Wayne State University
College of Lifelong Learning
Interdisciplinary Studies Program, Fall, 1999
http://www.cll.wayne.edu/isp/drbowen/internet
Instructor email: d.r.bowen@wayne.edu
Instructor tel (WSU) (313) 577-1498 / (Home) (248) 549-8518		 eCommerce: Using the Web to Find and Service Customers
AGS 3360 Section 986 Call Number 99882
or ISP 5500 Section 982 Call Number 90569

Last updated: 12/18/99
Link back to course Welcome

Agenda for eCommerce Class #6
December 15, 1999

  1. Details
    1. Viruses and virus hoaxes
      1. A computer virus is a computer program that can (a) damage information on a computer, and (b) spread from computer to computer. Simple documents or email messages are not programs and cannot be viruses. Viruses can be spread via email executable attachments such as *.exe files; the virus is not activated by reading the message or by saving the executable, but by executing or running the file, for example by double-clicking on it in Windows Explorer. Macros contained in a Word, Excel or Access file are executable programs and can also be viruses. By default, modern versions of these Office programs detect macros and ask if you want to disable macros before opening files with macros. In MS Word 97, to turn this option on, choose the menu item Tools / Options, then the General tab, and finally make sure that the option "Macro virus protection" is checked (enabled). Be aware that this is not really macro virus protection, but turns on the warning that a document contains a macro that might contain a virus. Only a virus protection program can provide real protection against viruses, and then only if you keep it up to date (see below). MS Outlook has also had many virus problems, because (a) it has a macro language and (b) as an email client it usually has access to the Internet and can spread itself that way. Macro viruses are more often nuisances than outright destructive programs, because macro languages are generally not able to do a whole lot. Of course, overloading a network by flooding it with email messages can be pretty bad. I do not know the current state of MS Outlook's being made virus-safe. It is a good idea to turn on the macro warning for any program that has a macro language. Recently, with the Babylonia virus, it has been demonstrated that Windows help files (extension .hlp) can also contain a virus. The following types of files can contain viruses:
        1. .exe
        2. .com
        3. .dll
        4. .doc, .dot (Word)
        5. .xl* (Excel)
        6. .mdb (Access)
        7. .hlp (Windows help)

        One additional point: corporate computers are extensively connected by LANs, and therefore make it easier for viruses to spread. Virus writers know this, and most viruses are found on corporate computers. Viruses on home computers are less common, but on the other hand, home computers do not have the extensive technical support, so viruses are harder to repair. Up-to-date virus protection programs (see #3 below) are important whether at home or at work.

