CHAPTER 2
THEORETICAL FOUNDATION
Some theoretical foundations related to development of the proposed system are
described in the following sections.
2.1 Internet
Information is the result of processing, manipulating and organizing data in a way that
adds to the knowledge of the person receiving it. By getting the latest information,
people know what are happening, what was happened, and even the prediction of what
will happen next. In early 1900s exchanging information is quite difficult. The existence
of internet service in the mid 1990s resulted in various application to facilitate the
process of exchanging information.
Internet can be viewed as a global system of interconnected millions of computing
devices and computer networks [22]. The internet carries a vast array of information
resources and services, the most popular one are interlinked hypertext documents of the
World Wide Web (WWW) and the infrastructure to support electronic mail. It also
supports other popular services such as online chat, online gaming, e-commerce, social
network, video and audio streaming, and telecommunication through VoIP (Voice over
IP). An estimated quarter of Earth’s population uses the service of the internet [5].
Many people do various activities in the internet from browsing through Google, using
Facebook as their social network website until doing shopping at famous website like
eBay. Due to immense application of internet, many irresponsible people manipulate this
10
11
situation for example stole credit card information (credit card fraudulent), get other’s
private information, and many else. Security is being one of the aspect need to take into
consideration while using the internet.
2.2 TCP/IP (Transmission Control Protocol/Internet Protocol)
TCP/IP is a term refers to a set of communication protocol for communicating between
computers on the internet. TCP/IP stands for Transmission Control Protocol/Internet
Protocol. TCP/IP protocol comprises of two standard protocols: TCP and IP. TCP is for
communication between applications as it works in transport layer while IP that works in
internet layer is for communication between computers. According to Network Security
Essential book, the role of an internet protocol is to provide the functionality for
interconnecting end systems across multiple networks. Due to this reason, IP is
implemented in each end system including routers, devices that provide connection
between networks [10]. TCP uses three-way handshake, first application sends a
communication request (SYN) in response the server replies with a request
acknowledgment (SYN-ACK) then the client sends back an acknowledgement (ACK) to
the server as the response. TCP uses predetermined port numbers to identify sending and
receiving application end-points on a host, standard application and its standard port are
as follow: FTP (21), SSH (22), TELNET (23), SMTP (25), and HTTP (80). With IP,
messages are broken up into small independent “packets” and sent between computers
via internet. IP is also responsible for “routing” each packet to the correct destination.
Example of IP address is 69.63.181.11.
12
2.3 Intranet
Intranet is a term refers to a private network which uses internet protocols and operated
by an organization [22]. It is used to share part of the organization’s information or
operational system to its employees within that organization. According to the
wikipedia.org, Intranets are also being used to deliver tools and application e.g.
collaboration (to facilitate working in groups and teleconferencing) or sophisticated
corporate directories, and many else. Many benefits of intranets such as efficient and
effective access to organization’s information, helped the company to communicate
horizontally and vertically, support business operations and decisions across the
internetworked enterprise, reduce paperwork, and last it enhance collaboration with
information easily access by all authorized users.
2.4 ISP (Internet Service Provider)
ISP is a term refers to a company that provides access service to the internet. Each ISP is
a network of packet switches and communication links. Customers usually pay certain
amounts of money in order to get the services. The ISP connects to its customers using
data transmission technology for delivering Internet Protocol datagram such as DSL
(384kbps to 20Mbps per second for downloads), cable modem (1Mbps to 6Mbps for
downloads), and dial-up (48kbps for downloads). ISP can be viewed as a hierarchical
structure, tier-1 ISP as the highest known as Internet backbone networks, tier-2 ISP as
the customer of the tier-1 ISP and soon [22].
13
2.5 Web Server
Web Server is a computer program (server) that is responsible for accepting HTTP
request from clients (web browser) and response to HTTP request along with optional
data contents which usually a web pages (HTML). The figure below shows how users
access a website through web server.
Fig 2.1: Browser sent request to web server
(Source: http://computer.howstuffworks.com/webserver1.htm)
The basic steps of how it works:
1. Web browser request will be break into several pieces:
 The protocol(“http”)
 The host name (“www.howstuffworks.com”)
 The file name (“web server.htm”)
2. Then web browser will communicate to server DNS (Domain Name System) to
translate the server name into IP that is readable by the server.
14
3.
After the IP address resolved, web browser will be connected to the server
through port 80 (HTTP port)
4. Using HTTP protocol, browser will sent request to the server, asking for the file
“web-server.htm” from the server name www.howstuffworks.com through
HTTP protocol.
