"Secure Accounting & Logging System": Bachelor of Computer Application

Secure Accounting & Logging
PROJECT REPORT ON
SECURE ACCOUNTING & LOGGING SYSTEM

SUBMITTED FOR THE PARTIAL FULFILLMENT OF THE REQUIRMENT FOR THE AWARD OF THE DEGREE OF
BACHELOR OF COMPUTER APPLICATION

SUBMITTED BY HIMANSHU BHATI (R.N.- 8693007) SUNIL YADAV (R.N.- 8693017)
INNOVATIVE INSTITUTE OF EDUCATION & TECHNOLOGY 6, KNOWLEDGE PARK II, GREATER NOIDA (U.P.)
1
CERTIFICATE
INNOVATIVE INSTITUTE OF EDUCATION & TECHNOLOGY

6, KNOWLEDGE PARK II, GREATER NOIDA (U.P.)
Certificate of Completion
This is to certify that the project report entitled SECURE ACCOUNTING & LOGGING SYSTEM carried out by MR. HIMANSHU BHATI & MR. SUNIL YADAV, the students of Bachelor of Computer Application [2009-2012], of INNOVATIVE INSTITUTE OF EDUCATION & TECHNOLOGY, Greaer Noida are hereby accepted and approved as a credible work submitted for the partial fulfillment of the requirements for the award of the degree of BACHELOR OF COMPUTER APPLICATION from CH. CHARAN SINGH UNIVERSITY, MEERUT. This is bonafide record of the work done by them under my supervision during their stay as a project trainee at INNOVATIVE INSTITUTE OF EDUCATION & TECHNOLOGY from 25.02.2012 to 10.05.12.
L.S.V. SINGH
14.05.12 (Project Leader) I.I.E.T., Gr. Noida
PROJECT REPORT
CHAPTER-1
Secure Accounting & Logging INTRODUCTION

1.1 Abstract Accounting and Logging is the practice of capturing a record of security-related events to hold users or systems accountable for their actions. The Accounting solution should support NON-REPUDIATION. The value of accounting is not solely to determine whether security mechanisms are limiting access to a system. All trustworthy applications require a secure and reliable logging capability. This logging capability may be needed for forensic purposes and must be secured against stealing or manipulation by an attacker. Knowing who has interacted with a system allows the determination of accountability for a breach of security. Audit logs provide security-relevant information about usage of a particular Web application and are useful for a number of reasons: They can provide individual accountability. They can provide insight into user behavior while using the Web application. They can help spot suspicious activity. They can reconstruct sequence of events after a break-in has happened, leading to identification of the culprit. They can be useful in legal proceedings to prove wrongdoing.
The proposed project application architecture supports all events to be logged appropriately at multiple points during the application's operational life cycle. The proposed project application architecture Logs sensitive information that should not be accessible to unauthorized users.
Ensures the integrity of the data logged to determine if it was tampered by an intruder or not.
Captures output at one level for normal operations and at other levels for greater debugging in the event of a failure or an attack.
Supports centralize control of logging in the system for management purposes.
Supports cryptographic mechanisms for ensuring confidentiality and integrity of the logged data.
Promotes extensibility. Security is a constantly evolving process. The Secure Logger provides the requisite extensibility by hiding implementation details behind a generic interface.
Improves manageability. Since all of the logging control is centralized, it is easier to manage and monitor. The Secure Logger performs all of the necessary security processing prior to the actual logging of the data, which allows management of each function independently of the others without risk of impacting overall security.
1.2 Scope The proposed system has following advantages Entry of each of the new user login will be automated and a database or record of all users will be maintained. Record keeping of internet access will be easier. Since the whole record is on the database, external factors will hardly have any effect on them.

The system will eliminate the use of manual entry system and instead will use user account system where each new user will have an account created, under his/her name, at that instance of time and authentication will be through user name and password. Manpower required will be less. Accountability of the machine can be established on per user basis and hence making the system more secure than ever, since the portability of international tampering of machine through internet will be minimized. The administrator should be able to retrieve any Information about the Login page, accounts, venders, customers etc. It should store all the information of the users who are authorized to make a account. The administrator should be able to retrieve any information about the users, records etc. The records of users such as user name, contact number etc. must be maintained in the project. The administrator should be able to modify any of these records according to the future circumstances. 1.3 Platform This project has been developed in one of the most popular and user-friendly Microsoft Windows environment. The following components are also used for a successful user-friendly effective development of this project: 1. 2. SQL Server 2000 is used as a back end for creating databases and ASP.NET from the Microsoft Visual Studio. NET as a front end.
tracking and managing the information.

1.4 Objective of the project The objectives of developing the Secure Accounting & Logging are as given below: To store data of all the accounts that is create by the user and customer.. To solve the User problem of seeing the existing users. To facilitate easy and efficient retrieval of data as and when Required for study by the senior officials. To Contain the record of the user who had inserted their record . To maintain the Daily Detail of the particular account. Data security is maintained to relatively high level by Implementing it at Database level, so as to ensure that only Authorized users have access to confidential information.
1.5 Software Life Cycle Model
The following approach is used to design this system, which is called "classic life cycle" or "Waterfall model". This linear sequential model suggests a sequential, systematic approach to system development that begins at the system level and progress through the analysis, design, coding, testing and maintenance. The linear sequential model encompasses the following activities: System/ Information engineering and modeling. System requirement analysis

Design Code generation Testing Maintenance
System
Analysis Design Code Testing Maintenance Fig. 1.1 Software Life Cycle Model
These above phases mark the progress of a system analysis and design effort. It is an orderly set of activities conducted and planned for each development project. In most business situations the activities are closely related, usually inseparable, and even the order may be difficult to determine. A project is a sequence of unique, complex and connected activities having one goal or purpose and that must be completed by specific time, within budget, according to specification. A project manager is an automated tool to help plan system development activities, estimate and sassing resources, scheduled activities and resources, monitor progress against schedule and budget, control and modify schedule and resources, and report progress.
CHAPTER-2 SOFTWARE REQUIREMENT SPECIFICATION

2.1 Introduction Software Requirement Specification (SRS) is the legal documentation of the requirements and specifications of the project. It is a deal between the customer and the software developer about the feasibility requirements of the project. Software Requirement Specification of SECURE ACCOUNTING & LOGGING. Project should contain a catalog of accounts, cancel & update . Each accounts should be divided according to its capacity. Consumer should have the right to requests about the desired accounts. Consumer should be able to give orders of the desired accounts.. Administrator should be able to manage the accounts.. Administrator should be able manage the orders of the consumers. Administrator should be able to manage the requests of the consumers.
2.2 Software Requirements Windows 7 MS office 2007 Professional Internet Information System (IIS) Active Server Pages (ASP.NET) SQL Server 2008
10
2.3 Hardware Requirements Pentium III 1.8 GHz and Above 128 MB DDR RAM or More 40 GB HDD
11
CHAPTER-3 COMPLETE STRUCTURE OF THE PROJECT

3.1 Dataflow Diagram (DFD) Send query Admin Gives Order Response is back Data Base of Secure Accounting & Logging Get the response Admin
Information of Company
Submit Complaint/ Request Customer Get response Fig. 3.1 (CONTEXT LEVEL DFD) Abbreviation used in all DFDs C & RI Administrator GI
ECD: GAST: GI: CRI:
Enter Customer Detail Get Account Service Type Get Information Change & retrieve all Information
12

3.2 Second Level DFD 3.2.1 Customer Entry Process Any Customer and admin
Valid User
query & Submit
Submit
D1 Master Database
Fig. 3.2
3.2.2 Creating Account Process Creates Account 13

