Assignments
101
Sameer Mohammed Omar Ali B.Sc.-IT (New) - Semester 5 RN:540811612 LC:2531
-
Upload
sameersyemennetye -
Category
Documents
-
view
82 -
download
1
description
SMU Assignments sem 5
Transcript of Assignments
Sameer Mohammed Omar AliB.Sc.-IT (New) - Semester 5
RN:540811612LC:2531
Root
IT MBA
MCA Finance MarketingBSc-IT
UNIX
BT0051 – UNIX Operating System
(Book ID: B0584)
Assignment Set – 1
1- Using the following Directory tree structure, if IT is your Home directory,:
Which command do use to navigate to: Bsc-IT directory?
cd BSc-IT
Which command is used to display your current directory?
pwd
Which command is used to directly navigate to root directory from BSc-IT directory?
cd /
Which command is used to create a new directory in BSc-IT called UNIX?
mkdir UNIX
2- Use cat command to:
Display text “Welcome Home” on your screen
Redirect the text “Welcome Home” to file called file-1
Append text “Friends” to the contents of file-1
$ cat >file-1
Welcome Home
Crlt +d
$ Cat >>file-1
Friends
Crlt +d
3- Which command is used to search following patterns in file by name file-1: “TENDULKAR,” “tendulkar,”
“TeNdUlKar”?
$ cat file-1|grep TENDULKAR
$ cat file-1|grep tendulkar
$ cat file-1|grep TeNdUlKar
You can search with grep –I since spelling is same and with grep –I it ignores case-senstive.you can also create
patterfile and you can use grep –F patternfile
BT0051 – UNIX Operating System
(Book ID: B0584)
Assignment Set – 2
1- Define Process. Which is the command used to find out currently executing Process in UNIX?
A process is an instance of running a program. If, for example, three people are running the same program
simultaneously, there are three processes there, not just one. In fact, we might have more than one
process running even with only person executing the program, because (you will see later) the program
can “split into two,” making two processes out of one.
Keep in mind that all Unix commands, e.g. cc and mail, are programs, and thus contribute processes to the
system when they are running. If 10 users are running mail right now, that will be 10 processes. At any
given time, a typical Unix system will have many active processes, some of which were set up when the
machine was first powered up. Every time you issue a command, Unix starts a new process, and suspends
the current process (the C-shell) until the new process completes (except in the case of background
processes). Unix identifies every process by a Process Identification Number (pid) which is assigned when
the process is initiated. When we want to perform an operation on a process, we usually refer to it by its
pid. Unix is a timesharing system, which means that the processes take turns running. Each turn is a called
a timeslice; on most systems this is set at much less than one second. The reason this turns-taking
approach is used is fairness: We don’t want a 2-second job to have to wait for a 5-hour job to finish, which
is what would happen if a job had the CPU to itself until it completed.
When you execute a program the scheduler submits your process to a queue called process queue. At this
instant the process is said to be in submit state. Once submitted the process waits its turn in the queue for
some time. At this stage the process is said to be in hold state. As the process advances in the queue at
some instant it would become the next one in the queue to receive CPU attention. At this stage it is in
ready state.
Finally the process gets the attention of CPU and starts getting executed and thereby attains the run state.
In the middle of this execution it might so happen that the time slice allotted to this process gets over and
the CPU starts running another process. At such times the old process is returned to the ready state and is
placed back in the process queue. As the CPU diverts its attention to the new process all the necessary
parameters of the old process are saved for retrieval when its next time slice arrives. The old process will
now be in ready state waiting for its next time slice to arrive.
Some processes might be required to do disk input/output. Since I/O is a slow operation the CPU can’t lie
idle till the time I/O is over. Therefore, such processes are put in wait state until their I/O is over and are
then placed in the ready state.
A process whose execution comes to an end goes into complete state and is then removed from the
process queue.
The Command used to find out currently executing Process in UNIX is ‘ps’command.
Example:
To see which processes are running at any instant just type ps and hit enter.
$ps
PID TIY TIME COMMAND
2269 3a 0.05 sh
2396 3a 0.00 ps
The meaning of the column titles is as follows:
PID process identification number
TIY controlling terminal of the process
TIME amount of CPU time the process has acquired so far
COMMAND name of the command that issued the process
Unix assigns a unique number to every process running in memory. This number is called process ID or
simply PID. The PIDs start with 0 and run upto a maximum of 32767. When the maximum number is
reached it starts counting all over again from 0 onwards.
The output of ps shows the PIDs for the two processes being run by us when ps was executed. The output
also shows the terminal from which the processes were launched, the time that has elapsed since the
processes were launched and the names of the processes.
The first process running at your terminal is sh. This stands for Bourne shell. This process is born the
moment you login and dies only when you log out of the system. The other process that is running is ps
itself. This process was obviously running when ps took the snapshot of memory to determine which
processes were running.
2- What is the output of :
$ ps-e
$ ps-a commands
The output of $ps-e (-e stands for every process running at that instant.) are:
PID TTY TIME COMMAND
O ? 0:00 sched
1 ? 0:01 init
2 ? 0:00 vhand
3 ? 0:00 bdflush
487 01 0:01 sh
288 02 0:01 sh
$ ps-a commands
The output of $ps-a (-a standing for processes of all the users.) are:
$ ps –a
PID TTY TIME COMMAND
2269 3a 0.05 sh
2396 3a 0.00 ps-a
2100 3b 0.00 sh
2567 3b 0.00 vi
3- Which command is used to transfer a Foreground process to Background? Give one example.
To run a process in the background, Unix provides the ampersand (&) symbol. While executing a
command, if this symbol is placed at the end of the command then the command will be executed in the
background. When you run a process in the background a number is displayed on the screen.
This number is nothing but, the PID of the process that you have just executed in the background. For
example;
$ sort employee.dat > emp.out &
17653
$
The task of sorting the file employee.dat and storing the output in emp.out has now been assigned to the
background, letting the user free to carry out any other task in the foreground.
4- Say you have three Process P1, P2 and P3 running in background. You want to assign priorities to them,
which command is suitable give its syntax?
Processes in the UNIX system are usually executed with equal priority. This is not always desirable since
high-priority jobs must be completed at the earliest. UNIX offers the nice command, which IS Used with
the & operator to reduce the priority of jobs. More important jobs can then have greater access to the
system resources (being “nice” to your neighbors).
To run a job with a low priority, the command name should be prefixed with
nice P1 -1 uxmanual &
Nice value range from 0 to 39, and commands run with a nice value of 20 in the Bourne shell, a higher nice
value meaning a lower priority. nice reduces the priority of any process by 10 units, raising its nice value to
30. The amount of reduction can also be specified with the–n option:
nice –n 15 wc -1 uxmanual&
5- Which command is used to:
Fetch names from a file Name.txt sort them and remove any duplicate entries.
$ sort –u Name.txt
6- Which commands are used to carry out following operations in vi- Editor:
a. To save a file
:w
b. To start editing a file
:e filename
c. To save and Quit a file
:wq
d. To quit without saving (Forced quit)
:q!
BT0052 – Client Server Architecture
(Book ID: B0036)
Assignment Set – 1
1- Distinguish CISC and RISC.
CISC:- Pronounced ‘sisk’, and stands for Complex Instruction Set Computer. Most PC's use CPU based on
this architecture. For instance Intel and AMD CPU's are based on CISC architectures. Typically CISC chips
have a large amount of different and complex instructions. The philosophy behind it is that hardware is
always faster than software, therefore one should make a powerful instruction set, which provides
programmers with assembly instructions to do a lot with short programs.
In common CISC chips are relatively slow (compared to RISC chips) per instruction,
but use little (less than RISC) instructions.
RISK:- Pronounced ‘risk’, and stands for Reduced Instruction Set Computer. RISC chips evolved around the
mid-1980 as a reaction at CISC chips. The philosophy behind it is that almost no one uses complex
assembly language instructions as used by CISC, and people mostly use compilers which never use complex
instructions. Apple for instance uses RISC chips. Therefore fewer, simpler and faster instructions would be
better, than the large, complex and slower CISC instructions. However, more instructions are needed to
accomplish a task. Another advantage of RISC is that - in theory - because of the more simple instructions,
RISC chips require fewer transistors, which makes them easier to design and cheaper to produce.
2- Write a short note on Asynchronous Transfer Mode of transmission.
ATM is cell and multiplexing technology that combines the benefits of dedicated circuits (invariant
transmission delay and guaranteed capacity) with those of packet switching (flexibility and efficiency for
intermittent traffic). The fixed length of ATM’s cells(53 bytes—48 bytes for the “payload” and 5 bytes for
headers)facilitates high speed implementation that can support isochronous (time critical) application such
as video and telephony with constant flow rates, in addition to more conventional data communications
between computers where fluctuation in packet arrival rates typically not problematic (7). ATM standards
define a board range of bandwidths – from 1.5 mbps (via t1 or DS1) to 622 mbps (OC -12) and above – but
most commercially available ATM products currently provide 155.52 mbps (OC—3 ) or 100 mbps (TAXI).
ATM is currently implemented over fiber connections to and various twisted pair wiring alternatives. All
devices in an ATM network attach directly to an ATM switch. Multiple ATM switches can be combined in a
fabric sometimes called an “ATM cloud” and virtual circuits can be dynamically created between any two
nodes on one or more ATM switches so long as the switch can handle the aggregate cell transfer rate,
additional connections to the switch can be made.
3- Explain various client/server applications using Java.
The Unix input/output (I/O) system follows a paradigm usually referred to as Open-Read-Write-Close.
Before a user process can perform I/O operations, it calls Open to specify and obtain permissions for the
file or device to be used. Once an object has been opened, the user process makes one or more calls to
Read or Write data. Read reads data from the object and transfers it to the user process, while Write
transfers data from the user process to the object. After all transfer operations are complete, the user
process calls Close to inform the operating system that it has finished using that object.
When facilities for Inter Process Communication (IPC) and networking were added to Unix, the idea was to
make the interface to IPC similar to that of file I/O. In Unix, a process has a set of I/O descriptors that one
reads from and writes to. These descriptors may refer to files, devices, or communication channels
(sockets). The lifetime of a descriptor is made up of three phases: creation (open socket), reading and
writing (receive and send to socket), and destruction (close socket). The IPC interface in BSD-like versions
of Unix is implemented as a layer over the network TCP and UDP protocols. Message destinations are
specified as socket addresses; each socket address is a communication identifier that consists of a port
number and an Internet address. The IPC operations are based on socket pairs, one belonging to a
communication process. IPC is done by exchanging some data through transmitting that data in a message
between a socket in one process and another socket in another process. When messages are sent, the
messages are queued at the sending socket until the underlying network protocol has transmitted them.
When they arrive, the messages are queued at the receiving socket until the receiving process makes the
necessary calls to receive them.
TCP/IP and UDP/IP communications
There are two communication protocols that one can use for socket programming: datagram
communication and stream communication.
Datagram communication
The datagram communication protocol, known as UDP (user datagram protocol), is a connectionless
protocol, meaning that each time you send datagrams, you also need to send the local socket descriptor
and the receiving socket's address. As you can tell, additional data must be sent each time a
communication is made.