5. The server will then response the request by sending the HTML back to the
browser and the web browser will translate the HTML tag into viewable HTML
pages.
2.6 Apache
Apache is an open source cross platform web server. Based on news.netcraft.com,
Apache are currently the leading Web server with approximately 100 million website
use Apache as its web server [5]. Web server is a background process implemented as a
system service. There is a huge array of server-side programming tools and languages
available through Apache including Perl, PHP, python and soon [21].
Fig 2.2: Apache growth compare to other web server
(Source: http://news.netcraft.com)
15
2.7 Web Application
Web application is an application that is accessible via web browser and coded in a
browser supported language such as HTML, JavaScript, PHP, Java, etc. it has common
structure called three-tiered application (presentation, application, and storage).
Presentation tier is a web browser, the middle tier is application logic that used to bridge
the web browser and logic inside the code and the last one is database as the storage.
There will be 4 web applications that will be used during the implementation:
2.7.1 PHP (Hypertext Preprocessor)
PHP stands for Hypertext Preprocessor; it has the ability to process the web with
dynamic content. PHP is a server-side embedded script language which means the
syntax will be processed by the server and printed on the web browser. Recently
most of the web servers are compatible with this scripting language [19]. The
following figure shows client request and the web server response.
Fig 2.3: Structure of PHP process
(Source: http://www.datamodel.org/)
16
2.7.2 JavaScript
JavaScript which originally created by Netscape is an object oriented client-side
scripting language used to enhance the functionality and dynamic representation of a
webpage [21]. The primary use of JavaScript is to write functions that are embedded
from HTML pages and interact with Document Object Model (DOM) of the page.
Java script usage is from opening or popping new window, validation, changing
image, in return as it is executed in the client the server load will be balance [24].
2.7.3 Jquery
Jquery is a library of JavaScript that emphasizes interaction between JavaScript and
HTML. Instead of writing many lines, using jquery will reduce the need to write
more since it has kept the function inside the library.
2.7.4 Ajax
Ajax stands for Asynchronous JavaScript and xml. It is a web development
technique using a combination of various technologies, is an example of technology
which creates a more interactive experience. The main function of Ajax is to
enhance dynamic Graphical User Interface (GUI) of a website and perform task in an
efficient and effective manner. Using Ajax, web applications can retrieve data from
the server asynchronously in the background without disrupting with the display.
17
2.8 Web Browser
Web browser is the term to represent presentation layer used for retrieving and
presenting information resources on the World Wide Web. The process result from the
server that is returned to the client is presented in the web browser. It support variety of
prefixes, there are HTTP, HTTPS for secure website, FTP for File transfer protocol,
email, and soon.
2.9 MVC Architecture (Model, View, Controller)
Fig 2.4: Model View Controller
(Source: http://en.wikipedia.org/wiki/)
MVC is an architecture pattern separates the process for viewing, initialization, and core
logic of the program. Model merges domain logic and data access code, view renders the
model into represented user interface in the browser, meanwhile controller process the
input and initiates a response by accessing model objects [24].
The control flow of the MVC is generated as following:
1. User interface receiving action from a user like clicking next button.
18
2. The controller determines what the program should do and process the input into
particular action that will be accepted by model.
3. The controller alert the model if there is any value changes possibly the alteration
in model’s state.
4. View will queries the model data and appropriately generates the result to user
interface.
5. The user interface goes into idle state until further interactions from user which
may restarts the cycle.
In views to MVC, there are two conflicting forum.
First, the Pros who argues that MVC are:
+ Easy to maintain.
+ Easy to reuse
+ Easy to expand.
Second, the Cons who argues that MVC are:
− Requires more directories to begin.
− Separating the file for view (HTML) model (class define) and controller (process
the request) requires more spaces.
19
− Including many files inside the code may slowdown the site processing.
− More redundancy code by creating many files.
− Requires more code to get started.
2.10 VPN (Virtual Private Network)
VPN is a secure communication channel between network applications using a public or
unsecured medium such as Internet by using various technologies to provide user
authentication, data integrity, and access control. There are three widely used protocols
such as L2TP (Layer 2 Tunneling Protocol), IP Sec, and Cisco VPN [7]. VPN often
installed by organization to provide remote access to a secure organizational network.
According to a recent Gartner study of more than 300 companies”…90% of U.S
companies with at least 500 employees and two sites use VPN solution to provide secure
access to home workers. The study also found that 79% of companies use VPN to
connect mobile workers.” [8]
There are benefits and also drawbacks in using this technology:
Benefits:
 VPN provide reduced operational and connection cost.