Valid Admin Assign to Account Provider
Assigned
Take Details D1 Master Database
Store infor matio n
Update
Fig. 3.3 3.2.3 Creating Customer Process Valid Admin Creates Custome r Assign to Company
Assigned
Store infor matio n Fig. 3.4 3.2.4 Report Generation
Update
14
Report 1 Report 2 Report 3
Valid Admin
Report Generation Report 4
Report 5 Report 6
Take various Details D1 Master Database Fig. 3.5 Report 1: Report on Accounts. Report 2: Report on Edited Accounts. Report 3: Report on Adding Customer. Report 4: Report on Daily Added Customers.
15

Report 5: Report on Vendors. Report 6: Report on Invoices.
3.2.5 Search Process Valid User

Send Request
Compan y Profile
Assign to
User
Send Request
Store infor matio n
Retrive Infrmation
Fig. 3.6
16
Secure Accounting & Logging E-R DIAGRAM
Admin & User
Interacts
End User
Service Provider
Stor e
Send Informatio n Assig n
Reope n
Solv e
Company Server
Clos e
Administrator
Reassig n Generat es Fig. 3.7
17
Secure Accounting & Logging CHAPTER-4 IMPLEMENTATION

4.1 Introduction to .NET Framework The .NET Framework is a new computing platform that simplifies application development in the highly distributed environment of the Internet. The .NET Framework is designed to fulfill the following objectives:
To provide a consistent object-oriented programming environment whether object code is stored and executed locally, executed locally but Internetdistributed, or executed remotely.
To provide a code-execution environment that minimizes software deployment and versioning conflicts. To provide a code-execution environment that guarantees safe execution of code, including code created by an unknown or semi-trusted third party. To provide a code-execution environment that eliminates the performance problems of scripted or interpreted environments. To make the developer experience consistent across widely varying types of applications, such as Windows-based applications and Web-based applications. To build all communication on industry standards to ensure that code based on the .NET Framework can integrate with any other code.
The .NET Framework has two main components: the common language runtime and the .NET Framework class library. The common language runtime is the foundation of the .NET Framework. You can think of the runtime as an agent that manages code at execution time, providing core services such as memory management, thread management, and remoting, while also enforcing strict type safety and other forms of code accuracy that ensure security and robustness. In fact, the concept of code management is a fundamental principle of the runtime. Code that targets the runtime is known as managed code, while code that does not target the runtime is known as
18

unmanaged code.The .NET Framework can be hosted by unmanaged components that load the common language runtime into their processes and initiate the execution of managed code, thereby creating a software environment that can exploit both managed and unmanaged features. The .NET Framework not only provides several runtime hosts, but also supports the development of third-party runtime hosts. Microsoft .NET Framework
XML Web Services
Web Forms
Windows Forms
C# VB.NET J# C++ Data and XML Classes Base Framework Classes Common Language Runtime
Fig. 4.1 For example, ASP.NET hosts the runtime to provide a scalable, server-side environment for managed code. ASP.NET works directly with the runtime to enable ASP.NET applications and XML Web services, both of which are discussed later in this topic. Internet Explorer is an example of an unmanaged application that hosts the runtime (in the form of a MIME type extension). Using Internet Explorer to host the runtime
19

enables you to embed managed components or Windows Forms controls in HTML documents. Hosting the runtime in this way makes managed mobile code (similar to Microsoft ActiveX controls) possible, but with significant improvements that only managed code can offer, such as semi-trusted execution and secure isolated file storage. 4.1.1 Why we use .Net?
Interoperability between languages and execution environments. Uniformity in schema or formats for Data Exchange used XML, XSL. Extend or use existing code that is valid. Programming complexity of environment is reduced.
4.1.2 .Net features
The Runtime: At the heart of .NET is the Common Language Runtime, commonly referred to as the CLR. The CLR is made up of a number of different parts.
Language Independence: One of the most important facets of the .NET Framework is language independence. .NET application can be written using any number of different programming languages. The most popular languages tend to be C# and VB.NET, but many other languages now have .NET versions including Python, COBOL, and more. Language independence is attained through the use of an intermediate language (IL).
Just-in-Time Compilation: When code is compiled and it is translated to the intermediate language it is then simply stored in an assembly. When that assembly is used the CLR picks up that code and compiles it on-the-fly for the specific machine that is running the code, the means the runtime could compile the code differently based on what CPU or operating system the application is
20

being run on. However, at this point the CLR doesnt compile everything in the assembly; it only compiles the individual method that is being invoked. The kind of on-the-fly compilation, referred to as JITing, only happens once per method call. The next time a method is called, no compilation occurs because the CLR has already compiled that code. Memory Management: One of the constant assailants on productivity in unmanaged programming platforms is manually managing memory. Having to deal with memory management is also one of the largest sources for bugs and security holes in many applications. .NET removes the hassle of manually managing memory through the use of the aptly named garbage collector. Instead of the developer needing to remove objects in memory and then decides which ones arent needed anymore. For some developers this is when you have to take a step back, stop worrying , and embrace the runtime, There are bigger problems to solve ( namely the business problems that are probably the real goal). Server-Side Controls: ASP.NET pages are built out of server-side controls. Web server controls enable you to represent and program against Hypertext Markup Language (HTML) elements using an intuitive object model. Web Services: ASP.NET includes a new technology called Web Services. You can use Web Services to access methods and properties and transfer database data across the Internet. 4.2 Active Server Pages (ASP)
In the language of Microsoft, Active Server Pages is an open, compile-free application environment in which you can combine HTML, scripts, and reusable ActiveX server components to create dynamic and powerful Web-based business
21

solutions. Active Server Pages enables server side scripting for IIS with native support for both VBScript and JScript. Translated into plain English, that reads Active Server Pages (ASPs) are Web pages that contain server-side scripts in addition to the usual mixture of text and HTML tags. Server-side scripts are special commands you put in Web pages that are processed before the pages are sent from the server to the web-browser of someone who's visiting your website. When you type a URL in the Address box or click a link on a webpage, you're asking a web-server on a computer somewhere to send a file to the web-browser (also called a "client") on your computer. If that file is a normal HTML file, it looks the same when your web-browser receives it as it did before the server sent it. After receiving the file, your web-browser displays its contents as a combination of text, images, and sounds. In the case of an Active Server Page, the process is similar, except there's an extra processing step that takes place just before the server sends the file. Before the server sends the Active Server Page to the browser, it runs all server-side scripts contained in the page. Some of these scripts display the current date, time, and other information. Others process information the user has just typed into a form, such as a page in the website's guestbook. And you can write your own code to put in whatever dynamic information you want. To distinguish Active Server Pages from normal HTML pages, Active Server Pages are given the ".asp" extension. 4.2.1 What can we do with ASP? There are many things you can do with Active Server Pages. You can display date, time, and other information in different ways. You can make a survey form and ask people who visit your site to fill it out, send emails, save the information to a file, etc You can have a database which people can access via the web. People can
22

get information from database as well as update or insert information into it. You can password-protect certain sections of your site, and make sure that only authorized users can see that information. The possibilities are virtually endless. Most widgetry that you see on webpages nowadays can be easily done using ASP.
4.3 ASP.NET ASP.NET is server-side i.e runs on the Web server. Most Web designers start by learning client-side technologies like HTML, JavaScript, and Cascading Style Sheets (CSS). When a Web browser requests a Web page created with client side technologies, the Web server simply grabs the files that the browser (the client) requests and sends them down the line. The client is entirely responsible for reading the code in the files and interpreting it to display the page on the screen. Server-side technologies, like ASP.NET, are different. Instead of being interpreted by the client, server-side code (for example, the code in an ASP.NET page) is interpreted by the Web server. In the case of ASP.NET, the code in the page is read by the server and used dynamically to generate standard HTML/JavaScript/CSS that is then sent to the browser. As all processing of ASP.NET code occurs on the server, its called a server-side technology. As Figure shows, the user (client) only sees the HTML, JavaScript, and CSS within the browser. The server (and server-side technology) is entirely responsible for processing the dynamic portions of the page.
Fig. 4.2
23

