University of Malaya
Fakulti Sains Komputcr dan Tl!knologi
Maklurnat
Project Title: An E-Commerce System for Sales and Purchase
Order Management of Machinery Hardware
Student Name: Tan Lian Kee Matrix No: W EK 990017
Supervisor: Assoc. Prof. Dr.Lee Sai Peck Moderator: Miss Nazean Jomhari
WXES 3182:Project llmiah Tahap Akhir II (200 I /2002)
This thesis is submitted to ll'aculty of Computer Science and Information Technology University of Malaya in lla rtial fulfilment of the requirement for the Bachelor of
Com1luter Science Oe2ree
Univers
ity of
Mala
ya
WXES 3182 l'rojek Jlmiah Tahap Akhir II
Abstract
This report dOCllllH.:nts the cxpln11nttl)l\S nml dt'S\.' t"lpti{m:,\ or doing onlinc business,
which is ddined as E-Com111ercc s ~Hem. rcqui rcmt•nt~ nnd t\csi~ns of the project. Therefore,
this documentation is i11cl11di11g four chapters "hich also describing the introduction,
literature review, system nnnlysis, methodology nnd design of the system.
This report is int roducing the project scopes initially. It describes the actual meaning
of the onlinc sales and purcha cs order. the purposes of using the online technique to do
business. objccti, cs and outcomes of the project. The Literature Review summarized the
findings and reports the background of the project topic. System Analysis and Methodology
chapter gives a detail description to the analysis requirements; approach to be adapted and
other genernl statements. 111 the Chapter of System Design, Data Flow diograms nnd
flowcharts arc drawn to pre cnt the nows of the sy tern modules and the whole system.
Moreover, this report will show the System lmplemcntatio11 , system Testing nnd
System Evuluntion part . The System Implementation dcscrihcs the slllgc to cl11111ge the thing
from the scratch to the rcnlity. The nowchart design for each moduh.: and the tik structure
de ign for each table in the database as well as the interface design arc move from the de. 1gn
scratch to the real implementation stage hy using hardware development requirement nnd
software development tools.
The System Testing describes the process of executing a progrnm ' ith the intention
of finding bugs, errors or defects that present in the ystem . . ystem testing also can be
defined us the process of unalyzing n soflware item to detect the diITerencc between exi ting
and required conditions and to evaluate the fcmures of the soft ware ite1ns.
Also, the System E'<lluation can be de cribed as conclusion, which " ill sho\\ ' nriow
problems were encountered. These entire problems were solved through re curch nnd studies
E cry system also hus it own strengths. limitntions and future cnhnncemems "here can be
idcnt i lied
Univers
ity of
Mala
ya
WXHS 3 182 Projek llmiah Tahap Ak.hir II Falm/11 Smm Kc>mp111~·r c/,m frkno/0~1 t\laklllflml
Acknowledgement
The greatest plcasun.: or doing this project is ncknq\\ kdgiu~ the efforts of my project
supervisor, Assoc. Pror Dr. Lee Sni Peck. (Assoc. PrnC t f fncuh~· 0f Computer Science and
ln fomiation Technology) fo r guiding me on Ill) project, Dr, Lee had shared her valuable
opin ions and experiences nnd put them in my projccl.
My thanks also go to my project moderator, Cik Nazean Jornhari, (Lecturer of Faculty
of Computer Science and lnfonnation Technology) fo r his useful suggestion.
Besides, I would like to thank Mr. Tey Kok Keong, as the manager o f NII TRADING
SON f31 IO, one of the member of The NH Group for his va luable opinions and idcn of the
business 11ow o f the company. I le also share his very useful introduction or the compnny
products.
I also would like to give my special thanks to all of my co11rsc-11111tcs ' ho hncl hdp
me before in doing this project and those who hud solved my problems. The refi ll fi re
pleasure to give their hands in anyth ing, ' hich is related in my project. My grcntc t thnnks
fly to my family members for their encouragement, moti at ion and moral suppon nt home
II
Univers
ity of
Mala
ya
WXES 3182 Projek Ilmiah TahapAkhir II Fak11/11 Sam.~ Ko111p11ra d,m Teknolo~t .\111kl1111w1
Content
Abstract
Acknowlcd~cmcn1C
Content
Lise Of Figures
I .0 Introduction
I. I The E-Commerce System
1.1. 1 Definition
1.1.2 Purposes of Using The £-Commerce System
1.2 Problem Definition
1.3 Scope Defined
1.4 Projec t Objectives
1.5 The Expected Outcome
1.6 Projec t Schedule
2.0 Litcrnture t~cvicw
2.1 The Internet and the World Wide Web (WWW)
2.2 1 lypertext Transfer Protocol ( t tn 'P)
2.3 Tra11s111ission Control Protocol I Internet Protocol (TCP/IP)
2.4
2.5
E-Commercc Security
2.4 .1 Cryptography and Au1hcn1icu1 io11
2.4 .2 Public Key Encryption
2 .4 .3 Using Public Key for Authent ication
2.4 .4 SET Provides Cro. s A 111 hcnt icat ion
2.4 .5 I licrarchy of Tnast
2.4.6 The Future of E-Commerce Securi ty
Analysis of l111cmc1 Payment System (I PS)
2.5.1 Review of the Ex 1st i n~ Elcct1011 ic C"'a4'h System
2.f. .2 Credit Card Based Systems
2. 51J Elcctro11 ic ('heck Systems
111
II
Ill
Vlll
2
2
2
6
7
8
9
11
''-13
14
16
17
17
17
18
20
_)
_4
- ·l
-6
27
Univers
ity of
Mala
ya
WXES 3182 Projek Jim/ah TahapAkhir 11 Fakulfl Sm"' KomJ"'''"' d(ll1 li:k11olo!!1,\laklw11c1t
2.5 .4 Electronic Funds Trans for S stems (FF l'S
2 .5.5 Weaknesses olT urrcnt Paym1..·n1 ~h.·t lh'd
2 .5.6 Comparing Current Pn mc1ll lc..•tlwlls
28
28
29
2.6 The Considerations of Gntc\\ n . lntcrfo~l' nml (\mnl'ctivity in 13-Commerce
/\ppl ic111 ions
2.6. 1 lntcmet Server Applicntinn Prognun lntcrfacc (lSAPl)
2.6.2 Co111rnon Gate' ny lnterface(CG I) \ ' S Web Serve·r APls
3 1
31
32
3.0 System Annl;ysis nnd Methodology 34
34
35
37
3. 1
3.2
3.3
1.<I
1 nt roduct ion
Sys11em Development Life Cycle (SDLC)
The: Basic Requirements of System Development
3.3. I I lardware Architecture
3.3.2 Operating System
3.3.2. I Windows 98
37
37
38
3.3.2.2 Windows 2000 as System Devclop111cnt OS and Wch Ser. er
38
3.3.3 Web Application Programming
3.3.3. 1 Active Server Pagcs (/\SP)
3.3.3.2 Web Scripting Language
3.3.4 Data Access for Acti ve Scr er Pages
3.3.4. 1 /\ctiveX Control
3.3.4.2 Object Database: ActiveX Data Objects {ADO) nnd Datn
Access Object (DAO)
3.3 .5 Sofhvure Development Tools
3.3.5. 1 Microsoft Visual lnterDev 6.0
3.3.5.2 MicrosoO FrontPagc 2000
3.3.5.3 Seagate Crystal Repon
3.3.5.4 Microsofl SQL Server
1J.5.5 Other Related Soflware Tools
lJs(:r Rcq11irc111cnts Spcciric11tio11 a11d A1111lyl\1-.
l 4 .. I F1111et in1111 l Rcq11 in.:mcnt A 1111lysis
I .ii . I. I Orderi11g u11d Logistics
IV
40
40
·I I
4_
-12
·L
44
44
45
45
46
4R
48
4R
48
Univers
ity of
Mala
ya
WXES 3182 Projek l lmiah Tahap Akhir II N1k11J11 Sn111.1 l\cmrpwr •. :r dcm frknolvg1 M akll1mc11
3.4. 1.2 Contractual 48
3.4. 1.3 Payment Transactilm 49
3 .4 .2 No11-l'u11ct ional Requirem~nt so
4.0 System Ocsi~ 111 53
53
56
56
57
57
6 1
61
6 1
6 1
61
5.0
4.1 System Design Method
'1 . 2 System Module Dl!sign
4.2. 1 Registration Module
4.2.2 System Login 1odule
4.2.3 Purclrnse Order Module
4.2.4 Payment Module
4.2.5 Customer Update Module
4.2.6 Print Report Module
4.2.7 Print Receipt Module
4.2.8 Product Update Module
4.3 Database Design
4.3. 1 Database Table
4.4
4 .3.2 Database Relationships Diagram ofTahlcs
Usc:r Interface Design
System lm1,l c~mcntn tion
5.1 Introduction
5.2 Development Environment
5.2 .. 1 Registration Module
5.2.2 SoOware und Web Server sed
5.3 System Development
5.3 .1 Methodology
5.3 .2 Web Pages Coding
5.3.2.1 Server Side Scripting
5J.2.2 Client Side Scnpting
5 3 3 Weh-1111-;ed Develo1J111c111 Tools
5.3.4 D11111h11se ('01111 cc1 io11
v
68
68
7 1
7_
73
73
74
74
74
76
76
76
77
78
78
79
Univers
ity of
Mala
ya
WXES 3182 Projek Jlmiah TahapAkhir II J.'t1k11lr1 Sams Komputt'r dcm fi.'knolv~t A lt1kl//J11clf
6.0 System Testiing
6.1 Introduction
6.2 Testing Priciples
6.3 Unit Testing
6.4 lntegrnt ion Testing
6.5 Validation Testing
6.6 System Testing
6.7 Error I landl ing and Debugging
7.0 System Evaluation
7.1 Problems Encountered and Solutions
4. I. I Difficulty in Choosing a Suitable Development TechnolOf,')',
Programming Language and Tools
4.1.2 Lack of Knowledge in ASP and YBScript
4.1.3 Readabi lity Problem in ASP
7.2 The Strengths of The System
7.2.1 Attractive and Simple Graphic ser Interface
7.2.2 User Friendliness and Easy to Use Interface
7.2.3 Different User Privileges
7.2.4 lligh Response Time for Data Retrieval
7.2.5 Provide Database Access
7 .2.6 System Security
7.3 System Limitations
7.3.1 Payment Tran action Method Credit Card
7.1 .2 Lack of Expected Fire\ nil
7.4 Future E11ha11ceme11t
7.4. 1 Provide More Methods of Payment Tron action Method
7.4 .. 2 Develop a C'redit C'nrd Application Through the System
7.4 .3 En-or Detection Features
VI
80
80
81
82
84
85
86
87
88
88
88
89
89
t)()
90
<)()
<)()
<) I
<) 1
91
92
92
9_
93
93
93
Univers
ity of
Mala
ya
WXl·.'S 3182 l'ro1ek llm/C/h 1'alw1> Ak/11r II
References l).1
Appendi x A l>ahlbasc Tahll'' lklinition 96
Appr ndix B - l ist>!' Mmu 100
120
\ II
Univers
ity of
Mala
ya
WXHS 3182 />rojek lfmiah TahapAkhir 11 Fak11/11 S t llll\ Km11p111t•r d ,111 fr/..110/0~1 Alakl111nm
List of Figures
rigurc I . I E-Commercc /\pplicntion, stem 4
Figure 1.2 A Cycle of E-C'omm1.:rce ~- st em 5
F1gu1e I 1 Project Schedule 11
Figure 21 The Network of System 15
F1gu1c 2 2(u) Onl inc C'rcd 11 C'm cl T rnn. nct10n Process (Customer Pay To ~terchant) 19
Figure 2 2(b) Online Credit Card Trrmsnc11on Pm ce s (Customer Pay To Merchant) 20
Pigure 2.3 SET Transaction 20
Figure 2.4 Simple Model of S L 21
Figure 25 S11nplc M odel of ET 22
P1gure 26 Internet Payment ystem 25
Figure 3 I The Seven Phases of SDLC 35
f igure 32 11le Hardware Used 111 Developing The System 37
rigure 4.1 The Basic Symbols Used in Drawing The DFD 54
f'1gure 4.2 DFD of The System 55
Figure 43 Customer Registration 5~
F1g11re 44 System Login I)
Figure 4 5 Issue Purchnsc Order <~o
Figure 4 6(a) Customer flayment P1occ!>!> h2 Figure 4 6(b) Customer Payment Process <i 1
f' igure 47 Update Customer h·I
Figure 4.8 Customer Check Order Li st 6"
rigure 49 Management Adel Products ()(1
Figure 4 10 Management Update/Delete Products 67
f'1gure 4 11 Customer Information T able 68
figure 4 12 Virtual Otulk (C us10111cr Oan\..) Tnbll! (lQ
Figure 4 13 Payment Record Table {)I)
Figure 4 14 Products Dctmls T obie 70
F1gu1c 4 15 Vendor Bank Account Tnblc 70
F1gu1e 4 IC> Database Rclut1onsh1ps D1agrum 71 figure 5 I Sonwarc tools used for ~ystcm 75
f'1gu1c (> I Unit Test111g 8~
VIII
Univers
ity of
Mala
ya
WXES 3182 f ' r<?}ek llmiah Tahap Akhir fl Faku/11 Sam., Ko1111111ter de111 /'i.'k110/og1 A !C1kl1lma1
1.0 Introduction
Essentially, people arc using the web for buying and ~cll ing i~cm~ and services over
the Internet. It is quick, it is convenient , and nc\ er need to le!\\ e their desk. Even people who
preter to shop off-line arc researching products on the web. Thttsc days when people are
trying to fi nd the website they need, the fi rst place they look is on the web.
The web site can be UJscd for a large number of tasks such as:
• Making public announcements
• Providing support to customers
• Receiving feedback from visitors
• Sharing or distributing fi les and images
• Sell ing products
Five years ag•J, people were having a Web site was a vanity. Two ycnrs ago ha ing a
Web site was trendy. Today having a Web site is a necessi ty, and or cause the world Internet
commerce market is t!!xpccted to grow to a very big fi gure.
Therefore, the idea of building a secure E-commerce System for Sales and Purchn. c
Order Management of Machinery I lardware is used. The connecll1on between the Web
browser and the Web server wi ll in a secure manner by using the Seciure Socket Layer (SSL)
channel, because the data is encrypted using digital cert ificates that both sides ha e. Univers
ity of
Mala
ya
WXES 3 I 82 Projek Jlmiah Ta hap Akhir II /·ak11/11 Sa111., Ko111p111er clan frk11<Jlo~1 t\ loAl11111e1I
1.1 The E-Commerce System
1.1.1 Definition
E-Commcrcc is a concept covering business t rnn~nct ions within a global information
economy. It encompasses dcctronic trading of goo<ls and services, online de livery of digital
content, electronic fund transfer, electronic share trading, electronic bill of lading,
commercial auctions, online sourcing and procurement, collaborative design and engineering,
direct consumer marketing and onlinc services.
E-Commcrcc invol es the application of information and communications technology
that automates and redesigns business transactions and workflow on the secure, real-time
Internet backbone. The ultimate outcome is to bring down the cost of doing business globally
and efficient utilization of resources.
E-commcrcl.! merchants can range from the small business wiuh a few items for snks
all the way to a large online retai ler such as !1111u:1m.co111 where the books arc sold 1H.:mss the
websi te. Nowadays, the number or the companies which arc doing their business mer th!.!
Internet arc increasing very fast and they arc di idcd into exist sold compa1ucs and
companies which arc using the lntl.!rnct lo compliment their existing businesses 111.
1. 1.2 Purposes of Using The E-commerce System
E-Commcrce can offer thl.! companies both short-term rmd long-tl.!nn benefit s.
Therefore, there arc some reasons that make them take part in thi :~ s stem or trend. The
reasons arc 111:
, Open new and widl.! markets, enabling companies to reach new customers.
,, Easier and faster for companies to do businesses with their ex1:sting customer ba~c
,. Moving husmcss practices, such as ordcn ng, 111 01cing, and customl.!r !-uppon. to
nctwork-hnsl.!d s 1stem can also reduce the papen ork in ol cd in husincs~-to-bu. 111css
or husi ness-to-customcr t runsuct ions.
, When mmc of' ou1 information 1s digital , they can better focus on m.:cung their
customers' m:cds
2
Univers
ity of
Mala
ya
WXJ::S 3182 Projek llmiah Tahap Akhir 11 Faku/u Sam.' Komput.•r dau frk11ulog1 A le1k/11mal
, Tracking customer satisfaction, requesting mor~ cu~tomcr li:1~dbm:k. and presenting
custom solutions for their client arc j ust :mm' qf tht' l'PPl'rtunitics.
, J\n cheaper easier and faster" ay to advcnist' and mnrk.t't products o er the Internet.
So, the companies can reduce o crhcnd cost. it is simply hecau~e it is not spending as
much money 0 11 buildings and customer scrvi c~ as compared to a typical traditional
business.
, The number o f the Internet u. crs is increasing and most of the information on the
Internet is ncc:dcd for their daily use.
, Many of the e:x isting secure E-commerce website are created to gain more confidence
of making salt.!S and purchase order on the Internet.
Regarding to the reasons above, we can know that many of the: companies are already
making their steps to do businesses over the Internet. Senheng [31, which is selling their
electrical items not only direct to customer, but also through the Internet in Malaysia.
