WWW6 tutorial: doing things with the Web: where applications execute

this tutorial - originally called programming the Web - discussed the various possibilities of enhancing Web documents and providing access to data and services not available with static HTML. the four speakers gave a general overview of different programming technics and how they work.

programming can be done either on the server side or on the client side.

server side programming:

a WebServer can not only send static HTML documents back to the client, but its functionality can be extended by the following means:

1. server side includes (ssi): this allows the inclusion of some information into documents sent back to the client. it is a quite trivial method and does not require any programming. ssi may depend on the brand of the http server being used.

2. common gateway interface (cgi): provides information about the client and optionally additional data e.g. entered into a form by the user. this data may be processed either by a shell script or by a program written in perl, tkl, C or whatever programming language seems to be appropriate.
   there is a proposed new standard called FastCGI which includes embedded perl and possibly other programming language interpreters into the http server to speed up the execution of such programs.

3. server plug-ins using API: there is no WWW server API standard yet ! server plug-ins are heavily dependant on the brand of the http server being used. server APIs provide not only access to data similar to cgi, but they support what is called staging. plug-ins can get control over the process of responding to an HTTP request at various stages, such as:
   • URL translation: this may be used for re-direction, proxy support and even load balancing by referring further processing of an HTTP request to another server.
   • authentication: plug-ins can incorporate various types of authentication including digest, cookies, kerberos and DCE (Distributed Computing Environment).
   • authorization: plug-ins may support groups, ACLs and other authorization mechanism.
   • response handler: plug-ins at this stage may return not only static documents, but may interact with other applications or provide access to databases etc.
   NOTE: currently, the apache server is one of the most comprehensive WebServers and supports nine different stages.

4. some WebServer may also support perl and Java plug-ins.

WARNING: no matter what kind of programming method will be used, security should always be a major concern !

client side programming:

there are basically two types of client side programming: executable content (such as Java applets) and browsers extensions (so called plug-ins).

what are the advantages of client side programming ?

• it can reduce the load on the server and on the network
• it takes advantage of the client's resources
• it localizes processing

as an example, the client my validate the various fields of a form before it gets transmitted over the net. it does not make sense to transfer the contents of a form across the ocean just to find out that a field was not filled in or contains an incorrect value. this is a waste of network bandwidth and computing power on the server.

what are the disadvantages of client side programming ?

• it requires resources on the client
• it reduces portability
• it increases complexity
• it introduces security threats on the client

possible improvements without any programming:

• client side maps
• animated GIFs
• style sheets
• use of helper applications and plug-ins to display additional MIME-types. but both - helper applications and plug-ins - are hardware and operating system dependant and my introduce serious portability problems.

possible improvements with little programming:

• embedded browser scripts, such as JavaScripts or Visual Basic, but they are NOT portable because they are browser dependant

possible improvements with programming:

• Java applets: run a bytecode on a virtual machine in a restricted environment
• ActiveX: includes controls (similar to Java applets) and scripting (similar to JavaScripts). ActiveX can handle new MIME-types and can provide automation for Web AND non-Web applications. the Java virtual machine makes applets look like controls.
  controls provide active content and have full access to system and network resources. they can interact with non-ActiveX applications and provide full desktop integration. programming tools include Visual C++, Borland C++ and many more.
  security is addressed by authentication (code signing) and accounting rather than by introducing limitations to the functionality and capabilities of ActiveX.

there are also other rather odd methods to enhance the appearance of a Web document, such as absolute positioning or layered HTML. these methods are highly browser dependant and therefore badly suited for use on the Internet.

this tutorial is available on the Web.

to the WWW6 trip report main document