a 3-layer dynamic captcha implementation
TRANSCRIPT
A 3-layer Dynamic CAPTCHA Implementation
A PROJECT REPORT
in the partial fulfillment for the award of the degree
of
BACHELOR OF TECHNOLOGY
in
INFORMATION TECHNOLOGY
MAY 2011
8
BONAFIDE CERTIFICATE
9
ACKNOWLEDGEMENT
I am personally indebted to a number of persons that a complete
acknowledgement would be encyclopedic. First of all, I love to record
my deepest gratitude to the Almighty Lord and my family.
My sincere thanks and performed sense of gratitude goes to the
respected chairman for all his effort in educating me in a premier
institution.
I take this opportunity to thank the Director of this prestigious
institution, for his kind cooperation in completing this project.
I like to express my gratitude to our principal, and the Head of
the Department, of Computer Science and Engineering, Mrs., , for their
guidance and advise all through the project.
I convey my sincere and in depth gratitude to my internal guide
for her valuable guidance throughout the duration of this project.
I would also like to thank our friends for the support they
extended during the course of this project.
10
ABSTRACT
A survey conducted in 1999 to figure out in which university graduates of the
department of computer science were the best. Although the voting system could prevent
the same IP address from voting more than once, students from CMU wrote a program to
make the number of votes for CMU go up rapidly. The next day, students from MIT
adopted a similar approach, resulting in that the number of votes for either of these two
universities far exceeded the other universities. Moreover, a report from the Barracuda
Network Security Corporation in the USA said that in 2007 nearly 95% of the mails
received by the world’s Internet users were junk mails. Similar situations are registering
user accounts maliciously, cracking account passwords with brute force, etc. All of these
bring a great threat to the network.
Currently, in order to prevent malicious programs from issuing advertisements or
other useless information recklessly, message boards of BBS, blog and wiki have widely
used CAPTCHA mechanism, requiring that users must input the correct letters to leave a
message.
CAPTCHA also plays a significant role in limiting usage rate. For example, the
automatic use of a particular service is allowed unless such use goes beyond a certain
extent and affects other users. When that happens, we can limit such usage through the
introduction of CAPTCHA mechanism.
CAPTCHA is also used in a variety of online trading systems, such as online
banks or reservation systems, to prevent malicious programs from trying a large number
of dealings. Similarly, Email service systems such as Gmail and Hotmail, also introduce
CAPTCHA mechanism to limit the frequency of registrations or logins to avoid troubles
brought by tremendous junk mails.
11
TABLE OF CONTENTS
CHAPTER TITLE PAGE NO.
LIST OF FIGURES ii
LIST OF ABBREVATIONS iii
1 INTRODUCTION
1.1 About the Project 15
2 SYSTEM ANALYSIS
2.1 Existing system 16
2.2 Proposed system 16
3 REQUIREMENTS SPECIFICATION
3.1 Introduction 17
3.2 Hardware and Software specification 17
3.3 Technologies Used 18
3.4Technologies Used 18 3.5.1 Dotnet 18
3.5.1.1 Introduction to Dotnet 19
3.5.1.2 Working of Dotnet 20
3.5.2 SQL Server 20
3.5.2.1 Introduction to SQL server 21
12
4 SYSTEM DESIGN
4.1 Architecture Diagram 22
4.2 Sequence Diagram 23
4.3 Use Case Diagram 24
4.4 Activity Diagram 25
4.5 Data Base Design
5 SYSTEM DESIGN – DETAILED
5.1 Modules 26
5.2 Module explanation 26
6 CODING AND TESTING
6.1 Coding 28
6.2 Coding standards 31
6.3 Test procedure 31
6.4 Test data and output 32
REFERENCES 78
SNAP SHOTS
13
LIST OF FIGURES
Architecture
Sequence Diagram
Use Case Diagram
Activity Diagram
14
LIST OF ABBREVATIONS
IEEE The Institute of Electrical and Electronics Engineers, Inc.
HTML Hyper Text Markup Language
HTTP Hyper Text Transport Protocol
SRS Software Requirements Specification
AES Advanced Encryption Standard
ASP Active Server Page
OS Operating System
kd Knowledge digest
15
CHAPTER 1
INTRODUCTION
Aim:
The mainstay of this project is to avoid tremendous attack from malicious
computer programs, CAPTCHA (Completely Automated Public Turing test to tell
Computers and Human Apart) mechanism has been introduced to distinguish humans and
computers.