Customers can purchase items on the Internet and get the items in shorrt because the company
have many branches :around the country.
3
Univers
ity of
Mala
ya
WXES 3182 Projek llmiah TahapAkhir 11 Fak11/r1 Smm Kompurer elem li!k110/0~1 A lcik/11111at
The diagram below shows the general operation of nn l ·-cc mm~rcc system which
many of the company who involves in the applkntil)n around tlw \\l)rld.
-Requisi t ionc ·r
-Approving Manager
Catalog
-Part Number -Pric1c -Description .... ...
-Policies .... -Lim tits
...
-Approval Chain
E-commcr Ct!
Transaction Server ~-
-,,.
-,,.
! Enterprise
Application
Purchase Order
Catalog Update
(
Merchants
Figure I I E-Commcrcc Application Sy!-tcm
4
Fi rewall
-Authentication -Access Control -Audit Security -Policy
lntcrnd
Merchant.
Univers
ity of
Mala
ya
WXfS 3 182 Projek llmiah Tahap Akhir II Faku/11 Saim Ko111p11ra clan fr k11olog1 \ lt1kli1111ai
The operating of the E-commerce application abo\ ~ will ~)rndrn:~ lili: cyck for every
process is done. The l1ifc cycle is shown bdow:
I Follow-on Sales I - I
1
L I Access I
-.. --
1 .. •• 1 •
I Customers Online ~>nline Orders I ' ~ '. .~
,, Standard Order
~r
Distribution -...
Electronic Customer
Figure I 2 A Cycle Of E-commerce ystcm
5
Univers
ity of
Mala
ya
WXES 3 IR2 />rojek /lmiah Tahap Akhir 11 Faku/11 ,\'"'"' l\011111111r,•r elem li..'k110/og1 A laklumal
1.2 Problem Definition
This project wi ll try to limit the sccurity prnbk m '' hik t'nch t. msaction of payment is
running through the websi te of merchant
When conducting the transaction o t!r the lntemet, users will beware of the security
that an E-commerce system has. This is because: the users or clients who are tak ing part in
the system wi ll consid<.:r their way to make their money transaction over the Internet.
Therefore, many options abound when it comes to payment. These are depends on the clients,
whether their will use:! credit cards, debit cards, purchase order or customer accounts. But for
the most part, e-commerce transactions are credit card-based.
Normally, the clients do not charge the cards until the products are shipped or
delivered to them. Actually, most credit card transactions work over the Internet a.
mentioned below:
I. Authentication. It's a good idea to make sure th<.: cards which the merchant
arc acccplling have valid numbers, have actually been issu1.:d, and arc not
reported s.tolen.
2. Authorization. This process checks whctha funds arc avnilabk for
purchases.
3. Scttlcmernt. Once the merchant have shipped the produ·cts or dl.!liv1.:rcd
them to the clients, thl!n the merchant let the banks knm .. The bank "ill
release the funds that wcrl.! previously reserved, and the money will ma~c
its way through numerous banks and intermediarie~ into the mcrchnnt · ~
account.
To ensure the security is always been protected, Secure Siockct Lnya ( L) and
Sl!cure Electronic Transaction (SET) arc introduced h Nctscnpc to lead proto oL for
securing the 011li111.: purchns<.: proc1.:ss 121. SSL and SET are th1.: cnc:ryption t1.:chnology that
scrambles a m1.:s:mgc.: :m th111 only the recipient con unscrambk 11 'l hi ~ is good for onlinc
merchants b1.:c11use it reduces online trunsuction risk and rncrcascs customer confidence.
P1.:oplc nre much more wi lling to supply their cn.:dit card information when the · arc urc that
no one c1111 sec 11 but the 111lcnd<.:d mcrchunt.
6
Univers
ity of
Mala
ya
WXES 3182 l'r<?jek llmiah 'l 'ahap Akhir II Fakulti Swm Km111111,ft!r elem frk11olo}!t /\ lt1k/11111al
1.3 Scope Dt~fined
Some analysis of the existing EC websites ~hlm that. most probk:m::; are large and
sometimes tricky to handle, cspcciall if they represent .'.'omcthing m!\ that has never been
solved hcforc. l3 reak1ing the problem into pieces that we can understand and try to deal with
solves this prohlem.
This project will base on an E-commerce (EC) system for clients or any users who
looking for a machinery hardware company' s web site to purchase onil ine and allow them to
purchase the machimery hardware which sold by the company by using a secure connection
between clients and secure web server th rough the Internet.
The application will promote and sell the company products by publishing Web pages
that arc static and creating the dynamic products order form s and other nccc,. nry form, or
cards to be filled up by those potential clients. It able to process the request from the
customers (the client: of the system).
7
Univers
ity of
Mala
ya
WXl~S 3182 Prcljek llmiah Tahap Akhir 11 Fa~11//1 Sw"' l\0111p11lt'r clan fr/..1w/0~1 i\ luAlilmttl
1.4 Project O•bjectives
f3esi<lcs buildiing an interactive web-based npplit·atinn and do a sur cy of the existi ng
l<!chnolugics, this syst•em is also hnve the main ohjccti\'c to serve as a platform for testing the
use or I IT l'PS protocol as a secured protocol replacing th~ con cntional HTTP protocol. The
system will ensure up-to-date tatistical information on purchases and suppliers such as
reports of purchases history, list of suppliers and outstanding purchase orders.
When customer and merchant use the platform, the business is considered to be
begun. The creation of the sy tcm is to provide a user friendly and interactive interface for
the purchase system -· graphical user interface (GU I), self-explanatory,, easy-to-use menu and
also re<lucc<l paperwork and paper loa<l so that it is easy to audit as •everything is in digital
formal.
Univers
ity of
Mala
ya
WXl~S 3182 l'ndek llmiuh Tahaµ Akhir 11 Fakulti Smw l\01111wta dan frJ.110/o~i A 1ttJ. /11111af
1.5 The Expected Outcome
This system will be a11 applicatio11 that runs in thl! s~cure web ~~rva ( in Microsoft
Windows 2000 platform) that allm s Web surfers to yi~w ti e cont~nts (the machinery
hardware catalogue) or the Spl!cilicd compan) '. Wt:b pages and purchase online. The
information that is required when the tran action L conducted will be stored in a well
designcd database that can be concerned and manipulated easily and efficiently.
This is also including the payment transaction, which either use credit card or money
order. Therefore, the tran action should be made in a secured Internet Payment System.
"
Univers
ity of
Mala
ya
WXfS 3182 Projek llmiah Ta hap A kliir II Fak11/11 Sm"' l\om1w t.•r de111 frJ..ttolo~t 1\ luJ..lumctl
1.6 Projec1t Schedule
To complete the whole project, it is divided into t<.wr phases:
1.6.1 Project ()vervicw
Present the introduction and o crvic\\ of thc . co111:s. \\hich related to the project.
1.6.2 System ~~nalysis and Design
This ind udes the system study, analys is of current E-Commerce systems,
understanding the concept of system, define the scope and domain, determine as
well as karning of the soltware tools to be used. This project will also do tht!
system architecture design, web page design, database design, user interface
design, dlesign or the integration of the software development tools in the
applicatic•n.
1.6.3 Coding
This proj1cct wi ll created by using the Active Server Pages because it ' s coding i.
supportcdl by (ASP) application, Microsoft SQL Server, u. t!r interface and ~non
1.6.4 Deploym1cnt and System Evaluation
Tc ting arnd debugging: the documentation of the " hole project "ill conduct from
the beginning until the end of the project. (See 1/w .,c/wd11il' tnhll! e1t /· 1~11re 1.3)
10
Univers
ity of
Mala
ya
.,, i: c a w -g
a a· en 0 ':T'
&. c: 0
IO Tat Name 1 First Sen .star
2
3 System Analysis
• Scope and 0omari Defir*lg
5 System spedficatiol is study
6 Software tools iistalation I
f 7 Software tools leaning
8 System des9l 9 Ooa.mentation
h 10
11 Second Semestet
12
13 lmp6emenbltion
14 Tes&lg
15 Debugging
16 Docunentation
Project: Proj~ I Date: Fri 1125'02
•
Juie Jliy _ ~ _ Septembef Octobef November December _ January 12 61• /1 /1 /2 712 719 11 /2 13 816 /1 /2 /2 913 /1 /1 /2 OJ OJ OJ1 Ol2 012 11 111 1/1 112 21 211 211 212 213 117 /1 /2 /2
• 7/1t
CJ I_ ·_ I
I I I J I ~, I
I I !
• 9/10
'-- -- J
·----------- -- ----------~
Task I I Miestone • Extemal Tasks
Spit • • • f •• f • • • f ••••
&mmary • • External MHestone
Pr(9ess Projed Summary Deadline
~ "" .._ ~ ~ ~
11>' ~
:::::
l ~ .g ::i:...
f :::::
~ ~ :::.-~ ~·
~ ~ ~
~ ~
~ O' ~. ;:: :l ~ $ 5 ...
Univers
ity of
Mala
ya
WXF.S 3 IR2 Pmjek llmiah Tahap Akhir 11 /·(1k11/1i Sa111' Ko111p111lt.'r dwt frlmologi 1\ lakltmlal
2.0 Literature Review
2.1 The Internet and the World Wide \Vet] (WWW)
A technical defi nition of the World Wide Web is: all the resources and users on the
Internet that arc using the I lypcrtcxt Transfer Protocol (l lTTP). A broader definition comes
from the organization that Web inventor Tim Berners-Lee helped Found, the World Wide
Web Consortium (W3C):
"The World Wide Web is the universe of network-accessible infom1ation, an
embodiment •Df human knowledge."
The Web was formed in 1989 at the European Particle Physics lab as a \ ay for
scientists around the world to share information via the Internet. The Web consists of server!'
that present documents to an end user for viewing. These documents, or pages, cnn contain
links to other servers anywhere in the world. The faster growing segment of the Internet
today, the Web has grown from less than 50 Web sites in 1990 to over 13,000 in 1995 .Due to
the huge media explosion of the Web, most new computers arc equipped with a Web brow. er
preinstalled. The introduction of the Web has enabled an easy marriage between corporate
information and an e:asy-to-usc, common graphical user interface.
12
.. Univ
ersity
of M
alaya
WXES 3 182 Prr?jek llmiarh Tahap Akliir II J."aku/11 Sa111.' Ko111111.r1er elem frk11olug1 i\ lukl11111al
2.2 Hypertext Transfer Protocol (HTTP)
I ITTI' 1s a protocol with the lightness nnd spct'd nl.!Cl.!ssnry fi.)r a di tributed
collaborative hypermedia info rmation system. It i$ a generic s~ntcless object-oriented
protocol, which may be used for man imilar tasl..s such o. name .ervcrs, and distributed
object-oriented systems, by extending the command , or "methods'', used, A feature if HTTP
is the negotiation or data representation, allowing sy tems to be built independently of the
development of new advanced representations.
When many sources of networked information are avai lable to a reader, and when a
discipline of rcfcrcince between different sources exists, it is possible to rapidly fo llow
references between units of information, which are provided at different remote locations. As
response times shoulld ideally be of the order of IOOms in, for examplce, a hypertext jump, this
requires a fast, stateless, information retrieval protocol.
On the Internet, the communication takes place over a TCP/I I' connection. This does
not precl ude this protocol being implemented over any other protocol on the Internet or other
networks. In these cases, the mapping of the I !TIP request and response structures onto thc
transport data units of the protocol in question is outside the scope of th is specification. 1t
should not however be at all complicated.
13
.. Univers
ity of
Mala
ya
WXES 3182 J>rojek llmiah Tahap Akhir 11
2.3 Transmission Control Protocol I Internet Protocol
(TCP/IP)
TCP and IP were developed b n Department or Dd i:ncc (DOD) research project to
connect a number different networks de. igncd by di fforcnt \'endors into a network of
networks (the Internet). It was init ia lly succes. fut because it delivered a few basic services
that everyone needs (file transfer, electronic mail , remote logon) across a very large number
of client and server systems. Several computers in a small department can use TCP/lP (along
with other protocols) on a single LAN (4].
The IP component provides routing from the department to the enterprise network,
then to regional networks, and finally to the global Internet. On the battlefield a
communications network wi ll sustain damage, so the DOD designed TCP/IP to be robust and
automatica lly recover from any node or phone line failure. This design allows the
construction of very large networks with less central management. l lowevcr, becnusc of the
automatic recovery, network problems can go undiagnosed and uncorrected for long pcrilKis
of time.
/\s with all other communications protocol, TCP/IP is composed of layers:
• IP - Responsible for moving packet of data fro1n node to node. IP forward!- each
packet based on a four-byte destination address (the IP number). The Internet
authorities assign ranges of numbers to different organization .. The organi1at1 ons
assign groups of their numbers to departments. IP operates on gateway machine. that
move data from department to organization to region and then around the \\orld.
• TCP - Responsible for verifying the com.!Ct delivery or data from client to sen er.
Data can be lost in the intennediatc network. TCP adds support to detect errors or lo t
data and to trigger retransmission until the data is correctly and complctcl ' n.!cei,ed
• Sockets - A name given to the puckagl! or :-,ubmuttnc:-, that prm ide UC c~~ to TCP IP
on most systems.
14
.. Univ
ersity
of M
alaya
WXl~S 3182 Projek llmiah Tahap Akhir II Fakulti Sa im Ko1111wt<'r elem li!k110/ogi A!aklumal
Legacy Data
~ Corporate l nlranel
Network
Data Firl.!wnll
Extra net TCP/IP Protocols
The Internet
Shared Database
Legacy Data
"" Oat a Firewall
Nctwrnl..
l'CP/ IP Protocols
l):llubusc
Business Partner Intranet
Figure 2 I The Network of System
15
Univers
ity of
Mala
ya
WXES 3182 f>r<ljek //miah Tahap Akhir II
2.4 E-Commerce Security - Cryptogrnphy "'itlt SET nod
SSL
T he emergence of Internet as a vehicle underlying the information rc\'olution which
provides the universal connectivity, has bought E-Commcrce to the brink of widespread
deployment. I lowcvcr, as lntcrnd connections arc pa . cd through man gates and servers,
the opportunity is there for the information to be intercepted by other parties unless measures
are taken to c lose these open channds.
With this in mind, many people are awaked of security issues such as fraudulent
transactions and malicious hackers before they jumping into E-Commerce bandwagon. This
is also one reason why some merchants are unwi lling to conduct their business in cyber
World, thereby, limited E-commerce to grow. I lcnce, there is a driving need to create a safe
and trusted purchasing environment to overcome these security barriers, cnubling lull
JlOtential of Internet e-commerce.
One emerging answer is Secure Electronic Transaction (S l ~T). The S l ~T is u
lllessaging protocol developed by Visa, Master Card, American Express and Japan's .ICB
credit card w ith the help from several leading technology companies 111clud111g I BM and
Microsoft . SET is specifically designed to provide a mechanism for secure dcctronic
Payment by credit card over an otherwise very insecure public Internet.
Another alternative approach, SSL (Secure Soc~et s Layer) is a general-purpo. c
Program layer created by Net. cape for managing the . ecuri ty of message transmission in a
network, which operates ubo e the lntcmet TCP protocol. It 1s the most common! used
Protocol that secures data sent between SSL-enabled Web browsers and Web servers. An
lJRL commencing with "https://'' indicntcs use of I ITTP protected by SSL 151.
SET has been exercised in more thun 11 hundred-trull deployment 111tcrnutionull •
however, the adoption und deplo ment of SET solutions ha e been slower thnn C\J)C tcd,
Pilrticutnrly m US. While the 1- enr-ol<l SHT 1s currently bc111g tested und developed. E
colllmcrcc is nm grm mg hnsed un cnrl y-11dopl1onc1s' 11!-.c of credit card over S. L I' 'Urthcrmore. SSL is al rcudy 11 stnndnnl pnrt of most of the browsers including Netscape nnd Inter
net Fxplorcr, SFT 1s still not ct in with.: distribution at the moment Be!-. 1de~. the
16
Univers
ity of
Mala
ya
WXJ~S 3 I 82 Projek ! /m;ah Ta hap A kh;r II
combination of SSL and fraud detect ion soltwarc has pro idcd atkquntc pn.' lt'Ction for
customers and merchant at a lower cost.
2.4.1 Cryptography and Authentication
This session briefly explains ho' the protocol u t: R A key Cryptography to secure
the information over open network. Both protocol u e public key cryptography for
authentication purposes.
2.4.2 Public key encryption
According to Netscape's definition, public key encryption is a technique that uses a
Pair of asymmetric key for encryption and decryption, where each pair or key consists of a
Public and a pri ate key. Data that is encrypted ' ith the public key can he <kcrypted wi th the
private key. Converse! , data encrypted with the private key can be decrypted only with the
Public key.
2·4.3 Using public key for authentication
SSL requires merchant to obtain a digital certificate from a neutral, trusted certifying
authority (C' A) 16 J such as VeriSign Inc. for merchant authenticat ion purpo. e. The certificate
typically eontuins the information or public J..cy, owner's s name, expiration date of the public
key, name or the issuer (the C/\ that issued the Digital ID), Serial number of the Digital ID
and 01· .t I . . . . ·1 · 1· . . d . h C/\' . I g1 a signature ol the 1s ·ucr. 1 1c ccrtt 1catc 1s s1g11c usrng t c s pri va te ... cy and the
PUblic ·1i k . Wt now the public kc ..
