The Open University of

Tanzania (OUT)

OIT 138: Database Systems and

Implementation
Elia Elisante Lukwaro
Knowledge Area 4
 Learning Outcomes;
1. Analyze architectural shifts for technological
adaptation in application design.
2. Identify common application programs for diverse
tasks in user-database interaction.
3. Describe web server functionality in handling
requests and delivering HTML documents.
4. Discuss scripting language differences for web
application development.
5. Evaluate security measures including
authentication and encryption for application
protection.
6. Explore servlet functionality in generating dynamic
web content and database interaction
 Application Programs and User
Interfaces
• Application programs serve as intermediaries between
users and databases, enabling indirect user interaction with
structured data.
• Users commonly interact with databases through application
programs, which provide intuitive front-end interfaces.
• Examples include university registration systems and
organizational management systems for tasks like sales,
accounting, and inventory management.
• Application programs may operate transparently, such as
customized news pages based on user browsing history.
• Components of typical application programs include the
front-end (user interface), the back-end (database
communication), and the middle layer (business logic).
 Evolution of Application
Architecture
• Application architectures have evolved
over time to adapt to changing
technological landscapes.
• Early applications, like airline
reservations, ran on mainframe
computers with terminal-based
interfaces.
• The client-server architecture emerged
with personal computers, offering
powerful graphical user interfaces.
 Evolution of Application
Architecture
• Web browsers have become universal front
ends for database applications, connecting
to back ends through the Internet.
• Unlike client-server architectures, web-
based applications require no installation of
application-specific software on client
machines.
• JavaScript enables sophisticated user
interfaces within web browsers, enhancing
the user experience without compromising
security.
Application architectures in
different eras
Building Application Programs
• Web browsers serve as front ends for user
interaction, while application programs
constitute the back end.
• Various technologies are available for creating
back-end application programs, including Java
servlets, JSP, ASP, PHP, Perl, and Python.
• Building applications involves understanding
web technologies, developing web interfaces,
designing application architectures, and
addressing performance and security concerns.
• Subsequent chapters will delve into the specifics
of building applications, covering various
technologies, tools, architectures, and
considerations for robust and secure
development
Web Fundamentals
Uniform Resource Locators (URLs)

• Definition: URLs uniquely identify web

documents for access.
• Example: "http://www.out.ac.tz" indicates
a document accessible via HTTP from
www.out.ac.tz.
• Dynamic Content: URLs can include
program identifiers and arguments,
enabling dynamic content generation.
• Components: consist of protocol, domain,
and optional path or query parameters.
 Uniform Resource Locators (URLs)…

