112 Case of C/S Client/Server Security Client/Server on the Internet Distribute DBMS Distributed Programming Distributed Object-Oriented Computing Distribute File system Data Replication

113 Client/Server Security (1) What are the security services? –Authentication Is the client (or server) who it claims to be? Passwords are the starting point for authentication Guards against client spoofing attacks example: telnet and ftp –/etc/passwd –/etc/group –Authorization What services is the client authorized to access? Example: anonymous ftp –based on Access Control Lists: similar UNIX file systems

114 Client/Server Security (2) –Data Integrity How does the client (server) know that the message was not modified? –Refers to write protection Data privacy –Defense to ensure data integrity Data modification due to hardware failure –easily detected based on CRC –Privacy How do you prevent hackers from reading your messages? Start with encryption »Data Encryption Standard »Pretty Good Privacy: public key

115 Client/Server on the Internet Internet is the World’s largest client.server system –The Internet is more than just UNIX systems –all you need is TCP/IP Security on the Internet –Many Internet applications offer security mechanisms –A Firewall can secure an entire Internet site Router node includes Firewall Software Client/Server applications on the Internet –ftp, archie, gopher, telnet, WWW

116 Implementation: WWW WWW is a multimedia client/server system WWW did not require a standard body WWW software is free, but you can pay if you want to Server Side –Server sites must provide a server program, config files, a home page, and the data to be served. –Home page offer pictures, motion, and sound Client Side –needs a browsers get all the data before displaying anything

117 Distributed DBMS (1) Distributed database system can integrate the desktop and the data center What is distributed in a distributed DBMS? –Database access us at a higher level than file access, but the advantages if distribution are the same –The actual data storage and DB queries ae performed by servers –The clients make the requests and process and present the responses Reasons of the Client/Server Model –Most large DBs need to be accessed by multiple users –Information returned by DBs often needs to be integrated into other applications PC need to integrated DB information into desktop applications DDBMS have all the client/server requirements. RPC are a good implementation mechanism

118 Distributed DBMS (2) DBMS server for C/S –Servers use the local file system or access the disk directly –Servers can also access remote files –Servers can be replicated Role of DBMS –Relational DBMSs are the most popular BLOB (Binary Larage Object) OOBMS, ORDBMS –The client and server both know the DB schema –SQL is the standard access languages –Clients can use IPCs or RPCs to talk to a remote DBMS server

119 Distributed DBMS (3) DBMS Server HW and SW –DB servers run on a wide range of systems, including PCs –Servers will exploit advances in system performance and scale –Distribution of management tasks DB Facelifting –Facelifting upadtes tired applications with shiny new GUIs –Facelifting is simple but is not complete integration Integration into Client Application –How can client applications build in transpenet vendor-independent DB access location transparency OPI (Open Programming Interface) ODBC (Open Database Connectivity)

120 Distributed DBMS (4) The Role of ODBC –ODBC allows client integration and DBMS vendors provide drivers. ODBC requires a client driver for every DB server type –But, you need a separate driver for each server type –Spreadsheet integration as an ODBC example many PC applications are now integrated with ODBC exampel: MS Excel integrates ODBC –Client application uses ODBC to access the DB Transactions –DBMS applications require transactional integrity –Distribute Transaction Processing Encina, Tuxedo, X/Open defines application, transaction managers, resource managers, and communication managers

121 Distributed DBMS (5) Distributed Framework Requirement –ODBC uses the services of an underlying framework for naming and security ODBC/SQL inherit the features of the underlying framework. TCP/IP and Netware’s SPX/IPX are common communication mechainsms

122 Distributed Programming (1) Categorizing Procedure Calls –Local procedure call (LPC) –Inter-process communication messages (IPC) –Remote procedure call (RPC) –Local procedures are linked together in the same address space –IPCs within a system or between network nodes Normally the processes run asynchronously

123 Distributed Programming (2) Local Programming vs. Distributed Programming –Programs are organized into procedures –RPC programming is intentionally similar to LPC programming Three level procedure modules –Main module –User Interface module –FindPrimes module What are the differences between local and remote procedures? –The remote procedures will run as separate processes in separate address space

124 Distributed Programming (3) Flow Control –The middleware works hard in a RPC-based application –Local procedures are linked at build or run-time –In distributed program, the client must locate and bind to the server a caller (the client) finds the called procedure (the server) : binding

125 Distributed Programming (4) Passing Parameters and Returning Values –Costs of Passing Parameters and Returning Values Local procedures can use addresses in the common memory: via stack Remote procedures need all the data directly –the client and server must pass parameters and return values via network –Passing Pointers In an LPC, the caller can pass a pointer as a parameter In an RPC, the caller cannot pass a pointer to the remote procedure –the entire array must be passed to the server –Data Representations The client and server may represent data differently In generic representation, all passed data must be converted to a standard format In receiver make-it-right, the receiver of the passed data must convert the data

126 Distributed Programming (5) Errors and exceptions –Client should be prepared to deal with procedure failures N-version, Recovery Block Exception routine, Compensating routine Holding State –Client must know whether a server is stateless or stateful –stateless: at least once Correct operation requires one or more server executions Error recovery is easier with stateless procedures –stateful: at most one The server RPC run-time must ensure that the procedure is performed exactly one time or not at all The run-time SW ensures that stateful procedures are not executed twice –ONC supports stateless procedures; DCE supports both type

127 Distributed Programming (6) Distributed Application –Data transmission and RPC overhead are expensive –Computation time frequently increases faster than the amount of data –Get rid of global variables –Data shipping and Function shipping You can move the data to the function or the function to the data RPC and IPC –RPCs are layered on IPCs RPC API IPC API Transport Layer API –IPCs are still appropriate for many applications –RPCs distribute the familar procedure programming model Programming with an RPC Package –exampel: CORBA

128 Groupware System Integrated Information system –Intranet based on Client/Server model –Four Components DBMS Firewall MIS Network Client/Server model is information infrastructure MIS is application for groupware system