV should always be the block size, which is by default
// 16 bytes (128 bit) for Rijndael.
// If you are using DES/TripleDES/RC2 the block size is

53
 // 8 bytes and so should be the IV size.
// You can also read KeySize/BlockSize properties off
// the algorithm to find out the sizes.
byte[] encryptedData = Encrypt(clearBytes,
pdb.GetBytes(32), pdb.GetBytes(16));

// Now we need to turn the resulting byte array into a string.

// A common mistake would be to use an Encoding class for that.
//It does not work because not all byte values can be
// represented by characters.
// We are going to be using Base64 encoding that is designed
//exactly for what we are trying to do.
return Convert.ToBase64String(encryptedData);

}
public Crypt()
{
// Add constructor here
}
}

54
Appendix B

Netbeans IDE 6.0 implementation

B.1 Create User SubmitButton method

public String submitbutton_action()
{
try {
RowKey rk = customerDataProvider.appendRow();
customerDataProvider.setCursorRow(rk);

InetAddress IPAddress = InetAddress.getLocalHost();

customerDataProvider.setValue("FIRSTNAME",
String.valueOf(firstnametextField.getText()));
customerDataProvider.setValue("LASTNAME",
String.valueOf(lastnametextField.getText()));
customerDataProvider.setValue("Email",
String.valueOf(emailtextField.getText()));
customerDataProvider.setValue("IPADDRESS",
IPAddress.getHostAddress());
customerDataProvider.setValue("PASSWORD",
String.valueOf(passwordField.getText()));

customerDataProvider.commitChanges();
} catch (Exception ex) {
log("Error Description", ex);
error(ex.getMessage());
}
return null;
}

55