Stream communication
The stream communication protocol is known as TCP (transfer control protocol). Unlike UDP, TCP is a
connection-oriented protocol. In order to do communication over the TCP protocol, a connection must
first be established between the pair of sockets. While one of the sockets listens for a connection request
(server), the other asks for a connection (client). Once two sockets have been connected, they can be used
to transmit data in both (or either one of the) directions.
Now, you might ask what protocol you should use -- UDP or TCP? This depends on the c1ienUserver
application you are writing. The following discussion shows the differences between the UDP and TCP
protocols; this might help you decide which protocol you should use.
4- How will you develop a simple web client in Java using Sockets?
import java.io.*;
Import java.net.*;
Public class webc
{
try
{
Socket cSock1=new Socket (“cecasum.utc.edu”, 80);
System.out.println(“Client1: “ + csock1);
getPage(csock1);
}
Catch (UnknownHostException e)
{System.out.println(“UnknownHostException : “ + e);
}
Catch (IOException e)
{System.err.println(“IOException: “ + e);
}
}
Public static void getPage(Socket csock)
{
{
DataOutputStream
outbound=new
DataOutputStream(cSock.getOutputStream());
DataInputStream inbound=new DataInputStream(cSock.getInputStream());
Outbound.writeBytes(“Get /~cslab/cpsc591/test.htmHTTP/1.0\r\n\r\n”);
String responseLine;
while((responseLine=inbound.readLine()) !=null)
{System.out.println(responseLine);
If(responseLine.indexOf(“</HTML>”) !=-1)
Break;
}outbound.close();
inbound.close();
cSock.close();
}
Catch(IOException ioe)
{
System.out.println(“IOException: “ + ioe);
}
}
}
5- Explain TCP/IP Protocol in detail.
TCP, an acronym for Transmission Control Protocol, corresponds to the fourth layer of OSI reference
model. IP corresponds to the third layer of the same model. Each of these protocols has the following
features:
TCP: It provides a connection type services. That is a logical connection must be established prior to
communication. Because of this, continuous transmission of large amount of data is possible. It ensures a
highly reliable data transmission for upper layer using IP protocol. This is possible because TCP uses
positive acknowledgement to confirm the sender about the proper reception of data. A negative
acknowledgement implies that the failed data segment needs to be retransmitted. The TCP header
includes both source and destination port fields for identifying the applications for which the connection is
established. The sequence and acknowledgement Number fields underlie the positive acknowledgement
and retransmission techniques. Integrity checks are accommodated using the checksum field.
IP: It is connectionless type service and operates at third layer of OSI reference model. That is, prior to
transmission of data. No logical connection is needed. This type of protocol is suitable for the sporadic
transmission of data to a number of destinations. This has no functions like sequence control, error
recovery and control, flow control but this identifies, the connection with the port number.
6- Explain Remote Procedure Call in detail.
Remote Procedure Call (RPC) is a client/server infrastructure that increases the interoperability,
portability, and flexibility of an application by allowing the application to be distributed over multiple
heterogeneous platforms. It reduces the complexity of developing application that span multiple
operating systems and network protocols by insulating the application developer from the details of
the various operating system and network interfaces-function calls are the programmer’s interface
when using RPC.
To access the remote server portion of an application, special function calls, RPCs, are embedded,
within the client portion of the client/server application program. Because they are embedded, RPC do
not stand alone as a discreet middleware layer.
RPC increases the flexibility of an architecture by allowing a client component of an application to
employ a function call to access a server on remote system. RPC allows the remote component to be
accessed without knowledge of the network address or any other lower-level information. Most RPCs
use a synchronous, request-reply (sometimes referred to as “call/wait”) protocol which involves
blocking of the client until the server fulfils its request. Asynchronous (“call/wait”) implementations are
available but are currently the exception.
RPC can be implemented in two ways:
1. Within a broader, more encompassing propriety product
2. By a programmer using a proprietary tool to create client/server RPC stubs.
RPC is appropriate for client/server applications in which the client can issue a request and wait for the
server’s response before continuing its own processing. Because most RPC implementations do not
support peer-to-peer, or asynchronous, client/server interaction, RPC is not well-suited for applications
involving distributed objects or object-oriented programming.
Asynchronous and synchronous mechanisms each have strength and weaknesses that should be
considered when designing any specific application. In contrast to asynchronous mechanisms
employed by Message-Oriented Middleware, the use of a synchronous request-reply mechanism in
RPC requires that the client and server are always available and functioning. In order to allow a
client/server application to recover from a blocked condition, an implementation of a RPC is required
to provide mechanisms such as error, messages, request timer, retransmission, or redirection to an
alternate server. The complexity of the application using a RPC is dependent on the sophistication of
the specific RPC implementation. RPCs that implement asynchronous mechanisms are very few and are
difficult to implement.
BT0052 – Client Server Architecture
(Book ID: B0036)
Assignment Set – 2
1- Explain the different types of Client / Server Architectures.
different types of client/server architectures are:-
1. Two tier client/server architecture
2. Three tier client/server architecture
Two tier client server architecture: - @-tier architecture, RPC’s or SQL are typically used to communicate
between the client and server. The server is likely to have support for stored procedures and trigger. These
mean that the server can be programmed to implement business rules that are better suited to run on the
client, resulting in a much more efficient overall system.
Since 1992 software vendors have developed and brought to market toolsets to
simplify development of application for the 2-tier client/server architecture. The best known of these tools
are Microsoft’s visual basic Borland’s Delphi, and Sybase’s power Builder
These modern, powerful tools combined with literally million of developer who to use them that the 2-
tiered client/server approach is a good and economical solution for certain classes of problems.
The 2-tiered client/server architecture has proven to be very effective in solving
workgroup problems. “Workgroup”, as used here, is loosely defined as a dozen to 100 people interacting
on a LAN. For bigger, enterprise -class problems and/or application that distributed over a WAN, use of this
2-tier approach has generated some problem.
Three tier client/server architecture:- The client can deliver its request to the middle layer, disengage and
be assured that a proper response will be forthcoming at a later time. In addition, the middle layer add
synonymous in this context .There’s no free lunch, however, and the price for this added flexibility and
performance has been a development environment of 2-tiered applications.
The most part type of middle layer (and the oldest, the concept on mainframes dating from the early
1970’s) is the transaction processing monitor or TP Monitor.
TP monitor as a kind of message queuing service. The client connects to the TP monitor instead of the
database server.
The transaction is accepted by the monitor, which queues it and then takes responsibility for managing it
to correct completion.
The net result of using a 3-tier/server architecture with a TP monitor is that the resulting environment is
FAR more scalable than a 2-tier approach with direct client to server connection. For really large (10, 00
user) application, a TP monitor is one of the most effective solutions.
2- Explain hierarchical vs localized file server deployment.
3- Explain WAN Connectivity in detail.
A frequently overlooked aspect of a LAN’s topology is its connection to the wide area network. In many
cases, WAN connectivity is provided by a single connection from the backbone to the router.
The LAN’s connection to the router that provides WAN connectivity is a crucial link in a building’s overall
LAN topology. Improper technology selection at this critical point can result in unacceptably deteriorated
levels of performance for all traffic entering or exiting the building. LAN technologies that use a
connection- based access method are highly inappropriate for this function.
Networks that support a high degree of WAN to LAN and LAN to WAN traffic benefit greatly from having
the most robust connection possible in this aspect of their overall topology. The technology selected
should be robust in terms of its nominal transmission rate and its access method. Connection- based
media, even on a dedicated switched port, may become problematic in high usage networks. This is the
bottleneck for all traffic coming into, and trying to get out to the building.
4- Write a Java Program to implement a simple web server.
uses a server socket to wait for a connection, then opens a socket to the client to return an HTML
document with HTTP headers.
Import java.io.*;
Import java.net.*;
Class websrv {
Public static void main (String args []) {
Serversocket srvsock = null;
Socket clisock=null;
Int connection = 0;
Try {
Srvsock = new serversocket(60337, 5);
While (connects <3) {
clisock = srvsock.accept ();
Serviceclient (clisock);
Connects++;
}
Srvsock.close();
} catch (IOException e) {
System.out.println (“error in simple webserver: “+e);
}
}
Public static void serviceclient (socket client)
Throws IOException {
Datainputstream inbound = null;
Dataoutputstream outbound = null;
Try {
Inbound = new Datainputstream (client.getinputstream());
Outbound = new Dataoutputstream (client.getoutputstream());
StringBuffer buffer = prepareoutput();
String inputLine;
While ((inputLine = inbound.readline()) !=null) {
If (inputline.equals (“”)) {
Outbound.writebytes (buffer. to string ());
System.out.println (“wrote buffer to “+ client);
//sleep (500); for slow win 95
break;
}
}
} finally {
System.out.println (“cleaning up connection: “+ client);
Outbound.close ( );
Inbound.close ( );
Client.close ( );
Client.close ( );
}
}
Public static stringbuffer prepare output ( ) {
Stringbuffer outputbuffer = newstring buffer ( );
Outputbuffer.append (“<HTML>\n<HEAD>\n<TITLE>Test HTML Document </TITLE>\n”);
outputBuffer.append (“</HEAD>\n”);
outputBuffer.append (“</BODY>\n This is a <STRONG>test</STRONG>HTML Document!\n” );
outputBuffer.append (“</BODY>\n”);
outputBuffer.append (“</HTML>\n”);
stringbuffer headerbuffer = new stringbuffer ( );
headerBuffer.append (“HTTP/1.0 200 ok\r\n”);
headerBuffer.append (“content.type: text/html\r\n”);
headerBuffer.append (“content-length: ” + outputbuffer.length( ));
headerBuffer.append (“\r\n\r\n”);
headerBuffer.append (“outputbuffer.tostring() );
return headerbuffer;
}
}
5- Explain Booth Multiplication Algorithm with a suitable example.
Booth algorithm gives a procedure for multiplying binary integers in signed-2’s complement
representation. It operates on the fact that strings of 0’s in the multiplier require no addition but just
shifting, and a string of l’s in the multiplier from bit weight 2k to weight 2m can be treated as 2k-1 . For
example
The binary number 001110(+14) has a string of 1’s from r to 21 (k=3, m=1).
Numerical example of binary Multiplier
The number can be represented as rk+1 – 2” = 2n-2’ = 16-2=14. Therefore, the multiplication M*14, where M
is multiplicand and 14 the multiplier, can be done as M*24 – M*2*. Thus, the product can be obtained by
shifting the binary multiplicand M four times to the left and subtracting M shifted left once.
As in all multiplication schemes booth algorithm requires examination of the multiplier bits and shifting of
the partial product. Prior of the shifting, the multiplicand may be added to the partial product, subtracted
from the partial product, or left unchanged according to the following rules:-
1. The multiplicand is subtracted from the partial product upon encountering the first least significant 1 in
a string of 1’s in the multiplier.
2. The multiplicand is added to the partial product upon encountering the first Q in a string of 0’s in the
multiplier.
3. The partial product does not change when the multiplier bit is identical to the previous multiplier bit.
The algorithm works for positive or negative multipliers in 2’s complement representation. This is because
a negative multiplier ends with a string of l’s and the last operation will be a subtraction of the appropriate
weight. For example, a multiplier equal to -14 is represented in 2’s complement as 110010 and is treated
as -24 + 22 = -- 14.