SSI, protm:ol stu1 ts "11h 11 h1111dsh11J..c ph11"e This hu11dshuke result !> in the client und server
ug11.:ei11g 011 the le' cl or ~ccu11t the wi ll use and fu lfi l' any a11thcnt1cn t1on rcqu. 1rcinc11t" l\>1 lhe co11ncct1u11
17
Univers
ity of
Mala
ya
WXJ~S 3182 Projek l/miah Tahap Akhir 11 Fak11/ti Sain., l\01111mh•r " '"' l~·J.110/og1 ,\ laJ.lu111t11
f- irst, the merchant server will present to the customer's l nm scr its <..'Crt i ticatc, for
browser to validate if it has been signed by n trusted l A. If n CA has signed on the
certificate, <.:ardholdcr is convim.:ed that the nh.:rch1111t is snfo to shllp,
Once knowing the merchant is lcgitimnte, the , , l . oftware m the browser w111
generate a random message encrypted wi th the mcrchnnt'. public key and send over to the
server. In this case, only the right ser er can decrypt the me age thus the identity can be
Proved. Therefore, even though the conversation is being observed, it remains inaccessible to
third parties, as they have no access to the encryption key.
Undoubtedly, SS L can protect the confidentiality of the exchanged data. The
downside is, cardholder run the ri sk that a merchant may expose their credit card numbers on
its server, and merchants run the risk that a consumer's credit card number is fraudulent or
that the credit card won't be appro ed. I lowever, the emergence of SET solved the problems.
2.4.4 SET provides cross-authentication
Like SS L, SET allows for merchant's identity to be authenticated 1a digital
Certificates. I lowevcr, SET certificates actually go beyond th is where it is ncces ar for the
customer to prove his identity to the merchant ns a alid cardholder. In fuel, all in ol ing
Parties -- cardholdcr, merchant , bani.. and an one else arc required to obtain digitnl
ccnilicatc , \ hich rooted in a SET common key. Each cert ificate i signed with pri utc key
of Parent , assuring that each part that all others nrc uuthon1.cd to play role required of thcm
18
Univers
ity of
Mala
ya
WXT~'S 3 182 Projek llmiah Tahap Akhir II
Monthly Purchase Statcmcn
Customer's Oank
Fak11/ti Sain,· Km11p11h1r c/<111 l~·A110/o,i:1 1\ laA/11mat
8 P111 chase I nfi.)flll!lt inn Merchant
7. OK
2 Pas Encryption Software
Third Party Processor (CyberCash) or Verifone
.. J Check for Credit Card
Authenticity and suflicicnt limds
'r
Credi t Cn1 d P1 ~h:CS'\01
6 OK
Figure 2 2(a) Online C1cdit ('aid Tra11-;actio11 P1occs'> (Cu!ltomcr Pay IO Merchant)
I 0
Univers
ity of
Mala
ya
WX1~·s 31 ~2 Projek l/miah Tahap Akhir II
Customer I 10 1'111 d111"c l111b1111ation
A RcHi tercd Pl ' yi-----t
Monthly Purchase Statement
Customer's Oank
t
4 OK
1:-mail Confirmation
Detailed Purchase Info
7 /\111ho1 i1c
Fak11/ti Sai11s Ko11111111<•r dcm l~·~1to/0~1 ,\ /ak/11111at
6 Verify
Merchant
2 Check for PIN Authenticity and suOicicnt funds
r 9. OK
Third Party Processor (f-irsl Virtunl)
5 Check for Credit Cnrd Au1he1111ci1y and
.,ut1icic111 fi111ds M OK
Credi I C111 cl Pmccs.;or
Figure 2 2(b) Online ('1 edit Card Trnn~ac1ion Process (Merchant Receive Payment from C11!-tomc1)
2.4.S Hierarchy of Trust
Since both cardhokkr and nH.:rdrnnt un..: unlii..cl to use the same bank, they wi ll need
a trusted party that can vouch for both bani..s. which is the card issuer This has nll<)\'~d a
hicrarch I or trust exists i n SET trnnsucttOll environment \ here is shm II helm
('1 edit ('111 d
Acq1111111J_( Bnnl. (Merchant ., Dnnl.)
i <'111 dh11ldc1 P< ' (C'lll'll l ) Mcrclrnn1 ' ' ~c" er
h~111c '.? ' SI· I 1'11111,11c1io11 (I ht' l'l1tlf'f /, l<1k1·11 /w111 /JJ/\I\ \/t1•)
20
Univers
ity of
Mala
ya
WXES 3182 l'n~jek Jlmiah Tahap Akhir 11 Faklllti Sai11s Ko111p11l<'f' d,111 frkua/o~t ,\ laklt1111llf
With SET, cardholders need to install e-\ alkt on their nrnrhincs. This is stored and
encrypted under a pass phrase that cardholder selects ns ls his ht'r pri' l\tc key, credit card
numbers and other infortllation. 1 ·:-wnlk t is bnsicnll nn onlinl' ' l'rgitH\ or physieal wallets
that used by cardholder's Web browser to make SET purchases by interacting with the
merchant storefront and POS appl ication. On the other hand, merchants need to install a POS
(Point-Of-Sale) soft ware to support their Web server nnd electronic storefront applications.
When a cardholdcr wants to make a purcha e, merchant server wi ll send an order to
customer browser to open the c-wallet. The c-wallct then asks the cardholder for the pass
Phrase and exchanges a handshake message wi th the server. This is to veri fy if the merchant
ts authorized to process the card payment while at the same time confi rm to the merchant that
the customer is the legit imate cardholder for a particular account number.
Next, cardholdcr sends to merchant a completed order along with payment
instructions. The order information and payments instructions arc encrypted scpurutcly. The
order information is encrypted using cardholder's private key, will be visible to the merchant.
On the other hand, the payment instruction that encrypted wi th payment gateway's public kc
is protected \ here pa mcnt gateway itself alone, can access this payment information. This
means that the merchant has no access to the credit card detai ls and thus a source or fraud is
eliminated.
The POS software wi ll sends an authorization-request message along with the
Payment instruction to the payment gateway. Pa mcnt gntewuy is an Internet server run on
the merchant's bank to pro idc acce. s to the legacy-banking network. Payment gate\ n , \\ill
check the authent icity and alidi ty of cardholdcr and merchant certificates to mal-.e ~ure their
issuers have not revoked certificates. Then, if the cardholdcr has enough credits in the bank,
the Payment gateway wi ll send an authorin1tion-rcsponsc message to the merchant and at the
sanie time u purchase-response will be send to the corresponding c-wallct. As we cun sec, for
authent ication, SSL onl , truvcrse on le cl up. as 111 churt hdo\ ·
T r u'llcd ('A
Merchant
h~11 1 l' 2 ·I Si111pl~ M11dd ut' SSI.
21
Univers
ity of
Mala
ya
WXES 311?2 Prrljek llmiah Tahap Akhir 11 //ak11/ti Sai11.,· Komptlfc!I' d,m /~·~111 1/og.1 \ lak/11mctt
Whereas, SET traverse many levels up to prm i<k cmss-nuthl'nticnt ion, where
certificates arc issued hicrarchicnlly start ing with SET mnt l' l' rtiti~nh..' known to all SET
software:
Set Root A
13rnnd CA (card is uer)
Cardholdcr CA --Gco1X> litical CA --Payment Gateway CA
Merchant CA
Figure 2 5 Simple Model of SET
Broadly speaking, SET ensures the identit ies of all parties involved and therefore
Provides a trusted purchasing en ironment. I lowcver, as more parties need to be trusted, this
may reduces the security, as a breach of any four parties in the above example will breal..
down the system security.
Even though hoth protocols allow for digital certifi cates, but for SSL, these
certificates arc optional and can't bcgin to match the robustness of the SET credent ialing
system. For example, SSL doesn't have internationall recognized hierarchy of trust as SET
Provides. Anothcr downside for SSL is that merchants must independently deal ' ith thei r
banks, as there is no interface that connects merchant's bank wi th cardholder's bank In
addition, as SSL cert ificntes arc not tied to a specific credit card account number, the. are
Only serve to ic.kntily the machines of all parties in olvcd, but couldn't pro ides further
facilities to complete the sale.
For both SET und SSL. dutu integrit 1s guaruntccd through encryption If 1nfom1nt1on 18
received thnt wi ll not deer •pt pmpctl then the n.:c1p1e11t !.. now~ that the 111 formnt1on ha~ been tump1.:1cd ' 1th duri ng t11111sn11ss1u11 Due to Dcpu1t111c11t of' State rcst nct1 on~. SSL can
Use Only n.:lntivc shullmv encr ption, which only 11 1lows 40-hi t internationally, 128-htt m the
Us. I lowc er. SI :'I' is cx~·tnpl l'ro 111 the lJ S ( ·, yptog111phy ex port rcstrict1011~ and can therefore
22
Univers
ity of
Mala
ya
WX£S 3 I 82 Prr~jek l/miah 'l'ahap A khir II Fak11/1i Sai11.,· l\m 1111tlft' f' c/,,,, frA110/1>,\!t ,\ lak/11111a1
use 128-bit encryption for credit card information \\Oriel\\ idc, l'hcn.·fo~. undt,ubtcdly SET
can provides a stronger encryption for the card information
2.4.6 The Future o f E-commerce Security
J\n importan t development need to kno' is, SET can be used wi th together with SSL.
For example, merchants can use SS L communicating with customers, while using SET on the
back end. This sidesteps the need to deploy wallet software to consumers, but captures some
of the benefits today. Some SET tool kit and software vendors are moving to support both
systems in their products.
23
Univers
ity of
Mala
ya
WXES 3/l/2 Projek llmiah TahapAkhir II Fak11/ti Saim· Ko11111111t•r c/,111 frJ.110/og1 \ laJ./11111a1
2.5 Analysis Of Internet Payment Syst "111 (JPS)
2.5. 1 Review of the Existing Electronic Cash Systen1s
Ecash of DigiCash fhttp://ww' .digica h.com I i the electronic equivalent of real
paper cash - a secure payment s stem for the Internet. Ecash is implemented using public-key
cryptography, digi tal signatures, and blind signatures. This system is focused on the
anonymity of electronic cash. This system has disadvantage of centralized management of
issuing and check ing double spending of coins by one server, First Digital Bank. In this
architecture, DigiCash must keep cry large database of users and used coins.
This database will grow over time, increasing the cost to detect double spending.
Even if the life of a coin is bounded, there is no upper bound on the amount or stornge
required since the storage requirement depends on the rate at ' hich coins arc used, rntha
than on the number of coins in circulat ion.
24
Univers
ity of
Mala
ya
• • •
• •
•
WXES 3182 l'r<?jek /lmiah 'l'ahap A khir II
g Cu«omcr
Browser Credit card info Checking Accou Info
Digital ca~h Receipt Management Security
Monthly statement , other ~mrnunic111 ions her ween ank and customers
Mcrchanr Or ('0111111c1cc Sci vcr
• Transnc11011 Managcmcnr
• Sec111i1y • Cha rge back/Return
Management • Capture I ettlemcnt
Other IJusiness
Pnu.·csscs
• Inventory • Accounring
• h 1lfihncn1
• Marketing
• ...
•
•
• •
Fakulti Sm/I.\ Km111m1t•r d,111 /t'A110/0~1 i\luklumut
11llt' \\ ll \ ._ ...
Prorocol Com rr~on O\'e r
L or priYate network Stand-in authorization/man agemcnt Security Financial I lost fnterface
Acquiring Onnk
Authorization I Settlement
l Banking Network
Authorization I , ctt lemcnt
l·igu1 c 2 6 lntc1nct Pa mcnt S !.! Cm
So, NctCash lhttp.//nii-scrvcr ISi cdu/ infofNctCashl, or USC, proposed multiple
currency server architecture It provides scalability and acceptability wtth \\ ea~cr anon) mit ~ and only a l imited fonn or olllim: operation. And NctCush use Kerb Ero~ for encryption nnd
Proxy, n to~cn thnt allm s nne to opemtc with the nghts and privileges of the pnnc1pnl thnt
granted thc pro~ , for 1111thor1111tuu1 Possible dis11dvu11t11ges or the s stern arc thnt 11 uses
ninny session k • s und 111 p1t1 t1cul11r public key session kl.:ys. To gcnerntc n public ~~y of SlJj
IOhlc length to he scc 111 c takes 11 cry large urnount of time compared with thnt invoh cd in gcncr t · ·
II 111~ 11 s 1m111ct1 ll ' sc~~.;i nn ~c , This could cornprom1sc the performance of the !\) !\tcm a~ U Whole
Univers
ity of
Mala
ya
WXES 3182 f>r<?jek l/miah Ta/1ap Akhir II //aim/ti Sai11s A.'1111111111,•r dcm fr~110/og1 1\ lak11111mt
There arc r roposcd electronic cash s stems or prntor ols l ik.I.' Pnytvk protocol and
Mill icent protocol. Pay M c protocol is dcvi. ed wi th r omhining t\H' flh{'' t' systems' features. A
major goal was 10 preserve as much of lhc unon mil) prm idcd b~ Fcnsh while adopting
many of the features or Net Cash that allm it to cak 10 huge nu mt a . p f users w ith multiple
banks. And PayMl! protocol borrO\ s idea of other related systems such as Netbill.
Nct13i ll lhttp://www.ini.cmu.edu/NETBILL] is the Internet bi l ling system for
Purchasing info rmation, serv ices, and tangible goods on the Internet. T he goals of this system
are very low network transact ion co. t, fu lly secure authent ication and communication, and
atomic information transfer. And NetB ill system aims to handle hundreds of thousands o f
customer accounts, tens o f thousand o f merchants and i nformation providers, and dozens of
independent bi lling servers.
2.S.2 Credit Ca rd Based Systems
A simple model l°lH d cctronic commerce is to use a credit card 10 pay f'or lhc
Purchase. First V irtual (FV) I loldings [http://w, w.f .com I is a payml!nt system to u~e n
credi t card to pay for the rurchasc. f'V 's main characteristic is that FY uses only WWW and
e-mai l - no needs o f any special software. And thl!rc is no security plan. A ll probh!ms of
tn isbcl icvery, mispayrncnt, and fraud o f unauthorized user arc solved by t ransact ion
Processes of FV 's transforring messages bctvv'ccn customer and merchant via e-mail. The
transaction processed along the FV's defini tion of electronic commerce transaction nows -
The Green Commerce Model.
FY sol cs the problem that s111all amount purchasing wi th credi t card i difficult
because o f high transaction cost or crl!dit card. FV's Green Commerce Server accumulates the
small amount pa mcnts or customers und transacts those hatch. So, FV can dccrea e the
transaction cost fo1 smnll nnH)unt purchmang. CybcrCash I http //\ ' " cybcrca. h com l Payit1c11t s stem plnn'i to pro ides 111 1111 i pie 111et111s for users and merchants to mo c monc) on
the lntcrnl.!t Thl! (' hc1(.'11sh s 1st ·111 1s 11 sl!pnrnlc sysh.:m, which cun be u~cd b · A nd) user,
illly 1ncrch11 111 . 1111<1 1111 hnnk llul now, · hcrCnsh supports only credit card pn mcnt and i
not Yl.! t l'lH1s1t 111.:t ·d inh.:1 lh~c ' 1th lmn~s . (..' h1.:rl'11sh p1ov1de~ u~cr ~o fi warc and ~ccps u1.,c r·~ llccol
11\1 0 11 {'(' sci vc1 !\nth Mntcrc11rd and VISA 11nnou11ccd that they would \ upport a
26
Univers
ity of
Mala
ya
WXES 3182 />rojek //111iali Ta hap A khir 11 1"ak11/ti Sai11 ,· l\1u1111111,•1 .!1111 /~·~110/og1 1\ IC1k/11111C1/
electronic payment protocol , SET (Secure I ·:k ctronic Transacttl)H). And tht'\' Ian to the
Internet payment service soon.
The SET protocol has been jointly de eloped by Visn nnd ~ 1astc.!rCard along with IBM,
Netscape, Microsoft , GTI ~. Veri~ i gn, Terisa, and SA IC. Ini tially, Visa and MasterCard were
developing competing protocols, but announced in Fehruaf) that they intended on teaming up
lo develop and support a single protocol to allO\ for ecure bankcard transactions over open
networks. The purpose or the SET protocol, as spelled out in the current Draft, is to use
cryptography to provide confidentiality of information, ensure payment integrity, and
authenticate both merchants and cardholders.
Both customers and merchants must be set up to support electronic transactions. They
do this by registeri ng , ith a 'Certificate Authority', which in most cases will the cardholdcr' s
issuer, or the merchants Acquircr (the fi nancial institut ion which processes bankcard
authorizations and payments for a merchant).
The use of' digital signat ures, certificates, symmetric kc s and asymmetric kc ,~ i ~
ext · · ens1vc in th i process. In addi tion, at the end or February, American Express i\l \l \l)Ul1CC<l
their support of SET.