ASP.NET is a technology for developing Web applications. A Web application is just a fancy name for a dynamic Website. Web applications usually (but not always) store information in a database on the Web server, and allow visitors to the site to access and change that information. Many different programming technologies and supported languages have been developed to create Web applications; PHP, JSP (using Java), CGI (using Perl), and ColdFusion (using CFML) are just a few of the more popular ones. Rather than tying you to a specific technology and language, however, ASP.NET lets you write Web applications using a variety of familiar programming languages. Finally, ASP.NET is based on the Microsoft .NET Framework. The .NET Framework collects all the technologies needed for building Windows applications, Web applications, and Web Services into a single package with a set of more than twenty programming languages. 4.3.1 Comparison between ASP and ASP.Net Classic ASP was built on the top of the Windows operating system and IIS. It was always a separate entity, and therefore its functionality was limited. ASP.NET, on the other hand, is an integral part of the system under the .NET Framework. It shares many 9f the same objects that traditional applications would use and all .NET objects available for ASP .NETs consumption. Instead of being limited to six inherent objects in ASP, ASP.NET has a plethora of useful components it can build form. ASP also made it abundantly clear that client and server were two separate entities, Whereas ASP. NET ties together the client and the server through clever use of server-side and client-side code, all invisible to the developer. ASP.NET code is compiled, whereas classic ASP used interpreted scripting languages. Using compiled code means an automatic boost in performance over ASP applications. In classic ASP, nearly all of the code was executed in code render blocks (that is, inside <%...%> tags). In ASP.NET, this type of code isnt compiled and isnt
24

recommended for frequent use. Instead, you use the code declaration blocks, which are compiled and provide better performance. 4.3.2 ASP Authentication ASP.NET implements authentication using authentication providers, which are code modules that verify credentials and implement other security functionality such as cookie generation. ASP.NET supports the following three authentication providers: 1) Forms Authentication. Using this provider causes unauthenticated requests to be redirected to a specified HTML form using client side redirection. The user can then supply logon credentials, and post the form back to the server. If the application authenticates the request (using application-specific logic), ASP.NET issues a cookie that contains the credentials or a key for reacquiring the client identity. Subsequent requests are issued with the cookie in the request headers, which means that subsequent authentications are unnecessary. 2) Passport Authentication. This is a centralized authentication service provided by Microsoft that offers a single logon facility and membership services for participating sites. ASP.NET, in conjunction with the Microsoft Passport software development kit (SDK), provides similar functionality as Forms Authentication to Passport users. 3) Windows Authentication. This provider utilizes the authentication capabilities of IIS. After IIS completes its authentication, ASP.NET uses the authenticated identitys token to authorize access. To enable a specified authentication provider for an ASP.NET application, you must create an entry in the applications configuration file as follows:
// web.config file
25

<authentication mode = [Windows/Cookie/Passport/None]> </authentication>
Fig. 4.3 In addition to authentication, ASP.NET provides an impersonation mechanism to establish the application threads security token. Obtaining the correct token relies upon you configuring IIS authentication, ASP.NET authentication providers, and ASP.NET impersonation settings appropriately. Figure 2 shows the most likely combinations between IIS authentication and ASP.NET providers.
4.3.3 ASP Authentication Methods You have a variety of options for authentication within your .NET Web applications. For example, you may choose to utilize one of the supported IIS authentication mechanisms, or you may instead decide to perform authentication within your application code. You should consider some or all of the following factors when choosing an authentication method:
26

4.3.4 Anonymous Authentication With Anonymous authentication, the server does not request the client to send user credentials. It is a good choice when your site or service is publicly available and you do not need to know the identity of the caller. Additionally, there are typically no browser restrictions which stem from incompatibilities with supported authentication mechanisms. When a site is configured for Anonymous authentication, all users are allowed access. It is important to note that although you may have IIS configured for Anonymous authentication, you may be authenticating at the ASP.NET layer, which is not true Anonymous authentication. This section assumes that both IIS and the application do not require a login. 4.3.5 Basic Authentication When IIS is configured for Basic authentication, it instructs the browser to send the users credentials over HTTP. Passwords and user names are encoded using Base64 encoding. Although the password is encoded, it is considered insecure due its ability to be deciphered relatively easily. The browser prompts the user with a dialog box, and then reissues the original anonymous request with the supplied credentials, including the user name and password. A pop-up logon dialog box may or may not be appropriate, depending upon your user interface design requirements. Most Internet browsers support Basic authentication. 4.3.6 Digest Authentication Digest authentication is new to Windows 2000 and IIS 5.0. This form of authentication encrypts the users password information and provides a mechanism that helps prevent some common server attacks (such as a replay attack). Digest authentication does not send the credentials over the network using clear text as Basic authentication does. Instead, it uses a hashing mechanism called MD5 developed by RSA. (For details, see The MD5 Message-Digest Algorithm at http://www.ietf.org/rfc/rfc1321.txt.) Although it is a viable authentication option for Internet scenarios, the client and server
27

requirements limit its widespread use. Unlike Basic authentication, and in a similar fashion to NTLM and Kerberos, IIS does not log on the user locally to the Web server so you cannot perform delegation. 4.3.7 Integrated Windows Authentication Integrated Windows authentication (using either NTLM challenge/response or Kerberos) involves authenticating a user with a Windows NT Domain or Active Directory account. Unlike Basic and Digest authentication, the encrypted password is not sent across the network, which makes this method very secure. If Active Directory Services is installed on the server and the browser is compatible with the Kerberos V5 authentication protocol, both the Kerberos V5 protocol and the challenge/response protocol are used; otherwise only the challenge/response protocol is used. It is best suited for an intranet environment, where both user and Web server computers are in the same domain and where administrators can ensure that every computer is running Microsoft Internet Explorer version 3.01 or later. 4.3.8 Certificate Authentication A certificate is a digital key installed on a computer. When the computer tries to access a server, the key will be automatically presented to authenticate the user. Client certificates can be mapped to Windows accounts in either a Domain or Active Directory. If you use the Windows Authentication Provider in ASP.NET, the application thread will run as the user to which the certificate is mapped. You may also implement custom authentication in ASP.NET where, for example, you could use the email address (or a similarly unique field) contained within the certificate. From the clients perspective, security is seamless as the client is not required to log in using a logon page. This makes certificates an attractive option for automated business processes.
28