6- What is meant by Remote Method Invocation? Explain with a suitable example
Remote Method Invocations (RMI):-
Java Remote Method Invocation (RMI) allows you to write distributed objects using java. This paper describes
the benefit of RMI, and how you can connect it to existing and legacy system as well as to components written
in java.
RMI provides a simple and direct model for distributed computation with java objects. These objects can be
java objects, or can be simple java wrappers around an existing API. Java embraces the “Write Once, Run
Anywhere model. RMI extends the java to be run everywhere.”
RMI connects to exiting and legacy system using the standard java native method interface JUI. RMI can also
connect to existing relation database using the standard JDBC Package. The RMI/JNI and RMI/JDBC
combinations let you use RMI to communication today with existing server in non-java languages, and to
expand your use of java to those server when it make sense for you to do so RMI lets you take full advantage
of java when you do expand you use. RMI is java’s remote procedure call (RPC) mechanism. RMI has several
advantages over traditional RPC system because it is part of java’s oriented approach. Tradition RPC system
are language-neutral, and therefore are essentially least-common denominator system- they cannot provide
functionality that is not available on all possible target platforms
*The primary advantages of RMI:-
Object oriented, Mobile behavior, Design patterns, Safe secure, Easy to write/easy to use, Connects to
existing/legacy system, Write once, run anywhere, Distributed garbage collection, parallel computing, the java
distributed computing solution.
BT0053 – Java Programming
(Book ID: B0831)
Assignment Set – 1
1- What do you mean by Java Virtual Machine?
A Java Virtual Machine is a piece of software that is implemented on non-virtual hardware and on standard
operating systems. A JVM provides an environment in which Java bytecode can be executed, enabling such
features as automated exception handling, which provides "root-cause" debugging information for every
software error (exception), independent of the source code. A JVM is distributed along with a set of
standard class libraries that implement the Java application programming interface (API). Appropriate APIs
bundled together form the Java Runtime Environment (JRE).
JVMs are available for many hardware and software platforms. The use of the same bytecode for all JVMs
on all platforms allows Java to be described as a "compile once, run anywhere" programming language, as
opposed to "write once, compile anywhere", which describes cross-platform compiled languages. Thus,
the JVM is a crucial component of the Java platform.
Java bytecode is an intermediate language which is typically compiled from Java, but it can also be
compiled from other programming languages. For example, Ada source code can be compiled to Java
bytecode and executed on a JVM.
2- Write a simple Java program to display a string message and explain the steps of compilation and
execution in Java Environment
class test()
{
public
void show()
{
System.out.println("Hello world");
}
public static void(string arg[])
{
test T=new test();
T.show();
}
}
1 Open any text editor and write above code and save this file with extension .java.
2 A compiler converts the java program into an intermediate language representation called
Byte code(file.class).Using javac filename on command prompt.
3 on command prompt write java file.class after calling this command all control take under
JVM(java virtual Machine).with the help of jvm your program successfully run.
3- Write a Java program to code the ApplicantCollection class, which stores and display the personal details
of three applicants.
import java.io.*;
import java.util.*;
public class QueueImplement{
LinkedList<Integer> list;
String str;
int num;
public static void main(String[] args){
QueueImplement q = new QueueImplement();
}
public QueueImplement(){
try{
list = new LinkedList<Integer>();
InputStreamReader ir = new InputStreamReader(System.in);
BufferedReader bf = new BufferedReader(ir);
System.out.println("Enter number of elements : ");
str = bf.readLine();
if((num = Integer.parseInt(str)) == 0){
System.out.println("You have entered either zero/null.");
System.exit(0);
}
else{
System.out.println("Enter elements : ");
for(int i = 0; i < num; i++){
str = bf.readLine();
int n = Integer.parseInt(str);
list.add(n);
}
}
System.out.println("First element :" + list.removeFirst());
System.out.println("Last element :" + list.removeLast());
System.out.println("Rest elements in the list :");
while(!list.isEmpty()){
System.out.print(list.remove() + "\t");
}
}
catch(IOException e){
System.out.println(e.getMessage() + " is not a legal entry.");
System.exit(0);
}
}
}
4- What are the different types of relationships?
Kind-Of relationship, Is-A relationship, Part-Of relationship, Has-A relationship.
5- Define Access Specifier. Explain the following Access Specifiers with an example for each: a.
Public
b. Private
c. Protected
Public
Data member and function access inside as well as out the program i.e. within a package or outside the
package.
Private
Data member and function access only within a class.
Protected
Data member and faction access only through inheritance outside the package.
6- What are the different methods are available under BufferedInputStream and BufferedOutputStream
classes.
Methods of BufferedInputStream class
int available()
Returns the number of bytes that can be read from this input stream without blocking.
void close()
Closes this input stream and releases any system resources associated with the stream.
void mark(int readlimit)
See the general contract of the mark method of InputStream.
boolean markSupported()
Tests if this input stream supports the mark and reset methods.
int read()
See the general contract of the read method of InputStream.
int read(byte[] b, int off, int len)
Reads bytes from this byte-input stream into the specified byte array, starting at the given offset.
void reset()
See the general contract of the reset method of InputStream.
long skip(long n)
See the general contract of the skip method of InputStream.
Methods of BufferedOutputStream class
void flush()
Flushes this buffered output stream.
void write(byte[] b, int off, int len)
Writes len bytes from the specified byte array starting at offset off to this buffered output stream.
void write(int b)
Writes the specified
BT0053 – Java Programming
(Book ID: B0831)
Assignment Set – 2
1- Define the concept of Java Bytecode and its importance.
Bytecode is highly optimized set of instruction deigned to executed by the Java-run-time system, which is
called the Java Virtual Machine (JVM). In standard form JVM is an interpreter for bytecode.
Translating a Java program into bytecode helps make it much easier to run a program in a wide variety of
environment. The reason is straightforward : only the JVM need to be implemented for each platform.
Once the run time package exists for a given system, any java program can run on it. JVM will be differ
from platform to platform, all the interpret the same Java bytecode. The interpreter of bytecode is the
easiest way to create truly portable programs. A java program is interpreted also helps to make it secure.
2- How will you compile a Java program?
A compiler converts the Java program into an intermediate language representation called Bytecode which
is platform independent. A Java file will have the extension .java.
Suppose I have created a java file named Dharmendra.java. When this file is compiled we get a file called
as Dharmendra.class. Now after compiling the program into bytecode(.class file) that run on the Java
Virtual Machine which can interpret and run the program on any operating system.
This make Java programs platrform-independent.
3- Write a program to perform the basic arithmetic operations:
a) Addition
b) Subtraction
c) Multiplication
d) Division
Use 4 different methods for the above and invoke them as necessary from the main() method.
Ans: import java.io.*;
import java.util.*;
class Arithmetic
{
void add(int a,int b)
{
System.out.println("Sum of " + a + " And " + b + " is " + (a+b));
}
void sub(int a,int b)
{
System.out.println("Subtraction of " + a + " And " + b + " is " + (a-b));
}
void mul(int a,int b)
{
System.out.println("Mutiplication of " + a +" And " + b + " is " +
(a*b));
}
void div(int a,int b)
{
System.out.println("Divison of " + a +" And " + b + " is " + (a/b));
}
}
class Main
{
public static void main(String arg[]) throws IOException
{
InputStreamReader byteIn= new InputStreamReader(System.in);
BufferedReader kbin= new BufferedReader(byteIn);
System.out.println("Enter First Number");
int n1=Integer.parseInt(kbin.readLine());
System.out.println("Enter First Number");
int n2=Integer.parseInt(kbin.readLine());
Arithmetic a=new Arithmetic();
System.out.println("1 For Add");
System.out.println("2 For Subtraction");
System.out.println("3 For Mutliplication");
System.out.println("4 For Divison");
System.out.println("Enter your choice");
int ch=Integer.parseInt(kbin.readLine());
switch(ch)
{
case 1:
a.add(n1,n2);
break;
case 2:
a.sub(n1,n2);
break;
case 3:
a.mul(n1,n2);
break;
case 4:
if(n1<n2)
System.out.println("Nemurator is Smaller then Demurator");
else
a.div(n1,n2);
break;
default:
System.out.println("This is invalide choice");
}
}
}
4- Explain the concept of interfaces in Java with a suitable example for the same.
With the help of interface you can fully abstract a class’ from its implementation that is using interface;
you can specify what a class must do but not how it does it. Interfaces are syntactically similar to classes,
but they lack instance variables, and their methods are declared without any body. By providing the
interface keyword, java allows you to fully utilize the “one interface, multiple methods” aspect of
polymorphisms.
5- What are the different exception handling techniques availablein Java.
When an unexpected error occurs in a method java creates an object of the appropriate exception class.
After creating the exception objects, java passes it to the program, by an action called throwing an
excetion. The exception object contains information about the type of error and the state of the program
when the exceptinon-handler and process the exception.
Following keywords are use in exception-handling in java:
a) try
b) catch
c) finally
The try block :-
The statements that may throw an exception in the try block.
The following skeletal code illustrates the use of the try block.
Try{
//statement that may cause an exception
}
The try block governs the statements that are enclosed within it and defines the scope of the exception
handlers associated with it. In other words if an exception occurs within try block the appropriate
exception-handler that is associated with the try block handles the exception. A try block must have at
least one catch block that follow it immediately. The try statement can be nested. That is a try statement
can be inside the block of another try. Each time a try statement is entered, the context of that exception
is pushed on the stack. If an inner try statement does not have a catch handler for a particular exception
the stack is unwound and the next try statement‘s
catch handlers are inspected for a match.
Example:
Class Nesttry{
public static void main(String args[])
{
try{
int a =args.length;
int b=42/a;
System.out.println(“a=”+a);
try{
if(a==1) a=a/(a-a);
if (a==2){
int c[]={1};
c[42]=99;
}
}
catch(ArrayIndexOutOfBoundsException e )
{}
}catch(ArithmeticException e)
{
System.out.println(“Divide by 0:” + e);
}
}
}
6- Write a simple GUI based program to prepare a similar interfaces as shown below:
Ans: import javax.swing.*;
import java.awt.*;
public class FrameMaker extends JFrame
{JPanel FirstPanel,LastPanel,MainPanel;
JTextField Num1,Num2,Result;
JButton Badd,Bsub,Bmul,Bdiv,Bexit;
JLabel Lnum,Lnum1,Rslt;
Color c;
public FrameMaker(String x)
{setTitle(x);
Lnum=new JLabel("Enter First Number",JLabel.CENTER);
Lnum1=new JLabel("Enter Second Number",JLabel.CENTER);
Rslt=new JLabel("The Result",JLabel.CENTER);
Num1=new JTextField(20);
Num2=new JTextField(20);
Result=new JTextField(20);
FirstPanel=new JPanel();
LastPanel=new JPanel();
FirstPanel.setLayout(new GridLayout(5,2,40,40));
LastPanel.setLayout(new GridLayout(7,1,40,20));
MainPanel=new JPanel(new BorderLayout());
MainPanel.add(FirstPanel,BorderLayout.CENTER);
MainPanel.add(LastPanel,BorderLayout.LINE_END);
setContentPane(MainPanel);
FirstPanel.add(new JLabel(""));FirstPanel.add(new JLabel(""));
FirstPanel.add(Lnum);FirstPanel.add(Num1);FirstPanel.add(Lnum1);
FirstPanel.add(Num2);FirstPanel.add(Rslt);FirstPanel.add(Result);
FirstPanel.add(new JLabel(""));FirstPanel.add(new JLabel(""));
Badd=new JButton("Add");Bsub=new JButton("Sub");
Bmul=new JButton("Multiply");Bdiv=new JButton("Divide");
Bexit=new JButton("Exit");
LastPanel.add(new JLabel(""));
LastPanel.add(Badd);LastPanel.add(Bsub);
LastPanel.add(Bmul);LastPanel.add(Bdiv);LastPanel.add(Bexit);
LastPanel.add(new JLabel(""));
Dimension d=Toolkit.getDefaultToolkit().getScreenSize();
setBounds((d.width-700)/2,(d.height-500)/2,700,500);
setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
setVisible(true);
c=new Color(120,120,240);
}public static void main(String[] s)
{FrameMaker ss=new FrameMaker("Calculator");
}
public Insets getInsets()
{
setBackground(c);
return new Insets(100,80,80,80);
}
}
BT0054 – Basics of E-Commerce
(Book ID: B0035 & B0045)
Assignment Set – 1
1- What are the difficulties and or issues of e-Commerce? Explain.
