next_inactive up previous


Electronic commerce
course outline

Marcin Skubiszewski

1 Overview

This course teaches technical foundations of electronic commerce. We begin with a brief overview of the architecture of computers, and with a description of the principles governing the Internet. We then introduce the World-Wide Web, and the technologies that are directly involved in building electronic commerce applications: the Java language, JSP (Java Servlet Pages), Jakarta Struts, and relational databases. As a practical exercice, we describe in detail a typical electronic commerce application: a web-based Internet store. During laboratory work associated with this course, students build significant fragments of the store.

Additionally, we discuss computer security and the market of Internet-related software (these subjects will only be discussed if time permits).

2 Detailed outline

2.1 A brief introduction to computers and to the Internet

  1. Introduction to computer hardware

    1. The notion of bit
    2. How bits are used to represent various kinds data
    3. Major components of a computer

      1. Main memory
      2. Processor
      3. Mass storage: magnetic disks
  2. How computers run programs

    1. How programs are written and executed

      1. Compiled code

        Compiled code is a representation of a program that can be directly executed by a computer. Compiled code is very hard to understand by a human.

      2. Source code and compilation

        Source code is a representation of a program in a programming language (e.g., Java). Source code is easy to write, understand and modify by a human. Source code cannot be directly executed by a computer; instead, it can be compiled, and the resulting compiled code can be executed.

      3. Pseudocode and virtual machines

        Pseudocode is a representation of a program that can be executed with the help of another program, called virtual machine. Pseudocode is used in the execution of Java programs (including programs that are going to be written as part of laboratory work associated with this course).

    2. The parallel execution of several programs (multithreading and multiprocessing)
  3. How the Internet works

    1. How the Internet transmits reliable streams of characters

      1. How packets are forwarded to destination

        In this item, we describe briefly two fundamental components of the Internet: the Internet Protocol (IP) and the Domain Name Service (DNS).

        • what is a packet and why we use packets
        • addressing and naming of computers
        • routing
      2. How packets are used to send reliable streams of characters

        In this item, we describe briefly a fundamental component of the Internet, the Transmission Control Protocol (TCP).

        • sequence numbers; error detection; retransmission
        • TCP ports; how a client connects to a server
    2. The World-Wide Web

      1. HTTP (the hypertext transmission protocol)

        • How web documents are identified; the notion of URL (uniform resource locator)
        • Metadata about documents: type (text, image, sound etc.), expiration date, the language used etc.
        • Cookies

          Cookies allow a web server to identify requests as coming from a given user.

      2. HTML (the hypertext meta-language)

        • The syntax of HTML
        • The structure of an HTML document: headers, tables, images, links, frames
        • Using Cascading Stylesheets (CSS) to customize the appearance of an HTML document
      3. How a webserver operates

        • How files are served as static web documents
        • How programs are called to generate dynamic web documents

          • server-side includes, i.e., mixing static document fragments with program fragments
      4. How a web browser operates

        • The execution of client-side programs in the browser (as opposed to server-side programs, executed in the webserver)

          • Javascript
          • Flash animations
        • Accessibility and performance

          Accessibility is the collective name given to the issues related to users whose access to the web is somehow restricted (e.g., blind users, or users with slow connections based on cell phones).

2.2 Building electronic commerce applications

This part of the course is centered around the Internet store project.

  1. Introduction: presentation of the project

    1. Requirements: what the project should accomplish

      This item is covered in the document describing the project, entitled The Internet Store Project.

    2. The architecture of the project

      We introduce the major elements that need to be developed as part of the project:

      • a database schema--a description of the organization of our business-related data,
      • business logic, i.e., programs that perform operations related to the store's business (searching for articles, taking orders, registering new customers and new articles for sale, etc.),
      • the web pages to be displayed to the customers (written in JSP--Java Servlet Pages),
      • a description of the graphical appearance of our web pages (written as a CSS-- cascading stylesheet),
  2. The software components that we use in the project

    This item is covered in the document describing the project.

  3. Introduction to object-oriented programming and to the Java language

    1. Modularity

      In this item, we explain the principles according to which a programming project should be partitioned into smaller parts (modules). Each module must do a limited number of conceptually simple things.

    2. Objects in Java

      An object is a composite data structre representing a real-world object, fact or relationship. An object comes with a number of associated pieces of programming, called methods. Objects are Java's way to achieve modularity.

    3. Assorted Java constructs

      In this item, we describe various Java constructs necessary for completing the project.

      1. Variable declarations

        • Programming style: how to name variables
      2. How and where Java stores objects
      3. Difference between object and non-object values
      4. Composite instructions

        • Conditionals and loops
      5. Predefined types: non-object types, strings, tables
  4. Organizing an application with Jakarta Struts

    1. The MVC2 (model-view-controller) separation

      The model represents our business logic. The view represents the way in which we create webpages. The controller organizes the application.

    2. The view

      1. Writing JSPs (Java Servlet Pages) to represent objets
      2. Writing JSPs to represent complete web pages

        • JSP inclusion
        • tiles in Jakarta Struts
    3. The controller

      1. Actions in Jakarta Struts
      2. Forms in Jakarta Struts
    4. The model

      • programming the business logic in Java
  5. Using a relational database to organize data

    1. General organization of data

      1. The notion of relation (aka table)

        A relation is a set of records, called tuples, that represent real-world objects or facts of a given kind, and that conform to a common format.

        For example, a table called customers may contain, for every customer of a store, a tuple containing the customer's name, her address, and other relevant information.