Synopsis:
A survey conducted in 1999 to figure out in which university graduates of the
department of computer science were the best. Although the voting system could prevent
the same IP address from voting more than once, students from CMU wrote a program to
make the number of votes for CMU go up rapidly. The next day, students from MIT
adopted a similar approach, resulting in that the number of votes for either of these two
universities far exceeded the other universities. Moreover, a report from the Barracuda
Network Security Corporation in the USA said that in 2007 nearly 95% of the mails
received by the world’s Internet users were junk mails. Similar situations are registering
user accounts maliciously, cracking account passwords with brute force, etc. All of these
bring a great threat to the network.
In order to prevent similar incidents from happening again, CAPTCHA
mechanism comes into being, which is short for Completely Automated Public Turing
Test to Tell Computers and Humans Apart. In 2000 Carnegie Mellon University set up
the first CAPTCHA group, followed by many scholars studying CAPTCHA to find how
to better tell between humans and computers apart.
Currently, in order to prevent malicious programs from issuing advertisements or
other useless information recklessly, message boards of BBS, blog and wiki have widely
16
used CAPTCHA mechanism, requiring that users must input the correct letters to leave a
message.
CAPTCHA also plays a significant role in limiting usage rate. For example, the
automatic use of a particular service is allowed unless such use goes beyond a certain
extent and affects other users. When that happens, we can limit such usage through the
introduction of CAPTCHA mechanism.
CAPTCHA is also used in a variety of online trading systems, such as online
banks or reservation systems, to prevent malicious programs from trying a large number
of dealings. Similarly, Email service systems such as Gmail and Hotmail, also introduce
CAPTCHA mechanism to limit the frequency of registrations or logins to avoid troubles
brought by tremendous junk mails.
CHAPTER 2
SYSTEM ANALYSIS
2.1 EXISTING SYSTEM
Currently, there are mainly three kinds of methods to implement the CAPTCHA
mechanism: OCR (Optical character recognition) visual method, non-OCR visual method
and non-visual method.
The 2D static CAPTCHA based on OCR visual method takes advantage of
superiority in language barrier, security and easy use, becoming the most widely used
CAPTCHA. Commonly seen CAPTCHAs are: Gimpy series CAPTCHA designed by
Carnegie Mellon University in 2000, Pessimal Print CAPTCHA designed by Henry Baird
from PARC(Palo Alto Research Center) in 2000, and Baffle Text CAPTCHA designed
by Baird in cooperation with Monica Chew from California Berkeley in 2003. However,
with the fast development of OCR technology based on neural network, as well as the
emergence of a variety of character segmentation technology, CAPTCHAs of lots of
websites have been attacked. A Russian programmer has ever cracked the CAPTCHA
mechanism of Yahoo with 35% success rate. Also, the CAPTCHA mechanism of
17
Microsoft live mail has been bothered by junk mails many times. Given facts like these,
newly designed CAPTCHAs have become increasingly complex, so that some of those
are extremely difficult to identify.
Though there are many different kinds of specific implementations for non-OCR
visual method, it eventually comes down to the OCR problem in general, requiring users
to identify images. It is not so widely used. Up to now, except some research sites,
commercial sites rarely use it. Specific implementation algorithms are: CAPTCHA
algorithm based on real object image identification and designed by R. Datta, etc,
CAPTCHA algorithm based on image similarity judgment and designed by J. Elson, etc
and so forth. Non-OCR visual method is designed for special occasions and certain user
groups, thus it has very limited applications.
Examples are: voice-based CAPTCHA algorithm intended for visually disabled
people and designed by G. Kochanski, etc, CAPTCHA algorithm based on collaborative
filtering and designed by M. Chew and so forth. In conclusion, the OCR-based 2D static
visual method is the main way to implement current CAPTCHA mechanism. However, it
could no longer strike a balance between security and easy use, calling for a new kind of
CAPTCHA to address this increasingly prominent problem.
2.2 PROPOSED SYSTEM
Dynamic CAPTCHA can make it not only extremely hard to crack for computer
programs using multiple frames, but also easy for humans to identify. According to
anatomical, physiological and functional characteristics of the visual system, there are
two visual pathways in the brain, the ventral pathway, which function is to identify
objects, and the dorsal pathway, which function is to identify spatial location and
movement of objects. Both the identifiability and contrast ratio of images will affect
moving objects. In the right hemisphere, 3D movement shows stronger brain activity than
2D movement. The biological vision theory says that the perception ability of moving
18
objects far exceeds that of static objects for biological vision. For example, we can easily
recognize a running cheetah in a jungle while could hardly notice a stationary cheetah in
the jungle. The reason is that the human visual system can easily reconstruct the overall
shape merely from vague displacements of parts of the moving object.
CHAPTER 3
REQUIREMENT SPECIFICATIONS
3.1 INTRODUCTION
The requirements specification is a technical specification of requirements for
the software products. It is the first step in the requirements analysis process it lists the
requirements of a particular software system including functional, performance and
security requirements. The requirements also provide usage scenarios from a user, an
operational and an administrative perspective. The purpose of software requirements
specification is to provide a detailed overview of the software project, its parameters and
goals. This describes the project target audience and its user interface, hardware and
software requirements. It defines how the client, team and audience see the project and its
functionality.
