Proyecto de generación de un servidor web para internet, en una compañía financiera

Abstract

Within 30 years, the Internet has grown from a Cold War concept for controlling the tattered remains of a post-nuclear society, to the Information Superhighway as we know it today. Just as the railroads of the 19th century lead to the heyday of the Industrial Age, which revolutionized the society, the Internet takes us into the Information Age, and profoundly will affect the world in which we live. Today people communicate over the Internet, schools and universities use it’s a huge electronic library, with untold possibilities and doctors use it to consult with colleagues half a world away. As a new generation grows up, as accustomed to communicating through a keyboard as in person, life on the Internet will become an increasingly important part of life on Earth. Since its invention in 1991 a single internet service, called World Wide Web (WWW), has attracted considerable attention and has left the competitive services far behind in popularity. Actually designed as a worldwide forum for nuclear physics, the "Web" rapidly has turned into an impressive marketplace. This project aims to offer a solution for the internet presence of a financial company. Many elements that might occur on such a bank's web site will change frequently. The interest rate of a mortgage, for example, is exposed to oscillations. A web page describing such a mortgage consequently will need to be altered whenever one of the various conditions change. The problem a web page developer usually faces, is that the Hypertext Markup Language (HTML), which defines the appearance of a web page, is as static as any other text document, i.e. once a certain piece of content has to be changed, one has to open the document in an editor and to do the modification manually. In this project, this problem will be solved by creating many of the web pages dynamically, i.e. on the fly, through the so-called Common Gateway Interface (CGI). The CGI programs or scripts will query an Oracle database that holds the data that is necessary for the web presentation and will format the query results in a manner that allows them to be presented as an HTML document. The data does not only consist of interest rates for numerous credits and mortgages, but also includes all the product information and the text paragraphs that later will farm the product descriptions. Marketing departments, for instance, tend to be rather inventive when it comes to advertising special offers far new clients, or for those who have sealed mortgages, credits, or pension schemes. It definitely will be of great help to allow an employee of the marketing department to access the database and quickly change the characteristics of an offer, instead of forcing him to enter the HTML code or to contact the person responsible for the web site. As a result of this project, the web site of a fictitious bank, "El Banco Miami", has been created, presenting a variety of imaginable products and services a bank may supply. The client, for example, not only will be able to view the latest changes of the interest rate for the mortgage he has, but additionally he will have the option to have the amount of his monthly installment calculated interactively. Moreover, a visitor can demand a bank statement via the Web by filling his personal data into a form and sending it to the bank. The bank's database will process the data and if the visitor turns out to be a customer, a detailed bank statement will be returned. However, this project is not about internet banking, and the latter feature is supposed to demonstrate the underlying techniques for passing data from a front-end application (the web browser) to the back-end (the data base) and vice-versa. The aspect of the necessary security requirements for transmissions containing private data, like the balance of a person's account, will not be in the focus of this project, because even the majority of the banks, at the present point of time, have not found a common security standard, and thus dare not offer internet banking [Bir96], [Flo96]. Figure 1-1 outlines the basic elements of this project and gives a preview about the structure of this report: Chapter 2 deals with the front-end part of the whole information system, or to put it bluntly, it deals with what the web user finally sees in his browser window. Speaking of the web user, an important as well as interesting question arises: Who is that web user, what are his habits and intentions and how does he use the World Wide Web? In this chapter many of these questions will be answered and a vague picture of how the bank's target audience looks like, will emerge. Web documents are plain text documents defined by means of the Hypertext Markup Language (HTML). Nearly anybody, who has spent a few hours surfing the Web, is able to create HTML documents, especially if he has one of those many (sometimes good but rather bad) HTML editors available. During the investigation for this project I have seen many badly designed Web pages and sites, and another interesting question arose: Are there general design rules that help making a site more successful? This question will be answered thoroughly and finally a solution for "El banco Miami" will be presented. The report will not follow the information flow according to Figure 1-1, but continue at the back-end of the system, the database. The database is the fundamental part, the core of the entire system, as it holds all the necessary data for creating the web pages. Chapter 3 starts with a brief overview about Database Management Systems (DBMS) in general and relational DBMS in particular. Finally the creation of the database objects, which are essential to the bank's web presence will be described, with special emphasis of security and access control aspects. Chapter 4 classes the gap between front-end and back-end, explaining how the Common Gateway Interface (CGI) works. Through CGI, the user requests coming from the web browser are processed, transformed into a format that the database can understand, and finally the database query is performed. The query results are returned to the gateway program and formatted in a way that allows them to be shown as an HTML document. Chapter 5 will analyze the means for securing the internal network of the bank from attacks from the Internet. A brief overview about Firewall architectures will be given, resulting in a recommendation of a Firewall system that may serve the bank's requirements. This chapter also describes how to secure the internet services HTTP and DNS which are obligatory when a site decides to take part in the World Wide Web.