      2. SQL queries concerning only one table

        SQL (simple query language) is the language used to retrieve data from (or to insert data into) database tables.

      3. The notion of index

        An index is an auxiliary data structure that makes it possible to rapidly retrieve tuples from a table, based on certain values stored in said tuples (for example, to retrieve a tuple representing a customer, based on the customer's name).

    2. Designing a database according to the entity-relationship model

      Due to time constraints, the treatment of this item will be very brief.

      The entity-relationship model teaches us how to organize information in a database: the database should contain a table for every category of real-world objects that we want to describe (these objects are called entities), and for every kind of relationship between such objects.

      1. The representation of entities; primary keys
      2. The representation of relationships; foreign keys
      3. SQL queries involving more than one table
    3. Consistency and transactions in databases

      Due to time constraints, the treatment of this item will be very brief.

      1. Example consistency problems

        • Data inconsistencies due to concurrent execution
        • Inconsistent effect of half-failed complex operations
      2. Transactions

        The mechanisms used to solve consistency problems in databases are collectively called transactions.

      3. Practical advice: how to use transactions in our project
  6. JDBC

    JDBC is a library that allows Java programs to access relational databases. Once you understand relational databases, JDBC is simple to use, and therefore our course about JDBC will be short.

2.3 Advanced topics (optional part)

Due to time constraints, it is likely that the subject matter described below will not be tought.

  1. Security

    1. Classification of attacks against computer systems

      1. Non-technical attacks (exploiting human stupidity or lack of attention)
      2. Insider attacks

        A majority of successful and truly harmful attacks comes from employees of the organization being attacked. It is often very hard to defend against such attacks

      3. Exploiting bugs in server software

        This is the easiest way to attack a computer, because adequate software is readily available and easy to use. Every server accessible from the Internet is targetted several times a day by attacks of this kind.

      4. Viruses
      5. Denials of service

        A denial of service attack is less severe than other kinds of attacks: the purpose is just to temporarily disrupt the operation of the targetted computer, and not destroy or steal data (as is the case with most other attacks).

        Denial of services attacks are very hard to defend against, and for this reason they deserve being discussed.

    2. Making software secure

      1. The management of privileges

        • The notion of user
        • User privileges
        • Sandboxing

          Sandboxing consists in severly limiting what a given program can do (enclosing the program in a sandbox), so that the program cannot do harm. Sandboxing is used whenever a web browser executes a program downloaded from the Internet.

      2. Fighting security bugs

        • Software audit; the example of OpenBSD
        • Suppressing unnecessary services
    3. Cryptography

      1. Goals to achieve

        • secrecy
        • authentication, integrity and non-repudiation
      2. Cryptographic techniques

        • Secret key encryption

          This is the traditional kind of encryption, it has been used for many years by the military.

          • separation between the algorithm and the key

            In a modern cryptosystem we distinguish between the algorithm (the general encryption method, expressed as a computer program) and the key (a randomly chosen sequence of bits used in the encryption process). The algorithm and the key are both necessary for a cryptosystem to work.

            While in older cryptosystems everything was secret, in modern systems the algorithm is publicly known, and only the key is secret.

            We explain the surprising fact that it is better to use a publicly-known algorithm than a secret one.

        • Public key cryptography

          Public key cryptography is a modern technique that allows you to communicate in a secure way with people whom you never met before, and with whom you have never communicated before.

          For example, you can use public key cryptography to place an order with a bank with which you never did business before, and be certain (i) that you are indeed talking to the bank in question, not to an impersonator, and (ii) that the communication is kept secret.

          • The MD5 digest
          • The electronic signature
          • Certificates and public key infrastructure
    4. Example privacy-related problems

      1. SPAM (unsolicited commercial email) and E-mail address harvesting
      2. Involuntary e-mail receipts
      3. Hidden text in Microsoft Word
  2. The market of Internet-related software

    The market of internet-related software is deeply influenced by two phenomena:

    1. The Microsoft monopoly

      1. How the monopoly appeared

        • How MS-DOS appeared and how it evolved into MS Windows
        • The battle between Internet Explorer and Netscape Navigator
      2. The antitrust lawsuit
      3. Effects of the monopoly

        • Microsoft's .NET vs Sun Microsystem's Java
        • Microsoft's Windows Media Player
    2. Open source software (also known as free software)

      1. Definition
      2. Open source licenses
      3. Importance

        Open source software exists for almost all the tasks that are commonly performed using computers (including, of course, the operation of a web server). Its use is especially widespread in Internet servers.

      4. Why open source software is abundant

        Unlike commercial software developers, open source software developers receive no money and no direct benefit whatsoever in exchange for their software. Therefore, the abundance of open source (free) software is astonishing: at first sight, free software should not be any more abundant than free lunches. We describe the strengths of open source software, that lead to its abundance.

      5. Organization: who writes and distributes open source software, and why

About this document ...

Electronic commerce
course outline

This document was generated using the LaTeX2HTML translator Version 2K.1beta (1.62)

Copyright © 1993, 1994, 1995, 1996, Nikos Drakos, Computer Based Learning Unit, University of Leeds.
Copyright © 1997, 1998, 1999, Ross Moore, Mathematics Department, Macquarie University, Sydney.

The command line arguments were:
latex2html outline.tex

The translation was initiated by Marcin Skubiszewski on 2003-02-19


next_inactive up previous
Marcin Skubiszewski
2003-02-19