Elevator Pitch 2

Continue the rail riding journey with the IT developer role has a lot of fun and PAIN.

Internet security on Directory service (LDAP) , UDDI registry, encryption, data transport protocol, firewall and cookies are discussed . Concurrency control and ACID transactions are important for e-commerce with client/server environment. Distributed systems design process with UML and MVC models are examined. A ethical design for e-commerce system for protecting personal integrity and privacy has bring up my attention. Bots, agents and spider are common use but with ethical holes. Mobile e-commerce needs for both data and security are analysis. XML case studies and system integration methodologies are overviewed.

Form processing, screen layouts, documents request and advanced login system has been used for the OTBS. The system deployment process has been investigated and production site migration is just a step away. Although it is very tough to ride RoR but it is a very good challenge in my life.


The MP3 file can be download at the link: ftp://varianhk.servehttp.com/PUBLIC%20DISK/ITC%20594/

The file name is Elevator_Pitch_2.mp3.

Another copy is already submitted to Easts.

Workshop 8

Workshop 8


Ruby on Rails Workshops Report and Evaluation

Topic objectives

Upon the completion of this workshop, developers or managers should be able to:
• Identify and evaluate the Ruby on Rails workshop series
• Think critically and analytically about what you knew before and after the experiences
• Share and post your Report and Evaluation with peers via the subject forum.



Evaluation and Report

Please answer each question in this evaluation section. In your answer, please consider content/topics presented and the technologies and teaching strategies used during the Ruby on Rails Workshops. Results will be collated and used to modify the workshop series.

This form is just a format guide to you evaluation and report. Thank you for your time to complete workshop 8.



1. List what you consider to be the three strengths of Ruby on Rails workshop series

• A step by step approach for the student to understand and discovery Ruby on Rails features.
• A lot of examples and resources links are given for reference which can speed up the learning process.
• MVC concept is well-defined and explained in the workshops.

2. List what you consider to be the three weaknesses of Ruby on Rails workshop series:

•  Some of the information is too old. (e.g. rhtml file structure)
•  Procedures for RoR Configuration are missing. Student needs to spend a lot of time to figure out how to configure the correct environmental parameters (MySQL setup) and build the project.
• A lot of typo mistake inside the workshop material

3. List what aspects of Ruby on Rails workshop series that you found to be most difficult.

The most difficult part is the workshop 6 as it involves a lot of programming skills which are not discuss in the earlier section. Even a lot of information is available online, but it is still difficult to find the correct one. If there is a particular reference material or Web for RoR programming then it will help the student a lot. We need to spend time on learning and practicing but not for searching.

4. List what improvements could be made to the Ruby on Rails workshop series:

• Clear setup and configuration procedures
• Better referencing materials

Free response and reflective questions:


5. Reflect on your experiences with the other Web framework used in this subject: Was it effective? How can it be improved? Should other Web frameworks be used as well or instead of Ruby on Rails?

From my point of view, RoR is easy to learn but difficult to drive. Versions are always change and it is not well-organised (Open source).

6. Did the Developer’s or IT managers Team that you joined after workshop 4 have a preference towards using other tools to facilitate collaboration? Comment on the differences between these use of the sub-forum or Interact wiki tools from your experiences in this subject.

For oversea student in Hong Kong, we still prefer to communicate face by face or by phone or email (fast responds) rather than doing Wiki or forum.

7. Further comments to add?

Workshop 7

DEVELOPER’S THREAD (RED team)

To Do:

Developers conclude their work with the OTBS and look at the options for deployment of the site. Examine the various platforms/software tools used for deployment such as UNIX environment suggested in the Discussion Notes, Mongrel or Mongrel cluster, Nginx, Subversion or Capistrano (during development stage), JRuby in the Java environment.

Which way?

The choice is up to you as this workshop present just one option and you may like to use another, such as deploying the OTBS in a .NET or J2EE environment

Deployment of a Web site depends on a lot of factors, RoR runs on most operating systems like linux, Mac, BSD and Windows and also from a wide range of web server configurations.

By accessing the rubyonrails.org site, it suggests several options, Passenger aka mod_rails, Proxy setups(Apache or nginx against Mongrels or Thins), JRuby on Rails (Glassfish or Jetty app server) and automate with Capistrano.