E-Commerce has a scope as wide as an ocean, and there is the implementation hurdle.
It has difficulties that are:-
High profile failure:
Failure in fulfillment system.
Failure in customer services.
Failure in technology and infrastructure.
Failure in legal compliance.
Failure in fraud control.
Hidden complexities:
The system and services that can fail include
Web server
Database server
Internet services provider(ISP)
Local loop (Connection between web & ISP)
Commerce software
Credit card gateway
Credit card processor
Fulfillment system
Establishment the trust:
Steps involved in simple retail transaction between buyer and seller is given below
Information sharing
Establishing trust
Negotiation deal
Payment and settlement
Procedure and delivery
After sale services
Customer view:
Is the merchant has the authority to sell the product?
Is he charge the right price?
Merchant view:
Is the consumer or customer has the right to buy?
Is there any social restriction on the item asked?
2- What is Firewall? Explain how it works as a packet filters.
A firewall is a part of a computer system or network that is designed to block unauthorized access while
permitting authorized communications. It is a device or set of devices which is configured to permit or
deny computer applications based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are
frequently used to prevent unauthorized Internet users from accessing private networks connected to the
Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which
examines each message and blocks those that do not meet the specified security criteria.
There are several types of firewall techniques:
1. Packet filter: Packet filtering inspects each packet passing through the network and accepts or
rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly
transparent to its users. It is susceptible to IP spoofing.
2. Application gateway: Applies security mechanism to specific application such as FTP and Telnet
servers. This is very effective, but can impose a performance degradation.
3. Circuit-level gateway: Applies security mechanism when a TCP or UDP connection is established.
Once the connection has been made, packet can flow between the hosts without further checking.
4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server
effectively hides the true addresses.
3- What are the methods used for encryption?
Two methods are used for encryption
Secret key or symmetric encryption.
Public key or asymmetric encryption.
Secret key: In this type of encryption scheme, both the sender and recipient possess the
same key, to encrypt and decrypt the data.
Drawbacks
Both parties must agree upon a shared secret key.
If there are “n” correspondent one have to keep track of n-different secret keys. If the
same key is used by more than one correspondent, common key holders can read
each other’s mail.
Symmetric encryption schemes are also subjected to authenticity problems. Because,
sender & recipient have the same secret key identify of originator or recipient cannot
be proved. Both can encrypt or decrypt the massage.
Public key or Asymmetric encryption: Public-key cryptography is a cryptographic approach
which involves the use of asymmetric key algorithms instead of or in addition to symmetric
key algorithms. Unlike symmetric key algorithms, it does not require a secure initial exchange
of one or more secret keys to both sender and receiver. The asymmetric key algorithms are
used to create a mathematically related key pair: a secret private key and a published public
key. Use of these keys allows protection of the authenticity of a message by creating a digital
signature of a message using the private key, which can be verified using the public key. It
also allows protection of the confidentiality and integrity of a message, by public key
encryption, encrypting the message using the public key, which can only be decrypted using
the private key.
Public key cryptography is a fundamental and widely used technology around the world. It is
the approach which is employed by many cryptographic algorithms and cryptosystems. It
underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP,
and GPG.
The two main branches of public key cryptography are:
Public key encryption — a message encrypted with a recipient's public key cannot be
decrypted by anyone except a possessor of the matching private key -- presumably, this will
be the owner of that key and the person associated with the public key used. This is used for
confidentiality.
Digital signatures — a message signed with a sender's private key can be verified by anyone
who has access to the sender's public key, thereby proving that the sender had access to the
private key (and therefore is likely to be the person associated with the public key used), and
the part of the message that has not been tampered with. On the question of authenticity,
see also message digest.
An analogy to public-key encryption is that of a locked mailbox with a mail slot. The mail slot
is exposed and accessible to the public; its location (the street address) is in essence the
public key. Anyone knowing the street address can go to the door and drop a written
message through the slot; however, only the person who possesses the key can open the
mailbox and read the message.
An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The
message can be opened by anyone, but the presence of the seal authenticates the sender.
A central problem for use of public-key cryptography is confidence (ideally proof) that a
public key is correct, belongs to the person or entity claimed (i.e., is 'authentic'), and has not
been tampered with or replaced by a malicious third party. The usual approach to this
problem is to use a public-key infrastructure (PKI), in which one or more third parties, known
as certificate authorities, certify ownership of key pairs. Another approach, used by PGP, is
the "web of trust" method to ensure authenticity of key pairs.
4- Explain the role of intermediaries in e-commerce.
The significance of using intermediaries in e-commerce transactions cannot be overemphasized; they
assist in the following areas
- Businesses are able to concentrate their resources on their core activities instead of uncoordinated and
multiple searches for other businesses to transact with
- The supply chain is shortened, reducing the number of weeks and months involved to conclude a
transaction; businesses are able to do more in a short period.
- Huge reduction in cost in procurement and sales
- The use intermediaries improves the online of experience of all the parties to a transaction through
regularly updated means of collaboration
- Use of intermediaries help in organizing suppliers and purchasers for easy and timely occurrence of
transactions
5- Write the importance of EDI.
EDI = Electronic Data Interchange.. EDI comprises of many types of “messages” which when transmitted
between two parties is designed to substitute other forms of data transfer. In the olden days, a hard copy
of the manifest used to be handed over to the captain of the ship and also a hard copy of the same used to
be couriered or posted to the relevant discharge ports.. Then as technology improved, there was the
process by which the manifest was sent to the relevant discharge ports by email.. The manifests thus
received by the discharge port agents were manually captured into their respective computer systems.
With the advent of EDI, the above can now be avoided and precious time can be saved. When sent as an
EDI message, the data can be instantly downloaded into the recipient’s system thereby avoiding manual
capture which in turn will avoid any typographical errors and also saves a lot of time.
This EDI messaging is also used to send the data to Customs (Manifest, Bill of Entry), Port (Container
Stowage planning, Cargo Dues, Load/Discharge list, Container moves), Principals (Load/Discharge list,
Container moves, Bookings).
Usually there are software that will help to convert data into an EDI format and this is then sent by email
to the recipient same as a normal machine. At the other end, there are systems that can automatically
receive these msgs and transfer them back into data in their system.
6- Explain the following security attacks a) IP Spoofing b) Denial of Service Attack.
a) IP Spoofing- IP spoofing hides your IP address by creating IP packets that contain bogus IP addresses in
an effort to impersonate other connections and hide your identity when you send information. IP spoofing
is a common method that is used by spammers and scammers to mislead others on the origin of the
information they send.
Use of IP spoofing
IP spoofing is used to commit criminal activity online and to breach network security. Hackers use IP
spoofing so they do not get caught spamming and to perpetrate denial of service attacks. These are attacks
that involve massive amounts of information being sent to computers over a network in an effort to crash
the entire network. The hacker does not get caught because the origin of the messages cannot be
determined due to the bogus IP address.
IP spoofing is also used by hackers to breach network security measures by using a bogus IP address that
mirrors one of the addresses on the network. This eliminates the need for the hacker to provide a user
name and password to log onto the network.
b) Denial of Service Attack- A denial-of-service attack (DoS attack) or distributed denial-of-service attack
(DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the
means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted
efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all,
temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-
profile web servers such as banks, credit card payment gateways, and even root nameservers. The term is
generally used with regards to computer networks, but is not limited to this field, for example, it is also
used in reference to CPU resource management.
One common method of attack involves saturating the target (victim) machine with external
communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be
rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the
targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended
service or obstructing the communication media between the intended users and the victim so that they
can no longer communicate adequately.
Denial-of-service attacks are considered violations of the IAB's Internet proper use policy, and also violate
the acceptable use policies of virtually all Internet Service Providers. They also commonly constitute
violations of the laws of individual nations.
7- Explain the limitations and weaknesses of e-Commerce security measures.
a. Software for security flaws & hardware
Software is complex. As the size of a piece of software grows it becomes increasingly difficult to test all.
Complex code will probably have unknown loopholes that an attacker can exploit. These loopholes may be
convoluted, but that will not prevent an attacker from trying to exploit them.
Some systems, particularly commerce systems, rely on tamper-resistant hardware for security: smart
cards, electronic wallets, dongles, etc. These systems may assume public terminals never fall into the
wrong hands, or that those "wrong hands" lack the expertise and equipment to attack the hardware. While
hardware security is an important component in many secure systems, t is hard to trust systems whose
security rests solely on assumptions about tamper resistance. One rarely sees tamper resistance
techniques that work and the tools for defeating tamper resistance are getting better all the time. When
the designer systems that use tamper resistance, are designed complementary security mechanisms just in
case the tamper resistance fails.
The "timing attack" made a big press splash in 1995: RSA private keys could be recovered by measuring the
relative times cryptographic operations took. The attack has been successfully implemented against smart
cards and other security tokens and against electronic commerce servers across the Internet. Counterpane
Systems and others have generalized these methods to include attacks on a system by measuring power
consumption, radiation emissions, and other "side channels," and have implemented them against a
variety of public-key and symmetric algorithms in "secure" tokens. Related research has looked at fault
analysis: deliberately introducing faults into cryptographic processors in order to determine the secret
keys. The effects of this limitation or attack can be devastating.
b. Firewall and network configurations
Network security is designed to address the problems identified with host security. The network accesses
to hosts and services rather than on securing the hosts themselves. Network security approaches include
building firewalls to protect trusted networks from untrusted networks, utilizing strong authentication
techniques, and using encryption to protect the confidentiality and integrity of data as it passes across the
network.
