Lecturer:	Jim Briggs / Penny Hart
Unit Code:	DL.WPRMP
Unit Title:	Web Site Programming and Management
Date of Test:	September 2004 (main x2); unknown (referral/deferral)
Time of Test:	--
Duration of Test:	2 hours
Requirements:	None
Office Code
Student Groups

 

Rubric:	Number of Questions	Answer 4 out of 8 questions (25 marks per question). Answer at least 1 question from each section. Use separate answer books for each section.
	Mode and Restrictions	CLOSED book - no books or notes to be allowed
	Pass mark as a percentage	40%
	Weighting as percentage of Unit	50%

Tags such as [PH1] signify the answers (appended as Word comments).

Students to see scenario one week in advance of exam.

South Wiltshire Health Trust manages several hospitals for this semi-rural area. The trust is not particularly well funded, and there are several fund-raising charities associated with the hospitals that have raised money for the installation of MRI scanners and CT scanners. However, these diagnostic machines are sited at different hospitals and there has been no coordination in their supply or location. Although the machines were installed, the infrastructure for making bookings was not also supplied. The existing booking procedures are paper-based. Changes to bookings or machine downtime are notified by phone-call and breakdowns in communication are frequent.

The patients in South Wiltshire come from a wide area and are referred by their doctors for scans. The doctors communicate with the booking clerks by letter and phone, but occasionally patients make the journey to the hospital containing the particular scanner required, which may not be their nearest hospital, only to find that there has been a problem with their booking or scanner availability.

The Health Trust want to conduct a case study and set up pilot scheme to see whether it is possible to automate the booking system and maintain it on a secure web site. They would like doctors to have the ability to book scans on-line, and are looking at options for this: either show availability and have an e-mail booking form, show availability and allow doctors to book directly, or show availability and make "provisional" bookings.

The Trust want to look at the possibility of consultants being able to see the results of scans on-line, and for them to visit health centres and have the information made available to them there. There is also a requirement to collect statistics about throughput and repeat scans, to track a patient's scan history and to predict need, to make best use of scanner time.

1.       

a)       For each of the following three purposes – (i) e-commerce, (ii) on-line research capability, (iii) hospital appointment booking – describe the different types of risk which need to be taken into account when developing a web site. (15 marks[H1] )

b)      Giving examples, what steps would you take to monitor and mitigate risk when developing the Health Trust site? (10 marks[H2] )

2.       

a)      Friedlein recommends that web sites have an underlying strategy. Describe a likely strategy for the Health Trust web site and comment on factors that need to be taken into account to pursue the strategy. (8 marks[H3] )

b)      Suggest a suitable life cycle methodology for the development of the Health Trust web site, justifying your answer. Indicate the types of tasks and relative timescales needed to develop the web site and booking system. (17 marks[PH4] )

3.       

a)      What factors influence the performance of the Health Trust web site, and how can the web administrator assess performance? (10 marks[PH5] )

b)      Describe the circumstances when extra capacity might be required for the site, and critically evaluate the different methods of providing it. (15 marks[PH6] )

4.       

a)      Describe possible functional areas of the Health Trust web site and critically evaluate the different methods of providing access control for them. (13 marks[PH7] )

b)      Identify the different types of user for the site and indicate how you would set up access permission for TWO of these, illustrating your answer with Apache directives. (12 marks[PH8] )

5.       

a)      With reference to the Health Trust scenario, explain the factors you need to take into account when choosing a web server. On the basis of your knowledge, recommend a server and justify your recommendation. (15 marks[PH9] )

b)      Describe the different capabilities provided by tailoring the server configuration file and indicate which would be most useful for the Health Trust web site. (10 marks[PH10] )

6.           

a)      Suggest a suitable project life cycle model for development of the Health Trust web site, explaining why it is suitable. (4 marks[PH11] )

b)      Identify the stakeholder groups who have an interest in the Health Trust web site. Critically evaluate the ways in which user groups could be encouraged to contribute when developing the site. (13 marks[PH12] )

c)      For TWO of the user groups identified in part (a), indicate how you would set up user authentication for use of the site, giving examples using Apache directives. (8 marks[PH13] )

7.           

a)      Describe possible security threats to the Health Trust site, and critically evaluate ways of protecting the site against them. (17 marks[PH14] )

b)      How useful is log analysis in monitoring security problems? Specify which types of log you would analyse. (8 marks[PH15] )

8.       

a)      What is the difference between capacity and scalability? Explain the decisions you would make in providing both for the Health Trust site. (15 marks[PH16] )

b)      Describe the factors that would influence performance of the Health Trust site and indicate how the web administrator would monitor performance. (10 marks[PH17] )

9.       

a)      Evaluate the importance of having a suitable name for the Health Trust web site. Suggest up to FIVE names, ranking them in order of preference and explaining why. (15 marks[PH18] )

b)      Describe how you would publicise the site, critically evaluating the advantages and disadvantages of different ways of making it known to the users. (10 marks[PH19] ).