4.3.9 Passport Authentication Passport authentication is a centralized authentication service provided by Microsoft. When you use Passport, you do not need to implement your own authentication code, logon page, and user table in some cases. Passport works using a cookie mechanism. If clients have previously authenticated to Passport, they are allowed access to your site. If not, they are automatically re-directed to the Passport site for authentication. Passport is a good choice if you require single sign-on capability across multiple domains that also support Passport. Passport provides additional services beyond its role as an authentication service, including profile management and purchasing services. On the Windows 2000 platform, there is no direct integration of Passport to any authentication and authorization mechanisms built into the operating system. While the .NET Framework does check for Passport cookies, if you maintain your own user database, you must implement your own code to map the Passport user to your own user, as well as implement your own authorization mechanism.
4.3.10 Forms Authentication Forms authentication refers to a custom user interface component that accepts user credentials; for example, a user name and password. Many Internet applications used today present such forms for users to log on. It is important to note that the form itself does not perform the authentication and is provided solely as a way of obtaining the user credentials. The authentication is performed by accessing the user name and password database using custom code. When the user is authenticated, the server typically gives the client some means to indicate that it has already been authenticated for subsequent requests. If required, you can force the client to authenticate upon every request, although this impacts performance and scalability. There are two basic approaches that you should consider to identify a client who has previously logged on.
29
4.4 THE C# LANGUAGE The C# language is the disarmingly simple, with only about 80 keywords and a dozen built-in data types, but C# is highly expressive when it comes to includes all the support for implementingmodern programming concepts. C#
structured, compo component-based, object-oriented language built on the shoulders of C++ and Java.The C# language was developed by a small team led by two distinguished Microsoft engineers, Anders Hejlsberg and Scott Wiltamuth. At the heart of any object-oriented language is its support for defining and working with classes. Classes define newtypes, allowing you to extend the language to better modelthe problem you are tryingto solve. C# contains keywords for declaring new classes and their methods andproperties, and for implementing encapsulation, inheritance, and polymorphism, the three pillars of object-oriented programming. In C# everything pertaining to a class declaration is found in the declaration itself. C# class definitions do not require separate header files or Interface Definition Language (IDL) files. Moreover, C# supports a new XML style of inline documentation that greatly simplifies the creation of online and print reference documentation for an application. C# also supports interfaces, a means of making a contract with a class for services that the interface stipulates. In C#, a class can inherit from only a single parent, but a class can implement multiple interfaces. When it implements an interface, a C# class in effect promises to provide the functionality the interface specifies. C# also provides support for structs, a concept whose meaning has changed significantly from C++. In C#, a struct is a restricted, lightweight type that, when instantiated, makes fewer demands on the operating system and on memory than a conventional class does. A struct can't inherit from a class or be inherited from, but a struct can implement an interface. C# provides component-oriented features, such as properties, events, and declarative constructs (called attributes). Component-oriented programming is supported by the CLR's support for storing metadata with the code for the class. The metadata describes the class, including its methods and properties, as well as its
30

security needs and other attributes, such as whether it can be serialized; the code contains the logic necessary to carry out its functions. A compiled class is thus a selfcontained unit; therefore, a hosting environment that knows how to read a class' metadata and code needs no other information to make use of it. Using C# and the CLR, it is possible to add custom metadata to a class by creating custom attributes. Likewise, it is possible to read class metadata using CLR types that support reflection. An assembly is a collection of files that appear to the programmer to be a single dynamic link library (DLL) or executable (EXE). In .NET, an assembly is the basic unit of reuse, versioning, security, and deployment. The CLR provides a number of classes for manipulating assemblies. A final note about C# is that it also provides support for directly accessing memory using C++ style pointers and keywords for bracketing such operations as unsafe, and for warning the CLR garbage collector not to collect objects referenced by pointers until they are released . 4.4.1 CLOSE RELATIONS WITH C AND C++
C# is built on the C++ language, so it behaves much like the language. Like C++, C# lets you write enterprise applications, and C# contains many C++ features, including statements and operators. C# also provides access to common Application Program Interface (API) styles including Component Object Model (COM) and C-style APIs. 4.4.2 DIFFERENCES BETWEEN C# AND C++
Microsoft includes Visual C++ and C# in Visual Studio .NET. On the surface, C# has few differences from Visual C++: C# has an alternate method of accessing the C++ initialization list when constructing the base class. A class can inherit implementation from only one base class. You can call overridden base class members from derived classes. C# has a different syntax for declaring C# arrays.
31

There are differences in several different types including bool, struct, and delegate. The Main method is declared differently. Support of the new ref and out method parameters that are used instead of pointers for passing parameters by reference. New keywords including extern and static. New statements including switch and finally. New operators including is and typeof. Different functionality for some operators and for overloading operators.
4.4.3 C# AND THE .NET FRAMEWORK
The goal of C# is to provide a simple, safe, modern, object-oriented, Internet-centric, high-performance language for .NET development. C# is a new language, but it draws on the lessons learned over the past three decades. In much the way that you can see in young children the features and personalities of their parents and grandparents, you can easily see in C# the influence of Java, C++, Visual Basic (VB), and other languages. The focus of this book is the C# language and its use as a tool for programming on the .NET platform. In my primers on C++, I advocate learning the language first, without regard to Windows or UNIX programming. With C# that approach would be pointless. You learn C# specifically to create .NET applications; pretending otherwise would miss the point of the language. Thus, this book does not consider C# in a vacuum but places the language firmly in the context of Microsoft's .NET platform and in the development of desktop and Internet applications. 4.5 CLASSES, OBJECTS, AND TYPES
The essence of object-oriented programming is the creation of new types. A type represents a thing. Sometimes the thing is abstract, such as a data table or a thread;
32

sometimes it is more tangible, such as a button in a window. A type defines the thing's general properties and behaviors. If your program uses three instances of a button type in a window -- say, an OK, a Cancel, and a Help button -- each instance will share certain properties and behaviors. Each, for example, will have a size (though it might differ from that of its companions), a position (though again, it will almost certainly differ in its position from the others), and a text label (e.g., "OK", "Cancel," and "Help"). Likewise, all three buttons will have common behaviors, such as the ability to be drawn, activated, pressed, and so forth. Thus, the details might differ among the individual buttons, but they are all of the same type. As in many object-oriented programming languages, in C# a type is defined by a class, while the individual instances of that class are known as objects. Later chapters explain that there are other types in C# besides classes; including enums, structs, and delegates, but for now the focus is on classes. The "Hello World" program declares a single type: the HelloWorld class. To define a C# type, you declare it as a class using the class keyword, give it a name -- in this case, HelloWorld -- and then define its properties and behaviors. The property and behavior definitions of a C# class must be enclosed by open and closed braces ({ }). 4.5.1 METHODS
A class has both properties and behaviors. A method is a function owned by your class. In fact, member methods are sometimes called member functions. The member methods define what your class can do or how it behaves. Typically, methods are given action names, such as WriteLine( ) or AddNumbers( ). In the case shown here, however, the class method has a special name, Main( ), which doesn't describe an action but does designate to the Common Language Runtime (CLR) that this is the main, or first method, for your class. Unlike C++, Main is capitalized in C# and can return int or void. The CLR calls Main( ) when your program starts. Main( )is the entry point for your program, and every C# program must have a Main( ) method. Method declarations are a contract between the creator of the method and the consumer (user)
33

of the method. It is likely that the creator and consumer of the method will be the same programmer, but this does not have to be so; it is possible that one member of a development team will create the method and another programmer will use it. To declare a method, you specify a return value type followed by a name. Method declarations also require parentheses, whether the method accepts parameters or not. For example: int myMethod(int size ); declares a method named myMethod that takes one parameter: an integer which will be referred to within the method as size. My method returns an integer value. The return value type tells the consumer of the method what kind of data the method will return when it finishes running. Some methods do not return a value at all; these are said to return void, which is specified by the void keyword. For example: void myVoidMethod( ); declares a method that returns void and takes no parameters. In C# you must always declare a return type or void. 4.5.2 COMMENTS
A C# program can also contain comments. Take a look at the first line after the opening brace: // Use the system console object The text begins with two forward slash marks (//). These designate a comment. A comment is a note to the programmer and does not affect how the program runs. C# supports three types of comments. The first type, just shown, indicates that all text to the right of the comment mark is to be considered a comment, until the end of that line. This is known as a C++ style comment. The second type of comment, known as a CStyle comment, begins with an open comment mark (/*) and ends with a closed comment mark (*/). This allows comments to span more than one line without having to have // characters at the beginning of each comment line. It is possible to nest C++ style comments within C-style comments. For this reason, it is common to use C++
34