2.5.3 Electronic Check Systems
The EChcd . I http://\ ' \ lstc.org/projcct: echcd /indcx.shtml I 1s a electronic
comincrcc project of the Financial Services Technology Con~ort1um (FSTC) The EChcd. i~
rnodcllcd on the paper check , except that it is initiated electronically, uses digital • 1gnaturc
for Si . I · 1- I I I ' gn111g ::rnd endors111g, and d1g1ta cc.!rt1 1 cntc~ to out H.: nt1cate t 1e payer, t le pil) c.!r ~ ban"
and ban" uccmmt I lm\CH!r, u11 ll"e the imper chec" . through the u~c of an 1 ~~uer-<lctincd Purnmctcr, the EChec" cnn 1 ·semhk other li 1111 11c111 l p11ymc11ts 111~ t rument ~. ~uc h n~ dectrornc
charge card sli ps, tnl\ ellc1 's ched s. or cert ified check" It hn'I llex 1hil1t 1 ·1 ht ~ ~ ~tcm u. c.
existing clc11ri 11v ch111111els us li"c Automatic Clcnr111g I louse CACI I) nnd l:lcctron1c hed
,,rcscnt1nent ( l ~t'P ) to clc111 the I ·:( 'hcc"
27
Univers
ity of
Mala
ya
WXJ;;s 3182 l'n~jek llmiah '/'ahap Akhir II ,..ak11/li Sain., J.:011111111.•r don fr~nc>lo,..:1 ·\ laklt11ffa/
NctChcquc I http://nii .isi.edu/info/nctchcquc l is :111 d t'(.' tmn,it' cht'l'k system for the
Internet developed at the Information Sciences l ns t i t u t~ ,,r tht' Uni\crsity of Southern
Californ ia. Signatures 0 11 chcd.s arc uuthenticutcd using Kerb Fros. s ing multiple
accounting server!> provides rc liahili ty and scalnbil ity. Net hcquc is \\'di , uited for clearing
micro payments, its use or con cntional er ptogrnphy ma"es it more efficient than systems
based on publ ic key cryptograph . This system' ill couple with NctCash system.
2.5.4 Electronic Funds Transfer Systems (EFTS)
Security First Network Bank (SFNB) [http://www.sfnb.com] is the first bank that
opened on the Internet and serv ices the conventional bank's full service. As a banking
service, SFN13 provides EFT using the WWW. If a payer inputs payment amount and payee
on the web, then the amount is debited to payer's account and payee can receives the amount.
If a payee dot.:s not acct.:pt ekctronic payment, SFNB write::, a check from payer's check book
and mails it to the payee. But, this process needs process time of 2 -3 days.
2.5.S Weaknesses of Current Payment Methods
In spi te or that the currency and banking systems progress extremely, there are some
Weaknesses of current payment methods, in present da s. These wcaktH!sses pro idc good 0P()Ortunit ics of developing a new payment method. In the Internet electronic commerce, it
can be more radical! "new" bccausc many wcal..nt.:ssc. can be el iminated O\ ing tl> th is e . nv1ronme11 t.
Cash handling cost 1s " cry high In ft1ct, cash has almost 1ero transaction cost, but has
high handling co. t There is no cost to gl\c some money from onc's wal let nnd to tnl..e 1t mto
the Oth ' r crs \\ ll llct or tht.: cn"h hox But. 1t 1:. spent enormous cost to rn rnt. trnns1cr, dt. tribute,
More, and 1.:ve11 tcnr to d1 :-u:-c
A 11~H hl! 1 wc11l..11css ul' cush is 1nco11vc11ic11cc ol' hundl111g. If om: mu!>t mal..c a large n1nol 11lt pny111 1.:111 , ht.: w1 II not 11sl! 'l\sh. For cxnrnplc, lo mu kc u I 0 m ii lions "on payment, he 111u11t • •
l:ll 11 1 11 th011'\t11 uJ ol tell thous11 11d'\ p11pc1 notes 111 11box or 11 trunk It 11.i very troubkiion1c Wor~
28
Univers
ity of
Mala
ya
WXES 3182 Pnljek !lmiah Tahap Akhir II ,..afolli Sain., Kt11111u11t•r d,111 frA110/og1 1\ /aklumal
Limi tation on payment amount range is er_ nnrrnw. A crL'1.l it cnrd cnnm' l be used in
very small or very large amount pnyment. Thi.! rt!l\St,ns ,,f th~~c \~ two. First, high
transaction cost or crcdi t card is thl! reason or lower hound. Ir one pa~ 500 won for a good
and the transaction cost of this payment is 300 won, no man " ill u. c this, Second, the effort
to reduce ri sk or credit card organi1_ation is the reason of the upJJ<!r bound.
Credit card payment requires only information on the card face such as credit card
number, expiration date, and name on card. There is no need to input password to buy a cloth
or a compact disk in the shop. So, it is ea y to use the other's credi t card in malice purpose.
The exposure or credit card information to anyone who has mi lie is very critical.
First, process of using checks or notes is very complex. There arc too many related
laws and regulations for a general user to use a check or a note. There arc many reasons and
llOssibilitics of occurrence of a di honoured check and note. Users of a check and a note arl!
connictcd by the complex procedures. There has frequently occurred misdealing or those
methods. Moreover, the procedures and related laws and regulat ions or l!ach pa mcnt
methods arc all diffcrcnt. J f a user wan ts to make payments by multiple payment methods, he
tnust know much about those payment methods. It is very difficult for a general user.
Main weakness of current payment methods is high transaction cost. Transaction
(handling) cost of cash is high, not to speak of those of a credit card, a check, and a note arc
high, because the dealing procedures of those payment methods arc very complex. o.
making payment and settk mcnt of tho e methods has prl!lly high fee to user.
Risks und limitations on payment amount or each method arc also wcaknc c. of
current payment methods Paul-Andre' Pa s and Fabncc de Comannond ( J 996) Ii. t up re ·
quirements for both the lllerchunts and the customers concerning electronic commerce.
2·5.6 01upnring 'urrcnt Pny1ncnl Methods
T he lhctor s of pa mc11t methods nrc defined as follo ws. Accord ing to these factors, sever I .
l\ ~un cnt p11 1mcnt method:-; 111 c 1.:omp111 ed. <.. u11 ent puyment method<. 1ho<.c arl! anal scd
?t)
Univers
ity of
Mala
ya
WXES 3 IR2 Pmjek llmiah Tahap Akhir II Fakulti .\'aim l\01111ua.•r ,Am frA110/og1 1\ lak/111m11
are cash, EFT, debit cards, credi t cards, checks, and notes. Tht' fach' rs describe clearing time
and risks of payment methods, mainly.
•
•
•
•
•
•
•
Payment due· The time or clearing nnd updating th!.! pn~ cr's and the paree's accounts
after a pnyer makes a payment. In the en. c of FFT, clcnring between the payer's and
the payee's banks is performed on the next day, but updating is performed
simultaneous with payer's making payment.
Anonymity: Only payment using cash is protecting privacy. The transaction of the
method that supports anonymity protects privacy.
Control on issuing: This factor describes who has the major control power of issuing .
Number of endorsers: Endorsing i a means of certificating authentication of a payer
and a pa cc. In the case of a note, mult iple endorsing and circulation is permitted.
Payer's source of authentication: This factor de cribes what certificates authentication
or a payer.
Guarantee: This factor describes who guarantees payer's non-payment or
misprocesscd pa ment.
Risk of payee: This factor describes whether the risk of the payer's non-payment i
imposed to the payee. Even though a payee can recover all values to be paid
ult imately, the method is ri sky because that procedure is very complex.
Circulation: This factor describes whether the payment media is permitted circulation.
30
Univers
ity of
Mala
ya
WXJ~S 3 IR2 Pn!jek llmiah Tahap Akhir II
2.6 The Considerations of Gatcw~1y, lntcrfncr and
Connectivity in E-Commercc Applications
Information Cia tewa Services ( IGS) i. nn Internet , en ice Pro" idor) which operates
in 18 l ocat ion~ across Canada. IGS Offers a range of . ervice. for both private indiv iduals and
corporate or busim.:ss cuslomcrs, including dialup Internet access, Web page hosting, virtual
Web, M ail and FTP services, Web page design and CGI scripting.
2.6.1 Internet Server Application Program Interface (ISAPI)
Process Soft ware de doped ISJ\PI [7] in collaboration with M icroso ft Corporation
and other Web server cndors. ISJ\ PI i a high-performance, scalable solution for developer.
Who want to create d nam1c Web sites. These sites have to be able to handle high request
rates without degrading the 11n·r scr er' performance.
Then.: arc a number o f compel ling rca. ons to use ISJ\ l'I. ISJ\ PI 1s not simply a bettc1
CG1 171. ISJ\ PI is different from CG I and was de. igned to so lve lhc problems of CG I. First,
ISAPl scales much better 1han CG I. ISAPI dynamic-l ink l ibraries (DLLs) need rc,vcr
resources such as server memory than CG I. T his means that your server can hnndle more
concurrent requests under ISA PI than a Web site can using CG I. ISA PI is also faster than
CG I. ISAPI allows ou to write extensions lo the ser er that can outperform their CG I
counterparts b as much as Ii c times
Fi nail , IS/\ Pl allows ou 10 extend a Web server 111 ways that Web server ' cndors
tnay not ha c envisioned ISA PI gives much more control o er an I ITTP connect1on than
CGt can. It docs this by pro iding events that <111 ISAPI filter handles in each step of
Processing during an I ITTP connec t um
lSAPI ullows ou 10 hu ild Wch sites lhnt scale up f1rn11 one connection to hundred. of co11cu . . J I . I rrent co1111cc1 urns pc1 scl:1111d ' 1t hout m11ss1vc uc u 11nn11 resources such as sl.!n er
'llcrnor . Until ISJ\ Pl 1;111nc nlong. the unswer to better CCi l rcrformunce was to thro\\ mor1.:
lllc1n , \ ry at the Wch sci v ·1 until th~ Wch sci ve1 stopped 11H.:mor 1.iw11ps to the d1sl..
1 1
Univers
ity of
Mala
ya
WX£S 3 I 82 Projek Jlmiah Ta hap A khir II 1"ak11/ti Sain.,· A.'011111111.•r dt111 fr~110/og1 1\ lak/11111at
CG I works by crcati ng a new process for each C ti rl.!qucst. l'ht' Wch scr\'cr responds
to a CGI request hy creating n ne\ process, filling thnt pn' t't'ss' \.'n\'ironmcnt with HTTP
request variables, and start ing the CGI npplicntion. The memo!) nc~ds of concurrent
processes can ri~e qu ick ly. ISAPI applicntion , on the other hnnd, do not need to create a new
process. The ISA PI server simply creates a thread pool'' hen the cr\'cr is init ialised.
Creating a thread take much less memory than creating a new process. A free thread
from this tlm.:ad pool serves the incoming connection. If the threads in the thread pool are all
tn use, the server can create additional threads to handle the waiting connections. Thread
creation is much raswr than process creat ion. The server must also track new CGI
applications while they arc running. The server may even need to do some cleanup after the
appl ication ends.
Wi th ISAPI, the server ca lls the ISAPI DLL's entry point and leaves processing up to
the extension or fi lter Once processi ng is complete, the ISAPI l)LI. docs any necessary
cleanup and returns contro l of the thread to the server.
2.6.2 Co1nmon Gateway Interface (CGI) Versus Web Server APls
The Common Gateway Interface (CG J) was introduced as a standard protocol for
extending the functionality of Web servers with additional npplica tions. Mo. t CG I
applications are simple executables that arc launched every time !hey arc rcque tcd.
ColdFusion u cs a more robust architecture. The ColdFusion A ppl ication Server runs ns a
flluhi-threudcd system scr ice and handles all or the compl icated processi ng. T he Appl ication
Server communicates , i th the Web server c1thcr through a cry small CGI exccutabk
referred to as the stub (c fm l exc) or through u nuti c Web server A PI
/\s Wch scrvc1s ha c developed. each endor ha~ 1nt1 oduccd and 1mplemcnh.!d an
appl icution-prog111111m111g 111tcrli1cc (Al'I ) for their scr er The nnt1 e Web sen er A PL ofTer
tld<Jitional font UI cs nnd SI grn lk1rnt ly incl cuscu performance I n" tcad nr launching n G I
Cxccutublc, sc i crs suppo1t111g nn /\ Pl com1111111icute d irect ly with the ColdFusion apparent!) \ . Vtth the ( 'oldF11suH111pplac11tion
32
Univers
ity of
Mala
ya
WXT..S 3182 Projek l/mialt Tahap Akhir II Fakulti Sain.' l\011111111t•r c/,111 frA1t1.>log1 ,\ lak/11111at
In addition to introducing server APl s, rnnn scr\•cr \ '1 . .mdo1:.-. hn,·~ cr~at~d document
type mapping, so that individual documcnt extensions can h~ n:'Sl'l' intc :t with a prnccss. This
makes it possible to creull! ColdFusion applic111ion pngcs that an: stored di rectly in the Web
server's root directory. Coldfusion supports the following major nntivc Web server APls:
• Netscape API (NSAPI)
• Internet Ser er API (ISAPI)
• Website API (WSAPI)
• Apache API - These servers support these APls and document type mapping:
• Netscape Enterprise and rastTrack Servers
• Microson llS (all versions)
• WcbSitc ( I . I and Pro)
• Apache
,,
Univers
ity of
Mala
ya
Chapter 3
System Analysis and Methodology
Univers
ity of
Mala
ya
WXES 3 182 Prr?Jek /lmiah Tahap Akhir II Falmlti Sain.' A'm11p11h•r d,111 frA110/0~1 i\ luk/11111a1
3.0 System Analysis and Methodology
3.1. Introduction
An effective dcvelopmcnt mclhod and design mu~ t be chosen in order to make the
project development arc done on the time within effort. There are no one right way to
develop a system, t:ach development method had it own strength, depending on the situations
they are used, the way they are applied and who invol ed in the development process. The
different or system process decomposes these activities in different ways.
However, some process methods are more suitable than others for some type of
system or application. It th1.: wrong method chosen, it will probably reduce the quality or the
usefulness of the system to be de eloped. Therefore, this chapter wi ll give detai ls to the
quality of prorx>scd sofhvarc tools and methods for th<.: system implementation. This chnptcr
Will also identify the methodology, mechanism and approach to be adapter.
The constra ining requirements, which wi ll be, discuss lat1.:r, will he identified to limit
the Space and possible design option. They are characteristic within the user developmcnt and
application environment that preclude certain solutions to the design problem. Also wi th the
concept of model used, it develops an very understanding of the overall system functionality.
Bcsitlcs, this chapter ar1.: including functional rcquir1.:rnc11ts and 11011-functional
requirements, ' hich thc functional rcquircmcnts arc categorized and identified for each pha c
of the system dcvclopmcnt. For the non-functional r<.:quircmcnts, they must be met by
delivcrabl , c~.
'"
Univers
ity of
Mala
ya
WXES 3 !R2 Pn!}ek llmiall Tahap Akltir II Fak11/1i Sain.' A.'r>111p111t•r d,111 frJ.1111/0,l!.11\ lak/1111101
3.2. Systems Development Life Cycle (SllLC)
SDLC is classically thought of ns the set of ncti\ itics thnt nnnly~ts. d~signers and users
cany out to develop and implement a system. In the others \\ Ords, the SDLC is a phased
approach to analysis and design , hich hold. thnt . ~ , tcm. nrt! best through the use of a
specified cycle of analyst and user acti itics.
This method consist or seven different pha c :
•
• •
•
•
•
•
Ident ify ing problems, opportunities and objectives
Determination of system requirement
Analy1.ing system needs
Designing the recommended system
Development and documenting software
Testing and maintaining the ~ stein
Im plementing and e al uating the system
,..._____ ~----------------------------:----.- - ----------------------i
I
(I) (2) {1) Identifying Determining Analyzing system problems. ~ in format ion ~ needs
Objectives and ..
requirements ..
opponunity
j l
'' (4 )
Dc!>igning the recommended
system
r--.__ n
I (7) ( (l) ( ~} 0111lc111l·111 i llJ4 1111<1 rc,t ill!ol tt lld De' clopinlot nnd cvnfuu1i11~ 1 hl' llHllrllllillillt-t tlornmc111 Ill~ ~
.... ,
'l lllClll s stem 'tllh UC
h~llll' \ I I ht• seven phll'ICS ol'SDI.('
35
~ I
' I I I I I I
' ' I I I I I I I
~- - j
' I I I
' ' I I
' I I I I
' I I I I I I
' i--- ·
Univers
ity of
Mala
ya
WXES 3 182 Projek l/miah Taliap Akhir II Fakulti Sai11.,· l\r1mp111.•r c/,111 frA110/o~1 1\ lak/11111al
There arc many reasons of considering the SDLC for a s 1stem de' d opmt.' nt application:
•
•
•
•
To form a common understanding of the ncti' itk s. resources nnd constraints
involved.
To find inconsistencies, redundancic. and om1.. 1ons m the process and its
constituents parts. As these problems arc noted and corrected, the process becomes
effective and focused on building the final product.
To rencct the goals of development, such as building high-quality software, findings
early in development and required budget and schedule constraints.
To understand what process should be tailored for the special situation .
36
Univers
ity of
Mala
ya
WXES 3 182 Projek l/miuh Tahap Akhir 11 /.'a/m/11 Saim Ko111p11tt•r c/,111 J~·J..11olog1 ,\ /<1J../11111a1
3.3. The Basic Requirements Of Systcnt l)evelopme,1t
This section 1s mentioning about the applicat ion domain l r the user environment that
l imit the design poss ibi l i ties and force certain decision., \\hich "ill be taken on it.
3.3. t Hardware Architecture
This archi tecture is very important to de clop the system. Many components of the
hardware will be considered properl y to make the system developed be more efficient and
P<>werful. Therefore, the table sho' 11 below are considered as hardware configurations to be
choose for developing the s stem.