10.   

a)      Describe the different types of content that would be needed for the Health Trust web site. Suggest ways in which they can be provided. (15 marks[PH20] )

b)      What benefits and problems do content management systems bring to web site development? Illustrate your answer with reference to the Health Trust scenario. (10 marks[PH21] )

11.   

a)      What test strategy would you adopt to ensure the correct functioning of the Health Trust web site before its launch? (8 marks[PH22] ).

b)      What maintenance activities would you conduct after the site's launch? (17 marks[PH23] )

12.   

a)      What factors do you need to take into account in choosing a web server, and why is it necessary to plan server configuration? (17 marks[PH24] )

b)      Identify TWO classes of user of the Trust site, and illustrate how user authentication can be set up for areas they need access to, using Apache directives (8 marks[PH25] )

13.  What, in your view, are the strengths and weaknesses of the HTTP protocol? Discuss these in the context of how they relate to modern, highly popular websites. (25 marks[JSB26] )

14.  Write a Perl CGI program or a Java servlet or JSP that extracts the contents of a textbox called "filename" from an on-line form, opens the file with the specified name, and outputs (as a plain text document) its contents modified as follows:

·        Wherever the text "[DATE]" appears, it is replaced by a string containing the current date (as specified by the system on which the program runs)

·        Wherever the text "[USER]" appears, it is replaced by a string identifying the authenticated remote user

·        Wherever the text "[OSNAME]" appears, it is replaced by a string identifying the name of the operating system under which the program is running

For example, the input:

Today is [DATE]. You are [USER]. The operating system is [OSNAME].

would result in the output:

Today is Fri Nov  3 10:08:34 2003. You are Jim. The operating system is MSWin32.

(25 marks[JSB27] )

15.  This is a question about data manipulation in Perl.

a)      There are several alternatives means of representing complex data structures in Perl. What questions would you need answers to in order to determine which data structure was appropriate for which purpose? (10 marks[JSB28] )

b)      Write a single subroutine to do the following (in the order specified):

i)        Define and print (one name per output line) an array consisting of 10 place names: London, Beijing, Singapore, Paris, Brasilia, Nairobi, Shanghai, Oslo, Brisbane, Miami

ii)       Print all elements from the array that start with the letter “B”.

iii)     Remove the third, fourth, fifth and sixth elements of the array.

iv)     Insert a new element, Tokyo, at the start of the array, and print the final version of the array.

(15 marks[JSB29] )

16.  Imagine that a small accountancy firm has commissioned you as an Internet consultant. The firm provides payroll services to a number of client companies that are not big enough to warrant doing it themselves. The accountancy firm have asked you to write a report recommending what technologies they should adopt for their planned website. The website will incorporate facilities by which recognised clients may submit details of the hours worked by their employees in a particular week or month. The system would need to integrate at some level with the company's existing accounts system so that clients' employees are paid without further human processing. Write the Executive Summary of the report, indicating the recommendations you would make to the company and the reasons for them. (25 marks[JSB30] )

17.  Discuss why the Common Gateway Interface (CGI) is less than perfect. Describe the alternatives to it and their relative advantages. (25 marks[JSB31] )

18.  This question is about web servers and their interfaces.

a)      Describe the series of steps that take place when a web server (such as Apache) receives a request that maps on to a CGI program. (8 marks[JSB32] )

b)      Identify and describe at least four environment variables that are used to convey information from a web server to a CGI program. (8 marks[JSB33] )

c)      In a web application, errors can occur at many levels stretching from the network connection between the browser and server to application level errors detected within the server program. Describe the ways by which different sorts of errors are typically conveyed to the user. (9 marks[JSB34] )

19.  This question is about data structures. You may answer it in either Java or Perl.

a)      What are the different ways of representing a 2-dimensional data structure in your chosen programming language? Illustrate your answer by writing code to hold the following data in a variable called "table" (Java) or "$table" (Perl) and show how elements of it could be accessed.