 VPN provide high level of security using advance encryption and authentication
protocols to safeguard data from unauthorized parties.
20
 Well-designed broadband VPNs are modular and scalable [9].
Drawbacks:
− Organization that implement this technology must aware of the network security
instead depends on ISP that’s supply the VPN to keep on running.
− VPN product from various vendors is not always interoperable due to its
capability to adhere with VPN standard.
− VPN may pose with greater security risk while used with wireless devices.
2.11 SSL-VPN (Secure Socket Layer Virtual Private Network)
SSL/TLS is a set of cryptographic protocols located in between Application layer and
transport layer that provide a secured channel for communications over networks such as
internet. SSL works in conjunction with the HTTP protocol, enabling client and server to
establish a secured session [9]. Transport Layer Security provides RSA security with
1024 and 3048 bit strength. SSL adds an additional transparent layer to basic internet
protocol layering. Basically SSL layer modifies the data from HTTP application before
sending it to the transport layer to send it to its destination [19].
HTTP
SSL
SSL
SSL
Handshake Change
Alert
Protocol
Cipher Protocol
SSL Record Protocol
TCP
IP
Host to network
…
…
Application Layer
SSL layer
Transport Layer
Network Layer
Host to network Layer
Fig 2.5: Internet Protocol Layer
(Source: PHP and MySQL Web Development 2nd edition)
21
SSL
SSL/VPN
HTTP
TCP
VPN
IP
Fig 2.6: VPN and SSL implementation
Basically, it involves three basic phases: 1. Peer negotiation. 2. Key exchange and
authentication. 3. Symmetric cipher encryption and message authentication [10]. Figure
below shows the detail SSL handshake process:
Fig 2.7: SSL handshake process
(Source: http://en.wikipedia.org/wiki/)
22
2.12 Relational Database
According to Philip J.Pratt and Joseph J.Damski database is a structure to store
information in a form of multiple types of entities, the attribute and the relationship
among those entities [11]. In accordance to several resources available, a database is a
collection of related information or records that can be easily accessed, managed, and
updated for one or multiple uses. Database often classified according to its content:
images, user data, bibliographic, and soon. In computing, database is classified by
several models. Relational models occur most commonly. It uses tabular model to define
its data so that it can be accessed, and reorganized in a number of different ways.
Relational database is a database which the tables correlates each other through primary
key and foreign key. The primary key is a unique column which is used to identify a
field uniquely. Mostly it support the use of referential integrity, or the idea of linking the
values together through primary key and foreign key which the values are valid and
correctly synchronized [12].
Database and Database Management System is frequently uses in a large mainframe
system. Recently it is also present on smaller distributed workstation and mid-range
systems such as AS/400 and on personal computers. SQL (Structure Query Language) is
the standard language for making queries to get and update data on several database
products such as Microsoft Access, Oracle, Sybase, and Computer Associates.
23
2.12.1 MySQL (Structure Query Language)
MySQL is the standard language for accessing relational database management
systems (RDBMS). The usage of it is to store and retrieve data to and from a
database. It is distributed via open source approach under GPL (General Public
License) license. Two basic languages used inside MySQL are Data Definition
Languages (DDL) used for defining databases and Data Manipulation
Languages (DML), used for querying databases [19]. Most of all it is best for
managing content and not for executing transaction.
The open source version of MySQL is now being an alternative to be used in
several web frameworks such as WAMP (Windows, Apache, MySQL, PHP) and
LAMP (Linux, Apache, MySQL, PHP). Moreover MySQL runs virtually on all
platforms, including Linux, UNIX, Windows, and mac. It is fully multi-threaded
using kernel threads, and provides Application Program Interface for C, C++,
Java, Perl, PHP, and Python.
2.12.2 Class Diagram
Class diagram is the graphical model used in object oriented approach to
represent all the classes of objects in the system [13]. Entities are the column in
the database whereas relationship is the depiction of how the data is interrelated
between each others. Three main components are entity (person, object, event
and soon), relationship (interaction between entities), and cardinality (defines
the numeric relationship between entities in terms of number).
24
There are three types of cardinality pattern between entities:
 One-to-one (1:1) one instance of an entity (A) is associated with one
other instance of another entity (B). For example in a company employee
database, each employeeID (A) is associated with only one companyID
(B).
Fig 2.8: One-to-one relationship
(Source: http://www.datamodel.org/)
 One-to-many (1:N) one instance of an entity (A) is associated with one
instance of entity (B) but for entity B is associated with zero, one, or
many instance of entity (A). For example in companies and employee
table, one company (B) can have one or multiple employees (B) but
employees can only have one company.