A firewall is a network device that allows only certain authorized operations or programs to be run
between internal networks and the Internet. A firewall configuration can be very simple or extremely
complex depending on the particular requirements of the enterprise. Many enterprises today are
connecting their private, internal networks to the Internet to provide access to external resources on the
Internet. Although this is an important capability and it is one that should be well planned to avoid
possible security risks by exposing the internal network to users outside the enterprise.
c. Human elements and company’s threats/vulnerabilities
Security is worthless if somebody can steal your password. Focusing on strong encryption, while ignoring
the importance of passwords, is like building a steal-lined vault but taping the combination on the outside
door. Since cracking encryption of any sort, even the relatively weak data encryption standard (DES)
algorithm is likely to consume more time; passwords will always remain the weak link in any encryption
method. The more secret and hidden the password, the more likely it will only block access to legitimate
users.
A password is only good if it’s chosen carefully. Too often users choose obvious passwords like middle
names, their birthday, their office phone number, or the name of favorite pets. These passwords can be
guessed at and WWW servers, unlike Unix login program to break in by brute force. You also should be
alert to the possibility of remote users sharing their user names and passwords. It is more secure to use a
combination of IP address restriction and password than to use either of them alone.
Many systems break because they rely on user-generated passwords. Left to themselves, people don't
choose strong passwords. If they're forced to use strong passwords, they can't remember them. If the
password becomes a key, it's usually much easier--and faster--to guess the password than it is to brute-
force the key; one of the weakness to fail the security system can be this way. Some user interfaces make
the problem even worse: limiting the passwords to eight characters, converting everything to lower case,
etc. Even pass phrases can be weak: searching through 40-character phrases is often much easier than
searching through 64-bit random keys.
Even when a system is secure if used properly, its users can subvert its security by accident--especially if
the system isn't designed very well. The classic example of this is the user who gives his password to his co-
workers so they can fix some problem when he's out of the office. Users may not report missing smart
cards for a few days, in case they are just misplaced. They may not carefully check the name on a digital
certificate. They may reuse their secure passwords on other, insecure systems. They may not change their
software's default weak security settings. Good system design can't fix all these social problems, but it can
help avoid many of them.
d. Weakness Cryptographic Designs
A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms,
one-way hash functions, and message authentication codes it relies on. Break any of them, and you've
broken the system. And just as it's possible to build a weak structure using strong materials, it's possible to
build a weak cryptographic system using strong algorithms and protocols.
Often find systems that "void the warranty" of their cryptography by not using it properly: failing to check
the size of values, reusing random parameters that should never be reused, and so on. Encryption
algorithms don't necessarily provide data integrity. Key exchange protocols don't necessarily ensure that
both parties receive the same key. A recent research project found out that some--not all--systems using
related cryptographic keys could be broken, even though each individual key was secure. Security is a lot
more than plugging in an algorithm and expecting the system to work. Even good engineers, well-known
companies, and lots of effort are no guarantee of robust implementation; the U.S. digital cellular
encryption algorithm illustrated that.
Random-number generators are another place where cryptographic systems often break. Good random-
number generators are hard to design, because their security often depends on the particulars of the
hardware and software. Many products examined use bad ones. The cryptography may be strong, but if
the random-number generator produces weak keys, the system is much easier to break. Other product
uses secure random-number generators, but they don't use enough randomness to make the
cryptography secure.
Specific random-number generator may be secure for one purpose but insecure for another; generalizing
security analyses is dangerous. On the other hand, at interactions between individually secure
cryptographic protocols, and given a secure protocol, show was how to build another secure protocol that
will break the first if both are used with the same keys on the same device.
Sometimes, products even get the cryptography wrong. Some rely on proprietary encryption algorithms.
Invariably, these are very weak. Keeping the algorithm secret isn't much of an impediment to analysis; it
only takes a couple of days to reverse-engineer the cryptographic algorithm from executable code.
S/MIME 2 electronic-mail standard took a relatively strong design and implemented it with a weak
cryptographic algorithm. The system for DVD encryption took a weak algorithm and made it weaker.
Many other cryptographic weaknesses can be like implementations that repeat "unique" random values,
digital signature algorithms that don't properly verify parameters, hash functions altered to defeat the
very properties they're being used for. Also cryptographic protocols used in ways that were not intended
by the protocols' designers, and protocols "optimized" in seemingly trivial ways completely break their
security.
e. Weakness and limitation on implementations
Many systems fail because of mistakes in implementation. Some systems don't ensure that plain text is
destroyed after it's encrypted. Other systems use temporary files to protect against data loss during a
system crash, or virtual memory to increase the available memory; these features can accidentally leave
plain text lying around on the hard drive. In extreme cases, the operating system can leave the keys on the
hard drive. One product may use a special window for password input. The password remained in the
window's memory even after it was closed. It didn't matter how good that product's cryptography was; it
was broken by the user interface.
Other systems fall to more subtle problems. Sometimes the same data is encrypted with two different
keys, one strong and one weak. Other systems use master keys and then one-time session keys. It may
break systems using partial information about the different keys. Also systems that use inadequate
protection mechanisms for the master keys mistakenly are relying on the security of the session keys. It's
vital to secure all possible ways to learn a key, not just the most obvious ones.
E-commerce systems often make implementation trade-off to enhance usability. One of the subtle
vulnerabilities here, when designers don't think through the security implications of their trade-off. Doing
account reconciliation only once per day might be easier, but what kind of damage can an attacker do in a
few hours? Can audit mechanisms be flooded to hide the identity of an attacker? Some systems record
compromised keys on "hot lists"; attacks against these hot lists can be very fruitful. Other systems can be
broken through replay attacks: reusing old messages or parts of old messages, to fool various parties.
Systems that allow old keys to be recovered in an emergency provide another area to attack. Good
cryptographic systems are designed so that the keys exist for as short a period of time as possible; key
recovery often negates any security benefit by forcing keys to exist long after they are useful. Furthermore,
key recovery databases become sources of vulnerability in themselves, and have to be designed and
implemented securely. Flaws in the key recovery database can allow criminals to commit fraud and then
frame legitimate users.
f. Limitations against Trust Models
Many of interesting limitations are against the underlying trust model of the system: who or what in the
system is trusted, in what way, and to what extent. Simple systems, like hard-drive encryption programs or
telephone privacy products, have simple trust models. Complex systems, like electronic-commerce
systems or multi-user e-mail security programs, have complex (and subtle) trust models. An e-mail
program might use uncrackable cryptography for the messages, but unless the keys are certified by a
trusted source (and unless that certification can be verified), the system is still vulnerable. Some commerce
systems can be broken by a merchant and a customer colluding, or by two different customers colluding.
Other systems make implicit assumptions about security infrastructures, but don't bother to check that
those assumptions are actually true. If the trust model isn't documented, then an engineer can
unknowingly change it in product development, and compromise security.
Many software systems make poor trust assumptions about the computers they run on; they assume the
desktop is secure. Trojan horse software that sniffs passwords, reads plain text, or otherwise circumvents
security measures can often break these programs. Systems working across computer networks have to
worry about security flaws resulting from the network protocols. Computers that are attached to the
Internet can also be vulnerable. Again, the cryptography may be irrelevant if it can be circumvented
through network insecurity. And no software is secure against reverse engineering.
Often, a system will be designed with one trust model in mind, and implemented with another. Decisions
made in the design process might be completely ignored when it comes time to sell it to customers. A
system that is secure when the operators are trusted and the computers are completely under the control
of the company using the system may not be secure when the operators are temps hired at just over
minimum wage and the computers are untrusted. Good trust models work even if some of the trust
assumptions turn out to be wrong.
g. Weakness on failure recovery
Strong systems are designed to keep small security breaks from becoming big ones. Recovering the key to
one file should not allow the attacker to read every file on the hard drive. A hacker who reverse-engineers
a smart card should only learn the secrets in that smart cards, not information that will help him break
other smart cards in the system. In a multi-user system, knowing one person's secrets shouldn't
compromise everyone else's.
Many systems have a "default to insecure mode." If the security feature doesn't work, most people just
turn it off and finish their business. If the on-line credit card verification system is down, merchants will
default to the less-secure paper system. Similarly, it is sometimes possible to mount a "version rollback
attack" against a system after it has been revised to fix a security problem: the need for backwards
compatibility allows an attacker to force the protocol into an older, insecure, version.
Other systems have no ability to recover from disaster. If the security breaks, there's no way to fix it. For
electronic commerce systems, which could have millions of users, this can be particularly damaging. Such
systems should plan to respond to attacks, and to upgrade security without having to shut the system
down. Good system design considers what will happen when an attack occurs, and works out ways to
contain the damage and recover from the attack.
8- Explain with an example how an ATM fraud takes place.
Many frauds are carried out with some inside knowledge or access, and ATM fraud turns out to be no
exception. Banks in the English speaking world dismiss about one percent of their staff every year for
disciplinary reasons, and many of these sackings are for petty thefts in which ATMs can easily be involved.
In a recent case, a housewife from Hastings, England, had money stolen from her account by a bank
clerk who issued an extra card for it. The bank’s systems not only failed to prevent this, but also had the
feature that whenever a cardholder go a statement from an ATM, the items on it would not subsequently
appear on the full statements sent to the account address. This enabled the clerk to see to it that she did
not get any statement showing the thefts he had made from her account.
Most thefts by staff show up as phantom withdrawals at ATMs in the victim’s neighborhood. English banks
maintain that a computer security problem would result in a random distribution of transactions round the
country, and as most disputed withdrawals happen near the customer’s home or place of work; these
must be due to cardholder negligence [BB]. Thus the pattern of complaints which arises from thefts by
their own staff only tends to reinforce the bank’s complacence about their system.
9- What are the basic issues in secret key management ? explain in brief.
The data isn’t secret unless the key is secret
The more random your key, the harder it will be to guess
Randomness really does not come easily, especially to computers
10- Explain distributed Flat key management approach.
The main concerns with centralized approaches are the danger of implosion and the existence of a single
point of failure. It is thus attractive to search for a distributed solution for the key management problem.
This solution was found in completely distributing the key database of the Centralized Flat approach, such
that all participants are created equal and nobody has complete knowledge. As in the Centralized Flat
approach above, each participant only holds keys matching his ID, and the collaboration of multiple
participants is required to propagate changes to the whole group. There is no dedicated Group Manager,
instead, every participant may perform admission control operations.
While some participants will be distinguished as Key Holders, performing some authoritative function, this
function a) is only needed to improve performance on version changes, b) is assigned naturally to the
creator of the newest version of the key, and c) can be taken over at any time by any other participant
knowing the key, if that node should seem to have disappeared.2 The duties of a Key Holder are to
heartbeat the key and to perform key translations. They will be detailed in the description of the
operations below. Since there is no Group Manager knowing about the IDs in use, the IDs need to be
generated uniquely in a distributed way. Apparent solutions would be to use the participant’s network
address directly or to apply a collision-free hash function.
This scheme is the most resilient to network or node failures because of its inherent self-healing capability,
but is also more vulnerable to inside attacks than the others. It offers the same security to break-in attacks
as the schemes discussed above; thanks to its higher resilience to failures, it can be considered stronger
against active attacks.
BT0054 – Basics of E-Commerce
(Book ID: B0035 & B0045)
Assignment Set – 2
1- Explain two major classifications (method) of encryption process.