• HTTP vs. HTTPS: Choose between HTTP for

standard communication and HTTPS for
secure, encrypted connections.
• Navigation: Users interact with URLs via web
browsers, either by typing or clicking links.
• Significance: Understanding URLs is crucial for
effective web navigation and resource access.
• Development Considerations: Developers
must structure URLs correctly for SEO and UX
purposes.
 Hypertext Markup Language
• Introduction to HTML:
• HTML (HyperText Markup Language) is a
fundamental technology for structuring web
content.
• It provides the backbone for designing user
interfaces through various elements and tags.
• Creating Forms:
• HTML allows developers to create interactive
forms for user input.
• Form elements such as text boxes, menus,
buttons, and checkboxes facilitate user
interaction.
 Hypertext Markup
Language…
• Database Communication:
• While HTML itself doesn't directly
communicate with databases, it plays a
crucial role in form submission.
• User input from HTML forms is sent to a
server-side script (e.g., PHP, Python) for
processing and database interaction.
 Form Submission and
Stylesheet
• Form Submission:
• Upon user interaction with HTML forms, form
data is submitted to a specified URL.
• The submission triggers server-side scripts to
process the data and generate dynamic
responses.
• Using Stylesheets (CSS):
• CSS (Cascading Style Sheets) complement
HTML by controlling the presentation and
layout of web pages.
• Stylesheets define visual attributes like colors,
fonts, spacing, and overall page layout.
 Webpage Display and
Significance
• Webpage Display:
• HTML content, styled by CSS, is rendered by web
browsers to create visually appealing web pages.
• Browsers interpret HTML and CSS instructions to
display content accurately to users.
• Significance of HTML:
• HTML is the backbone of the web, facilitating the
creation of structured and interactive user
interfaces.
• It enables seamless communication between
users and web applications, forming the
foundation of modern web development.
14
 Web Servers and Sessions
• Web Server Functionality:
• A web server is a program installed
on a server machine that handles
requests from web browsers and
delivers HTML documents as
responses.
• Communication between the
browser and web server occurs via
the HTTP protocol.
 Web Servers and
Sessions…
• Executing Programs:
• One of the key features of web servers is the
ability to execute programs based on user
requests, generating dynamic HTML content.
• These programs can interact with databases
through protocols like ODBC and JDBC to
retrieve or store data.
• ODBC (Open Database Connectivity) and
JDBC (Java Database Connectivity) are two
popular APIs used to connect applications
with databases, allowing them to interact
with relational databases.
 Web Application
Architecture
• Three-Layer Architecture:
• Traditionally, web applications were
built using a three-layer architecture
consisting of a web server,
application server, and database
server.
• This architecture, while providing
flexibility, incurs higher system
overhead due to multiple layers.
Three-Layer Web
Architecture
 Web Application
Architecture
• Transition to Two-Layer
Architecture:
• Nowadays, most web applications
adopt a simpler two-layer architecture
where the application program runs
within the web server itself.
• This streamlined architecture reduces
overhead and simplifies development.
Two-Layer Web
Architecture
 Understanding Sessions
• Connectionless Nature of HTTP:
• HTTP is inherently connectionless, meaning each
request from the client to the server creates a
new connection.
• This contrasts with protocols like ODBC and JDBC,
which establish continuous sessions.
• Importance of Sessions:
• Despite the connectionless nature of HTTP, web
applications often require session information for
user interaction.
• Session information includes user identifiers,
preferences, and authentication data.
 Session Management with
•
Cookies
Cookie-Based Session Management:
• To maintain session information, web servers
utilize cookies stored at the client-side browser.
• Cookies contain session identifiers and other
relevant data, allowing the server to recognize
and track user sessions.
• Ensuring Security:
• Web applications implement various security
measures, such as authenticating users before
setting cookies.
• For higher security, sessions may be invalidated
after a time-out period or when users log out,
ensuring data confidentiality and integrity.
 Understanding Servlets
• What are Servlets?:
• Servlets are Java programs that extend the
functionality of web servers to generate dynamic
web content.
• They are server-side technologies used for handling
client requests, processing data, and generating
responses.
• Functionality:
• Servlets facilitate the creation of dynamic web
pages by dynamically generating HTML content
based on user requests.
• They can interact with databases, perform business
logic, and communicate with other web resources.
 Servlets Lifecycle
• Initialization:
• Servlets are initialized when the web server
starts or when the first request for the servlet is
received.