From my experience, Unix based system is more stable and secure than windows based system. Therefore, I will only consider Unix based system for the OTBS project. As OTBS is only a thin system, and Unix is good for big guy, Linux may be a better choice - open source and run on cheap computer hardware.

Mongrel is designed to server Ruby code, but it is not too suitable for static content like images, html, css or javascript. Therefore Mongrel should always deployed behind another webserver, like Apache (railhostinginfo, 2010). Apache with Mogrel will be the choice in the OTBS project.

According to rubyofrails.org, passenger is a very powerful deployment tool for RoR, it works well with Apache. It can be combined with Capistrano and taking the automated advantage (Modrails, 2010).

Moreover, Apache Subversion revision control system can be employ in the OTBS case, which can help to maintain the source code, web pages and documentation (Wikipedia, 2010)

A suggested deployment map is shown below: (Begin, 2008) 

Can you get the OTBS Running in production mode as a minimal production server?

Minimal production server is not only refer to the HW cost of the server but also the setup, upgrade, administration and maintenance cost of the OTBS project system. Our OTBS is running in the Linux mode with Apache and Mongrel, the HW server cost should be very low when compare with other operating system platform. Moreover, the SW tools that we are using are mostly open source (a lot of support documents available online) and is proven to work very well (easy to admin and maintenance) in this platform. I am  pretty sure to get the  OTBS running in production mode as a minimal production server.

Share your success by posting progress comments and links etc to the Developers sub-forum site that has been set up for the Red team.

Exercise 16

1. Choose ONE of the four ways to manage and develop integrated systems as listed below;

I will chosse the "Business process analysis" method to manage and develop integrated systems.

2. Summarise your understanding and describe its relevance (250 words max) in either your study at university or in your work environment;

From my understanding, every business is a set of processes that govern how the business operates, how much revenue it can makes, how the support of the customer is, etc. “Business processes” in a company is always unique and differentiate it from other market competitors and therefore it is a very important intellectual property (strategic asset) of the company.

My company starts from a very small company and growing becomes a three billion US business company. In the last ten years, we are relied on a lot of independent systems (Enterprise Resources Planning, Customer Relationship Management, and Sales & Operation Planning) to perform the business operations. Each system will have its own workflow, transaction handling mechanism and reporting methodology. In order to have a smooth operation, management needs to understand how individual sub-systems work and how they communicate.

As the company grows, it is very difficult to monitor and analysis the business processes in this model. The company starts a Varian Vision Program (VVP) last year which try to reform the old business processes. This VVP program has been divided into three phases; the final goal is all sub-systems will become system components in a single database system (SAP). New workflows, reports and training processes are developing in order to fully utilize the VVP features (time consuming & costly). The upper management believes that once the system integration is finish, the company can increase revenue by having visibility (monitor), efficiency (no redundant steps), agility (rapid change) and business empowerment (confident to make decision) (savvion, 2009)

3. Edit TWO similar versions (include bibliography) of that summary to CSU Interact:

a. post version A as a wiki page contribution;

Done.
b. add version B as a final entry to close your developer's blog.

Business processes define how a business operates, make profit and perform customer support. It is absolutely the strategic asset of the company. My company business relied on a lot of independent systems (ERP, CRM, S&OP) to perform operations in the last ten years. Each system has its own workflow, transaction and reports. Smooth operation depends on the understanding of the entire sub-systems. A reformation of business processes is held on last year in order to integrate all sub-systems into a single database system in SAP. It is a very time consuming and costly action for defining new workflows, reports and training. After system integration, the company should increase revenue by having visibility, efficiency, agility and business empowerment (savvion, 2009).

Exercise 15

1. What is meant by a location based service? Explain using the Web applications found on a late model mobile device.

From wikipedia (2010), Local Based Service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device.

There are a lot of Web applications found on a late model mobile device, such as AGPS navigation service, traffic alerts (traffic jam, detour from accident), restaurant information, advertisements or promotion from that local area.