There are two types of crypto systems: secret key and public key. In secret key cryptography, also referred
to as symmetric cryptography, the same key is used for both encryption and decryption. The most popular
secret key crypto system in use today is known as DES, the Data Encryption Standard. In public key
cryptography, each user has a public key and private key. The public key is made public while the private
key remains secret. Encryption is performed with the public key while decryption is done with the private
key. The RSA public key crypto system is the most popular form of public key cryptography. RSA stands for
Rivest, Shamir and Aldeman, the inventors of the RSA cryptosystem.
Both the sender and receiver have to know what set of rules (called cipher) was used to transform original
information in to its cipher text (code) form – cipher text. Simple cipher might to be add an arbitrary
number of characters to all the character in the message.
Basically encryption has two parts:
Algorithm – A cryptographic algorithm is a mathematical function.
Key – string of digits.
Cryptographic algorithm combines the plain text or other intelligible information with a string of digit
called key’s to produce unintelligible cipher text. But some encryption algorithms does not use a key.
2- Discuss the Application Protocols.
3- Explain how internet payment process is different from traditional payment process
Internet payment is different from traditional payment. Traditional payment methods are: cash, debit
cards, Traveler’s cheque, Credit cards, money orders, barter system, personal cheque, bank draft, tokens
etc.. these modes of payments are used these days by customers, organizations, have their own
instruments, including purchase orders, lines of credit etc. the requirements of financial transaction
include confidently, privacy, Integrity and authentication for both form of commerce. Established
traditional mode of payment schemes are designed to meet this requirement. But the task of e-commerce
to provide electronic payment system to meet all the requirements and yet users must find it traditional
and on the internet must look alike, even though the implementation (media) is totally different, so that
the user’s adaptability is good. Methods for meeting all these requirements on the internet are not yet in
place.
4- Explain credit card payment schemes on Internet.
Sequence of credit card payment scheme on internet
Cardholder: The holder of the card used to make a purchase; the consumer.
Card-issuing bank: The financial institution or other organization that issued the credit card to the
cardholder. This bank bills the consumer for repayment and bears the risk that the card is used
fraudulently. American Express and Discover were previously the only card-issuing banks for their
respective brands, but as of 2007, this is no longer the case. Cards issued by banks to cardholders in a
different country are known as offshore credit cards.
Merchant: The individual or business accepting credit card payments for products or services sold to the
cardholder.
Acquiring bank: The financial institution accepting payment for the products or services on behalf of the
merchant.
Independent sales organization: Resellers (to merchants) of the services of the acquiring bank.
Merchant account: This could refer to the acquiring bank or the independent sales organization, but in
general is the organization that the merchant deals with.
Credit Card association: An association of card-issuing banks such as Visa, MasterCard, Discover, American
Express, etc. that set transaction terms for merchants, card-issuing banks, and acquiring banks.
Transaction network: The system that implements the mechanics of the electronic transactions. May be
operated by an independent company, and one company may operate multiple networks.
Affinity partner: Some institutions lend their names to an issuer to attract customers that have a strong
relationship with that institution, and get paid a fee or a percentage of the balance for each card issued
using their name. Examples of typical affinity partners are sports teams, universities, charities, professional
organizations, and major retailers.
5- Explain internet v/s private nets.
The protocols are being developed to allow Internet users to reserve
Bandwidth for applications, and for prioritized traffic, for example, the Resource reservation Protocol, or
RSVP, has been developed to help reserve bandwidth for multimedia transmissions such as streaming
audio, Video and video conferencing , this same protocol can be used to priority e-mail for EDI messages or
FTP for file transfers. Routers supporting RSVP are only now becoming available it’ll be some time before a
great deal of the internet routinely supports RSVP. ISPs are also starting to offer their own end-to-end
networks across the United States independently of the Internet’s main backbone, but still link to it is
needed. Aimed at businesses, these networks can be used to speed along summer Internet traffic. These
private commercial networks also make it easier for companies to form virtual private networks (VPNs)
with added security; replacing private corporate networks can be less costly than leased-line net-works,
even with the additional rates incurred. Private networks also offer another advantage that they link to the
internet, allowing for communication with other partners and customer without requiring special set ups.
6- Discuss the properties of Good Crypto Algorithms.
Preferred algorithms generally have the following properties to some degree.
NO RELIANCE ON ALGORITHM SECRECY
While it may, in some cases, increase the attacker’s work factor to keep as much secret as
possible, keeping a crypto algorithm secret can be a double-edged sword. If we don’t know how the
algorithm works- we can’t tell if it has some easy-to-exploit flaw.
Good crypto algorithms rely exclusively on keys to protect the data. Revealing the algorithms
should not significantly improve an attackers likelihood of success.
NO RELIANCE ON ALGORITHM
The algorithm should have been designed in the first place to resist crypt analysis. This is not
always true of algorithms used for encryption. For example, some products use simple random number
generators to produce a venom cipher key stream. Simple notations of statistical randomness do not
guarantee strength against crypt analysis.
AVAILABLE FOR ANALYSIS
Ideally, the algorithm had been published and subjected to scrutiny by the public cryptographic
community. The longer mathematicians and crypt analysts have to look at the algorithm, the more likely
they will find its weaknesses. DES has stood the rest of time and is likely to be used for many years to come
in some form or other.
SUBJECT TO ANALYSIS
Have recognized cryptanalysis published results regarding the algorithm strength? Ideally,
recognized experts should be openly discussing the algorithms and other experts review publishing
analysis in referred professional journals that ensure the work. This almost never occurs except in cases
when the algorithm itself has been published. It is always important to judge the experts rendering the
opinion: are they within their scope of expertise?
NO PRACTICAL WEAKNESSES
The analysis performed should show that there are no serious weaknesses in the algorithm that
an attacker can easily exploit. Custom-built algorithms embedded in commercial software tend to have
serious weaknesses if a commercial package claims to encrypt data and does not use a recognize
algorithm, do not presume that it protect against any motivated attacker.
7- Explain how ATM encryption works.
Most ATMs operate usi8ng some variant of a system developed by IBM. This uses a secret key, called the
‘PIN key’ to derive the PIN from the account number, by means of a published algorithm known as the
data Encryption Standard, or DES. The result of this operation is called the ‘natural PIN’; an offset can be
added to it in order to give the PIN which the customer must enter. The offset has no real cryptographic
function; it just enables customers to choose their own PIN. Here is an example of the process:
Account number : 88071458700155458715
PIN key : FEFEFEFEFEFEFEFEFE
Result of DES : A2CE126C69AEC82D
Result decimalized : 0224126269042823
Natural PIN : 0224
Offset : 6565
Customer PIN : 6789
It is clear that the security f the system depends on keeping the PIN key absolutely secret. The usual
strategy is to supply a ‘terminal key’ to each ATM in the form of two printed components, which are
carried to the branch by two separate officials, input at the ATM keyboard, and combined to from the key.
The PIN key, encrypted under this terminal key, is then sent to the ATM by the bank’s central computer.
These working keys in turn have to be protected, and the usual arrangement is that a bank will share a
‘zone key’ with other banks or with a network switch, and use this to encrypt fresh working keys which are
set up each morning. It may also send a fresh working key every day to each of its ATMs, by encrypting it
under the ATM’s terminal key.
Keeping keys secret is only part of the problem. They must also; be available for use at all times by
authorized processes. The PIN key is needed all the time to verify transactions, as are the current working
keys; the terminal keys and Zone keys are less critical, but are still used once a day to set up new working
keys.
8- Explain the methods used in Random Key generation.
A practical and secure crypto system needs keys that cannot be guessed. There should be no way for an
outsiders to predict what keys are being used, or even to guess approximately which keys might have been
used. A good key generator will produce keys that cannot be guessed even if attackers know how the
generator works.
Many procedures called pseudorandom number generators (PRNGs), which generate hard-to-predict
sequences of numbers. For true randomness you must seed these procedures with initial value. A good
PRNG is not enough by itself to produce effective keys. The generation process must be seeded by a
random number that is sufficiently hard to guess. We need a random technique to generate a random
seed value so we can generate a series of fandom numbers. In practice there are three computer-based
approaches for producing truly random data:
1. Monitor hardware that generates random data.
2. Collect random data from user interaction.
3. Collect hard-to-predict data from inside the computer.
But we will discuss here about only two methods.
Hardware based random number generation is the best though most costly approach. The generator is
usually an electronic circuit that is sensitive to some random physical event. Like diode noise or cosmic ray
bombardment, and converts the event into an unpredictable sequence of bits. However their rarity makes
it expensive to add them to a system.
User interaction is a very good source of random data, though it can be inconvenient. People are
notoriously bad at doing the same thing twice, and random data can be collected by tracking interactive
human behavior. For example PGP e-mail package collects keystrokes from the user and measures the
time between keystrokes to produce a random seed value.
9- Write a note on Centralized Flat Key Management scheme.
Instead of organizing the bits of the id in a hierarchical, tree-based fashion and distributing the keys
accordingly, they can also be assigned in a flat fashion (). This has the advantage of greatly reducing
database requirements, and obviates the sender from the need of keeping information about all
participants. It is now possible to exclude participates without knowing whether they were in the group in
the first place.
The table contains 2W KEYS, two keys for exact bit, corresponding to the two values that bit can take. The
key associated with bit b having value v is referred to as kb.v(“Bit keys”). While the keys in the table could
be used to generate a tree-like keying structure, they can also be used independently of each other.
The results are very similar to the tree based control from, but the key space is much smaller: for an id
length of w bits, only 2W+1 key are needed, independent of the actual number of participants. The
number of participants is limited to 2w, so a value of 32 is considered a good choice. To allow for the
separation of participants residing; on the same machine the id space can be extended to 48 bits, thus
including port number information. For ipv6 and calculated ids, a value of 128 sh8ould be chosen to avoid
collisions. This still keeps the number of keys and the size of change messages small. Besides reducing the
storage and communication needed, this approach has the advantage that nobody needs to keep track of
who is currently a member, yet the group manager is still able to expel an unwanted participant.
10- What is Digital signature? Explain how digital signatures are produced
The digital signature is the most novel mechanism provided by modern crypto technology. It is mechanism
that does not involve secrets but it protects data from undetected change. Moreover, the digital signature
associates the data with the owner of a specific private key. If we can verify the signature with the
Sushma’s public key, we can e certain that the data was signed with Sushma’s private key. Experts will feel
this technique will from the bedrock of electronic commerce by providing digital credentials that are hard
to forge.
Digital signature uses a private key to produce a crypto checksum. Crypto checksums based on
conventional secret key techniques can only be verified by people, who are trusted with the secret key,
and the technique cannot tell which key holder actually produced the crypto checksum. Digital signatures
are tied to a particular private key, so we can safely assume that only the private key holder could have
produced the corresponding digital signature. Anyone with the corresponding public key can validate the
hash or checksum themselves, tying the message’s contents to the holder of the corresponding private
key.
We produce a RSA digital signature for a data message by hashing the message contents and then
encrypting the hash with the author’s private key. We include the hash type in the digital signature for
both cryptographic security and compatibility reasons.
The recipient validates the data by check8ing the encrypted hash value. The recipient decrypts the digital
signature with the author’s public key, yielding the hash type and value. Then the indicated hash function
is applied to the data received. This hash result is compared to the one protected by digital signature.