Visitor	Time	File size	File type
Sturbridge	23:50	1.8Mb	.jpg
Hennessy	11:14	256Kb	.txt
Pinkerton	05:09	4.5Mb	.wav

(10 marks[JSB35] )

b)      Using one representation of the data structure in (a) above, write a Perl subroutine or Java method to perform a search for a sub string (passed as a parameter) in any of the elements of a table (also passed as a parameter). The subroutine/method should return a list of the elements that contain the specified sub string. (15 marks[JSB36] )

20.  Imagine that a small company in the printing industry has commissioned you as an Internet consultant. The company have asked you to write a report recommending what technologies they should adopt for their planned website. The website will incorporate facilities by which recognised customers may submit printing work electronically – probably by submitting the document to be printed in a recognised format (such as Microsoft Word, PDF, etc.) together with details about the print order (e.g. quantity, binding, covers). The system would need to integrate at some level with the company's existing accounts system so that customers are billed without further human processing. Write the Executive Summary of the report, indicating the recommendations you would make to the company and the reasons for them.

(25 marks[JSB37] )

21.  In addition to, or in support of, the facilities provided by a web server, what role can server-side programs play in collecting and reporting visitor statistics for a web site? Discuss what are the most important statistics than can/should be kept and how they might be gathered, stored and analysed. (25 marks[JSB38] )

22.  This question is about CGI scripts.

a)      Discuss why CGI is less than perfect. (8 marks[JSB39] )

b)      The program below reads CGI variables and prints them in an HTML form.

#!/usr/bin/perl
#

%cgivars = &getcgivars ;

print "Content-type: text/html\n\n" ;

print <<EOF ;
<html>
<head><title>CGI Results</title></head>
<body>
<h1>CGI input variables.</h1>
Your CGI input variables were:
<ul>
EOF

foreach (keys %cgivars) {
    print "<li>$_ = $cgivars{$_}\n" ;
}

print <<EOF ;
</ul>
</body>
</html>
EOF

exit ;


sub getcgivars {
    my($in, %in) ;
    my($name, $value) ;

    if ( ($ENV{'REQUEST_METHOD'} eq 'GET') {
        $in= $ENV{'QUERY_STRING'} ;

    }

    elsif ($ENV{'REQUEST_METHOD'} eq 'POST') {
        if (length($ENV{'CONTENT_LENGTH'})
                or &HTMLdie("No Content-Length sent with the POST request."){
            read(STDIN, $in, $ENV{'CONTENT_LENGTH'}) ;
        }
    } else {
        &HTMLdie("Script was called with unsupported REQUEST_METHOD.");
    }
 

    foreach (split(/[&;]/, $in)) {
        s/\+/ /g ;
        ($name, $value)= split('=', $_, 2) ;
        $name=~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/ge ;
        $value=~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/ge ;
        $in{$name} = $value ;
    }
    return %in ;
}

sub HTMLdie {
    my($msg,$title)= @_ ;
    $title= "CGI Error" if $title eq '' ;
    print <<EOF ;
Content-type: text/html
<html>
<head>
<title>$title</title>
</head>
<body>
<h1>$title</h1>
<h3>$msg</h3>
</body>
</html>
EOF

    exit ;

}

 

Examine the program then answer the following questions.

i)        What does the subroutine getcgivars do? (2 marks[JSB40] )

ii)       Describe what is happening in the code lines 17 to 19. (2 marks[JSB41] )

iii)     Why is the split function used in this type of script? Describe what it does in code lines 47 and 49. (4 marks[JSB42] )

iv)     What task is being performed in code lines 50 and 51? (2 marks[JSB43] )

v)      Describe how the variable @_ is used in code line 58. (2 marks[JSB44] )

vi)     What is the purpose of HTMLDie? (2 marks[JSB45] )

vii)   Suggest an alternative way of performing the program's function. (4 marks[JSB46] )

23.  This question is about Perl.

a)      Critically evaluate the object-oriented features of Perl and explain the advantages, if any, they provide over other ways of using Perl. (13 marks[JSB47] )

b)      The Perl resource library, CPAN, contains a huge number of modules that can be incorporated into Perl programs. Explain how to acquire CPAN modules and how to use them in your programs. Discuss the advantages and disadvantages of reusing other people's code in this way. (12 marks[JSB48] )

24.  A high-street retailer is intending a major promotion of its website, which is expected to result in a large increase in the number of orders dealt with by its e-commerce system. They currently use Apache as their web server. The e‑commerce system is written in Java and uses Tomcat at its servlet container. The underlying database is an Oracle one, replicated on two machines with regular synchronisation between them.