      2. Virus hoaxes are false warnings about computer viruses. Why do this? Creating a good virus can be difficult and can land you in jail. Creating a virus hoax is easy, and you probably would not go to jail if caught. And you can write a good scary email and sit back and watch it spread. Many virus hoax messages simply make small changes in a previous hoax and resend. I have gotten several virus hoax notices in these classes; hence this topic. A virus that destroys its host computer, or deletes all the files on its hard drive, cannot spread itself after it does that. Any notice of a virus that will destroy all of the files, destroy the computer, or something like that, is probably a hoax. A favorite phrase is that IBM, or AOL, or IBM and AOL, have verified that this hoax does all of those terrible things.
      3. Viruses can damage or delete files, and cause other grief. The best defense is a good anti-virus program and up-to-date virus definition data files for that program. McAfee, IBM and Norton are all well-recognized. A program that reminds you periodically to update data files and will update at no cost, over the Internet makes updating much easier. A good virus program should check email messages, documents, and Internet downloads as they are happening, in addition to periodically scanning all disks. It is important to update both the virus detection program ("engine") and its data files regularly. Also, older versions of virus programs may not be capable of checking for newer types of viruses such as Word macro viruses.
      4. To check out notices of viruses and hoaxes, I like the following web sites:
        http://www.av.ibm.com/BreakingNews/VirusAlert/
        http://www.av.ibm.com/BreakingNews/HypeAlert/
        http://www.mcafee.com/centers/anti-virus/default2.asp
        http://vil.mcafee.com/hoax.asp
        Network Associates (McAfee) http://vil.nai.com/villib/alpha.asp
        Computer Incident Advisory Capability (CIAC - US Department of Energy antivirus site) http://ciac.llnl.gov (find other anti-virus links here)
        CIAC Virus Hoax page http://ciac.llnl.gov/ciac/CIACHoaxes.html
  2. Schedule
    1. Lab open
      1. 11/24: 4 - 10 PM (day scheduled as a Friday)
      2. 12/1: 4 - 6 PM
      3. 12/8: 4 - 10 PM
      4. Also see lab schedule on class web site
    2. Last class on 12/15 - Final Report and working web site due
    3. Final Report should contain:
      1. Final information contained in first two reports, whether or not it has been changed.
      2. Specific and detailed descriptions of what each team member did for the team web site.
      3. Tracing an actual order placed by a team member through the process, as a narrative. A chronolgical description of what the user does, what the user's web browser does, what the web server does, and what the iHTML system does, as well as any other people and/or systems involved in the process.
      4. How the consumer issues presented during the course (e.g. Privacy and Security) are dealt with on your web site.
      5. How information and issues from the Kosiur and Seybold readings is reflected in the team web site.
      6. Reviews of the other Team web sites
    4. Business Plan Vs Business Process
      1. Business Plan is basically who does what and how much it costs
      2. Business Process is how does an order get processed, including computers and people
    5. In order to prevent people coming in from the outside and ordering, I will password protect the eCommerce web sites tomorrow (Thursday 11/18) - actually not done until 12/15.
      1. User Name = Internet
      2. Password = stustu
      3. No change in uploading
  3. eCommerce computer processing
    1. How HTML forms get processed
    2. CGI = Common Gateway Interface, a computer protocol - the "glue" that binds the form and the information processing / storage
    3. The process:
      1. Browser collects information that the user enters on the form and sends it to web server
        1. The information is everything between the <form> and </form> tags that enclose the button
        2. Form method is nearly always "POST", otherwise the user's information could be truncated
        3. Also included is the "action" which must resolve to an executable program that acts on the form data
          1. fls.exe, uploade.exe or $webb.exe - directly an executable program, can be written in any language that can run on that computer, such as Visual Basic, C, C++, Pascal
          2. mailer.iht - the CLL web server has been told how (i.e. configured) to process this by calling iHTML.DLL and having it process the iht text file
        4. The executable program is called the "CGI program" or "Gateway" program (nothing to do with an Internet Gateway or with Gateway computers)
      2. Web server receives the form information, starts the CGI program and passes the form information to it, along with a lot of other information available to the web server
      3. CGI program
        1. May (as written by the programmer)
          1. Store the data in a text file, a database file, or any other type of file
          2. Perform calculations, e.g. total cost, sales tax
          3. Take any other action e.g. upload a file, send an email
        2. Must
          1. Receive and decode the information from the web server
          2. Prepare a response HTML file in a folder specified by the web server, with a file name specified by the web server
          3. Stop, and signal the web server that it is stopping
      4. When the web server sees that the CGI program has stopped, it gets the response file and sends it to the user