Components
M icroproccssor
RAM
Storage
Input Devices
Output De ices
Monitor Interface
Descriptions
AMI) K6/2 350 Ml lz and ahovc
32.0 MB of Memory and above
4.2 Ml3 of I lard Disk or more
I . Mouse
2. Keyboard
3. Scanner
Printer
VC1/\ compatible display
Figu1c 1 2 The hn1dwu1c used in developing 1hc l>y!ltcm
3.J.2. Operntin~ ystc1n
Nowudn '"· there nrc M.:n.: 111 1 Opc1111111gS 1~ l c 1m(OSs) that nrc an 11lablc \\h1ch cnn ~Liii
OUr need~ and meet the r ·qt11rc111cnl The OSs 111cl11dc W111clnw~. LI NUX. UNIX, Mncrntosh
(l'or A 1 '/ ) ' 'PP c co1111H1I ·rs 0111 ) nml ( )S _ I lowcvcr all o f the OSi; thot i;upport. the current hur0 ' 111e cornpo111.:11i... ' ' l11n1tcd
37
Univers
ity of
Mala
ya
WXF;S 3 J ~2 Projek I/mi ah 'l'ahap A khir II Fak11/11 Sam' l\ompttlt>r d,m fr~111J/og1 1\ laklumaf
3.J.2.1. Windows 98
Windows 98 is n product of Microsotl C'nrporntion nnd is used widely as the
Operating System in Personal Computers todn_ . Windows 98 also will be used as
client(s) that can be connected to the Windo\\ . NT Server [9) in the Software
Engineering Laboratory in this project. There i. not a problem to prevent the other
OSs to be able to use the . stem because it depends on the Web browsers to visit the
Web site and conduct the transaction.
J.3.2.2. Windows 2000 as System Development OS and Web Server
This system wi ll be de eloped b using Windows 2000 Professional Version
with hardware configurations as mentioned at section 3. 3. 1 (Hardware Architecture)
above. Window 2000 ' ill be chosen as the operating system <luc to sevcrnl
advantages that arc distinct when compared to other operating systems. Below nn; the
reasons why it has been chosen o er the other operating system.
• Dominant Posit ion
One of the main rca ons for choosing this operating system is that WindO\ ,
currently enjoys a dominant position as the preferred network operating system by
most corporations. In the consumer market, Microsoft's Windows cnjo s a
penetration rate of almost 90% of the o era ll market, which makes it almo. t the ell!
f£1c:10 choice for operating system.
• User Friendl En ironmcnt
Windows 2000 scr er support mult itasking und it is also extremely uscr-fr iendlv.
Furthermore, the user interface of Windows 2000 server is cry similar to Windo\\ .
95 rn Windm s 98. Thc1efo1c . users hu c no difficulty in adopting to Windcm s 2000
server ·1111s ts unli"c l l111 x. ' hc1e the tusks 11re performed b ' command scnpts C\\
U'le1s huvc d111icult 111 lcmn111g these co11u11u11tls T1111e 1s wnstcd to team the
cnmmunds just to p ·rl'orm 11 cc1tai n tusk. Moreover, Windo' 2000 Scf\cr ti\ a
11etwoi "i11g 01x:111t 111g s ste111 to help developers build und deploy businci..s npplicntion
fostc1 th11 11 c c1 bdtHe Ne' monngement tools 111 Windows 2000 include\ help" 10 M!t
38
Univers
ity of
Mala
ya
WXEs 3182 Projek llmiah Ta hap A khir 11 Fak11/ti Sail/.\ Kc11111mtc•r d, 111 /'c..·A111>/og11\ /11k/11111at
up web-site, simplify access to resources, mnnagl' ront~nts and ~mal~'<'C usage
patterns. These reduce the cost of building n S' r. cr.
• Ease of Installation
Installi ng Wi ndows 2000 docs not present much dilliculty. However, UNIX
involve complicated installation procedure . . For example, each UNIX machine has
their different documented installation procedure. Prior to each installations, the
source code (kernel) needs to be complied.
• Developments Tools
Various development tools have been created for Windows users. Some of these
have helped to peed up the software development process. Furthermore, many
applications tools adopting the visual programming method like Visual Intcrdev,
Visual Basic, Front Page and so on. Visual programming is useful in cutting the time
spent on the program coding.
• J\vailabilit of Technical Suppon
Another plus for Windows user with the Microsoft offices around the world,
Windows users arc accessible to customer supports when a problem is encountered
and they could not fine decent solution for it. This provides more confidencl.! to
customer using Microsoft products.
• Skilled Professional
Microson boasts or extensi e resources or skilled professional as its produce arl.!
widely used. I lowc er, UNIX docs not ha c as many skilled de clopmcnt and ·upport
professionals. This ' ill inherently incrt=ase the cost or de eloping and maintaining the
system as the shortage or prorcssionul leads lo compelttion
W1ndm ~ _()()() ser er ulso supports for innovut1 e web publishing feature ,
eusto111 i1e ton ls und ne"' w11111'd 1echnolog1es mnkes it 1 he lx:st plot form a n 1 lablc to
publish infornrntion o er the lt1tcrnct especially in this prorosed system
39
Univers
ity of
Mala
ya
WXES 3182 Pn?Jek J/miah 'l'ahap Akhir II 1-'aklllti Sa111., l•:m11p111,•r d,111 l dmolo,v.i 1\ /ak/umat
3.3.3 Web Application Programrning
•
•
•
3.3.3. 1. Active Server Pa~es (ASP)
ASP is chosen as the web application programming technology because it is
more suitable and he able to u c for a good online directory system development (10].
The more concurrent requests there are, the more concurrent processes created by the
server. I lowcver, creating a process for every request is time consuming and requires
large amount of server RAM .
In addition, this can restrict the resources avai lable for sharing the server
applications itself, slowing down performance, and increasing wait times on the web.
ASP instead runs in the same process as the web server, more handling client request
faster and more efficiently. It is much easier to develop dynamic content and wch
application ' ith ASP.
ASP is chosen uvcr the other applications because most of them nrc not
ava ilable for all server platforms. For example, support for Linux wi ll be available
only with the upcoming release. This will be the constraint for the system. There arc
several additional features with ASP:
ASP provides a familiar framework and objects for building complex application. thnt
require datn from re lational databases and kgac sources
ASP is an easier ' a for server to ncces~ information 111 a form not readable b~ the
client (such as SQL database) and then act as a gate\ ay bet\ een the t\\O produces
information thot thc client cun v1c\ uruJ use
ASP c1111hh.:s dyn111111 c weh design to he e11~ 1 cr 'I h1 ~ feature mn"-c~ the \\Cb
npplicntions ens to 11 1111 ntui 11 und modify to meet the new needs and requirements.
• Scul11hil1tv ASP 1s s11it11hlc for Eh.:ctrnnic Notice System to conduct 1t~ tns"-~ O\'cr the
l11tc111ct Wh CIC 1111 e 11 lots of poh.: nt ia l users.
40
Univers
ity of
Mala
ya
WXES 3 IR2 l'rr?jek llmiah 'l'ahap Akhir II
• It provides easy access to databas<.:s through /\ctivc n ata Ol'k"'t (ADO) that is the
new database object model 11 11.
3.3.3.2 W ch Scripting Lan~uagc
Server Side Sen pl 111g / ,(lllJ!.llU,l.!,L'
VB Scri pt 11 2 I has been chosen over the Java Script as the server side
language in implementing this onlinc directory system. It is due to the reason that
ASP was chos<.:n as the technology to develop the system. Many resources and data
arc going sample of code in VB Script while coding with ASP. Besides that, as the
scri pting is run on the server and the server streams back the required HTML the
client browser is not an issue so can safely use VBScript. The other reasons that have
been considered arl.!:
• It is easy to learn and ' rite the application programs compare to JavaScript. VRScript
is hascd on the easy-to-learn IJASIC (Beginner's /\ II Purposes Symbol ic Instruction
Code). This is important because project time frame should always he considered to
make ·ure the system would be completed on time
• It is a fast, portable, lightweight interpreter for use in World Wide Web browsers and
other web applications.
• It is powerful and it can be u ·cd to develop intcrncti c client side web pages. Be~ ides,
it also tight! mtegrates ser er-side applicntinn
< ' ft1.•111 Sul<' Scr1111111g I <111,i!,tl<l,l!.l'
Tiu.: M.:lcctlUll wn-; done hctwecn Ju ii Script 11 21 und vn Script for the client
side scnpt111g Jn 11 Script undouht<.:d ly re111mned u fi11n chmcc a!-. nil nH\JOr hro\\~cr
such ns M1crosoll Internet Explorer or Netscape Nuvigator could understand Jl\\ a
Sc11pt VB Sc11pt cnn 0111 he viewed with Internet l ~xplorcr, 1f the u!-.er u~e~ another
41
Univers
ity of
Mala
ya
WXES 3182 l'rojek I !mi ah 'l'ahap A khir 11
browsers arc unable to fully ut ilize the web png · ns till' l'\l k in vn Sl'ript would be
skipped.
3.3.4 Data Access For Active Server Pages (ASP)
3.3.4.1 ActiveX Controls
ActiveX is the new corporate slogan of Microsoft in a very short time, has
come to mean much more than "Activate the Internet." ActiveX represents Internet
and applications integration strategics. These days, products and companies that don't
have ActivcX and Internet somewhere in their nomenclature arc considered, both
internally and externally, a being behind the times. The reality is that trying to
describe Acti eX is similar to trying to describe the color red. ActivcX is not n
technolog or even archi tccture--i t is a concept and a direction.
ActivcX Controls is a self-contained program (or co1nponcnl), written in a
language such as C 1 1 or Visual Basic. When added to a web page, nn Acti cX
control provides a specific piece of client-side functional ity, such ns n bnr chan and
graph, timer. client authentication, or database access. ActiveX controls arc added to
I ITML pages via the <OBJECT> tag, which is now part of the I ITML 151 standard.
The browser can execute ActiveX control when they arc embedded inn web page.
ActiveX controls despite being compatible ' ith the I ITM L standard, they arc
not supported on any Netscape bro' ser pnor to crsion 5 ' ithout an ActiveX plug-in.
without this, they ' ill 0111 function on Internet Explorer, although there arc plug-in.
a ail able if th is s stem \\ants Acti cX functionality ' ith Netscape br°'"· er.
3.3..t.2 Object Database: ActiveX Data Objects (AOO) and Data
Arl'css Objects (DAO)
Al)() 1111 is th:s1gned ns 11 rcplucement for DAO DAO 1 ~ Microsoft 's fir t
ohject st111 ·tu1 c/codc lih11t1 to mnni p11lu1c dutuhuscs Muny DAO commands that
hn e hccn retu rned for hnckwnrd compatibility can make the c:; nta\ quite ugl) at
42
Univers
ity of
Mala
ya
WXES 3182 f>rr!j ek !/miah Tuhap Akhir II l·£1k11/1i Saim A.'t111111111t•r c/,111 fr~110/og1 ,\ luklumal
limes. DAO code assumes database is locnl and '' hik it l'Hn dt•nl with ODBC data
(Oracle, DB2, SQ L Server, Parndox, FoxPrn) it hn:\ nn ~1~du l fod litics for dealing
with the da ta. It would not brenk ' ith non-local darn. hut can not get <>crtain things
that make sense with remote datn done.
Vl3Script supports a wide range of AJ)O [1 1] objects (ADO for ActiveX Data
0~1ec:1.,). Because these objects are ActiveX-based, they work across different
platforms and programming languages (unl ike the data control, which works strictly
in the Visual f1asic environment). The ADO objects support database access both for
local as well as remote data objects (known as RDO). Remote data can come from
across a network or a communications line.
ADO controls is important because they ofTer several advantages over the data
control. Despite the background necessary to work with the /\DO cont rols, they arc
the current choice among the database programmers due to thei r power and ncxihil it .
/\DO tech no log supports faster database access than the data cont rol doc . .
Although today's computers run quickly, the system wi ll produce high speed
degradation when the data contro l for large database tables is used, cspeciall
ODRC-bascd databases.
Perhaps tht: most important advantage of ADO is its capabi lity to access man
kinds of data. Not limi ted to just relational and nonrclational database infonnation.
ADO control can access, through ad anccd progrnmming, Internet browsers, emai l
text, and even graphics.
If leuve u rdcrcnce to the ADO Object l.1 brury 111 d11 t 11b11~e. then the progmrn
' ill need to tu"-e rnH; ' hen dcd nring Objects thnt belong to both Oh.1 ect L1brnncs,
such as l{ecoi dsct
43
Univers
ity of
Mala
ya
WXES 3182 Pt«!}ek l/miah Tahap Akhir II 1"ak11/ti Saim l\0111p11r1•r c/,111 fr~1111/og1 1\ lak/11111at
Dim r:;f\l;O d:; /\DODO . R<~cord:wl Dim r:::/\f;O iJ:"i /\DODB . R0cnrdr,ct:
Conn.Open
Set RS = Conn. Execute(
"DSN
"SELECT
" " " .. ••• I
" User " Password
FR0 {'1 t he Table" )
Else, access wi ll probabl allocntc the Object to the highest ranked reference,
with possibly unl!xpected results. So the best thing to do is to play it safe, and tell
Access that it docs belong to a certain Library.
3.3.5 Softwa re Development Tools
•
•
•
3.3.5. 1 ~licrosoft Visua l lnterDev 6.0
Micro ·on Visual lnterDc comes as part of Microsoft ~mite of 11rofess io11al
programming tools, known as Visual Studio. Visual lntcrDcv is a tool de eloping
dynamic ''ch applications. It is a de clopmcnt environment and a collection of useful
toots and utilitie!).
Visual lnterDcv is the tool that Microsofl promoting as their favoured ASP
editing tool. One simple but useful feature of Visual lnterDev is that it highl ights ASP
<% and %,.. tags in yellow, and the ASP script itself is highlighted using blue for legal
keyword. So the stand out from I ITML 11 31.
There arc th ree possihk ie\\S of web pages:
The Design Vie\\ , i~ WYSIWYG in terface. This alkm s users to put together n \\eh
page in much the same wny ns ' hen creating a document in the Microsof\ WorcJ
Picture, lmJ..s. MH111cJ can be mscrted without ha mg to\ ntc a single lme of I IT 11
The Sm11 ce Vi ·w. the f l'l'MI. gene111tcd h nny w01k~ that have been done in the
design 1cw cun hes· ·n
The ()111cJ.. V1c\ 11\b, to pi e iew the I ITML pugcs in advance
44
Univers
ity of
Mala
ya
WXES 31 R2 Prr~jek I lmiah 'f'alwp A kliir 11 J.'okulti Sai11,, }.:0111/>ttlc•r t/,111 frA11cJIU,\!.t 1\ luk/11111u1
The Design and the Quick Vic' arc not ahl ' tn 1m x 'l'SS ASP. Hoth arc limited
lo viewing I ITMI, onl . I lowc er. if the ASP tik in thl' St,urce View contained
within a project, there's an ASP-friendly nltcmnti\ c. We can select the View in
Browse to :--cc what the processed A, P "ill look like.
In addition, Visual lnterDe boa L strong link wi th SQL server, which makes it
very easy to setup database combining ASP and SQL Server. It also provides several
useful web-based tools for doing things like checking links, highlighting the broken
ones on your site and allowing us to drag and drop pages form one location to the
another.
Visual lnterDc docs not have a compile of drawbacks. It is the most difficult
to master of the editors di . cussed here. But having said that, it 's undoubtedly the most
powerful of these ed itors as it offers many tools and features to the developer.
3.3.5.2 ~1 icrosoft Front Page 2000
Microsort Front Page is the other tool for creating and dl!signing web pages,
but it dol!sn' t offer all the funct ionality of Visual lntcrDev.
It's ult imately a v eakcr but easier application to use. It offers three views of
web page. The Nunno/ tab gives a WYSIWYG (what ou sec is what ou gct) page
creation vicv , /I I i\!/, tab allows u ·er or dcvclorcr to ' rite and modif< code
explici tly The markup or a' ch page is pro idcd by system, uscr can <.lircctly do page
creation In the / 1n•vrew tub, 11 gives a quick IC\ of' hat the page should look like in
brO\ ser
3.J.5.3 l\ licrosoft SQL Server
I )11c to the 1c11so11 thnt the proposed 1s 1101 an 111dercndent srngk de ~top
s stc111 . M11;1osoll SOI. Se1vc1' is the best choice 01, the web <.lntnba:--c for the .. devclop111c11t of tl11s s st ·111 11' co111p111c with Microson Acee~~ M1croson SQL :en er
1ncorpo111tcs 11 world-clnss f'entrn c set for distributed client/ c,crver computtng
45
Univers
ity of
Mala
ya
WXES 3182 Pn!jek llmiah Tahap Akhir 11 1:ak11/ti Sai11.,. l\01111mt1•r da11 l~•A11olo,i:1 \ /11A/11111at
Microsoft SQI. Server is chosen o er Micmson /\cl'l'S~ . Although Microsoft
Access is easier relat ively, hut it is considered a IO\\ l'r k\ d dntnbaSl' which is not
suitable for the proposed system.
The others using SQL Server will sec benefi t in the fo llowing key areas:
• Reliable distributed data and transactions
• Cent ra lized control of distributed servers
• Very high performance and scalability
• Support for very large databases
• f-ull programmability and standards support
• Rich desktop integration
• Open interoperabi lity
3.3.5.4 Other Related oftware Tools
There arc some other useful software tools not only used to develop the
system but also used to do some documentation about the system especially in
designing the program da ta flow and user interface.
lltsw 2000 l'n ?f'e.,·sw110/:
Design a better program data 11ow for the system so that the system de eloped
become more pO\ erfu l and efli cicnt to be used.