style comments whenever possible, and to reserve the C-style comments for "commenting-out" blocks of code. 4.6 CONSOLE APPLICATIONS "Hello World" is an example of a console program. A console application has no user interface (UI); there are no list boxes, buttons, windows, and so forth. Text input and output is handled through the standard console (typically a command or DOS window on your PC). Example Hello World class Hello { static void Main( ) { System.Console.WriteLine("Hello World"); } } All that the Main( ) method does in this simple example is write the text "Hello World" to the monitor. The monitor is managed by an object named Console. This Console object has a method WriteLine( ) that takes a string (a set of characters) and writes it to the standard output. When you run this program, a command or DOS screen will pop up on your computer monitor and display the words "Hello World." You invoke a method with the dot operator (.). Thus, to call the Console object's WriteLine( )method, you write Console.WriteLine(...), filling in the string to be printed. 4.6.1 NAMESPACES
Console is only one of a tremendous number of useful types that are part of the .NET Framework Class Library (FCL). Each class has a name, and thus the FCL contains
35

thousands of names, such as ArrayList, Hashtable, FileDialog, DataException, EventArgs, and so on. There are hundreds, thousands, even tens of thousands of names. This presents a problem. No developer can possibly memorize all the names that the .NET Framework uses, and sooner or later you are likely to create an object and give it a name that has already been used. What will happen if you develop your own Hashtable class, only to discover that it conflicts with the Hashtable class that .NET provides? Remember, each class in C# must have a unique name. You certainly could rename your Hashtable class mySpecialHashtable, for example, but that is a losing battle. New Hashtable types are likely to be developed, and distinguishing between their type names and yours would be a nightmare. The solution to this problem is to create a namespace. A namespace restricts a name's scope, making it meaningful only within the defined namespace. Assume if it turns out that .NET has a Hashtable class within its System.Collections namespace, and that I have also created a Hashtable class within a ProgCSharp.DataStructures namespace, there is no conflict because each exists in its own namespace. 4.6.2 THE DOT OPERATOR (.) The dot operator (.) is used both to access a method (and data) in a class, and to restrict the class name to a specific namespace (in this case, to locate Console within the System namespace). This works well because in both cases we are "drilling down" to find the exact thing we want. The top level is the System namespace (which contains all the System objects that the Framework provides); the Console type exists within that namespace, and the WriteLine( ) method is a member function of the Console type. In many cases, namespaces are divided into subspaces. For example, the System namespace contains a number of subnamespaces such as Configuration, Collections, Data, and so forth, while the Collections namespace itself is divided into multiple subnamespaces. Namespaces can help you organize and compartmentalize your types. When you write a complex C# program, you might want to create your own namespace
36

hierarchy, and there is no limit to how deep this hierarchy can be. The goal of namespaces is to help you divide and conquer the complexity of your object hierarchy. 4.6.3 THE USING KEYWORD
Rather than writing the word System before Console, you could specify that you will be using types from the System namespace by writing the statement at the top of the listing, as shown in Example: The using keyword using System; class Hello { static void Main( ) { Console.WriteLine("Hello World"); //Console from the System namespace } } Notice the using System statement is placed before the HelloWorld class definition. Although you can designate that you are using the System namespace, unlike with some languages you cannot designate that you are using the System.Console object. The using keyword can save a great deal of typing, but it can undermine the advantages of namespaces by polluting the namespace with many undifferentiated names. A common solution is to use the using keyword with the built-in namespaces and with your own corporate namespaces, but perhaps not with third-party components. 4.7 CASE SENSITIVITY
C# is case-sensitive, which means that writeLine is not the same as WriteLine, which in turn is not the same as WRITELINE. Unfortunately, unlike in Visual Basic (VB), the C# development environment will not fix your case mistakes; if you write the same word twice with different cases, you might introduce a tricky-to-find bug into your
37

program. To prevent such a time-wasting and energy-depleting mistake, you should develop conventions for naming your variables, functions, constants, and so forth. 4.8 ACCESS MODIFIERS
Access modifiers determine which class methods, including methods of other classes, can see and use a member variable or method within a class. It is generally desirable to designate the member variables of a class as private. This means that only member methods of that class can access their value. Because private is the default accessibility level, you do not need to make it explicit. Table summarizes the C# access modifiers. Access Modifier Public Private Protected Restrictions No restrictions. Members marked public are visible to any method of any class. The members in class A that are marked private are accessible only to methods of class A. The members in class A that are marked protected are accessible to methods of class A and also to methods of classes derived from class A. Internal Protected internal The members in class A that are marked internal are accessible to methods of any class in A's assembly. The members in class A that are marked protected internal are accessible to methods of class A, to methods of classes derived from class A, and also to any class in A's assembly. This is effectively protected OR internal (There is no concept of protected & internal.) Table. 4.1 4.9 SECURITY Considerations
38

If you are designing a server application, your design specification should contain a section that addresses security issues. You should consider and possibly address the following items in the applications functional specification: 1) 2) 3) Security goals. Understand what you are securing and make sure that you can it. Security risks. Understand your applications vulnerabilities. You must also Authentication. This is the process of accepting credentials from a user and
describe
understand the significance of potential threats as they relate to your business. validating those credentials against a designated authority. The users (or potentially an applications or computers) identity is referred to as a security principal. The client must provide credentials to allow the server to verify the identity of the principal. After the identity is known, the application can authorize the principal to access resources on the system. Various criteria, which help you choose the appropriate authentication mechanism, are presented in the next section of this document. 4) 5) Authorization. This is the process of determining whether the proven identity Securing data transmission. By encrypting your data as it crosses the network, is allowed to access a specific resource. you can ensure that it cannot be viewed or tampered with while in transit. You must consider the degree to which your data needs to be secured while in transit. 6) Impersonation. This mechanism allows a server process to run using the security credentials of the client. When the server is impersonating the client, any operations performed by the server are performed using the clients credentials. Impersonation does not allow the server to access remote resources on behalf of the client. This requires delegation. 7) Delegation. Like impersonation, delegation allows a server process to run using the security credentials of the client. However, delegation is more powerful and allows the server process to make calls to other computers while acting as the client. 8) Operating system security. This refers to the establishment of appropriate Access Control Lists (ACLs), and network security to prevent intruders from 39

accessing secured resources. You must set the appropriate ACLs on the appropriate resources to allow access by only the relevant principals. 9) Securing physical access. This refers to locating your server computer in a secure accounts. You should not overlook this fundamental issue. 10) Code access security. This allows code to be trusted to varying degrees depending upon where it has come from and from other aspects of the codes identity. You should be aware of how to create your own access permissions.
CHAPTER-5 SQL SERVER 2000
40

Microsoft SQL Server 2000 is a full-featured relational database management system (RDBMS) that offers a variety of administrative tools to ease the burdens of database development, maintenance and administration. The components of SQL Server 2000 are: Enterprise Manager: is the main administrative console for SQL Server installations. It provides you with a graphical birds-eyes view of all of the SQL Server installation on your network. You can perform high-level administrative function that affect one or more server, schedule common maintenance tasks or create and modify the structure of individual database. Query Analyzer: offers a quick and dirty method for performing queries against any of your SQL Server databases. Its a great way to quickly full information out of a database in response to a user request, test queries procedures and execute administrative tasks. SQL Profiler: Provides a window into the inner working of your database. You can monitor many different event types and observe database performance in real time, SQL Profiler allows you to capture and replay system traces that log various activities. Its is great tool for optimizing databases with performance issues or troubleshooting particular problems Service Manager: is used to control the MS SQL Server (the main SQL Server Process), MSDTC (Microsoft Distributed Transaction Coordination) and SQL Server Agent processes. An icon for this service normally resides in the system tray of machines running SQL Server. You can use Service Manager to start, stop or pause any one of these services. SQL Server is also the Product of MICROSOFT! Here is finally a client/server database product that can deliver world-class performance at a price that most enterprises can afford not only to purchase, but also to support. SQL Servers ease of use, coupled with the incredible feature set that accompanies it, delivers enterpriselevel client/server computing to everyone. Microsoft SQL Server Black Book will focus on the tasks involved in harnessing Microsoft SQL Servers capabilities to create a solid production data server. This book focuses on the current release of Microsoft
41