2. Describe the purpose of the Open Mobile Alliance (OMA) Initiative?

The purpose of OMA (founded in 2002) is to develop open standards for the mobile phone industry. That means OMA is only to standardises applicative protocols and therefore it will provide interoperable service enablers working across countries, operators and mobile terminals (Wikipedia, 2010)

3. What are the main components of a mobile Web services framework?

The main components of a mobile Web services framework are the communication way (e.g. SOAP), the Web services description (e.g. WSDL), directory server to publish and advertise available services (e.g. UDDI). Unlike static stub based invocation of Web service, the mobile environments allows clients and services to change rapidly. Without the main components stated above, it is impossible for the users to efficiently discover and access to Web services at runtime (Nielsen, 2006).

4. Visit an airline Web site and search for information on WAP or SMS or 3G mobile application access to booking airline services. The same services exist in banking. How do both industries compare?

I have use the WAP mobile application access to the "Cathay Pacific Airline" and the "Citibank Hong Kong" Web site.

For the Cathay Pacific Airline, you need to go to a particular mobile site to download the mobile client and installed into your mobile device. The support mobile devices are Blackberry, Nokia, Windows Mobile, Other platform with Java support and iPhone. After installation the mobile client, you can run the icon from the mobile desktop. There are only six services provided in this client, they are Check in, Flight Status, Retrieve Your Booking, Flight Schedule, City Guides and Select Your Country. Only the Check in and Retrieve Your Booking options require the user to log on the system.

For the Citibank Hong Kong, you just need to visit a https mobile site rather than download a mobile client. The first screen is log on. After log on to the system, there are 9 options, three related with Banking and six related with Stock trading. For banking part, you can have A/C info, payment & transfer and time deposit. For the stock trading part, you can have HK stock quote, buy/sell HK stock, US stock quote, buy/sell US stock, stock trade status, Citibank stock holding and HKEx News.

The similarity for both industries are :

1. The Web page is very simply with a few options (not full option compare with the standard Web site)

2. Require log on for information related to personal

3. Use text rather than graphics

4. The display can be multi-languages depend on user selection

The difference for both industries are :

1. airline needs to install mobile client (limited environment) but not the banking

2. Banking provide more options than airline

3. Banking mobile site is more secure than airline mobile site.

4. Banking provide real time update data but airline is not (data on request).

Exercise 14

1. What is a spider? What does it do?

A spider is a program which crawls the Internet in a specific way for a specific purpose. The purpose may be gathering, filtering and potentially aggregating information for a user. For example, a search enginee (Google, Yahoo) (Jones, 2006).

2. Differentiate the various types of software agents.

There are four main types of intelligent software agents (Wikipedia, 2006).

1. 
   
   Buyer agents or shopping bots
2. 
   
   User or personal agents
3. 
   
   Monitoring and Surveillance agents
4. 
   
   Data Mining agents

3. Identify various activities in e-commerce where software agents are currently in use.

The various activities according to different agents are:-

• 
  
  Buyer agents or shopping bots -- Amazon.com (shopping bot) , provide a list of books that may fit your interest or base on your buying history in that site.
• 
  
  User or personal agents -- jobdb.com , sending email about the current available jobs in the market which fit with your personal resume data.
• 
  
  Monitoring and Surveillance agents -- NASA's Jet Propulsion Laboratory, monitors inventory, planning and scheduling equipment ordering to keep costs down.
• 
  
  Data Mining agents -- use in credit card company, provide a list of consumer's interests according to their shopping behaviour/habit. They can have promotion on particular products or services which can keep the card user to use their card.

4. Computing ethics and bot programming case study: rocky

    a. Get an account username and password from the lecture to LC_MOO at http://ispg.csu.edu.au:7680/ and login to the Welcome Lobby.

Get is from the CSU interact. Train1 to Train20.

    b. Hold a 5-minute discussion with Rocky on a special topic. Commands and chat are entered in the command box (bottom-left of screen in Figure 11): act rocky (start bot) hush rocky (stop bot)

Done. Try to talk with rocky about internet game. The discussion content is shown below.

c. Rocky is an ELIZA-like bot. Report your findings.

First of all, I have wake up rocky by the act rocky command.

My findings are:

• All conversation should be inside "" sign in order for rocky to understand.
• Rocky will ask random question to me.
• When I answer Rocky's question, Rocky will take the keyword of my answer to create another question.
• Moreover, Rocky will try to base on my positive/negative keyword (YES/NO) to predict my thinking.
• Some answer from Rocky is very reasonable (like a human), but most of them are not human like.
• Rocky likes Python
• Rocky has a small brain - question repeat easily.