A clohe I ' /wt""'"'" 6. ()·
Produce man attracti e images to add into the Web pages \ hich can attrnct as man}
a · man user~ to ~ t u , nt the website It ubo cnn create cc1 tam 1muge~ a~ icon~ tn
represent the functions 01 the Web pngcs thut CUil be linked
"'""""111111 .\''1111'
Crcntc Cl111 ph1cs l11tc1ch11 11uc Frnmot ((i lF) imugcs. ( il F images will show the
ani11 11111011 or sn1m: .lrnnt Photog111phic Hxpc1ts Oroup (J PEC~) image\ \UCh tll., the
p1oduct p1ctu1cs uf the co111 p1111y 1111d etcetera, which the compan con make
46
Univers
ity of
Mala
ya
WXES 3182 PrrHek llmiah TahapAkhir II Fakulti Salus Ko111p111er da11 /"l'1111<>/og1 ,\ /a/..111111<11
advertisement on it's website. These two formul or inmgcs nrc s0k t'h.'d h~t·nus0 thoir
size arc very small and can make the process ortonding of th~ wchsitc be more foste r.
Mac ro111ed1t1 l"/uslt : /\ rnulti mcdia so fhvarc \ hich cnn create nnimations of images,
export high quality images and si1nple multimcdin . how thnt can be published on the
websi te as advertisement or other use.
Univers
ity of
Mala
ya
WXF:S 311?2 Projek llmiah Tahap Akhir II Fakulti Sai11s Ko1111u1tt'r t!a11 t .•/..110/og1 ,\ /a/../umat
3.4 User Requirements Specification and Annl)'sis
3.4.1 Functional Requirements Analysis
The functional requirements arc incremental de dopment to the preliminary
requirement analysis as mentioned in fron t. They are categorized and identified for each
Phase of the system development. The project wi ll in ol cd th ree e en ts:
3.4.1.1 Ordering and Logistics
Purchase orders arc placed and processed.
a). Develop scr er-side application to process the request from the consumers. Log
each successful purchase session and other related information in the Log database in
Microsoft SQL Server 7.0
b). Develop a form inquiring the consumers to fi ll . Infonnat ion like address and
telephone number , ould be asked 111 order for the goods to be ddi cred. In oices and
receipts (after payment has been made) arc generated and send to the consumers
either electronically or manually
3.4.1.2 Contractual
Concerned with gathering of information about the products being sought , and the
disco cry of the sourcl!s of suppl
u). Design and de clop u rcl11t io11ul dutubasc to store the products i11 formation, tra11sHct1011
i11form11t io11 , sess io11 rnformnt 1011.
h) l J 11dcr~t1111d the ordc.:1111g proccss111g methodology Develop !-.ccurc Web appltcatton
With SSI. 1 () prntocul Scc111c the Wch server with NT secunt and configure thl.! U.
Web '\er c.:1 to co11t1ul files 1111<1 prolcct the prog111ms. /\ formul rclut1on!-.h1p bct\\ccn
48
Univers
ity of
Mala
ya
WXES 3 182 Projek ! lmiah Tahap Akhir 11 Fuk11/1i Sain.,· l\01111m1er clan l~·~tk>lo,\!t \ lak/11111C1t
buyer (consumer) and seller (company) is cn.:at c..:d, including tht.' t.'Stnhl ishlllt.'llt of the
terms and conditions to apply to transuctions 111Hkr th~ contnwt,
c). Develop the client-side applications (ASP) using Visual lntcrDe,· 6.0. The DHTML
pages and I ITMI. pages will be gcncrntcd to guide con. umer.' . hopping and purchasing.
The interface design is not a prime concern as this prnj~ct's main objective is to deploy a
secure onlinc transaction using MSK. So, before the digital signature is signed, the SSL
connection between the Web scr er and Web brO\ ser by consumer) must be established.
The request will be done by I ITTPS protocol.
d). Develop a Web browser plug-in (WebSigner) to sign the digital signature to be passed
to the Web server. The consumers must ha e their own security tokens before using the
MSK. The plug-in embedded in the <EM13ED> tag in the HTM L/DI ITML pages. Users
Will be asked for PI N number to sign the digital signature which is contain in the s11111r1
card and read by the smart card reader. The digital signature signing status will he
displayed on the status bar of the sign dia log box.
3.4.1.3 Payment Transaction
This in olvcs the digital payment system mentioned earlier, Virtual Internet Paymc..:nt
System.
a). /\ small function module to act as the acquiring bank for the company to credit the
amount of the purchases made by consumers. A relational database can be built to
store the company's information and the policies.
b). Another mal l function module to act as the consumers' bank to mtcract w11h the
acquiring bank for the trunsnction of the payment.
c). The modules , Ill he ahh.: to dud' 1th the..: reve1sc 11nd char ge back of thl! product
49
Univers
ity of
Mala
ya
WXT·,S 3182 l'rojek /lmiah Tahap Akhir II 1:ak11lli Sain.,, l\.omp11ter dan frA11t1lo • ..:1 ,\ /akltmtat
3.4.2. Non-functional Requirement
The non-functional requirements, which must nlsn he rnnsidcrcd. The following
sections supplement the requirements analysis mentioned above.
The server should response in a reasonable time when there are multiple accesses to
the Web server. No compromise to the, security should be made to any forms of retrieving
the private and confidential data inside the database. Web server should not allow any access
to the unauthorized users for administration purpose. Any background processing are killed
before the SV EXE server program is launched to give the system more memory resources
and to avoid the conflict of the s stem.
Some attributes also been included in this requirement, they arc ava ilability,
maintainability, transferabi lity/conversion, and reliability:
• Avnilability:
The consumers arc able to vie' the contents of the Web site and purchase the goods when
the Web server is running. When the Web ser er is turnoff or down, thl.! s stem ser icl.!
will be terminated temporary.
• Maintninnbility:
Database maintainabil ity must be scheduled and optimized from time to time. The design
of the database is crucial to enable future de elopment to the transaction log database
Scheduled tasks in ol cd organising and removing /filtering outdated or closed Order
Placement in which pa ments foil The transaction log dntabase has scheduled tasks thnt
rnust be run by the MS SQL Executive to perform maintenance on the transaction details
Store and backup the database This schedule cnn he modified to customi1c ''hcne,cr
there 1s a need to do su The :-;er er-side und cl ient-side applications can he added and
ntod1ficd from tune to t11nc The cnh11 11ceme11t mu~t consider taxation and ndd111onnl fees
(service ch111 gc) nnd oth<.:r considerntions for shipping the product from di ffcrcnt vendors
Or business s11hsid111r1 c~
50
Univers
ity of
Mala
ya
WXES 3 182 Pr<dek llmiah TahapAkhir II Fakulti Saim· Km1111111t•r clc111 l~·/<11<1log1 ,\ lak/11111al
• Transfcrahility/Convcrsion:
The system will run only on Windows NT 4.0 Ser er. Ne' crthck ss. the syskm can be
integrated to another platform by dcplo ing soml! kinds of integration techniques.
Examples or possible platforms arc LINUX and UN IX. I lo\\ C\er, thG compatibi lity of the
software is the main concern.
• Rcliahility:
The system will be accessed and the reliabili ty is measured.
51
Univers
ity of
Mala
ya
Chapter 4
System Design
Univers
ity of
Mala
ya
WX£S 3 I ll2 Projek I lmiah Tahap Akhir 11 /•(1k11/1; Sain.,· Ko111p111er t/t111 fr~110/og1 \ lak/11111t11
4.0 System Design
4.1 System Design Method
The system design is shown by using ~ omc diagram , which are drawn to make the
system now become more understandable. The design pha e is the stage to translate the
requirements into the moduh.: characteristics. System design shown here is to give an overall
of how the system works hccause a proper design is a must to make sure that the system work
Properly.
The design is based on data now oriented or structured design that stress on
modularity and top down methodology design. The system now is depicted in the nowchart
fllodcl while the data now is depicted in the data-now model. In the Data Flow Diagram
(DFD), functional transformations process their inputs and produce outputs. /\ s data flows
from one numbered process to another, it is transformed as it moves.
Data Flm Diagramming is a means of represent ing a system at any le d of detail
With a graphic network of symbols showing data nows, data stores, data processes, and data
sources or destinations. The data now diagram is analogous to a road map. It is n network
fllodcl of all possibi lities with different detail shown on different hierarchical levels. The
Process of representing different detail h! els is called "le clling" or "partitioning" by some
data now diagram advocates. The symbols used in the nowchart and DfD arc shm n in table
below I 8 l:
52
Univers
ity of
Mala
ya
WXES 3182 l'rojek Jlmiah Tahap Akhir II Fak11/ti Sain,,· Ko11111111<•r da11 frAnolo.~1 ,\ luklumut
Symbols Mcur1ing
Entit •
f-' low of Data
Process
Data Store
0 Terminator
(lJ'lcd in Program Data Flow}
Process
( 1-Cd 111 Pr ogrnm Dutu Flo' )
l)cc1s io11
(tl 11~·d 111 1'1 0~111111 1)11111 Flow)
53
E"\tt mplt·
Customer
Product Details
3
b i.11cs Purchase
Order
1 o I I Customer Rcco1 d
End Prnr t> •«:
Login 10 the y~tcm
Univers
ity of
Mala
ya
WXES 3182 l'rojek llmiah Ta hap A khir 11 1-'aku/ti Sain.,· Ko111p111<•r </. 111 frA110/0~1 1\ le1k/11111at
·- · - - -~- --0 Connector 8 (Used in Program 1)11111 Flo\\ )
Display
~ Product
(Used in Program Data List
Flow)
·-·-·-·[ .....---
A nnotation Customer must log ··-· -·-·-
in lo purchase.
(Used in Program Data Flow)
~
Figure 4 I The Basic Symbols ed in Drawing The DFD
By using these symbols, this system is designed as shown in Figure 4.2.
54
Univers
ity of
Mala
ya
~
~ c .=..
"' '-'
v. c v. ~
r. :r.
'< ~ g
Cusromer ID 311d P:JSSl\ ord
CUStomer Product Details
Product Details 5 2 ~1essage 3 I• n 3 Product C:11:1.log
D.:::
C~e I CUStomer ID~ I Login To
(USlex&er and Pass\\Or System Profi.es
• • CUS".omer Profiles
• DI Customer Record ~lessage
M~t ID and Pass\\ ord I
~~~~~~~~~~-
D5 ~l~emenl Record
Customer ProfiJe5
~lan::U?emenl IO and Pas~'ord
\lanagemem
CUStomer I Amount P3\ malt 4
.\mo1111 Pll' ment Issue
BMJ.. .\cco unt ~ ... P<l\mem ~
D<> PO Rec<>!:d_ ~~ ~ ... Total Amount
.. Customer De1ruls
Register
"e" Customer
r DJ Product Cat:llog L - .
t Product Detruls
8
Lpdate Product
lnfonn:woo
Product U et.311S
Issue Purchase
Order
04 PO Record
PO Detruls
DI Customer Record Customer Detruls
~ I
~fnrugemem
Product Details
(1
Add Product lnfom1atton
Product Details PO Details
Customer
PO Details
7
Ch eel Order List
thoo!>e Status
~ ~ Vi t,., .._ ~
"' ::_;:i c ~· ,.,.. -~ ~ -.: c:· ::::s--.g ::::... ,.,.. :::!'::::· :::::
--::i· ~ ~ :...., g~ ;;;->: g ~ ~ ;..
-& ~ ~ ,~
';;::-
~ s ;:: -
Univers
ity of
Mala
ya
WXES 3182 Prr~jek llmiah Ta hap A khir II Fok11/1i Sa111s Ko111p111er t/1111 fr~Jl<'IO,l!.1 1\ lak/11111w
4.2. System Module Design
Module is a standard or un it of men. urcmcnt nr i ~ a standardized, often
interchangeable component or a system or construction that is de igncd for easy assembly
and ncxiblc use. The online inventory control system is di idcd into modules to ensure the
systematic and efficiency of development. The system is di ided into 8 separate modules,
these include:
i) Registration Module
ii) System Login Module
iii) Purchase Order Module
iv) Payment Module
v) Customer Update Module
Vi) Check Order List Module
Vii) l\dd Product Module
Viii) Update Product Module
Sorne simple explanations Progrum Data r:low arc shown bdow:
4.2.1 Registration Module
Every user , ho start hrO\ sing the company website wi ll make a tour 111 the \\Cb
Pages created to find out thc information of thc products prov1dcd Ir thc want to make the
issue or purchase order, the s stem ' ill request the user to make n registration a. a nc''
custolller of th1.: compan . . This leg1st111tio11 pwcess cun gel and store the 111formn11on of the cus1 . Omer so I hat II IHISlllCSS will he st111 ted.
l\ fh.:1 the uSL'l fi111sh to fi ll up the 1cgist111tio11 form , the ~y~tcrn ' ill check whether the f Ortn is completed 01 tilled co11ectl . The system wi ll request the user to check hack the fonn
56
Univers
ity of
Mala
ya
WXES 3182 l'ndek llmiah 'l'uhap Akhir II 1"ak11/ti Sain.,· Komputer da11 t .•A110/og11\ le1k/11111e1t
if there arc any errors or invalid entry of the form. Finni I , a uniqlll' n1~trnncr code will be
auto-generated for the customer to use every purchn~c order that t h~~ nre going do nt!xt. (See
Figure -1.3)
4.2.2 System Login Module
Customer l.ug111
Once the user was registered as a customer, he can login in to the system and make
the issue purchase order. Customers are required to enter their uscrname and password for the
systern logi n. Their login infonnation wi ll be checked to identi fy the validation of the
customers. The password entered is encrypted to enhance the security for the system, so that
those customer wi ll be mon.: confidence to continue purchasing product or other activities
like Update their profiles over the \ cbsitc. Password changes arc always avai lable for
customer. (.\ 'ee Ftg ure ./.-I)
Management pan has to login to the system before choosing their activities over the
system. They arc using the same interfaces, which is used by the customers. The management
Person acts as an administrutor to update latest product so that the customers wi ll always
Provided with updated products. (SC!e 1-'lgure ./. -1)
4.2.3 Purchase Order Module
/\Her log111 to the s stem, customers can cont111uc muking their • ~sue of purcha~c
Order. The c11 11 1c' the 111li.muntio11 of product-; by choosing the product type of the
Products pro 1ded The. cnn enstl 1 11cl111.:vc the product~ dc111ils from the dn111b11 ..,c nnd decide
Which products to he purch11scd. /\ner mnking decision to purchase products, the total price
or thl! product will h • c11lc11l11h.:d 1111<1 stor cd i11 the du111b11sc. Next, they have to make their
l)UYlllc11t \ hc1hc1 w1th111 two we ·ks lottg 01 strnight 11w11y puy for their products purchased (.~l't• , .,
• ~11/'t ' ../.5)
57
Univers
ity of
Mala
ya
WXES 3182 Projek l/miah 'l'uhap Akhir II
A
l Enter User Details ~
r
Submit Form
I I ' Details
Entered Correct?
Yes
I
' Save Customer
Details
l '
Purchase Items?
Yes
' c
Fakulti Saius Komp111.•r dau J~·~110/og1 ,\ luk/11mal
No
J ; 1
Customer Record I
No ... D
Fi~111 0 <1 I ('11s10111c1 Rc~ist111 1 io 11
58
Univers
ity of
Mala
ya
WXES 3182 Projek llmiah 'l'ahapAkhir II Fak11/1i Sain.,· Km111>111,•r da11 l 't•A110/og1 1\ /aklumat
B
'f
~ Select and view ..
Products Product Catalog
l J
No
'f
Submit PO?
Yes
Save PO Details J I PO Record
( End
Figure 4 ~ l so;uc Pu1 ch11'c Order
60
Univers
ity of
Mala
ya
WXES 3182 Prcljek !lmiah TahapAkhir II 1:ak11/ti Sain.,· Ko111p1111•r clan I t•A11olog1 \ le1klu111a1
4.2.4 Payment Module
The method of the payment is use the credit. Lu. tomer "ill be required to enter his
credit card holder' s name and the number. (.\'<'e Figure .J.f>(t1.} mu/ F1g11r i: .J.6(b.))
4.2.S Customer Update Module
This system provides a service for customer to let them feel convenient to change
their information. This wi ll be good for the business because the customer information
Provided is always updated. (.)ee Figure .J. 7)
4.2.6 Check Order List Module
Customer can only do th is module. I le can select status of order to view his paid nnd
Unpaid order. (.\'ee F1g11re .J.X)
4.2.7 Add Product Module
The Management create an c-Product Catalog by adding the information of the
Products he want to add to the catalog. (See Figure ./. 9)
4-2.8 Update Product Module
The management tkpartment play a cry important role to update the product. that
arc lately pro ided h , suppliers This step 1s not onl to give more choice~ for cu~tomer to
Purchase products, but ulso provide the lutest inf'l>rmution about the products ·r hereforc, the
custoll\cr' 111 feel con en1ent to get mo1e informu turn of the product ' hilc doing their issue
Purchase order (Sc•e /•1J.!.111·1· ./. 10)
6 1
Univers
ity of
Mala
ya
WXES 3182 l'rojek l/miah Tahap Akhir II
PO Record
No
End
Fak11/1i Sa111s Ko1111m1t•r da11 l~·k110/og1 ,\ fak/11111af
B
I '
Check PO Detail and total amount
Submit?