    4. CGI processing is called "interactivity" in web-speak. All other HTML is processed entirely by the web server and is called "passive". Any intelligence in the web comes through the intelligence programmed into CGI programs. Each one is different. When people speak about making the web smarter, mostly they are talking about taking the capacities of popular CGI programs and putting them directly into the HTML specification (XML).
    5. SQL - Structured Query Language or "sequel". This is a common language for storing, changing and extracting information from databases. The same SQL code can be used with any SQL-compliant database, such as Access, Oracle, Foxpro, FOCUS, Banner, MySQL, Sybase, DB2, etc.
    6. ODBC - Open DataBase Connectivity. Includes SQL, but is also has standard methods for referring to, opening, closing, and running programs in database systems. Includes DSN, or DataSet name, a generic way of referring to a database. Also has a generic database language that goes beyond SQL, and includes scripting as well
    7. In this course, iHTML put the form data into the database
  4. What we did
    1. Setting up a business
    2. Structuring and creating a basic eCommerce web site
      1. What is the information to be conveyed
      2. Best structure for that information
      3. Serving users
    3. Web interactivity -- getting and responding to form data using iHTML. You understand the kernel here.
      1. There must be a program back at the web server to connect the form information to a data file. There are many programming systems that are used for this.
        1. Used in this course
        2. Online Math Tutor
        3. Putting WSU catalog on line
        4. Yahoo and web searching
        5. Customizing web sites for users
        6. Online income tax forms
      2. www.ihtml.com
        1. Have a full-blown eCommerce web site with a shopping cart built in. Configure it using web forms. Looked like there could be only one.
      3. Others are
        1. Cold Fusion
        2. FrontPage
        3. C, C++
        4. Perl
        5. PHP (new)
        6. Netscape Enterprise Server
        7. Microsoft Internet Information Server with Backoffice
        8. Java (on client side) and Java Script
      4. All require something to be installed on the web server (except Java, JavaScript other scripting languages VBScript)
      5. Mechanism is very common - define non-HTML custom tags, preprocess the file, remove the custom tags. Sometimes the tags result in replacing them with other information, e.g. :FName
      6. Review Customers.com
      7. Frustrations and rewards of programming
    4. Databases, SQL, ODBC
  5. Things gone wrong
    1. Not enough early emphasis on filenames
    2. Not drawing clear enough lines between
      1. Standard HTML as defined by World Wide Web Consortium
      2. HTML extensions such as those from MS FrontPage
      3. MS Word functions that do not translate into HTML
      4. Netscape Navigator Vs Internet Explorer
      5. Different versions of HTML
      6. Different versions of browsers
    3. Too much time spent on designing business philosophy and static web site, relative to interactive part
    4. Needed simpler assignments to get started early
      1. Using each type of form input
      2. Small iHTML examples
    5. Examples for iHTML did not work at first, and did not cover important cases
      1. Email server must have a compatible protocol (did not work with AOL)
      2. iHTML uses POP3 protocol for email
    6. Instructor should have been invovled in assisting with debugging earlier
  6. What we didn't do
    1. Graphics - the sizzle, but we got the steak - enable users
    2. Full job on SQL -- need this for connecting forms, for example
      1. Extract list from tablename where condition
        Example: Suppose we have a database field called InvoiceNumber, and two forms for an order. We need to connect the two form submissions with that Invoice Number. The Invoice Number is assigned by Access using automatic numbering when processing the iht file for the first form.
        1. Get the invoice number after Access generates it when the information is stored by
          SQL="select InvoiceNumber from Customer where LastName=:LName"
          Form name = LName, database field = LastName
        2. Put invoice number in second form as a hidden field, before sending it out
          SQL="input type="hidden" name="invoice" value=':i_sql_InvoiceNumber'"
        3. Get customer information back from the database when the second form is submitted
          SQL="extract * from Customer where InvoiceNumber=':invoice'"
      2. Also we can update fields in a record, for example to retotal a customer's total sales figure for his/her latest purchase, without generating a new record.
        SQL="extract TotalSales from Customer where LastName=':LName'"
        <iEQ name="TotSales" value=<iEVAL expr="TotSales + Total">>
        Then update
        SQL="update TotalSales=":TotSales" where LastName=':LName'"
    3. Credit card validation
    4. Security - Public key / Private key encryption -- all happens without intervention from the user - part of shttp - Make links using shttp instead of http. Secure HTTP. Broken key at bottom left of Netscape is whole.
      BroknKey.gif (1478 bytes)
      1. Web server sends public key along with form.
      2. Browser uses public key to encrypt (scramble) credit card number before sending it back. Message can be intercepted but not understood, because it is encrypted.
      3. Web Server uses private key to decrypt (unscramble) message. Conclusion can be drawn that credit card number was not corrupted or hacked into, because otherwise the private key would not decrypt it.
      4. Keep files in folders that the web server cannot get to - CGI program can, but not web server directly
      5. Should probably encrypt customer data files
  7. Questions and comments
  8. Evaluation