• Initialization involves loading the servlet class,
instantiating it, and invoking the init() method.
• Request Handling:
• When a client sends a request to the servlet,
the web server invokes the service() method of
the servlet.
• The service() method processes the request,
interacts with other components if needed, and
generates a response.
 Servlets Lifecycle..
• Destruction:
• Servlets are destroyed when the web server
shuts down or when the servlet container
decides to remove them from service.
• The destroy() method is invoked to perform
cleanup tasks before the servlet is removed
from memory.
 Servlets API
• javax.servlet Package:
• Servlets are part of the Java Servlet API, which is
defined by the javax.servlet package.
• This package provides interfaces and classes for
developing servlets, handling HTTP requests, and
managing servlet lifecycle.
• Key Interfaces:
• The Servlet interface defines methods for servlet
initialization, request handling, and destruction.
• Other important interfaces include ServletRequest,
ServletResponse, and ServletContext for handling
HTTP requests, responses, and managing servlet
context.
 Benefits of Servlets
• Platform Independence:
• Servlets are written in Java, making them platform-
independent and compatible with any operating system
or web server that supports Java.
• Performance:
• Servlets are efficient in handling multiple concurrent
requests due to their multithreading capabilities.
• They can be optimized for performance using
techniques like connection pooling and caching.
• Scalability:
Servlet-based web applications are highly scalable,
capable of handling increased traffic by deploying
additional servlet instances or using load balancing
techniques.
 Server-Side Scripting
Overview.
• Server-side scripting offers an easier method for
creating web applications compared to traditional
programming languages like Java or C.
• Scripting languages, such as Java Server Pages
(JSP), Active Server Pages (ASP), PHP, ColdFusion
Markup Language (CFML), and Ruby on Rails, allow
for the embedding of code within HTML
documents.
• These scripts are executed on the server before
delivering the web page to the client, allowing for
dynamic content generation, including database
interactions.
 Java Server Pages (JSP)
• Java Server Pages (JSP) allow HTML
programmers to mix static HTML with
dynamically generated HTML.
• JSP enables the embedding of Java code
within static HTML, simplifying the creation
of dynamic web pages.
• JSP scripts are translated into servlet code,
compiled, and executed on the server.
 Client-Side Scripting
Overview
• Client-side scripting involves embedding
program code in documents to enable
active web pages.
• Client-side scripts, executed on the user's
web browser, enhance user interaction and
speed up interaction with the web page.
• JavaScript is the most widely used client-
side scripting language, offering features
for form validation, dynamic HTML
manipulation, and asynchronous
communication with the server.
 Ajax and JavaScript
Libraries
• Ajax (Asynchronous JavaScript and XML) is a set of
web development techniques that allow web
pages to be updated asynchronously by
exchanging small amounts of data with the server
behind the scenes.
• JavaScript libraries, such as Yahoo's YUI library,
provide browser-independent ways to write
JavaScript code, ensuring compatibility across
different browsers.
• These technologies enable the creation of dynamic
web pages that fetch and display data from the
server without requiring full page reloads,
enhancing user experience and interactivity.
 Special-Purpose Scripting
Languages
• Besides general-purpose scripting languages like
JavaScript, there are special-purpose scripting
languages for specific tasks such as animation and
three-dimensional modeling.
• Examples include Flash and Shockwave for
animation, VRML for three-dimensional modeling,
and Flash for handling streaming video content.
• These specialized scripting languages cater to
specific needs, offering rich multimedia
experiences on the web.
 Application Architectures
Overview
• Large applications are often divided into several
layers to manage complexity effectively.
• The primary layers include the presentation/user
interface layer, the business-logic layer, and the
data access layer.
• These layers work together to process user
requests, handle business logic, and interact with
the underlying database.
Presentation/User Interface
Layer
• The presentation layer deals with user interaction
and can have multiple versions for different
interfaces, such as web browsers and mobile
devices.
• Conceptually, this layer is often structured based
on the model-view-controller (MVC) architecture.
• MVC separates the model (business logic), view
(presentation of data), and controller (handles user
actions), facilitating easier maintenance and
development of web applications.
 Business-Logic Layer
• The business-logic layer provides abstractions of
entities and actions on data, ensuring business
rules are enforced.
• It includes workflows for handling tasks involving
multiple participants and managing error
situations.
• Business logic ensures data integrity and