Yes
Enter Credit Cord Information
Pay?
Yes
" E
No
h~111 c '1 Cl(n ) Cu:.to111c1 l'11y111cnt 1'1occ.,.,
62
Univers
ity of
Mala
ya
WXES 3182 Projek llmiah TahapAkhir II
E
r y
Valid?
Yes
y
Payment Receipt
I
I y
Yes
Print Receipt Print Receipt?
No
End
63
•
•
Fak11/ti Sain.,· Ko111p11l<'r don frA110/0~1 1\ lctklumat
No
l ..
J I
I •
C""tome. Bank J
Enter Credit Card Information
Customer Bank
PO Record
Vendor bank
Univers
ity of
Mala
ya
WXES 3 flJ2 Prr~jek l/miah 'l'ahap Akhir II
No
B
l Update ,...
Customer Profiles
" Change Customer Details
Update?
Yes
" Check Correct Entry of Customer ,...
Details
Yes
Correct?
Yes
" Savo Customer Details
" End
64
Fak11/1i Sain.,· K01111u11c•t dm1 I 1•A110/og1 l\1<1k/11ma1
Customer Record
No
Customer Record I
j Customer Record Univ
ersity
of M
alaya
WXt~:\· 3182 f'rojek !lmiah Tahap Akhir II
8
Soloct Orderod ~ items Detail
Order list of paid I unpaid
rte ms
Print?
J Yes
I • Punt List
• rnd
PO ReCOfd
No ... Fnd
h Nu•c .i K ( \ 1.;10 111c1 ('hoc!. Order l.1\1
)
Univers
ity of
Mala
ya
WXES 3182 Projek llmiah TahapAkhir II
I l Monogoment Login ~
I T
Valid?
Yos
T
Add Product Dota1ls
T
Product Details Enlry Corroct?
r I
Yes
T
P1oduct Added
T
(nd
Fak11/11 .\ i 1/11s l\w 1111111a .f,111 fr 11olog1 ,\/oklumm
No
No
f .. Cu'1omer
Roco1d
l·1t11111i ·I •) M1u1u8cr r~111 Add Pr oduct ~
Univers
ity of
Mala
ya
WXI:-:~· 3182 Projek llmiah tahap Akhir 11
M11nllgomen1 ..,. Login 1 -
Valid password?
Yes
• Browse item to ,.
update j
Deleto rtom?
No
• 1
Update 1tom I_.
• End
Fak11/f/ Sams J...'omp1111•1· c"111 frkllo/0~1 ,\ 1<1k/11mw
No
Product Catalog
Yes ~ Delete Item 14 ~
Product Cotalog
J Product Catalog
h gurc .i 10 ~lnungcment pdnt ·Delete Product!>
67
Univers
ity of
Mala
ya
WXES 3182 Pr<4ek //miah 'l'ahapAkhir II J.'akulti Sai11s Ko111p11tl'f' c!. m fr4110/og1 ,\ laklumat
4.3 Database Design
This system 1s using Microsofl SQL Server as the dnrnhn. c scr\ cr. It helps maximize
availability through onlinc backups, fully integrated log J 11pping. and enhanced failure
clustering. Microsoft SQL Server al lows data to be backed up whi le the database remains
online and accessed by users. With differential database backups, it includes the capability to
perform differential backups.
4.3.t Database Tables
The related database tables arc shown as figures below:
i) Customers Information
h~u1 c <l 11 ('11:.to111c1:. lnlill111n11011 ·111blc
68
Univers
ity of
Mala
ya
WXES 3182 Projek I lmiah 'l'ahap Akhir 11 Fakulli Sain.,· Komp111t•r da11 frl.:110/0,\!t 1\ luk/11111a1
ii) Virtual Bank (Customer Bank)
I :JI I 1 I C'
t I .JT J.
Figure 4.12 Virtual Bank (Customer Bank) Table
iii) Purchase Order Record
l'
Figure 4 13 Purchase Order Record Table
69
Univers
ity of
Mala
ya
WXt:s 3182 Projek llmiah Ta hap A khir I I Fakulti Sain.,· Ko111p11fc•r da11 I 1 •~110/og1 1\ lak/11111e11
1v) l'roduct Ucta 11 s
, 1 , I'"'
Figure 4 14 Products Details Table
v.) Vendor Bank Account
.~
h gure 4 15 Vendor Hank Account 'I able
4.3.2 Database Relationships Diagram of Tables
The relationships of the relations arc defined and a diagram that • h O\\ S tht. ret ·
attonsh1p 1s rn Figure 4 16.
70
Univers
ity of
Mala
ya
WXES 3182 Projek //miah 7'ahapAkhir II
-~ ii
E - s - ~
ri I
y ...
ii E B
3 C"
~
~ > I v ...
7 1
l·'c1k11/ti Sai11.'I Komput<'r da11 I t·~11ol<'.'t!.I ,\ luk/11111m
v E' s ~
J ~ ~ . .... ... -------
c ti ti 0 o.. E f ·z >- " " a. e .... z a..
E E E E ., ., ., ti u u ~ "' ·- ·- ·- ·-
·c: v ti "' v ., 'L: ,, 0..
I I ~I I I I l·~1---
I y ...
u c: c :J :J 0 0 E E ~ o<l
0 ·- u .... ,, :0 ~ ~ ., uu o
Ol l I I
Univers
ity of
Mala
ya
WXES 3 182 Projek llmiah 'l'ahap Akhir II Fakulti Sain.'' l\<)fll/lltft1r da11 frA11t1lc>g11\ f(lk/11111C1t
4.4. User Interface Design
User in terface designed will base on the I lumnn omputcr Interface (HCl) technique
that enhance on the crticicncy and dTCctiveness of the interaction between the customer and
the system. Many of the forms that arc to be created " ri ll be designed to the easiness for the
users to input data. 13uilt-i n or image buttons are used to link and send the forms to the Web
server and navigates from a page to another.
The graphics and static content pages are related to the sales and purchase order of
Products. Normally, either JPEG (which is an acronym for the group that created the
software, "Joint Photographic l ~xpcrt Group") or Git (which stands for Graphic Interchange
Fonnat) is used to enhance the att racti c of the web pages.
The figures of the user interface design can viewed in the User Manual.
72
Univers
ity of
Mala
ya
Chapter 5
System Implementation
Univers
ity of
Mala
ya
WXHS 31112 /'m;ek Jlmiah TalwpAklur II
5.0 System Implementation
5. t Introduction
System Implementation is a stage to change the th ing from the scratch to the reality. The
flowchart design for each module and the file stmcture design for each table in the database as
Well as the interface design arc move from the design scratch to the real implementation stage by
using hardware development requirement and software development tools.
In developing system, the requirements analysis, methodology and system design phases
do not have a clear boundary 111 the soflwarc project. Each phase tends to overlap one another.
this chapter, system implementation is going to present the process of convert ing the system
requirements thnt we have stated earlier and designs as we have described into the program
COdes to develop the system.
73
Univers
ity of
Mala
ya
WXJ~S 3/1{2 /'nuek Jlmiah Tahap Akl11r II
5.2 Development Environment
Development environment i. very important on the proce s of developing a good and
robust so Ii ware system. The suitability of the hardware and software chose to develop the system 15 very important because it will not only help to expedite the system developments but
detennine the success of the project. The hardware and software tools that had been used to
develop the entire system arc a. stated below:
5.2.1 Hardware Used
lhc hardware used to develop the system is:
• •
• • •
/\MD K6-2 30 Processor
Memory :no MB RAM
6.4 Gf3 hard disk
Scanner
Display Adapter
• Keyboard and Mouse as Input devices
S.2.2 Software and Web Server Used
Software Purpose
Microsofl Windows 2000 System requirements
Profcssicmul
Microsof\ Internet l11fo111mt1on S stem rcq111 rc111c11ts
Server ·I ()
Microson Visual lnterdc (1 () ~vstc111 de clop111c111 I
I ntcrfacc Design
Microsof) l111c111cl F:< plor cr <> 0 S 1s1tm1 dovclop1nc111
74
Description
Operating system
Wcb ::.c1 er ho~t
Development tool fo1 -
cod111g
Web hrnw!-c1
Univers
ity of
Mala
ya
WX£S 3182 /'rojek l/miah 'l'ahap Akhlr II
Microsoft SOI, Server 7
Adobe PhotoShop 6.0
Macromedia Flash 5.0
.0 --
l ·'nJ.11/ti Sm11s l\m1111111,•,· clm1 frJ.uolo~i Mak/11ma1
System development Dntnbnsc server
Interface design Image design and creation
Interface design Image Animation
Figure 5.1 Software tools used for system
75
Univers
ity of
Mala
ya
WX£S 31){2 l ' roJek Jlmiah Taha1> Ak/11r II l-'uA11/11 Sam., A.m111111t.-r d,111 frA11olo,i:_1,\ laklw 11at
5.3 System Development
System dcvclop111c11t consists the used of methodology chosen, web pages coding, web
based development tools and database connection. The detail. are illustrated as below:
S.3.1 Methodology
The development strategy or methodology used in th is project is System Development
Life Cycle (SDLC) with prototyping as ment ioned in Chapter 3. The development of th is project
Will consists of even stage , which arc identifying problems, opportunities and objectives,
dctcm1ination of system requirements, analyzing system needs, designing the recommended
system, development and c.locumenting software, testing and maintaining the syste111 and the last
one is implementing and evaluating the system. The system is design using logical flow and it
allows the estimation of the milestones. Each stage must be completed before proceed to the next
stage to ensme that the system is built according to the requirements and specifications.
5.3.2 Web Pages Coding
l\SP is actually an extension to your web server that allows server-side scripting and
Plays a role as script ing en iron111cn1. The language. 11. cd to develop a. acti c server page arc
HTML together with scripting languages such as VBScnpt and JavaScripl. The challenge of
Coding in l\SP is determining and scparnting the 1 ITM L source code from the scripting
counterpart .
76
Univers
ity of
Mala
ya
WXES 311{2 /'m;ek /11111ah TalwpAk/11r II "'"" 11/11 Sat/I.\ A:0111p1ttc•r d.111 l ~·J.110/og,1 i\ lak/11111t11
5.3.2. l Server Side Scripting
For server side scripting in th is system, fonn. are created and are to be filled by the
client and submitted to the secure Web server. Form can be submitted using SUBMIT
Button:
,..INPUT Type "Submit" name - "Submitbtn">
The fonns use the Submit METHOD as POST. TI1ere are POST and GET methods.
Instead or using GET for the METI 100 attribute of the fonns, POST method is used in a
form because it buries the infonnation inside the HTTP header, rather than adding it to the
URL as a query string.
· FORM Name "fnnName" ACTION "U RL" METI IOD "POST" "
Data stored in Request object collections originates from the client , and is passed to
the server as part of the I ITI'P document request. The information from the f-'ORM is
posted to the Request collections. The Request object, Response object, Server object,
application object and Session object are used in this project. For example, the Client
lnfonnation Fonn contains the inputs that had been entered by the client and is posted to
submitted page together with a query string. To retrieve the infonnation in the fonn, , e u e
Request. Form collect ion.
Session is used to provide support for applications across the web, Active Server
Pages also supports sessions within an application. ASP allows us to track a user from page
to page 111 an npphc11t1011 through the use of u session. Session anablcs arc tored 111
Session ohJcct. The i111t ml e\ cnts thnt occur c ct t1111e the client 1s1ts the Web page "ill
need to he 1111t1al i1ecl 111 the Ci loh11l.11s11 tile. A (i lobal asa fi le stores the 111fn11 m1t1on of th1.:
1111 ti11l c cnts occurs when clic11t isits the Web page. To create a Sc~~ion·w1dc m. tancc of
77
Univers
ity of
Mala
ya
WX£S 31112 J>nJJek llmiah Ta hap A khir II FaJ..11/11 Smm J.. 1111111111,·r c/,111 /~·J.. 110/0.~ 1 \fak/umat
the connection, we need lo code the Session 011Star1() nml s~ssiqn_gnEnd() functions in
Global.asa.
S.3.2.2 Client Side Scripting
JavaScript is used as the client side cripting language as we have discovered that
the VB Script is not fu11ctio11i11g properly in Netscape Navigator browser if it is used as the
client side scripting language. The client side scripting is used to validate that proper input
is entered from client and used to make the Web site more interesting.
S.3.3 Web-based Development Tools
Microson Visual lnterdc 6.0 is used as the main development tool for this pmjcel. This
toot enable. easy perfonnance of the many complex programming and database tasks required m
the creation of a Web site, as well as the incorporation of I ITML formatting and layouts,
graphics and other mult imedia component. .
MicrosoH Visual lntcrdcv 6.0 will creates a second copy of the files on the local
computer while perfonning tasks like adding files to the Web. ite or editing any of the cxi. ting
files. This is called the working copy and whenever these working copies arc ·a cd, Visual
lnterdev 6.0 wlll updates the file on the Web erver as well. All the graphics and animation. in this · project arc created using Microson Visual lntcrdcv (> .0, Adobe PhotoShop 6.0 and
Macromedia Flash 5.0.
78
Univers
ity of
Mala
ya
WXJ:s 31>t2 11ro1ek Jlmtah TalwpAklur JI
5.3.4 Database Connection
J-'nA11/11 Sr1 111., J.. 01 111111a.J,11 fr 110/o~t.\ lak/11111Clf ~
The database for this project is created using Microsoft SQL Server 7 .0. By using the
SQL Server, the database can be accessed through virtually any kind of network connection and
enable great amount of users accessed the system at the same time.
ActivcX Data Object (ADO) is used to store and retrieve data from the database. This
Project uses the (Data Source Name) DSN-less connection strings to connect to Microsoft SQL
Server. The connection string i written as:
Driver {SQL Server} ; Server ServerNa111c; Database dbName; ID ; PWD
All communication with a database takes place through an open connection. Before any
infonnation can be inserted into or retrieved from the database, a connection with the database
l11ust be established. The ADO connection object serves the purpose. For example:
Set objConn server CreatcObject (" ADODO Connection")
ObjConn.Open strConnect
Therefore, by using the connection, all the tables, a shown in chapter 4 can be connected
between the database and the user by using the web scripting.
79
Univers
ity of
Mala
ya
Chapter 6
System Testing
Univers
ity of
Mala
ya
WXr;;s 31112 / 1rop:k Jlmtah Talwp Akl11r II VaA11/11 Sm11.' /..'m111111r.•r d.m frAnola.1!.t \ lak/1111w1
6.0 System Testing
6.1 Introduction
System testing is a process of executing a program with the intention of finding bugs,
errors or defects that present in the system. System testing also can be defined as the process of
analyzing a sofhvare item to detect the difference between existing and required conditions and
to evaluate the fea tures of the . oft ware item .
There arc several objectives of system testing as stated as below:
• To demonstrate that behavioral and performance appear to have been met
• To demonstrate that sofiware funct ions appear to be work ing according to the
specification and user requirement.
• To re cal differen t classes of errors with a minimum amount of time and effort
Data collected as testing is conducted provide a good indicntion of soflwarc reliabilit
and some indication of sofiwarc quality as a whole. 1 lowevcr, testing cannot show the absence of
errors and defects, it can how only that soflware errors and def ccts arc present. This project wa.
tested with the fo llO\ ing generic characteristic:
•
• •
Testing begins at the module level and works "outward" toward the integration of tht!
entire syste111 .
Ditforent testing techniques arc appropriate at different points in time .
Testing nnd debugging a1 c diffc1 cnt 11cti 1ties. but debugg111g must be accommodated m
an • testing stmtcgy
XO
Univers
ity of
Mala
ya
»'XES 31112 /'rr>Jek Jlmiah TahapAklur II Va~11/11 .\'mm k m111>111.·r d.m / c' 110/0.~1 ,\ lllAl11111m
6.2 Testing Principles
Several testing pri nciples suggested by Da t, ( 1995) ha\'e been followed in testing the
system l 1 51 :
•
•
•
All tests should be trnceablc to customer requirements .
Test should be planned long before testing began. Testing planning can begin as soon as
the requi rement model is complete.
Testing should begin " in the small" and progress toward testing " in the large". The first
test planned and executed generally focus on individual components. As testing progress,
focus shills in an atte111pt to find errors in integrated clusters of co111poncnts and
ultimately in the entire system.
RI
Univers
ity of
Mala
ya
WXES 31112 /'ro;ek Jlmiah Tahap Akhir II
6.3 Unit Testing
fo't1J..11/11 Smn.v A.'01111'111,·r d.m frJ..110/0~1 \ ltiJ../11ma1 t
Th is testing focuses verification effort on the . mallcst unit of software design, which is
the software component or module. All the important control paths in this project are tested to
uncover errors within the boundary of the module. The relative complexity of tests and
uncovered errors is limited by the constrained scope established for unit testing. The unit test
usually white-box oriented and the step can be conducted in parallel for multiple components.
The tests that occur as part of unit tests are illustrated schematically in figure 6.1 below
(16]. The module interface is tested to ensure that information properly flows into and out of the
Program unit under test. The local data structure is examined to ensure that data stored
temporarily maintains its integrity during all steps in as algorithm's execution. Bo1111clary
Conditions arc tested to en. urc that the module operates properly at boundaries cstahlislu.:d to
lirnit or restrict processing. All independent paths (basis path ) through the control structure arc
exercised to ensure that all statements in a module have been executed at least once. Finnlly, all
error-handling paths are tested.