SQL Server while using many techniques that can be applied as far back as version 4.21. Writing Microsoft SQL Server Black Book has been the most challenging task I have undertaken in a long time. I was asked to write it to fill a void in the market, to deliver a book that focuses on creating production servers with hands-on, step-by-step processes for installing, configuring, and troubleshooting Microsoft SQL Server. I have tried to keep the language of the book as plain-English and matter-of-fact as possible, because that is the way I teach. I have supplied you with substantial technical background, while also supplying numerous examples. This book can be used as a tutorial or desktop reference to help you get Microsoft SQL Server to fulfill your organizations needs. I have been through many classes as a student and as an instructorabout topics ranging from adult learning principles to Microsoft SQL Server Administration. From these classes, I have acquired a great deal of knowledge that can be applied to creating a solid production data server with Microsoft SQL Server. I want to share that with you and help you head off the problems that you may encounter configuring your servers. I am a business owner, a consultant, a DBA, and a teachers most likely are many of you. I have fought and continue to fight the same battles that you do on a daily basis. That is why I think this book can be such a great value to you! Hopefully my experience will help you develop solid database systems in your Microsoft SQL Server environment. Databases are also considered containers. They hold the objects that make up your servers purpose in life. Tables, views, indexes, and stored procedures are all objects that reside in your database. You can, and often will, have multiple user-defined databases residing on your server. These databases are where the production information and code reside. Other databases are installed on your server to give it the intelligence it needs to function; I will cover these databases in a few different areas throughout the book. However, our focus will be on setting up a production system, not on the inner workings of Microsoft SQL Server.
42

One of the most common mistakes new users make is to confuse the device and the database. You place your databases within your devices. To understand this, think of a database as a division within your company. For instance, Human Resources deals with very specific kinds of information, so you would logically put all of that type of information in a container for centralized management and access control. Accounting is an area that often requires more security than others, and the information generated from this area would justly be placed in a separate container for security reasons. You would not scatter information for the Human Resources department throughout all the offices; instead, you would put all those functions and resources in one place. The same applies to databases and good database design. An interesting point for all PC-based database programmers is that Microsoft SQL Server does not store the information or data in the database. Remember, the database is a container. Instead, the server stores your data in a table. The index you create for fast access to data is not stored in the table with the raw data; it is stored as another object within the database. A database is a collection of objects. This concept is not hard to follow, but it is different enough from the organization of other database programs that it is sometimes a stumbling block for the small-system programmer. An MIS department accustomed to dBase or Microsoft FoxPro databases will struggle with this at first. Since this structure is common to most large database systems today, you should become familiar with it. In addition, you should focus on the database level when administrating your systems security. Your users will be granted a logon ID for connecting to the server, but this does not allow them to get to the data they need. Adding users and groups to each database individually on a need-to-know basis does this. This method of security keeps unwanted users from browsing where they should not while allowing others to do their jobs. Returning to the office analogy, lets compare a database to the Accounting department in your company. This department might have a door you must pass through, and once you pass through that door, you would see all the cubicles and desks where the actual work is done. This door might be locked in the evening or even
43

require a passkey to enter during the day. The same idea can be applied to a database. The records and files are not strewn around the office; they reside in filing cabinets and in folders or ledgers for ease of access. These organizational tools can be related to Microsoft SQL Server objects. You use tables, stored procedures, and indexes to find what you need when you need it. The security model that Microsoft SQL Server uses is also similar to the passkey entry requirement. No one gets access without a valid key or password. I will not try to recommend a security method here because of the diverse requirements in the market today. However, I will say that Microsoft SQL Server will accommodate a strict security model very well and still allow for the simple, trusting models required by smaller companies growing into Microsoft SQL Server. During installation of Microsoft SQL Server, you will not be concerned with these divisions or security, but you should make a few assumptions on the amount of disk space you will need to accommodate these areas and how you will accommodate these needs.
5.1 FEATURES OF SQL SERVER 2000

Information representation. Unique definition of rows. Systematic treatment of null values. Guaranteed access High Level Update, Insert and Delete. Retrieving of information from database. Accepting query language statements. Enforcing security specifications. Enforcing data integrity specification. Managing data sharing. Enforcing transaction consistency. Optimizing queries.
44

Managing System Catalogs
5.2 FUNDAMENTALS OF SQL SERVER 2000 ARCHITECTURE

Microsoft SQL Server 2000 is a family of products that meet the data storage requirements of the largest data processing systems and commercial Web sites, yet at the same time can provide easy-to-use data storage services to an individual or small business. The data storage needs of a modern corporation or government organization are very complex. Some examples are: Online Transaction Processing (OLTP) systems must be capable of handling thousands of orders placed at the same time. Increasing numbers of corporations are implementing large Web sites as a mechanism for their customers to enter orders, contact the service department, get information about products, and for many other tasks that previously required contact with employees. These sites require data storage that is secure, yet tightly integrated with the Web. Organizations are implementing off-the-shelf software packages for critical services such as human resources planning, manufacturing resources planning, and inventory control. These systems require databases capable of storing large amounts of data and supporting large numbers of users. Organizations have many users who must continue working when they do not have access to the network. Examples are mobile disconnected users, such as traveling sales representatives or regional inspectors. These users must synchronize the data on a notebook or laptop with the current data in the corporate system, disconnect from the network, record the results of their work while in the field, and then finally reconnect with the corporate network and merge the results of their fieldwork into the corporate data store. Managers and marketing personnel need increasingly sophisticated analysis of trends recorded in corporate data. They need robust Online Analytical
45

Processing (OLAP) systems easily built from OLTP data and support sophisticated data analysis. Independent Software Vendors (ISVs) must be able to distribute data storage capabilities with applications targeted at individuals or small workgroups. This means the data storage mechanism must be transparent to the users who purchase the application. This requires a data storage system that can be configured by the application and then tune itself automatically so that the users do not need to dedicate database administrators to constantly monitor and tune the application.
CHAPTER-6 NUMBER OF MODULES AND ITS DESCRIPTION
46