Exercise 13

The Shopping Cart Class Diagram is shown below:

Workshop 6

DEVELOPER’S THREAD (RED team)

To Do:

Developers may continue to build upon work with the OTBS using the topic reading to help with user registration and advanced login features from Hartl et al (2008). Some examples of work to do includes:

o generating a controller and an action by adding a method(s) to a controller;
o creating a view template for each action and to link to actions from views;
o using AJAX to improve the user experience;

After browsing a lot of online materials, I will implement the REST programming (CRUD) concept in this user registration and advanced login features section for the OTBS systems.

New user registration, login, logout, edit user and unregister a user are handle in this login section.

Two models, Session and Person will be created. Session will authenticate a user by finding the username and password in the People table. Person model will encrypt every password with 256 bits SHA2 digestion accompanied with a unique salt. The layout and user experience will be my last consideration at this moment due to the time limitation.

Create two models by:

ruby script/generate resource session

ruby script/generate resource person

Edit the db/migrate/2010052603610_create_sessions.rb and db/migrate/20100526030647_create_people.rb to create the table in the OTBS database

Then execute rake db:migrate, an error occur due to a wrong version of libmySQL.dll. Download the correct version then the problem fixed. (take me 2 hours to figure out)

Configure the session and person model according to the specification. The username is 4-16 letters, numbers or underscores and has no space and password is 4-16 characters.

Configure the routes.rb to change to a new root_url path

map.root :controller => 'people'

delete the public/index.html file

Configure all the related controllers and views (application, session and people)

The screen captures are shown as follow:-

Home Screen

Log-in with a new user --> error message pop-up

Go to the register screen and enter the new username and password.

New user register successful (Welcome message) and change into the Taxi booking screen.

The people table is inserted a new user data with encrypted password and a salt.

Try to change the password by the Edit Account tab.

Password change successful.

Unregistered the lwyuen account and a warning message pop-up on the screen.

By answering OK, the account is unregistered.

If time is allowed, I will come back this workshop to add more features and with AJAX enhancement.

Share your success by posting progress comments and links etc to the Developers sub-forum site that has been set up for the Red team.

Exercise 12

Examine the Use Case in Figure 4 and explain the MVC architecture of the online bookstore (the model, the view and controllers) needed to Lookup Books and Add to Shopping Cart.

From the CSU forum, the Figure 4 should be change into Figure 10.

For the MVC architecture, model is for maintaining data, view for displaying the data and the controllers for handling events affect the model or view.

In the online bookstore case, if we are going to explain the MVC architecture for the Lookup Books and Add to Shopping Cart part, the result will be illustrated as below:

For the Lookup Books:

• 
  
  Model will be the online bookstore's books database 
• 
  
  View will be at least a "search book" view (by categories, author and publisher), a "lookup result" view and a link to the Add to Shopping Cart View
• 
  
  Controller will be the coding that query the books database by different search criteria (categories, author and publisher), selecting the book(s) from the search result and export to the next stage (Add to the Shopping Cart)

For the Add to Shopping Cart:

• 
  
  Model will be the Shopping Cart List from the customer's database
• 
  
  View will be the "Shopping Cart" view which contains the selected book(s) result from the Lookup Books part and a link to the Purchase Book view
• 
  
  Controller will be the coding that imports the selected books from the Lookup Books part.

Exercise 11

1. Give a description in your own words of the ACID properties of a transaction.

ACID refers to Atomicity, Consistency, Isolation and Durability (Wikipedia, 2010).

For a transaction to have ACID properties, the database can only be updated if the whole transaction is finished. If part of the transaction is finish but not all, the whole update data should be dropped and the database should keep unchanged. In addition, the transaction data format should follow the database schema data format, such action will ensure the data get updated into the database. Moreover, the transaction should not access the data being updated by other process, it should wait until the data is released by the other transaction. Finally, when the transaction is success completed, the data should be updated into the database accordingly. Data could be roll back from the database even after system failure.

2. Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?

A Transaction Processing (TP) monitor environment is that a control program will manages the transfer of data between multiple local and remote terminals and the application program that serve them.