consistency in the application, implementing
various rules and workflows.
Data-Access Layer and Object-Relational
Mapping (ORM)
• The data-access layer serves as an interface
between the business-logic layer and the
underlying database.
• Object-relational mapping (ORM) automates
the mapping of data between object-oriented
programming languages and relational
databases.
• Systems like Hibernate provide ORM
functionality, mapping Java objects to
relational data and simplifying database
interactions.
 Web Services
• Web services enable access to data on the
web, facilitating communication between
applications.
• RESTful web services use standard HTTP
requests to execute function calls, with
parameters sent as HTTP request
parameters.
• XML or JSON encoding is often used for
data exchange between the server and
client
 Disconnected Operation
• Disconnected operation allows applications
to perform certain operations even when the
client is offline.
• Technologies like Gears and Adobe AIR
provide local storage, a local web server,
and support for parallel execution of
JavaScript, enabling rich functionality in web
applications without network connectivity.
• This functionality is useful for scenarios like
offline form filling and composing emails in
web-based email clients.
 RAD with HTML, MySQL, XAMPP, and
Notepad++
• Rapid Application Development (RAD)
accelerates software development through
iterative prototyping and minimal hand-
coding.
• We'll explore RAD implementation using
HTML for UI design, MySQL for database
management, XAMPP for local server setup,
and Notepad++ for coding
Implementation Techniques and Practical
Demonstrations
• RAD Methodologies: RAD emphasizes quick
iterations, prototyping, and user feedback to
streamline development.
• Toolstack Overview:
1.HTML: For creating dynamic and interactive user interfaces.
2.MySQL: For efficient database management and data
retrieval.
3.XAMPP: Local server environment for testing and
development.
4.Notepad++: Lightweight text editor with syntax
highlighting and code completion.
5.Goals: The goal is to achieve agility, productivity, and
faster time-to-market by leveraging RAD methodologies
and tools.
Techniques and Demonstrations:
1. MySQL for Database Interaction:
1.Set up MySQL database using XAMPP's phpMyAdmin
interface.
2.Create tables, define schemas, and insert sample data
with SQL queries.
3.Highlight the importance of seamless database
integration in RAD.
2. Integrating HTML with MySQL:
1.Retrieve data from MySQL database dynamically and
display it in HTML.
2.Use PHP to connect HTML frontend with MySQL
backend for CRUD operations.
3.Show practical examples of Create, Read, Update, and
Delete operations on database records.
 Techniques and Demonstrations…
3. Practical Usage of Notepad++ for RAD:
1.Utilize Notepad++'s features such as syntax
highlighting and code folding for efficient coding.
2.Showcase project management capabilities and
collaboration tools in Notepad++.
3.Highlight its role in facilitating rapid development and
iteration cycles.
Conclusion:
1.RAD with HTML, MySQL, XAMPP, and Notepad++ offers
a streamlined approach to software development.
2.Hands-on experience and practical demonstrations are
essential for mastering RAD methodologies and
achieving project success.
 Understanding Application
Security in DBMS
• Application security in Database
Management Systems (DBMS) is crucial for
safeguarding sensitive data and preventing
unauthorized access.
• It involves various measures beyond SQL
authorization to address vulnerabilities at
the application level.
Understanding Application
Security
• Key Security in DBMS
Concerns:
1.Authentication and Authorization:
1.Authentication verifies user identities, while
authorization controls access to resources.
2.Weak authentication mechanisms and inadequate
authorization can lead to unauthorized access.
2.Common Vulnerabilities:
1.SQL Injection: Attackers exploit input vulnerabilities
to execute malicious SQL queries.
•
 Understanding
Application Security in
DBMS
• Key Security Concerns:
1.Cross-Site Scripting (XSS): Malicious
scripts are injected into web
applications, compromising user data.
2.Password Leakage: Storing passwords in
plain text or weakly encrypted forms
poses security risks.
 Strategies for Secure Application
Development
• Preventative Measures:
1. SQL Injection Mitigation:
1.Use parameterized queries and prepared statements to
prevent SQL injection attacks.
2.Employ input validation and sanitization to filter out
potentially harmful inputs.
2. Cross-Site Scripting (XSS) Prevention:
1.Implement strict input validation and output encoding to
mitigate XSS vulnerabilities.
2.Utilize Content Security Policy (CSP) headers to restrict
execution of untrusted scripts.
Preventative Measures…
3. Password Security Practices:
1.Avoid storing passwords in clear text; utilize
cryptographic hashing algorithms and salted hashes.
2.Enforce strong password policies and educate users
on password hygiene to prevent password leakage.
4. Authorization Enforcement:
1.Implement role-based access control (RBAC) and fine-
grained authorization to limit user privileges.