(1) Login Module: - This module is for login by the Depot Different Department. The Customer can directly check the Detail of services, account, invoices through this module. The logger can be a Admin or User. This module is integrated with Restriction of unauthorized access module. Each user can only access those data, which are required for his/her work. (2) Company List Module: -In this module only the admin is able to use, change and enter the company information given on the module. No other person can see the company information on this module. (3) Company Module: -In this module everyone(user and Admin) can see the details of the company like chart of accounts, details acc. Type list, acc. Type list etc. But these can be changed by the admin only and not by the user. (4) Customer Module: -In this module the customer which was added by admin can see all the information of account and add further sub customers. But he is not able to edit any information in that module. In this user and admin can add customer and information related to him in form of invoice. In this module they can see all the invoices and payment can be applied. (5) Vendor Module: -In this module vendor is added by both user and administrator. In this mdule bill is also entered in which bank account is created as per the requirement. They cay also be able to see the bill which has been added by them and those bills are also paid by them. Vendor is added for the customer. By vendor a customer can only pay the payment to the company. Here vendor plays the role of third party. Search Module: -This module is used to search the invoices and bills which are entered in the company records. It is the easy way to find the complete information of required invoice and bills.
47
Login Form
Company List
Company
Customers
Vendor
Search
Fig.6.1 AdminLogin Page Links
48
Company Chart of Accounts Detail Account Type List Account Type List Products & Services Standard Terms Division List
Fig. 6.2 Company
49
Chart Of Accounts Home Add New Account Type Detail Type Account Number Name Description Amount
Fig. 6.3 Company Chart of Accounts
50
Detail Account Home
Add New
Account
Detail Name
Fig. 6.4 Company Detail Account
Account Type List Home Add New Edit
Type Name
Update
Cancel
Fig. 6.5 Company Account Type List
51
Product & Services
Home
Edit
Add New Product/Servi ces
Name
Description
Name
Description
Rate
Account Type (Invoice)
Rate
Account Type (Invoice)
Account Type (bill)
Update
Save
Account Type (Bill)
Cancel
Cancel
Fig. 6.6 Company Product & Services
52
Standard Terms
Home
Add New Terms
Edit
Name
Days
Name
Days
Save
Cancel
Update
Cancel
Fig. 6.7 Company Standard Terms
53
Division List
Home
Add New Division
Edit
Branch
Name
Branch
Name
Save
Cancel
Update
Cancel
Fig. 6.8 Company Division List
54
Customer Add Customer Enter Invoice Show All Invoice Release Hold Invoice Invoice Search Apply Payment
Fig. 6.9 Customer
55
Secure Accounting & Logging Add Customer Name Company name Print On Check Street City State Zip Code Country Customer Message Email Phone Mobile Fax Payment Mode Terms Delivery Method Save Home
Fig. 6.10 Customer Add Customer
56

Enter Invoice Description Client Division Bill To Invoice Data Invoice# Service Data Description Rate Sub Total Message Terms Due Date Origin Destination Bill Number Your Reference Product/Services Quantity Amount Total Memo
Fig. 6.11 Customer Enter Invoice
57
Show All Invoices Edit Delete Enter Invoice Date Type Memo Description Name Due Date Amount Home
Fig. 6.12 Customer Show All Invoice
58
Release Hold Invoice Date Type Name Memo Description Due Date Amount Save Home
Fig. 6.13 Customer Release Hold Invoice
59
Invoice Search Search Find Match Of Find Home

Fig. 6.14 Customer Invoice Search
60
Apply Payment Customer
Date Check Ref# Memo
Division Amount Payment Method Deposit To Save
Home
Fig. 6.15 Customer Apply Payment
61
Vendor Add Vendor Enter Bill Show All Bill List Bill Search Pay Bill
Fig. 6.16 Vendor
62
Add Vendor Name Company Address Account Number Phone Terms Save Home
Fig. 6.17 Vendor Add Vendor
63
Enter Bill Type Vendor Bill Date Terms Memo Division Preferences Amount Description Customer
Fig. 6.18 Vendor Enter Bill
64
Show All Bill List Bills Date Type Name Memo Description Due Date Amount
Fig. 6.19 Vendor Show All Bill List
65
Bill Search Search Find Match Of

Fig. 6.20 Vendor Bill Search
66
Pay Bill Payment Account Create Account Type Name Description Detail Type AccountNumber Amount Division
Pay To The Order Of
Address Memo Check Ref# Date Amount
Fig. 6.21 Vendor Pay Bill
67
Search
Invoice Search
Bill Search
Fig. 6.22 Search
Invoice Search Search Find Match Of
Fig. 6.23 Search Invoice Search
68
Bill Search Search Find Match Of
Fig. 6.24 Search Bill Search
69
CHAPTER-7 DATA STRUCTURE (LIST OF TABLES USED IN PROJECT)

7.1 Table1: Login This table stores the username and password of both the administrator and a user using which they can login. Using only this username and password system can determine whether user is just an end user or an administrator. After this the system determines who should be given all the authorities. If the provided information coincides with the information stored in this table only then the respective access will be given otherwise not.
Table. 7.1 Login
70

7.2 Table2: Customer This table stores the information regarding the customers available in the organization. It consists of customer id, customer name, customer description, capacity, floor and status of the corresponding customer. This table is quite useful when user has to choose from various customers available in the organization. It consist all needed information about the customers available in the organization.
Table. 7.2 Customer
71
7.3 Table3: User This table stores the description of all the users made till date. The description involves the ids of users, user who has made the booking and the accounts that has been created. In addition to these ids the table also stores the start time and end time of the booking along with the date of user. The table also has a field for storing the title of the meeting.
Table. 7.3 User
72
7.4 Table4: Vendor This table stores the description of all the Vendors made till date. The description involves the ids of venors, user who has made the booking and the accounts that has been created. In addition to these ids the table also stores the date created and date modified by the vendor along with the date of vendor. The table also has a field for storing the name also.
Table. 7.4 Vendor
73
CHAPTER-8 OUTPUT SCREEN SHOTS

8.1 .Login Form: This is the screen that splashes up when the project starts. In this form the admin or user must enter his/her username and password to be able to use the software. The person enters from this page whether he/she is an administrator or just an user. This module handles the authentication of users and admin , if the user is not authorized, it gives an error message otherwise it connects to the rest of modules according to the privileges granted. LOGIN FORM
74
After log in the users get the corresponding functions that have been assigned to them. The administrators and the others have different privileges so the project performs accordingly. This separation is needed to maintain database effectively and to maintain integrity of the whole system. The entries are retrieved and manipulated according to the selected status. 8.2. Administrative Module:
The Administrator logs in and then he/she has to select what tasks he/she wants to perform from the ADMINISTRATIVE TASKS that are assigned to the administrator. (COMPANY LIST FORM)
75

The tasks are divided into three parts, the first part of the administrative tasks module consists of the select, edit and add user. It also shows the company profile. 8.2.1 ADD USER
In this part of project users, sub users and accountants are created by administrator with different rights according to the requirements.
76
8.3 MAIN MENU
In this administrative tasks form the first part is related to tasks corresponding to company. In this module everyone(user and Admin) can see the details of the company like chart of accounts, details acc. Type list, acc. Type list etc. But these can be changed by the admin only and not by the user.
77
8.3.1 COMPANY DETAILS
In this we can view the records of a company like chart of acc., detail acc. Type, acc. Type list, product and services, standard terms and division list. These records can be changed by the administrator only but not by the user.
78
8.3.2 CUSTOMER LIST
In this module the customer which was added by admin can see all the information of account and add further sub customers. But he is not able to edit any information in that module. In this user and admin can add customer and information related to him in form of invoice. In this module they can see all the invoices and payment can be applied.
79
8.3.3 VENDOR LIST
In this module vendor is added by both user and administrator. In this mdule bill is also entered in which bank account is created as per the requirement. They cay also be able to see the bill which has been added by them and those bills are also paid by them. Vendor is added for the customer. By vendor a customer can only pay the payment to the company. Here vendor plays the role of third party.
80
8.3.4 SEARCH LIST
This module is used to search the invoices and bills which are entered in the company records. It is the easy way to find the complete information of required invoice and bills.
81
8.4 CHART OF ACCOUNTS
This part of the project shows the chart of accounts which is having all types of accounts available in the company.
82
8.4.1 CHART OF ACCOUNTS(cannot be edited by the user)
This Part is the same as above but it can only be changed or modified by the administrator part only and not by the user, sub user or by the accountant.
83

8.4.2 CUSTOMER INFORMATION
This page of the project keeps or fills the customer information added by the admin or by the user of the company.
84