For a distributed Client/Server, a TP monitor will ensures the transactions never get lost or damaged. It can be a placed in a separate workstation and used to balance the load between various application servers, Database servers and clients. Moreover, it creates a high availability system by fail over the transaction to a good machine. Finally, it guarantees that all databases are only be updated by a single transaction (Pcmag, 2010)

Exercise 10

1. Find definitions for eight terms and concepts used in threaded programming:

1. Thread Synchronisation - a process to coordinate execution of threads (Lundh, 2007)
2. Locks - make sure that two processes do not get into each other's way when accessing a common resource (Eustace, 2010)
3. Deadlock - two processes are each waiting for the other to complete before proceeding (Webopedia.com, 2010).
4. Semaphores - a more advanced lock mechanism with an internal counter which will only blocks when the counter reaches to a given number (Lundh, 2007).
5. Mutex (mutual exclusion) - a program object which allows threads to share the same resources, but not simultaneously (Webopedia.com, 2010).
6. Thread - a flow of control through the process, plus a private stack for local data (Eustace, 2010).
7. Event - an action or occurrence detected by a program (Webopedia.com, 2010).
8. Waitable timer - a synchronization object whose state is set to signaled when the specified due time arrives (Microsoft.com, 2010).

2. A simple demonstration of the threading module in Python (threaddemo.py) that uses both a lock and semaphore to control concurrency is by Ted Herman at the University of Iowa. The code and sample output below are worth a look. Report your findings.

Findings from the codes are:-

1. There are 10 tasks (threads) to run. Start from 0 to 9
2. Only 3 out of 10 can be run at the same time (control by Semaphores - sema)
3. Each task will randomly run from 0 to 2 seconds.
4. There is a read lock (mutex - running counter).

Findings from the output are:-

1. Each thread gets its running time at the beginning (not before starting the thread)
2. Threads start according to its order (0 to 9)
3. Threads end according to its life cycle not order (random time).
4. There are at most 3 threads running at the same time.

Workshop 5

DEVELOPER’S THREAD

To Do:


Part A: Viewing the action

1. Create the Rails application framework in the projects folder: C:\InstantRails\...\projects\>rails animals

Done. By using the command C:\Ruby\bin> ruby rails animals, the animals project have been created. A new folder animals is created under C:\Ruby\bin\ directory.

2. Running the application on localhost:3000 using the WeBrick ruby server (or Mongrel as alternative) and access via Web browser at http://localhost:3000/

Done. By using the command C:\Ruby\bin\animals>ruby script/server, the ruby server is up and running and the result is shown as below.

3. Create the controller to make the application do an action. This is under the controller-action/model-view structure.

Stop the WEBrick server each time you edit Ruby classes and then re-start or refresh the views you are testing. Use the Ruby command below:

>ruby script/generate controller Mammal

The mammal_controller.rb contains just a bare class description:

class MammalController< ApplicationController

end

and the ApplicationController class inherits from ActionController::Base class in the ActionController module under Rails.

Successful. Result shown below:

4. Test the controller by starting the WEBrick server and navaigatibng the browser to http://localhost:3000/mammal Note how the controller name is appended to the end of the URL and that no action resulted because there are no controller methods.

Done. Result as below.

5. Create an action by editing and saving the mammal_controller.rb class in projects\animals\app\controllers using your text editor to add the method below:

class MammalController< ApplicationController

def breathe
end
end

Done.

6. Start the WEBrick server and browse at http://localhost:3000/mammals/breathe where you will get a “missing template” message since it is missing a view for the breathe method.

Rails is trying to connect the breathe method action of the mammal controller to a view, by using the action’s name – breathe. This view template is created as breathe.rhtml and stored in the \projects\animals\views\mammal directory.

The command has a typo mistake. The correct command should be http://localhost:3000/mammal/breathe

Command Executed. Output as below:

7. Create and save a view in that directory by using a text editor to create a view called breathe.rhtml

   







Restart the WEBrick server and browse again at http://localhost:3000/mammals/breathe

View added under animals\app\views\mammal. Execution result shown as below:

8. Try Ruby code and HTML in the action view by using the wrapper around the inserted Ruby code. Here are some snippets to try from workshop 4:

NOTE: in practise you normally perform calculations in the action (method) and pass the results to the view.

By editing a try_ruby_code.rhtml file under animals\app\views\mammal and restart the ruby server. The result is shown below:

Part B: The active view: passing data from an action too a view



1. Create a new application called scenery in the same projects directory to demonstrate the use of an active view.

> rails scenery
> cd scenery

Done.