- Interface - Local data structures - Ooundary conditions - I ndependcnt paths - Error ha11dli11g paths
Test Cuses
I Modules
82
Univers
ity of
Mala
ya
WXES 31Jt2 l'ro.1c:k Jlmiah Tahap Akhir II l ·'t1A11/11 .'1'c1111., Komp111.·r .J.m frA110 /o '!!, 1 ,\ laA/11ma1
The following areas were tested during un it testing for this prnjc ' t:
•
•
•
Ooundary value analy. is
Ensure that the module operates properly at boundaries established to limited or restrict
processing.
Error handling paths
Ensure that the speci fic module executes the recovering process should an error occurs.
For example, the updating proces should be able to cont inue to function again after
encountering duplicate record in the database.
All possible independent program paths are executed ensure that the control strnctmcs arc
implc111c11tcd correct! .
83
Univers
ity of
Mala
ya
WXRS 3 JH2 /'rrJ)c:k /11111011 Tahap Aklur JI
6.4 Integration Testing
l 'f1J.1tl11 Sam., k'o111p111a ./,111 I «l.110/0~1 .\ IHJ./1mu11 l
This kind of testing 115 I is a , . tematic techn ique for constructing the program
structure while at the same time conducting tests to uncover errors associated with the
interfacing. The objective is to take un it tested component and build a program structure that
has been dictated by design. This testing will ensure that the interfaces such as module calling in
this project arc arranged correctly.
The approach used in this pha e is an incremental integration strate!,'Y, the bottom-up
Integration and regression testing. The incremental integration is the antithesis of the high bang
approach. E-Commcrcc Web page program is constructed and tested in small i11crc111c11ts where
errors arc easier to isolate anti correct. /\ II the interfaces arc tested completely and a systemat ic
lest approach is applied.
For this project, a bottom-up approach has been used. Bottom-up integration testi ng
begins construction and testing with modules at the lowest levels of the system and then moving 11PWard to the lllodulcs at the higher levels of the system. Regression testing is the re-execut ion
of some subset of tests that nlrcady been conducted to ensure thnt chnngcs have not propagntcd
Unintended side effects. It i , the activity that helps to ensure that changes (due to testing or for
Other reasons) do not introduce unintended behavior or additional errors.
Univers
ity of
Mala
ya
WXES J 1112 /'mJek lfmiah Tahap Akhir If F'aA 11/11 .\'am., /... d111p111<•r d.111 l~·A110/og1 ,\/aklumat
6.5 Validation Testing
A final series of software tests that i the alidntion te ting are carried out during this
Phase. Soflware validation is achieved through a serie of black box tests that demonstrate
conformity with requirements. f-'or this project, a test plan outlines the classes of tests to be
conducted and a test procedure defines specific test cases that will be used to in an attempt to
uncover errors in confonnity with requirements. Ooth the plan and procedure are desi{:,rned to
ensure that [ 18 J:
•
•
•
•
•
All functional requirements arc satisfied
All behavior charactcri. tic arc achieved
All performance requirements arc attained
Documentation is correct
Other requirements arc met (e.g. error recovery, maintainabi lity, compatibility)
Alpha test and beta test arc nlso being carried oul to uncover errors that onl the cnd
uscr cems able to find . Alpha 1c. 1 is conducted at the developer's site by an end-user in a
controlled environment. 13eta test is conducted at one or more customer site. by the end-u. er of
the son ware and it is a "live" application of the son ware.
85
Univers
ity of
Mala
ya
WXHS 31112 J>ro1ek Jlmiah TalwpAkhir 11 I· 't1A11/ 11 S<1111,, J.. 011111111.-r d.111 fr A110 /og1 ,\ lak/11 tt1(1t
6.6 System Testing
System testing is a series or different tests de igncd to fully exercise the software system
to uncover its limitat ions and measure its capabilities. TI1e objective is to test an integrated
system and veri fy that it meets specified requirements. Although each test in this project has a
different purpose, all work to vcrif y that system elements have been properly integrated and
Perfonn allocated functions.
There arc several types of system testing that are worthwhile for a software system. f<or
this project, three types of . ystcm testing are u ed [ 14}:
•
•
•
Recovery Testing
It is a system test tlrnt fo rces the system to fai l in a variety of ways and vcrifies that
recovery is properly perfonned. If recovery is automatic (perfonned by the sysh.:m itself),
then reinitialization, checkpointing mechanisms, data recovery and restart arc evaluated
for correctness. Ir recovery requires human intervention, the mean-time-to-repair
(Ml TR) is evaluated to determine whether it is within acceptable limits.
Security Testing
These system tests wi ll attempts to verify that protection mechanism built into the system
will protect it from improper penetration.
Perfomiancc Testing
The purpose of this testing is to test the nm-time performance of software within the
context of an integrated system. It requires both hardware and software instrumentation.
Resource utilization is 111eas11red in an cxacti11g fo. hicm.
R6
Univers
ity of
Mala
ya
WXJ~S 31){2 l'rojek J/111 iah Talw11 Akhir II
6. 7 Error Handling and Debugging
An error handling enables the development of clearer, more robust and more fault-tolerant
programs. Error handl ing provides the ability to attempt to reco\·er from infrequent fatal errors
rather than letting them occur and suffering the consequence (Deitel, 1999).
Debugging i the process of finding and correcting errors or bugs in the source code of
computer program. There arc number of debugging tools being used in perfonning the system
debugging, includ ing Toggh.:s Breakpoint , Step Into, Add Watch and so on. When debugging the
system, the Locals windows and immediate window arc used to check the value of variables.
87
Univers
ity of
Mala
ya
Chapter 7
System Evaluation
Univers
ity of
Mala
ya
WXHS 3/ X2 11m 1ek /1111 iah Talwp Akhir fl /o'uJ.11/11 Sams l\ 0111p111,·r d.111 / ~ ·J.. 1111/o,l!. 1 ,\ la l./11111a1
7.0 System Evaluation
There arc various problems were encountered. The. e entire problems were solved
through research and studies. E cry system also ha it own trenbrths, limitations and future
enhancements where can be identified.
7. t Problems Encountered and Solutions
There arc some problems e11<.:01111ten.:d throughout the dcvelop111c11t of this system as 111e11tioned
below·
7.1.1 Difficulty in C hoosing a Suitable Development Tcchnoloey,
Programming Language and Tools
Many sollwarc tools available to develop a website as stated in the earlier stages such as
Microsoft products, Java and . o on. In order to choo. c n suitable technolog and tooL to de' clop
the system wm; a critical process as all the tools possesses their own strengths and weakne. s. In
addition, the avni lability of the required tools for development was also a nrnjor considcrntion
Research and evaluation had bec11 carried out before the decision was made. Furthcnnorc,
seeking advice from supervisor and referred to the similar project had hclpcd in chon~mg the 1110st suitable tools for this prnjcct
88
Univers
ity of
Mala
ya
WX1~·s 3/ H2 l 'rt~J<:k llmiah Talwp Akhir II J.'uA 11/ 11 .'imm A. 01111>111,•r .l.111 fr A11olo,~ 1 ,\ /a A/1111101
7.1.2 Lack of Knowledge in ASP and VBScript
The scripts programming language. and concept "ere never been taught before in the
faculty and 10 i111plcmc11t such an application requires a fa ir grasp of the languages. These
programming approache. scc1n to be totally different from the traditional programming
languages. l3esides, since there was 110 enough prior knowledge of programming in ASP and
VBScript, there was an uncertainty on how to organize the cods in the web pages.
Although it really cause a lot of time to learn the new technology, but choosing to
Program in ASP and Vl3Script proved to be a wise move. Most of the problems fa ced were
manageable th rough browsing the Internet for related materials and referring lo the reference
books available in the market. Discus ion with friends using the same soHware was a great hd p.
However, the most efficient method of learning is by trial and error method during the coding
Phase.
7.1.3 Readability Problem in ASP
Many web-based programming languages do not support for variety types of variable. It
incrca cs the , rite ability for programmer b11t at the same time decrease the rcadabilit , for the
Programmer. Problems become more tedious when there arc bugs detected in the program .• incc
the readability of the program is decreased, then the code maintainability also decreased. It is
veiy difficult to debug the errors especially semantics errors that arc unable to be detected b the
debugger engine.
In order to 111111 i11111c the problem in tl11s area, a series of testmg mu t he taken 1f the
con1po11cnts n1 c to be \l sed in i111ple1m:nt 11tiun of this pn1Jcct. Minim1i'at1 <m rn 11 ~ 111g the
Co1npoi1cnt is need fo1 11 stnhlc s ste111
89
Univers
ity of
Mala
ya
Wx1~·s 3llf2 l'ro1ek /11111ah Talwp Akl11r II Vi1A11/11 Sa m' "-" 1111>111,·r ,/,111 frAmtlo.~1 \ /11k/11ma1
7.2 The Strengths of The System
During the develop111enl or this project, SC cral system Strengths had been identified as
below·
7.2.1 Attractive and Simple Graphic User Interface
The NI I Group Web itc has an attractive user interface and made users feel comfortable
in browsing the website to get the infonnation they want or the features that will add value to
them. TI1c commands and the layout of this . ystem arc simple and well organized, therefore it is
easy to use, si111plc to team and understandable. Nonna! users with some computer knowledge
Will find the system casy to handle.
7.2.2 User Friendliness and Easy to Use Interface
Some useful Graphical User Interface (GU I) such as command buttons, check boxes and
drop-down list boxes arc provided in the entire system, which attract the users to na igate
through the system Clnd give foster access. This uscr-fricnclly interface can shorll!n the teaming
curve and reduce training costs, which include money and timo. The menu-driven and pop-up
Windows or pull-down menus are built to fac il itate the individual need of the 11 er . .
7.2.3 Different User Privileges
Except for the custo111crs and administrator need to login before the can perform their
ta k and iew the 1mpnrtn111 mf'o 111111t ion. The access nght or cach uscr 1 ~ clearly d1 1Tc1cntmtcd
and the me 11s 111g the some 111tc1 liicc to 1111piu c the :-.y-;tcm 1cusah1lity
90
Univers
ity of
Mala
ya
WXJ~S 3 1>12 l'rojek /lmwh Tahap Akhir 11 "'"A 11/11 Smm l\01111m1a d,111 frA110/o '!!,1 .\ /11A/11mat
7.2.4 High Response Time for Data Retrieval
This system is designed in such a manner that they are loaded in a reasonable amount of
time to ensure users need not wait for a long time to icw the pages. Heavy graphics are avoided
and ActivcX controls arc kept to the minimum wherever possible.
7.2.5 Provide Database Access
All the data arc organized and stored in the fonn of database using Microsoft SQL
Server. It is real-time database information and any changcs made to the records can be updated
instantly to the time city database.
7.2.6 System Security
User name and password arc required to access the certain modules of the system and
0nly the authori1.cd user is allowed to view the important infonnation and features. For example,
Only the authorized administrator can access to the system to do some administration tasks.
C) I
Univers
ity of
Mala
ya
WXHS 3 J>f2 /'rrJJc:k ll1111C1h Tahap Akliir II Fa/..n/11 .\'<1111' A.011111111.-r , /,111 fr /.. 110 /o f.1 \ la/../11111t11
7.3 System Limitations
/\s in other systems, there arc also several sdbacks and limitations in NH Group Website.
These limitations can be addressed in future development and ystem enhancements.
7.3.1 Payment Transaction Method - Credit Card
This entire system is using only one method of payment to let customer to make their
Payment transaction that is credit card. The customer is also unable to apply a new credit card by
using this system. The customer can only apply credit card with any one of the credit card
company before doing their payment transaction.
7.3.2 Lack of Expected Firewall
Firewall 11on11ally is used to create security checkpoints at the boundaries of a private
network. By providing the routing function between the private network and the lntcmct,
firewall inspect all communications passing between the two networks and either pass or drop
the communications depending on how they match the programmed policy nilc •.
92
Univers
ity of
Mala
ya
WXES Jf)G /'m;ek Jlmwh Talw1>Akhir II /·'u/..11/11 Sa111.1 /... 011111111,•r , /,m fr/..110/i~g. 1 ,\/11/..111111111
7.4 Future Enhancement
l'urthcr development and many new ideas ha c come about "hile the system being
implemented. Owing to time constraint and other fac tor , not all of the ideas could be
incorporated into the system. It is hoped that the fo llm ing aspects could be considered in future:
7.4.1 Provide More Methods of Payment Transaction Method
This system is proposed to ha c more that one method of payment transaction not only
llse a credit card. /\ customer also can have the Clltcmatcs to pay by other methods such as money
Order or onlinc saving account transaction. This onlinc saving account transaction can be used
When a customer get a password from the system and he can pay by just entering his passwo1 d
and bank sa ing acco1111t 1111mbcr.
7.4.2 Develop a Credit Card Application Through the System
The entire sysh.:111 can bt.: linked with the bank to let the customer apply tht.:ir new crndit
card to make their payment transaction. This 111ight gi c the very convenient way for the
customer to apply card and pny on the . pot. It also can nttract a. many as cu tomer to use tht:
8Ystcm to shop , ith the company.
7.4.3 Error Detection Features
Thi-; s slc111 actuall 11ccd" a 1110 1 c c0111prehc11si vc c1 ror detect m11 fea tu re to cns11rt.: that
Only altd 111p11t 1s bc111 ~ passed to the sci c1 and 11 is done thro11 gh clic 1 1H~1dc sci 1ptmw. t lu~ 1,
1111Po1 t1111t 111 c11s111111g that the s stc1111s 10h11s11111d easy to 111:11111:1111the 1cl1ab1ht} of the ~}\tcm
91
Univers
ity of
Mala
ya
References
Univers
ity of
Mala
ya
WXES 3181 Prt>jek llmiah TahapAkh1r I / ·(1k11/f/ Sm"' k"mnputa .f,m fr 11<1/o~1 ,\ /aklumm
References :
I 1 J Definit ions and Purposes of' Using F-Cnmmcrcl' Systl'tn
http://www.coh.usout ha I .ed. l1t n 1
121 Secure Socket Layer (SSL)
http ://home. vcrio. net/products/host ing/web/wizardchoice.c fin
131 Senlleng Electrical Company
llltp://www.scnheng.com.my
l4) lntemct Protocol (IP)
http://www.ahc.net/cconncctions.htm
l51 C'G I and ll'IT P
l1ttp://scarchwi112000.tcehtargct .com/sDc Ii nit ion/O ,sid3 gic2 I 3846 ,0() . ht111I
161 Certificate Authority (C /\) l111p://homc. erio . ne t/proclucts/hosting/web/wiz~mJchoicc.cfrn
17] lntemet Server /\pplicmion Program Interface (IS/\PI ) and Common Gntewny lnterfocc
(C'GI)
hllp://ww\ .grnphcomp.com/info/spcc · isapi/iispcrf.htm
( 8J Kendall. Kenneth E. and Kcndull , Julie E. ( I<)%). ·~}'s tem A11o~ys 1s mu/ /)es1g11. 4111 Edition.
California: Prcnticc-1 lall , lntcmntional , Inc.
191 Shnh Rnwn. (2000). ( /111x um/ W11u/011'.,. 2000 /11tegmt1011 foolk1r: A ( '0111plet1• ( i111d1·.for
System Ac/1111111.,tmton C'anadn, John Wiley 1111d Suns. Inc.
I I OJ Actl\ c Sc1vc1 t>n~cs (,\S t>}
http ://sc11rchw1112000. t cch1 111·~ct. co111/sl)cli11i1 irn1/0 ,sid I gic2 I 1787 ,00 html
94
Univers
ity of
Mala
ya
WXES 3181 l'rojek Jlmiah TahapAkhir I Fnlm/11 Smm· 1\0111111t<'r r/,111 li:~11olc>~1 Maklumm
111 J Obj ect Database: /\ctivcX Dain Objects (/\00) nnd Ontn :\~~1.·ss Oh.'c:-~ts (DAO)
http://www.thcbcstwcb.com/<lb/dbacccsscodc.11sp
11 21 Microsoft Scri pting Techno logies.
http ://www.msdn.co111/scripting/.
11 31 So fl ware Review Microsoll Visual lntcrdc ' .
http ://www. wcbdc eloper.com/html/html_revicws_ \'i de\'.
l 14 J Ron Weber, 1998. fl!for111ut1tm Systems Col/fro/ and Audit. New Jersey: Prentice-Hall ,
International , Inc.
11 51 Atka Jarvis an<l Yem ( ran<lall, I 997./nroad to Software Quality . New Jersey: Prent ice-Hall.
International, Inc.
11 61 Shari Lawrence rnccgcr, 1999. Software h'11g111eer111g 'f'lu.wry 011cl !1m ct1c:e. New .h.:rsc 1:
Prentice-I lnll , lntcmntionnl, Inc.
ll 71 Chris I Iman, David Buser, Jon Duckett , Brain Francis, John Kauffman, Juan T. Llihrc nncl
David Sussman, 1999. Hej!.llllllllJ!. AS/' J.O. Wrox Press.
I 18J P Sellappan, 2000. S<!ftware 1:'11gi11een11g /lla11oge111e111 om/ Aletluu/.,., Scjana Publishing.
')5
Univers
ity of
Mala
ya