8.4.2 VENDOR INFORMATION
After adding the customer we have to add the vendor because a customer has to pay his payment with the help of the vendor. Here vendor may act as the third party person.
85
CHAPTER-9 VALIDATION
(1) Date Validation: The validation on date data type has been specified to be of the format YYYY/MM/DD. Any other format is unacceptable. (2) Time validation: The validation on time data type has been specified to be of the format hours-minutes. Any other format is unacceptable. (3) From Date to To Date: The from date always has to be less than the To date, e.g. From 1 April 2003 to 30 June 2003 cannot be other way round. (4) From Time to To time: The From time always has to be less than the To Time, e.g. From 5-30-05 to 10-35-30 cant be other way round. (5) Number field validation: The field specified with number as then their data- type will not accept character. (6) User Authentication: When a Depot branch logs on to the system to access data or Add data from tables and database, the Id & password needs to be checked.
86
CHAPTER-10 TESTING STRATEGY

According to the respective projects, the scope of testing can be tailored, but the process mentioned above is common to any testing activity. Software Testing has been accepted as a separate discipline to the extent that there is a separate life cycle for the testing activity. Involving software testing in all phases of the software development life cycle has become a necessity as part of the software quality assurance process. Right from the Requirements study till the implementation, there needs to be testing done on every phase. The V-Model of the Software Testing Life Cycle along with the Software Development Life cycle given below indicates the various phases or levels of testing.
10.1 Test Strategy Followed
The software engineering process may be viewed as a spiral. Initially the system engineering defines the role of software and leads to software requirement analysis where the information domain function, behavior, performance, constraints and validation criteria for the software are established. A strategy for software testing must accommodate low-level tests that are necessary to verify that a small source code segment has been correctly implemented as well as high-level tests that validate major system functions against user requirements.
87
REQUIREMENTS S DESIGN
BLACK BOX TESTING INTEGRATION TESTING
CODE
UNIT TEST
Fig. 10.1 Testing Strategy Moving upwards along the arrow we come to design and finally to coding. So the testing can be carried out at various levels. These are: 10.2 White Box Testing It is a test case design method that uses the control structure of the procedural design to derive test cases. Exhaustive white-box testing at our end resulted in guaranteeing that: All independent paths within a module have been executed at least once. All logical decisions on their true and false sides have been exercised. All loops within their boundaries and within their operational bounds have been executed. All internal data structures have been exercised and assured of their validity.
10.3 Black Box Testing
88

This type of test case design method focuses on the functional requirements of the software, ignoring the control structure of the program. Through Black box testing we attempted to find errors in the following categories: Incorrect or missing functions. Interface errors. Errors in data structures or external database access. Performance errors. Initialization and termination errors.
10.4 Unit Testing Unit testing comprises the set of tests performed by an individual programmer prior to integration of the unit into a large system. Coding and debugging -> Unit testing -> Integration testing There are four categories of tests should be performed. Functional Testing Performance Testing Stress Testing Structure testing
Function test cases involve exercising the code with the nominal input values for which the expected results are known, as well as boundary values maximum. Performance testing determines the amount of execution spent in various parts of the unit program throughput, response time and device utilization by the program unit. Stress tests are those tests designing to initially break the unit. Structure tests are con concerned with exercising the internal logic of a program and traversing particular execution path. Establishing a test completion criterion is another difficulty encountered in the unit testing of real programs. Unit testing includes.
89

Statement Converge Branch Converge Logical path Converge Using Statement Converge programmer attempts to find a set of test cases that will execute each statement in a program at least once. Using Branch Converge as the test completion criterion the programmer attempts to find a set of cases that will execute each branching statement in each direction at least once. Logical Path Converge acknowledges that the order in which the branches are executed during a test is an important factor in determining the test outcome. 10.5 Integration Testing Integration testing is of three types: Bottom up Integration Top down Integration Sandwich Integration
Bottom up integration testing consists of unit testing followed by system testing. Unit testing has the goal of testing individual modules in the system. Subsystem testing is concerned with verifying the operation of the interfaces between modules in the sub systems. System Testing is concerned with subtleties in the interfaces, decision logic, and control flow recovery procedure, throughput, capacity and timing characteristics. Top down integration starts with the main routine and one or two immediately subordinate routines in the system structure. Top down integration requires the use of program stubs to simulate the effect of lower level routines that are called by those being tested.
90

Top down method has the fallowing advantages: System integration is distributed through the implementation phase. Modules are integrated as they are developed.
Top-level interfaces are tested first and mist often. The top-level routine provides a natural test harness for lower level routines. Errors are localized to the new modules and interfaces that are being added Sandwich integration is predominately top down, but bottom up techniques are used on some modules and sub system. This mix alleviates many of the problems encountered in pure top down and retains the advantages of the top down integration at the subsystem and system level.
91
Secure Accounting & Logging CHAPTER-11 FUTURE SCOPE

The project Secure Accounting And Logging is very useful for making the system online. Because up to now there is no software for the Secure Accounting & Logging system to make this department online. If this Project is apply in the Secure Accounting & Logging department then it will very much helpful for the people who access that site. The people can easily create and maintain their accounts. There is very wide scopes of this project in the future if this is apply in the Secure Accounting & Logging System. This project can also be automatically refreshing the accounts form if make so that any updating is seen at every depot place. So the project Secure Accounting & Logging System has a wide scope. This project is made by using the language ASP.Net with C# and back-end as SQL-Server.
CHAPTER-12
92
Secure Accounting & Logging COST ESTIMATION METHOD

There are lots of method of calculating the cost of the projects. The cost is estimated taking the following parameters: project size, effort required to develop the software, project duration, and cost. These estimate help not only in quoting the projects cost to the customers, but also in resource planning and scheduling. There are three main technique of estimating projects parameters: 1. Empirical Estimation Technique
2. Heuristic Technique 3. Analytical Estimation Technique We have spend more than 3 months of time to make this project. We were also struggle to collect the information about this project. We were going from one shopping mall to another to collect the useful information about this project. To make this project as a Web Application some courses is also done. The tools that are used to make this project also matters to calculate the cost of the project. So the estimated cost of this project matter these entire think. Then on the basis of these all the estimated cost that I have to calculate is: -
Cost of the Project that is estimated is: Rs.30, 000/-
CHAPTER-13
93
Secure Accounting & Logging BIBLOGRAPHY
1. 2.
SQL SERVER By Microsoft Press ASP.Net By Wrox Publications
3 4. 5. 6.
Patrick Dalton, Microsoft SQL-Server Black Book, E-Book Beginning ASP.NET 1.1 with VB.NET 2003, Wiley Publishing NIIT Futurz - Programming in ASP.NET Microsoft .NET Framework Quick Starts, Tutorials and Samples
13.1 REFERENCES
www.msdn.microsoft.com www.niitstudents.com www.sqlcourse.com www.w3cschool.com
CHAPTER-14 GANTT CHART OF THE PROJECT
94

NAME ROLL NO. Himanshu Bhati (A) 8693007 Sunil Yadav (B) 8693017
Time Duration Feb 25 Mar 05 2012
Work Performed Remarks [Performed By] Feasibility Study (A) Requirements and Analysis (B) Arrangement and installation of software (A,B) Database creation and management (A,B) Designing of the module 1 (A) Coding of the module 1 (B) Testing of the module 1 (A) Designing of the module 2 (B) Coding of the module 2 (A) Testing of the module 2 (B) Designing of the module 3 (A) Coding of the module 3 (B) Testing of the module 3 (A) System Testing of the whole Project Maintenance of the Project
Mar 06 Mar 20 2012 Mar 21 Mar 31 2012 Apr 1 Apr 10 2012
Apr 11 Apr 20 2012
Apr 21 Apr 30 2012
May 05 May 10 2012 May 11 2012 continue
95

"Secure Accounting & Logging System": Bachelor of Computer Application

Uploaded by

Copyright:

Available Formats

"Secure Accounting & Logging System": Bachelor of Computer Application

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

"Secure Accounting & Logging System": Bachelor of Computer Application

Uploaded by

Copyright:

Available Formats

Secure Accounting & Logging