2. Create a controller called Demo in scenery\app\controllers

scenery> ruby script/generate controller Demo

Done.
3. Add an action to demo_controller.rb as the method called rubycobe


class DemoController< ApplicationController
   def rubycode
   end
end

Done.

4. Add a view template - scenery\app\views\demo\rubycode.rhtml

We will edit this view in later steps but you may like to add your own test HTML code to the view at this stage.

Done. Rubycode.rhtml is listed below.

5. Save and restart the Web server and navigate to http://localhost:3000/scenery/rubycode

Done. The execution result is shown below:

6. Use the Time.now example to pass data from an action to a view.

Done. The file and result is shown below.

7. Modify and save the rubycode action with a value for the time instance variable in the DemoController class in app\controllers\demo_controller.rb

class DemoController< ApplicationController
        def rubycode
        @time_now = Time.now
        end
end

Done.

8. Then modify and save the corresponding view template in \app\views\demo\rubycode.rhtml by adding a call by reference to the action’s instance variable:

Done. The @time.now is not correct, I need to change it into @time_now instead. The code is patching into the rubycode.rhtml file.

9. Restart the Web server and navigate the browser to http://localhost:3000/demo/rubycode

Data has been passed from the action to the view as it is done with SQL requests. The instance variables of a Ruby class are available to view templates by referencing the action’s instance variables by name in the view .rhtml template.

Done. The execution result listed below:

Part C: Screen layouts and forms processing with text fields, check boxes, radio buttons and multiple list controls



1. Create a new application called cabs in the same projects directory to demonstrate the use of an active view.

> rails cabs
> cd cabs

Successful.

2. Create a controller called Vehicle in cabs\app\controllers

cabs> ruby script/generate controller Vehicle

Successful.

3. Add an action to vehicle_controller.rb as the method called cabtype

class VehicleController< ApplicationController
       def cabtype
       end
end

Done.


4. Add a view template - cabs\app\views\vehicle\cabtype.rhtml

We will edit this view in later steps but you may like to add your own test HTML code to the view at this stage.

Done.

5. Save the view and restart the Web server and navigate to http://localhost:3000/cabs/cabtype

Before it can browse to the web page, I need to modify the database.yml file to point to the MySQL DB server and of course the MySQL server needs to be up and running. Moreover, the link is incorrect, the correct one should be http://localhost:3000/vehicle/cabtype

The results is as follows:-

6. Create a file in the public directory - \cabs\public called input.html

Created as request.


7. Edit the vehicle_controller.rb here is a start. The data in each form element in the Rails application can be accessed via its name and a hash called params

class VehicleController< ApplicationController


        def cabtype
        @data1 = params[:text1]
        @data2 = params[:check1]
        @data3 = params[:radios1]
        @data4 = params[:building1]
end
end

Updated as request.

8. Edit the view template cabtype.rhtml

Updated as request. But when I try to run this document, there is a syntax Error pop up as below.

After investigation, there are syntax errors in line 14-16. The file is changed as below:

Re-run the document, the expected result is shown as below:

9. Start the Web server and go to the opening page of this application at

 http://localhost:3000/input.html

I have put in the data as follow:

10. Submit the forms data. What do you find?

After submit the forms data, the IE holds up for a while. Then an error screen pop up:

This is an ActionController:: InvalidAuthenticityToken error. By pressing the Full Trace hyperlink, I have getting more information.

This is a request_forgery_protection.rb error and by finding in the Internet, there are two solutions:

1. Adding "protect_from_forgery :only => [:create, :delete, :update]"

into the vehicle_controller.rb (Ryan, 2007)

2. Adding "config.action_controller.allow_forgery_protection = false"

 into the development.rb (Rubyonrails.org 2010)

Re-run the input.html, another error is pop up as follow:

The system is trying to find "index.html.erb" file, so this error message is popup. Therefore I am changing the cabtype.rhtm into index.html.erb. Re-run the input.html, the result is as follow:

The final screen is appear but there is no parameter passing from the form. By investigating the server debug screen below, I find that the system is looking for the index inside the Vehicle_Controller.rb.

Therefore, I change the "def cabtype" into "def index" inside the vehicle_controller.rb.