2.Regularly review and update access control policies
to align with changing security requirements.
Additional Security Measures
5. Audit Trails for Tracking Changes:
1.Maintain comprehensive audit logs to track user activities
and database modifications.
2.Enable real-time monitoring and analysis of audit trails to
detect suspicious behavior and security incidents.
6. Data Privacy Protection:
1.Encrypt sensitive data at rest and in transit to mitigate data
breaches.
2.Adhere to privacy regulations such as General Data
Protection Regulation (GDPR) and Health Insurance
Portability and Accountability Act (HIPAA) to ensure
compliance and protect user privacy.
Conclusion
• Application security in DBMS requires a
proactive and multi-layered approach to
mitigate vulnerabilities and safeguard data.
• By implementing robust security measures
such as authentication, authorization, audit
trails, and data privacy protections,
organizations can enhance their security
posture and mitigate the risk of security
breaches and data compromises.
Encryption in Modern Database Management
Systems
• Encryption in DBMS involves securing sensitive data stored
in databases through cryptographic techniques.
• It ensures confidentiality and integrity, safeguarding against
unauthorized access and data breaches.
Importance of Encryption in DBMS:
• With the proliferation of cyber threats and data breaches,
encryption in DBMS is crucial for protecting sensitive
information such as personal data, financial records, and
intellectual property.
• Compliance with regulations such as GDPR, HIPAA, and for
Payment Card Industry Data Security Standard (PCI-DSS)
mandates the implementation of encryption to ensure data
security and privacy.
Modern Challenges and Solutions:
• Emerging technologies such as cloud
computing, IoT, and big data introduce
new challenges for data security in DBMS.
• Advanced encryption algorithms, access
controls, and key management practices
address these challenges, providing robust
protection for database systems.
Encryption Techniques in
DBMS
• Symmetric Encryption:
• In DBMS, symmetric encryption encrypts and decrypts data
using the same secret key.
• Common symmetric encryption algorithms include AES
(Advanced Encryption Standard) and DES (Data Encryption
Standard), offering strong encryption for database content.
• Asymmetric Encryption:
• Asymmetric encryption employs a pair of keys – public and
private keys – for encryption and decryption.
• RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve
Cryptography) are widely used asymmetric encryption
algorithms in DBMS for secure data transmission and
authentication.
Transparent Data Encryption
(TDE):
• TDE is a popular technique in DBMS that encrypts
data files, tablespaces, or entire databases at the
storage level.
• It provides seamless encryption without requiring
changes to applications or queries, offering strong
protection for data-at-rest.
Implementing Encryption in DBMS
• Data-at-Rest Encryption:
• Encrypts stored data on disk or in-memory to prevent
unauthorized access to sensitive information.
• DBMS platforms offer built-in features or third-party tools for
implementing data-at-rest encryption, ensuring compliance with
security standards.
• Data-in-Transit Encryption:
• Secures data transmitted between the database server and
client applications over networks.
• SSL/TLS protocols and VPN (Virtual Private Network) tunnels
encrypt data in transit, preventing interception and
eavesdropping by attackers.
Implementing Encryption in DBMS …
• Key Management and Access Controls:
• Effective key management practices, including key
generation, storage, rotation, and revocation, are essential
for maintaining encryption integrity.
• Access controls restrict database access to
authorized users and applications,
complementing encryption to enforce data
security policies.
Future Trends and
Considerations
• Homomorphic Encryption:
• Homomorphic encryption enables computations on encrypted
data, allowing queries and analysis without exposing sensitive
information.
• Its adoption in DBMS promises enhanced privacy and
confidentiality, especially in cloud-based environments.
• Quantum-Safe Cryptography:
• With the advent of quantum computing, DBMS may transition to
quantum-safe cryptographic algorithms to withstand quantum
attacks.
• Research and development in quantum-resistant encryption aim
to future-proof database security against evolving threats.
Future Trends and
Considerations…
• Integrated Security Frameworks:
• DBMS vendors are integrating comprehensive
security features, including encryption,
authentication, and auditing, into unified security
frameworks.
• These frameworks offer centralized management
and monitoring capabilities, streamlining
database security operations and compliance
efforts.
Relationship between User, Application
Program (Server-side), and Database
(MySQL)
 References
1. Korth, H. F., Sudarshan, S., & Professor, A. S.
(2019). Database System Concepts. McGraw-Hill
Education. ISBN 9780078022159.

2. Coronel, C., & Morris, S. (2018). Database

Systems: design, implementation, &

management. Cengage Learning. ISBN-13 978-

0128043998
Thank you

The End

60