Fig 2.9: One-to-many relationship
(Source: http://www.datamodel.org/)
25
 Many-to-many (M:N) many instance of an entity (A) is associated with
one, zero, or many instances of another entity (B) and other way around.
For example for company in which each employee can works in multiple
projects, each instance of an employee (B) can run zero or multiple
project at the same time and project (A) can also have one or multiple
employee to work on.
Fig 2.10: Many-to-many relationship
(Source: http://www.datamodel.org/)
2.13 Context Diagram
Context Diagram is a diagram that shows the primary users of the system and the
information that is exchanged between them and the system [13]. Context Diagram is
the Top Level DFD. Context diagram is a non detail diagram from a system that depicts
the flowing interaction between system and external entities from and to the system.
System Context Diagram is diagrams used in systems design to represent all external
entities that may interact with a system [14].
26
2.14 Use Case Diagram
Use Case is a sequence of actions that an actor (could be either a person or external
system) performs within a system to achieve a particular goal [20]. According to
Ambler, This diagram illustrate the classes the system, the relationship between classes
as well as the operation and attributes of the classes [15]. It is a functional diagram to
show the basic function of a system, it explains the correlation between user and how the
system responds due to user action [12]. Person who interacts with the system is called
an actor. The more detailed of this process will show what systems functions are
perform by which actor. From the use case programmer will be able to see the scenario
of how the system should work and respond. Moreover shows the interaction between
actor and system function in term of roles of each actor. For instance receptionist in the
doctor’s office can play multiple roles, he or she can answer telephone, arrange
schedule, welcome patients, file medical records and soon. Three relationship often used
in creating use case are Include, extend, and generalization.
2.15 SSD (System Sequence Diagram)
System sequence diagram is part of the object oriented designed to describe the flow of
information into and out of the automated system. This diagram is used to emphasize the
actor interaction with the system through input and output of the data [13]. It is one of
the dynamic modeling which focuses on identifying the behavior within our system.
27
2.16 Activity Diagram
Activity Diagram is a type of workflow diagram that describe the various user involves
within certain activities in a sequential flow [13]. It is an effective technique to
document the use case scenario. The benefit of creating this type of diagram is that it is
more visual and can help both user and developer work together to fully document the
use case.
2.17 Object-Oriented Approach
Object oriented approach is an approach to system development that views an
information system as a collection of objects that work together to achieve the system
objectives. Objects are methods that interact each other or with the people using the
system [13]. The object modeling notation that is used is Unified Modeling Diagram, it
provides diagramming standards for models used in the object oriented approach. It is
also becoming a standard language for specifying, documenting and constructing the
process of the system. UML conveys information to provide a better understanding
through the graphics [16]. There are some significant differences between traditional
approach and object oriented approach. For comparison see figures 2.11.
Traditional Approach
System is a collection of processes
Processes interact with data entities
Processes accept inputs and produce
Object‐oriented Approach System
is a collection of interacting objects Objects
interact with people and each other Objects
send and respond to messages
Fig 2.11: Traditional versus object oriented approach
(Source: System analysis and Design in a changing world 3rd edition)
28
The object oriented approach has a complete set of diagrams in which the collaboration
of these could depict the user’s need and define the system basic requirements. The use
case and class diagram are the primary model for the entire diagrams. Figure below
show the interconnected between every diagram.
Use case
diagrams
Class diagrams
Use case
descriptions
Activity
diagrams
System sequence
diagram
Fig 2.12: Interrelation between diagrams in object-oriented
(Source: System analysis and Design in a changing world 3rd edition)
2.18 RAD (Rapid Application Development)
Rapid Application Development is the term to represent one type of software
development methodology which uses minimal planning for rapid prototyping or the use
of software framework in prototyping. RAD-based methodology attempt to cope and
eliminate both weaknesses in the structured design by adjusting system development life
cycle phases to bring a closer and rapid look into the hands of the user [17]. It
emphasizes more on user interaction which former development easily updated
iteratively during advanced phase (spiral model).
29
Advantages of using RAD:
+ Save developing time, since it use given framework/template developed earlier.
+ Early visibility because faster in prototyping the project.
+ Greater flexibility (buyer can redesign almost at will).
+ Shorter development cycle.
+ Standardized look and feel.
Disadvantage of using RAD:
− More money compare to building.
− Harder to gauge progress since there are no classic milestone.
− Prototype may not scale up, create bigger problem [18].