BT0055 – Internet Technology & Web Designing
(Book ID: B0020, B0022 & B0217)
Assignment Set – 1
1- How will you add styles to a document?
There are three basic ways to include style information in an HTML document. The first is to use an outside style sheet, either by importing it or linking to it. The second is to embed a document-wide style in the <HEAD> element of the document. The third is to provide an inline style, right where the style needs to be applied. a). Linking to a Style Sheet :- An external style sheet is simply a plain text file containing the style specifications for HTML tags or classes. The common extensions indicating that it is a style sheet file is .css for CSS1 style sheets. By this method, we can use one style sheet for multiple pages.
b). Embedding and Importing Style Sheets :- The second way to include an external style sheet is to embed it. When you embed a style sheet, you write the style rules directly within the HTML document. Document-wide style is a very easy way to begin using style sheets. It involves the use of <STYLE> element found within the <HEAD> element of an HTML document. Enclose the style rules within the <STYLE> and </STYLE> tag pair and place these within the head section of the HTML document.
c). Using Inline Styles :- Other than using style sheet for the whole document, it is possible to add style information right down to single element. The simplest way to add style information, but not necessarily the best, is to add style rules to particular HTML element. This is how it works. Consider an example. Let’s say you want to set one particular <H1> tag to render 48-point, green, Arial font. Then you need to apply that style to <H1> elements or to a class of them (discussed later) by applying a document-wide style. You can also apply the style to the tag in question, using the STYLE attribute, which can be used within nearly any HTML element.
2- How will you view XML in different ways?
Different ways of viewing XML:a). Viewing XML Using the XML Data Source Object :- Data Source objects are used for what Microsoft calls Data Binding. Data binding is Microsoft’s way of bringing data manipulation to the browser (client) and away from the server. Normally, if you want a new view on the data, you resubmit a query to the server. The server performs the necessary calculations and sends a new HTML page to the client. This doesn’t happen with data binding. The server sends an HTML page together with the data to the client. They are stored locally and can be manipulated locally without reconnecting to the server.To implement this data binding, you need to first include a data source object in your page. After the insertion of the data source object, you need to define HTML
elements that are able to read data from the data source: they are called Data consumers.
b). Using an HTML Table :- We add the code<TABLE BORDER ="2” CELLPADDING ="3” CELLSPACING ="2" width="40%" DATASRC="#xmldso"><THEAD><TH>Musician</TH><TH>Instrument</TH><TH>Number of recordings</TH></THEAD><TR><TD><SPAN DATAFLD = "name"></SPAN></TD><TD><SPAN DATAFLD = "instrument"></SPAN></TD><TD><SPAN DATAFLD = "NrOfRecordings"></SPAN></TD></TR></TABLE>
The output is
In the above example we learnt, about how to view the XML document in the Browser.
c). Using Cascading Style sheets :- Step 1: Create a style sheet named cd_catalog.css as below:CATALOG{background-color: #ffffff;width: 100%;}CD{display: block;margin-bottom: 30pt;margin-left: 0;}TITLE{color: #FF0000;font-size: 20pt;}ARTIST{color: #0000FF;font-size: 20pt;}COUNTRY,PRICE,YEAR,COMPANY{Display: block;color: #000000;margin-left: 20pt;}Step 2: We shall consider the catalog contains 3 cd titles and write the XML document as follows:<?xml version="1.0"?><?xml-stylesheet type="text/css" href="cd_catalog.css"?><CATALOG> <CD> <TITLE>Empire Burlesque</TITLE> <ARTIST>Bob Dylan</ARTIST> <COUNTRY>USA</COUNTRY><COMPANY>Columbia</COMPANY> <PRICE>10.90</PRICE> <YEAR>1985</YEAR> </CD> <CD> <TITLE>Hide your heart</TITLE>
<ARTIST>Bonnie Tylor</ARTIST> <COUNTRY>UK</COUNTRY> <COMPANY>CBS Records</COMPANY> <PRICE>9.90</PRICE> <YEAR>1988</YEAR> </CD> <CD> <TITLE>Greatest Hits</TITLE> <ARTIST>Dolly Parton</ARTIST> <COUNTRY>USA</COUNTRY> <COMPANY>RCA</COMPANY> <PRICE>9.90</PRICE> <YEAR>1982</YEAR> </CD></CATALOG>
The output:
3- Explain various file handling mechanism available in PERL.
Various file handling mechanism in PERL: a). Opening a file: - Before writing or reading from a file the file must be opened. To open a file, Library function open is called whose syntax is as follows.Open (filevariable, filename)
The first parameter file variable represents the name that you want to use in your Perl program to refer to the file. In other words it can be termed as the file handle name that may be used in your program. Rules that apply for naming the scalar variables apply for the file variable also except for the absence of starting $ character. It is good idea to use all uppercase letters for your file variable names. This makes it easier to distinguish file variable names from the reserved words.
Filename represents the location of the file in your machine. If file is inside the current working directory, then filename is just the name of the file. On the other hand if the file is located somewhere else, the filename consists of the full path address to that file. Ex. open(FILE1, "file1");
There are 3 file access modes: read mode, write mode and append mode. In any of the modes it is not possible to simultaneously read from and write into the same file. By default open assumes the mode to be in read mode. To specify other modes you must follow the following statements.
Read mode open (MYFILE,"file1"); Write mode open (OUTFILE, ">file1");Append mode open (OUTFILE,">>file1");
Write mode will clear the contents of the file if any already present, and start writing the contents. But in append mode the data to be written is appended to the end of the existing contents. On successful operation open returns a nonzero value. On error in opening a zero value is returned.
b). Reading from a fileOnce a file is opened, you can read information from that file. To do so the following syntax is followed.$line =<MYFILE>; where MYFILE is the file variable name.
c). Writing to a fileTo write to a file, file must be opened in write or append mode. Specifying the file variable with the print function as shown below may do writing into a file that you have opened.open(OUTFILE, ">outfile");print OUTFILE "Here is an output line.";
d). Closing a fileWhen you are finished reading from a file, you can tell the Perl interpreter that you have completed by calling the close library function.. The syntax for the function is as given below.close(filevariable name).One important point is that you need not call close when you have finished with a
file: Perl automatically closes the file when the program terminates or when you open another file using a previously defined file variable. Consider the following example.open(MYFILE, ">file1");print MYFILE "Here is a line of output";open(MYFILE, ">file2");print MYFILE " Here is another line of output";
e). Determining the status of a file( File test operators)Many jobs involving the file operations open a file and test the successfulness of the open operation. If open fails, it might be useful to find exactly why file could not be opened. To do this, use one of the file-test operators. Syntax to use the file test operator is as following.-x expr. Here, x is an alphabetic character representing a file test operator and expr is any expression. The value of expr is assumed to be a string that contains the name of the file to be tested.In the following example the file test operator -e for finding the existence of the file is illustrated.$var1 = "file1";if(-e $var1){print "The file1 exists";}if( -e $var1."a"){print "The file1.a exists";}
Answer 4). <script type="text/javascript">//Write a "Good morning" greeting if//the time is less than 10
var d=new Date();var time=d.getHours();
if (time<10){document.write("<b>Good morning</b>");}</script>
4- Write a javascript procedure to input 5 numbers and display their sum.
<script type="text/javascript">
function DoAdd ()
{
var sum = 0;
var messages = [ "first", "second", "third", "fourth", "fifth"];
for (var i = 0; i < 5; i++)
{
var value = prompt ("Enter " + messages [i] + " value : ", 0);
sum += parseInt (value);
if (isNaN (sum))
break;
}
if (isNaN (sum))
{
alert ("Invalid input or action cencelled.");
}
else
{
alert ("Sum = " + sum);
}
}
</script>
5- Write a VBScript function to sort N numbers stored in an array.
Private Function SortArray(byVal UnsortedArray)
Dim I, J, Temp, Gap, Swapped
Dim ArrSize, Combcom, Combswap
Const Shrink = 1.3
ArrSize = UBOUND( UnsortedArray )
Gap = Arrsize - 1
Do
Gap = Int(Gap / Shrink)
Swapped = True
Combcom = Combcom + 1
For J = 0 To Arrsize – Gap
If UnsortedArray(J) > UnsortedArray(J + Gap) Then
Temp = UnsortedArray(J)
UnsortedArray(J) = UnsortedArray(J + Gap)
UnsortedArray(J + Gap) = Temp
Swapped = False
Combswap = Combswap + 1
End If
Next
Loop Until Not Swapped And Gap = 1
SortArray = UnsortedArray
End Function
6- List 10 common ActiveX controls.
7- Discuss Network Interface using any OS.
TCP/IP, as an internetwork protocol suite, can operate over a vast number of physical networks. The most common and widely used of these protocols is, of course, Ethernet.
Ethernet and IEEE 802 Local Area Networks (LANs)Two frame formats can be used on the Ethernet coaxial cable:
The standard issued in 1978 by Xerox Corporation, Intel® Corporation and Digital Equipment Corporation, usually called Ethernet (or DIX Ethernet).
The international IEEE 802.3 standard, a more recently defined standard.The difference between the two standards is in the use of one of the header fields, which contains a protocol-type number for Ethernet and the length of the data in the frame for IEEE 802.3.
The type field in Ethernet is used to distinguish between different protocols running on the coaxial cable, and allows their coexistence on the same physical cable.
The maximum length of an Ethernet frame is 1526 bytes. This means a data field length of up to 1500 bytes. The length of the 802.3 data field is also limited to 1500 bytes for 10 Mbps networks, but is different for other transmission speeds.
In the 802.3 MAC frame, the length of the data field is indicated in the 802.3 header. The type of protocol it carries is then indicated in the 802.2 header (higher protocol level; see Figure 2-1). In practice, however, both frame formats can coexist on the same physical coax. This is done by using protocol type numbers (type field) greater than 1500 in the Ethernet frame. However, different device drivers are needed to handle each of these formats. Thus, for all practical purposes, the Ethernet physical layer and the IEEE 802.3 physical layer are compatible. However, the Ethernet data link layer and the IEEE 802.3/802.2 data link layer are incompatible.
8- Explain BGP components and its working
The Border Gateway Protocol (BGP) is an exterior gateway protocol. It was originally developed to provide
a loop-free method of exchanging routing information between autonomous systems. BGP has since
evolved to support aggregation and summarization of routing information.
BGP concepts and terminology: BGP uses specific terminology to describe the operation of the protocol. Figure 2.21 is used to illustrate this terminology.
Figure 2.21: Components of a BGP network
• BGP speaker: A router configured to support BGP.
• BGP neighbors (peers): A pair of BGP speakers that exchange routing information. There are two types of BGP neighbors:
= Internal (IBGP) neighbor: A pair of BGP speakers within the same AS.
= External (EBGP) neighbor: A pair of BGP neighbors, each in a different AS. These neighbors typically share a directly connected network.
• BGP session: A TCP session connecting two BGP neighbors. The session is used to exchange routing information. The neighbors monitor the state of the session by sending keepalive messages.
• Traffic type: BGP defines two types of traffic:
= Local: Traffic local to an AS either originates or terminates within the AS. Either the source or the destination IP address resides in the AS.
