Last updated: 11/4/03
Link back to course Welcome

Agenda for Class 10 on November 4 (eCommerce only)

1. Our main business tonight will be the guts of this course:
   1. Creating the order form
   2. Creating the ASP page to process the order
   3. Creating a table and fields in the database to hold the order information
2. Reminder of what you should be doing online on a regular basis -- these are part of the grade
   1. Signin, from the lab, only on days for the class(es) you are taking
   2. Weekly course report (if you are taking both classes, a single report will do)
   3. Conference postings (one for eCommerce, two for Computers, the Internet, and Society, three if you are taking both)
   4. Not required, but do it anyway - check your email on at least a weekly basis. Don't have email: use hotmail - it's easy and free. See me if you need help.
   5. Developing rest of eCommerce web site - static web pages
3. In the news:
   1. New York Times 10/27/03, Business C4. Online retailers are gearing up for the holidays. A survey by Forrester research says that web commerce is improving. Many corporations have "usability teams" that are beginning to branch out to brick and mortar stores also, for example to make sure that all clerks have maps for advising people who call wanting directions. For example, it is easier to find what you want, and more surfers become customers these days. However, Forrester Research says that many web sites do not show the customer the full range of products that is available, soon enough. As an example, Dell computer sells services, but many of its customers went elsewhere until the web site was redesigned.
   2. New York Times 10/22/03 Business Pg C3. Amazon.com is now generating real profits regularly, as a result of price cuts, new product lines (selling online for other merchants) and selling worldwide.
   3. New York Times 10/26/03 Business Section 3 Pg 1. Silicon Valley is on the uptick again. Actually, companies that had techies at the helm, instead of MBAs, have a fairly good track record at surviving the bubble. Actual businesses and a real shot at making profits are requirements now.
4. Web security
   1. Users care about the security of their information, and online merchants must respond to this.
   2. Proprietary Vs public standard security
   3. Symmetric encryption - same key to encode and decode - will not work for Internet encryption
   4. Asymmetric, or public key / private key
      1. How an Internet merchant uses this
      2. How a private person could use this
   5. Prime numbers and keys
      1. Estimate from Ron Rivest, the "R" in the RSA Algorithm, the most popular security algorithm:
         In 2000, with $25,000 to spend, you could crack a single 425-bit key (128 decimal digits) and with $25 million you could crack a single 619-bit key (186 decimal digits). As computing power Vs price increases, in the year 2020, the person with $25,000 to spend could crack a single 515-bit key (155 decimal digits), and with $25 million could crack a single 799-bit key (240 decimal digits). Since the current standard is 512 bits (154 decimal digits) with a transition to 1024 bits (307 decimal digits), the white hats should stay comfortably ahead of the black hats.
   6. Security of information after it has been securely transported to the merchant (Dyson, Release 2.1)
   7. Digital certificates
      1. Given by a certificate authority for an annual fee (Verisign, Thawte)
      2. Contains public key of merchant, and public key of certificate authority, who is vouching for the merchant, plus expiration date of certificate, and other identifying information about merchant.
   8. Blowfish demo. Unencrypted
      
      This is a demonstration file for encryption, as implemented in Blowfish. Now the file is not encrypted and it can be read by anyone. If there was confidential information in this file, and someone got hold of the computer, they could read the information. Even supposing that the file was pass3word protected, someone could conceivably bypass the encryption part of a program, or use a program that bypassed passwords, and see this information. But if the file itself is encrypted, that still wouldn't do them any good, because they wouldn't be able to read the information even if they could open the file.

      Blowfish encrypts a file using a passphrase that I choose. This is both a password for the decryption part of Blowfish, and the phrase that is used to encrypt with (the encryption key). I will use the passphrase "Baby it's cold outside." In Blowfish, the passphrase is case-sensitive.
       

   9. Encrypted
      Ò*&mcœØçShñw'ü_KC‑æˆd%ïeDvèI¸“7mÌW©õg“7mÌW©õg“7mÌW©õg“7mÌW©õg“7mÌW©õg“7mÌW©õg“7mÌW©õg“7mÌW©õgš]˜~ÛQáW±e¬“d
5. Working on eCommerce web sites
   1. Information has a name and a value. Name is given by the developer (you). Value is what the customer types in on the web form.
      1. Value for some information can be calculated from form data
      2. Value for other information can be from the server - date and time
   2. Design for order form - must know what products you are going to sell, what information you need to get from user, what name (called the "field name") you will give to each piece of information from the user
   3. Divide information into small pieces, easier to recombine than to split up. For example, split name into first, initial and last, and split address into Street Address, City, State and Zip Code.
   4. If not already done, make order form using Netscape Composer
      1. Order form will be a table within <form> and </form>
      2. <form action="[ProcessOrder.asp]">
      3. Next (before table) comes hidden fields with product costs - the ASP page is MUCH easier this way. One hidden field for each product, example for cost of Product1 shown below
         1. <input type="hidden" name="[Cost1]" value="[5.25 or other cost]">
      4. Make a table with two columns and one row for each piece of information that the customer will enter
         1. For each row, left column has what the customer will enter, right column has the input box
         2. <input name="[field name]" type="text" size="[50]">
      5. <input type="submit" value="[Send My Order in]">
      6. </form>
   5. Database
      1. A database has one or more tables to hold information - yours will have one
      2. Each table has zero or more records (rows) - your will have one record for each order
         1. A record or row contains all of the information for a given case, such as an order
         2. A field holds one piece of information, e.g. Order Number, Date, Time, etc.
      3. BIG advantage of a database - can go straight to the desired record without reading through the whole file - needs at least one key to do this - a primary key
      4. Database - go to eCommerce Database handout
         1. FTP database from www2.is.wayne.edu, in "Dum" folder, save it
         2. Open database in Access
         3. Make new table in Design view
         4. First field is "Order_Number", type is Number, click on Key icon to make it a primary key
         5. When you close the table, you will be asked if you want to save it, and what the table name is - you do want to save it and the table name must match the name in the ASP file (rsOrder.Open statement)
         6. Close Access and FTP your database back to "Dum" folder. You may want to reopen your database and table in Design View as a reference for working on your ASP page. 
   6. Processing the order
      1. A starting ASP page, should do most of what you want.
      2. Starting ASP page - ProcessOrder.txt
         1. You must change name of ProcessOrder.txt to ProcessOrder.asp
         2. You must edit ProcessOrder.asp to change information in square brackets [] to match your the names on your order form, then remove the square brackets [].
   7. Design for ASP response page - file name must match action field in form
      1. Calculate order subtotals and total cost
      2. Save information in database
      3. Write response page
      4. Write email
      5. ASP page sequence for storing information in database
         1. Create a connection to the database - prefix cn, cnConnect
         2. Create a recordset - mirror of current records from database in RAM - prefix rs, rsOrder
         3. Put information in recordset
         4. Update recordset information into database
         5. After this, the information also stays in the recordset, and you can use information in the recordset for the response and email

What has to match