Restart the system and re-run the whole process, the final result is finally show up.

How it works



When you use the params method in Rails, it implements the details of the parameter hash to be changed without breaking existing code. For example, the params hash for radios1 will contain the value of the radio button and the data is extracted in the cabtype action. With the multiple list box example in Rails, using the select controls, the params hash of building1 is an associative array (dictionary) holding the users multiple selections and is not just a drop-down list.



Rails supports other HTML controls for forms processing via text fields, check boxes, radio buttons and list select controls etc. As an example start_form_tag abd stop_form_tag as well as methods for each item such as the create field method text_field_tag



11. Report your progress or findings in your Developers Blog.

Reported in details above.

Exercise 9

1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.


SET stands for Secure Electronic Transaction and is a standard (based on RSA) which ensure secure credit card transactions take place over Internet. SET is endorsed by major by all the major players in the e-commerce area, such as Microsoft, Visa and MasterCard. SET is based on digital signatures to verify the buyers are who they claim to be and moreover ensure the merchant has not about to see the number as the credit card number is over transfer between cardholders and card issuers (e-commerce-guide, 2010).

RSA (Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography. It is suitable for signing as well as encryption and therefore it widely used in e-commerce protocols. (Wikipedia, 2010) RSA 128-bit encryption means that it is using a 128 bit key length key to encrypt the data and the longer the key implies the higher security the data is.


2. What can you find out about network and host-based intrusion detection systems?

Both network and host-based intrusion detection systems (IDS) are looking for attack signatures (specific patterns that usually indicate malicious or suspicious intent) to recognize and deflect attacks. The network-based IDS look for those patterns in network traffic but the host-based IDS looks for those patterns in log files. Either method will has its own strength and weakness, (such as network-based - low cost, difficult to remove evidence, OS independence; host-based: well-suited for encrypted and switched environment, no additional hardware) therefore a truly effective IDS should employ both technologies (Internet Security Systems, 1998).


3. What is 'phishing'?

Phishing refers to a method that the identity theft setup a fake website which seems to represent a legitimate company, then they will send fake emails (looks from the legitimate company) out to the victims and provide a hyperlink to them to access the fake website. Once the victim provides personal information such as username and password to the fake website, the identity theft will use them for their own purposes or sell them to other criminal parties (dictionary.com, 2010).


4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?

Please refer to question 1 for SET definition.

Secure Sockets Layer (SSL) is a standard for encrypted client/server communication (public key) between network devices. It runs on top of TCP/IP and is invented by Netscape. SSL is built into all major browsers and web servers and its capabilities can be turned on by an installation of a digital certificate.

The main difference between SET and SSL is that under SET transaction, the merchant will not receive any credit card information from the buyer, therefore the credit card information is more secure. Nowadays, SSL is the most common use method as the setup and running cost is cheap when compare with SET (Chen, 2010)


5. What are cookies and how are they used to improve security? Can the use of cookies be a security risk?

A cookies is a text string (user preference, information) send by a web server to a web browser (stored) and then send back to the same server when the user access it next time. It can be used for authentication, session tracking, storing site preferences, shopping cart contents, identifier for a server-based session, etc.

The use of cookies can be a security risk as they do not always accurately identify users, they can be used for security attacks (spyware) and the content is easy to extract (Wikipedia, 2010)


6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?

A firewall is a device which control access between the Intranet and Internet. It determines whether a data packet or a connection request should be passing through or denied. It can quarantine an organization Intranet is free from any unauthorized traffic if the organization places a firewall at each external connection (Eustace, 2010).

There are a lot of firewall vendors, such as Checkpoint, Cisco, IBM, ZoneAlarm, etc. Most of the business firewall solution is hardware and the personal firewall solution is software. Some of the vendors are doing both HW and SW firewall products. (Checkpoint)


7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

The measures that e-commerce should provide to create trust among their potential customers are maintain logs audit, encrypt email messages, secure client/Server security, secure data transport security, secure operating system security, use security transport protocols (SSL, SET, HTTPS), use firewalls and secure browsers with security and scrambling features.

The measures that the customer can be verified should be the encrypt email messages, security transport protocols and audit logs (Eustace, 2010).


8. Get the latest PGP information from
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?

The others are PGP tools, HASP key and security dongles (use by bank). Such tools are exist both HW and SW format.