What recommendations would you make to the company about configuring its systems to ensure high availability and perceived performance to its customers? You may wish to outline some example configurations and indicate the strengths and weaknesses of each. (25 marks[JSB49] )

25.  This question is about CGI programs.

a)      Describe and explain the actions you would take to ensure that a CGI script could be run from the University’s Studlinweb server. (5 marks[JSB50] )

b)      What environment variables does a CGI program commonly use? Describe how they are used and what they are used for. (8 marks[JSB51] )

c)      What is the purpose of each user's public_html directory on Studlinweb? Explain how it contributes to the security of the server. (4 marks[JSB52] )

d)      There are various ways in which a Perl CGI program can output its HTML. Describe two of those ways and explain their advantages and disadvantages. (8 marks[JSB53] )

26.  This question is about data structures.

a)      What features of Perl make it possible to have data structures of more than one dimension? Illustrate your answer with a short example. (5 marks[JSB54] )

b)      Each line of a text file contains a statistic in the form of a parameter:value pair. Write a Perl subroutine to extract the statistics and output them in table format. The text file name is to be supplied as a parameter to the subroutine. (20 marks[JSB55] )

27.  The program below analyses a web server’s access log and presents the results as HTML output. The format of the information in the log is:

Wed Feb 26 19:43:13 2003 – 200 – http://www.perl.com

Wed Feb 26 19:45:36 2003 – 500 – http://www.port.ac.uk

Wed Feb 26 19:54:06 2003 – 404 – http://www.del.com

Examine the code and answer the following questions (in the context of the problem being solved):

a)      Explain what is happening in code line 9. What is meant by $ARGV[0] in line 7? (4 marks[JSB56] )

b)      Code lines 11 to 14 extract the month, result code and URL data. What does the regular expression in code line 14 achieve? (2 marks[JSB57] )

c)      What happens in lines 16 to 18? Explain the mechanism used. (4 marks[JSB58] )

d)      Indicate the format of the Site totals HTML output specified in code lines 25 to 45. In what order is the information presented? (2 marks[JSB59] )

e)      What is the meaning of code line 47? (2 marks[JSB60] )

f)        What advantage does the web administrator gain by producing this type of summary log? (2 marks[JSB61] )

g)      Apart from the information specified above, what other things might log analyser tools measure? (5 marks[JSB62] )

#!/usr/bin/perl;

use warnings;        

use strict;

 

my %site;

my $latest;

my $log_file = $ARGV[0];

 

open (LOG, $log_file) or die “Log file: $!”;

 

while (my $line = <LOG>)

{

    my ($month, $code, $url) =  $line =~ /^… (…) . +?-  (\d\d\d) –  ( .+?)$/;

   ($latest) = $line =~ /^([^-]+) - / ;

 

   $site{$url} ->{total}++;

   $site{$url}->{result}->{$code}->{total}++;

   $site{$url}->{result}->{$code}->{date}->{$month}->{total}++;

}

close LOG;

 

print “<html”>\n”;

print “<h2>Log Analysis</h2>\n”;

print “<h3>Site totals:</h3>\n”;

foreach my $url (sort keys %site)

{

   my $total = $site{$url}->{total} or 1;

   print “<p><b>$url</b>: $total monitor request(s) \n”;

   print “<ul>\n”;

 

   foreach my $code (sort keys %{$site{$url}->{result}})

   {

      my $total = $site{$url}->{result}->{$code}->{total};

      print “<li><b>$code</b>: $total monitor request(s)</li>\n”;

      print </ul>\n”;

 

      foreach my $month (sort keys %{$site{$url}->{result}->{$code}->{date}})

      {

          my $total = $site{$url}->{result}->{$code}->{date}->{$month}->{total};

          print “<li><b>$month</b>: $total monitor request(s)</li>\n”;

      }

      print “</ul>\n”;

   }

   print “</ul>\n”;

 

   my $successes = $site{$url}->{result}->{200}->{total} || 0;

   my $uptime = sprintf(“%2.2f”, $successes / $total * 100);

   print “Percent uptime: <b>$uptime</b></p>\n\n”;

}

 my $summary_file = “/tmp/log_analysis_summary.txt”;

open (SUMMARY, “>$summary_file”) or die “ Summary: $!”;

 

foreach  my $url (sort keys %site)

{

   foreach my $code (sort keys %{site{$url}->{result}})

   {

       foreach my $month (sort keys %{site{$url}->{result}->{$code}->{date}})

      {

         my $total = $site{$url}->{result}->{$code}->{date}->{$month}->{total};

         print SUMMARY “$url  - $code - $month - $total\n”;

      }

   }

}

 

print SUMMARY “Latest: $latest\n”;

 

close SUMMARY;

 

print “</HTML