= Transit: Any traffic that is not local traffic is transit traffic. One of the goals of BGP is to minimize the amount of transit traffic.
• AS type: BGP defines three types of autonomous systems:
= Stub: A stub AS has a single connection to one other AS. A stub AS carries only local traffic.
= Multihomed: A multihomed AS has connections to two or more autonomous systems. However, a multihomed AS has been configured so that it does not forward transit traffic.
= Transit: A transit AS has connections to two or more autonomous systems and carries both local and transit traffic. The AS may impose policy restrictions on the types of transit traffic that will be forwarded.
Depending on the configuration of the BGP devices within AS 2 in Figure 2.21, this autonomous system may be either a multihomed AS or a transit AS.
• AS number: A 16-bit number uniquely identifying an AS.
• AS path: A list of AS numbers describing a route through the network. A BGP neighbor communicates paths to its peers.
• Routing policy: A set of rules constraining the flow of data packets through the network. Routing policies are not defined in the BGP protocol. Rather, they are used to configure a BGP device. For example, a BGP device may be configured so that:
= A multihomed AS can refuse to act as a transit AS. This is accomplished by advertising only those networks contained within the AS.
= A multihomed AS can perform transit AS routing for a restricted set of adjacent autonomous systems. It does this by tailoring the routing advertisements sent to EBGP peers.
= An AS can optimize traffic to use a specific AS path for certain categories of traffic.
• Network layer reachability information (NLRI): NLRI is used by BGP to advertise routes. It consists of a set of networks represented by the tuple <length,prefix>. For example, the tuple <14,220.24.106.0> represents the CIDR route 220.24.106.0/14.
• Routes and paths: A route associates a destination with a collection of attributes describing the path to the destination. The destination is specified in NRLI format. The path is reported as a collection of path attributes. This information is advertised in UPDATE messages.
BT0055 – Internet Technology & Web Designing
(Book ID: B0020, B0022 & B0217)
Assignment Set – 2
1- Explain various style sheet properties.
Font Properties
Font Family Font Style Font Variant Font Weight Font Size Font
Color and Background Properties
Color Background Color Background Image Background Repeat Background Attachment Background Position Background
Text Properties
Word Spacing Letter Spacing Text Decoration Vertical Alignment Text Transformation Text Alignment Text Indentation Line Height
Box Properties
Top Margin Right Margin
Bottom Margin Left Margin Margin Top Padding Right Padding Bottom Padding Left Padding Padding Top Border Width Right Border Width Bottom Border Width Left Border Width Border Width Border Color Border Style Top Border Right Border Bottom Border Left Border Border Width Height Float Clear
Classification Properties
Display Whitespace List Style Type List Style Image List Style Position List Style
Units
Length Units Percentage Units Color Units URLs
2- What is DTD? Explain
This is the oldest form of format for XML is DTD. The full form for DTD isdocument type definition and it is
inherited from SGML. It can be said thatinclusion of DTD has increased the popularity of XML but DTD has
its share oflimitations.The document type definition is an XML description of the contentmodel of a type of
documents. Then document type declaration is a statement inan XML file that idenifies the DTD that
belong to the document. A Document TypeDeclaration associates a DTD with an XML document.
Document Type Declarations appear in the syntactic fragment doctypedecl near the start of an XML
document the declaration establishes that the document is an instance of the type defined by the
referenced DTD.
The syntax of a document type declaration is:
< !DOCTYPED TD .name [internal.subnet ]>
DTDs make two sorts of declaration:
1.an internal subset
2.an external subset
The declarations in the internal subset form part of the Document Type Declaration inthe document itself.
The declarations in the external subset are located in a separatetext file. The external subset may be
referenced via a public identifier and/or a systemidentifier. Programs for reading documents may not be
required to read the externalsubset.
3- What is Pattern Matching? Explain.
Pattern matching is the searching of a sequence of characters within a character string. When doing pattern matching if a pattern is found then a match is said to have occurred.A pattern is a sequences of characters to be searched for in a character string. In Perl pattern are normally enclosed in slash character: /def/ this represent the pattern def.The pattern matching operatorsPerl defines two operators for pattern matching. They are
The =~ operator tests whether a pattern matched. The !~ operator is similar to =~, except that it checks whether a pattern is not matched.
Pattern matching functionsPearl has three main functions which are used for pattern matching (although pattern matching can be used in other functions such as split () function). They are the m//, s//, and tr///.
4- Write a javascript procedure to input the name and address of a visitor and display a greeting message.
<script type="text/javascript">
//Write a "Good morning"
var name = prompt("What is your name", "Type you name here");
var address = prompt("What is your address", "Type you address here");
document.write("<b>Good morning</b>" + “</br> “+ name + “</br>” + address );
< /script>
5- Describe various VBScript data types and subtypes
VBScript has only one data type called a variant. A variant is a special kind of data type that can contain different kinds of information, depending on how it is used. Since variant is the only data type in VBScript, it is also the data type returned by all functions in VBScript.A variant can also have a variety of numeric data ranging from Boolean value to huge floating-point numbers. These different categories of information that can be contained in a variant are called subtypes.
Subtypes DescriptionEmpty Variant is not initialized. Value is 0 for numeric variables or a zero-length string(“”) for string variables.Null Variant intentionally contains no valid data.Boolean Contain either True or FalseByte Contain integer in the range 0 to 255.Integer Contain integer in the range -32,768 to 32,767.Currency -922,337,203,687,477.5808 to 922,337,203,685,477.5807.Long Contain integer in the range -2,147,483,648 to 2,147,483,647.Single Contains a single-precision , floating-point numberDouble Contain a double precision, floating numberDate(Time) Contains a number that represents a data between January 1, 100 to December 31, 9999.String Contains a variable-length string that can be up to approximately 2 billion characters in length.Object Contains an object.Error Contains an error number.
6- What are ActiveX controls? Explain.
Active X defines new specification for OLE controls, which allows them to be much smaller and more efficient in the Internet environment. Active X provides a means for interaction on the world wide web. Similar to OLE, Active X is aso based on COM. Active X allows the controls to be embedded in web pages and also allows them to be used interactively. Active X is designed for speed and size. Active X focuses on integrating various objects written in a variety of programming languages, such as c, c++, Java, and Visual Basic. Active X is currently supported by the windows operating system. There are more than one thousand controls available. An Active X control can be embedded to an HTML document by using <OBJECT> tag. The <OBJECT> tag has several attributes to describe the properties of the object. Two most important attributes that is required when including the Active X controls in web pages are CLASSID and ID.
The CLASSID identifies the type of control and code needed for its execution and ID attribute gives the name to the object which is used to reference the control within the document. <OBJECT> tags requires a corresponding </OBJECT> tag.The attributes of <OBJECT> tag
ID: It identifies the object within a script. CLASSID: A URL that identifies an implementation for the object. DECLARE: Indicates that the object is to be declared but not instantiated. CODEBASE: The Base URL from which the object is referenced. DATA: A URL pointing to the object data. In the absence of CLASSID, Data determines a default
value for the CLASSID attribute. CODETYPE: It specifies the internet media type of code referenced by CLASSID attributes before it is
actually retrieved. STANDBY: It specifies a short text string the browser can show while loading the object. ALIGN: Determines where to place the object. LEFT: The object is drawn as a left flush floating object and text flows around it. TEXTTOP: Surrounding text is aligned with the top of the object. MIDDLE: Object is drawn from the center. Text flow around it. TEXTMIDDLE: Surrounding text is aligned with the middle of the object. BASELINE: The object is aligned with the baseline of the continuous text. TEXTBOTTOM: Surrounding text is aligned with the bottom of the object. CENTER: Surrounding text is aligned with the center of the object. RIGHT: The object is drawn as a right flush floating object and text flow around it. WIDTH: Specifies the suggested width (in pixels). HEIGHT: Specifies the suggested height (in pixels). BORDER: Specifies the Border of the object when it is part of hypertext link. HSPACE: Specifies the suggested width (in pixels) of the area enclosing the object. VSPACE: Specifies the suggested height (in pixels) of the area enclosing the object. USEMAP: This specifies a URL for a client-side image map to be used with the object. SHAPES: It indicates that the object contains anchors with hypertext links. NAME: It specifies the name of the object when submitted part as part of a form. NOTAB: Exclude the object from the tabbing order. TABINDEX: It specifies the object’s position in the tabbing order.
7- What is DHCP Protocol? Explain.
The Dynamic Host Configuration Protocol (DHCP) provides a framework for passing configuration
information to hosts on a TCP/IP network. DHCP is based on the BOOTP protocol, adding the capability of
automatic allocation of reusable network addresses and additional configuration options.
DHCP messages use UDP port 67, the BOOTP server's well-known port and UDP port 68, the BOOTP client's
well-known port. DHCP participants can interoperate with BOOTP participants.
DHCP consists of two components:
1. A protocol that delivers host-specific configuration parameters from a DHCP server to a host.
2. A mechanism for the allocation of temporary or permanent network addresses to hosts.
IP requires the setting of many parameters within the protocol implementation software. Because IP can
be used on many dissimilar kinds of network hardware, values for those parameters cannot be guessed at
or assumed to have correct defaults. The use of a distributed address allocation scheme based on a
polling/defense mechanism, for discovery of network addresses already in use, cannot guarantee unique
network addresses because hosts may not always be able to defend their network addresses.
DHCP supports three mechanisms for IP address allocation:
1. Automatic allocation: DHCP assigns a permanent IP address to the host.
2. Dynamic allocation: DHCP assigns an IP address for a limited period of time. Such a network address
is called a lease. This is the only mechanism that allows automatic reuse of addresses that are no
longer needed by the host to which it was assigned.
3. Manual allocation: The host's address is assigned by a network administrator.
8- What is OSPF? Explain its working.
The Open Shortest Path First (OSPF) protocol is another example of an interior gateway protocol. It was
developed as a non-proprietary routing alternative to address the limitations of RIP. Initial development
started in 1988 and was finalized in 1991. Subsequent updates to the protocol continue to be published.
The current version of the standard is documented in RFC 2328.
OSPF provides a number of features not found in distance vector protocols. Support for these features has
made OSPF a widely-deployed routing protocol in large networking environments. In fact, RFC 1812 –
Requirements for IPv4 Routers, lists OSPF as the only required dynamic routing protocol. The following
features contribute to the continued acceptance of the OSPF standard:
Equal cost load balancing: The simultaneous use of multiple paths may provide more efficient
utilization of network resources.
Logical partitioning of the network: This reduces the propagation of outage information during
adverse conditions. It also provides the ability to aggregate routing announcements that limit the
advertisement of unnecessary subnet information.
Support for authentication: OSPF supports the authentication of any node transmitting route
advertisements. This prevents fraudulent sources from corrupting the routing tables.
Faster convergence time: OSPF provides instantaneous propagation of routing changes. This
expedites the convergence time required to update network topologies.
Support for CIDR and VLSM: This allows the network administrator to efficiently allocate IP address
resources.
OSPF is a link state protocol. As with other link state protocols, each OSPF router executes the SPF
algorithm “Shortest-Path First (SPF) algorithm” to process the information stored in the link state
database. The algorithm produces a shortest-path tree detailing the preferred routes to each destination
network.