3.2 HARDWARE AND SOFTWARE SPECIFICATION
3.2.1 HARDWARE REQUIREMENTS
Hard Disk : 80GB and Above
RAM : 1GB and Above
Processor : Pentium IV and Above
19
3.2.2 SOFTWARE REQUIREMENTS
Windows Operating System 7
Visual Studio
Sql Server
Silver light
3.3 TECHNOLOGIES USED
Visual Studio
3.3.1 Introduction to Visual Studio .NET
INTRODUCING WEB APPLICATION:
Organizations are increasingly becoming dependent on the Internet for sharing
and accessing information. This Internet boom has changed the focus of application
development from stand-alone applications to distributed Web applications. Web
applications are programs that can be executed either on a web server or in a web
browser. They enable you to share and access information over the Internet and operate
intranets. In addition, Web application can support online commercial transactions,
popularly known as e-commerce. An online store access through a browser is an example
of a web application.
INTRODUCTION TO ASP.NET
ASP.NET is a part of the .NET Framework, a new computing platform from
Microsoft optimized for creating applications that are highly distributed across the
Internet. Highly distributed means that the components of the application, as well as the
20
data, may reside anywhere on the Internet rather than all being contained inside one
software program somewhere. Each part of an application can be referenced and accessed
using a standard procedure ASP.NET is the part that provides the features necessary to
easily tie all this capability together for coherent web-based applications. It is a
programming framework, and one of the primary differences between it and traditional
ASP is that it uses a common language runtime (CLR) capable of running compiled code
on a web server to deploy powerful wed-based applications.
ASP.NET still use HTTP to communicate to the browser and back, but it brings
added functionality that makes the communication process much richer. If any files have
the appropriate extension or contain code, the server routes those files to ASP.NET for
processing prior to sending them out to the client. The script or code is then processed
and the appropriate content is generated for transmission back to the browser/client.
Because processing takes place before the results are delivered to the user, all manner of
functionality can be built-in such as database access, component usage and the ordinary
programmatic functionality available with scripting languages.
ASP.NET applications can be coded using a plain text edited such as notepad,
although this not the most efficient method to use. Developing all the other resources that
might be required for a particular ASP.NET application, especially for the user interface,
may involve range of specialized tools including image-editing programs, database
programs and HTML editors.
To create dynamic web pages by using server-side scripts. Microsoft has
introduced ASP. ASP.NET is the .NET version of ASP. ASP.NET is a standard HTML
file that contains embedded server-side scripts. ASP.NET provides the following
advantage of server-side scripting.
ASP.NET enables you to access information from data sources, such as back-
end database and text files that are stored on a web server or a computer that is accessible
to a web server.
21
ASP.NET enables you to use a set of programming code called templates to
create HTML documents. The advantage of using template is that you can dynamically
insert content retrieved from data sources, such as back-end database and text-files, into
an HTML document before the HTML document is displayed to users. Therefore, the
information need not be changed manually as and when the content s retrieved from data
source change.
ASP.NET also enables you to separate HTML design from the data retrieval
mechanism. Therefore changing the HTML deign does not affect the program that
retrieve data from the databases. Similarly, server-side scripting ensures that changing
data sources does not require a change in HTML documents.
ASP.NET has a number of advance features that help you develop robust web
applications. The advance features of ASP.NET are based on the .NET Framework.
ASP.NET in .NET Framework
ASP.NET, which is the .NET version of ASP, is built on Microsoft .NET
Framework. Microsoft introduced the .NET Framework to help developers create
globally distributed software with Internet functionality and interoperability.ASP.NET
application include WEB Forms, configuration files and XML, web service files. Web
forms enable you to include user interfaces, such as Textbox, listbox controls and
application logic of Web applications, and configuration files enable you to store the
configuration settings of an ASP.NET application. The elements of an ASP.NET
application also include Web service to provide a mechanism for programs to
communicate over the Internet.
22
FEATURES OF ASP.NET
Compiled Code - Code written in ASP.NET is compiled and not
interpreted. This makes ASP.NET applications faster to execute than other server-
side scripts that are interpreted, such as scripts written in a previous of ASP.
Enriched Tool Support - The ASP.NET Framework is provided with a
rich toolbox and designer in VS.NET IDE (Visual Studio .NET integrated
development environment). Some of the features of this powerful tool are the
WYSIWTG (What You See Is What You Get) editor, drag-and-drop server
controls and automatic deployment.
Power and Flexibility - ASP.NET applications are based on Common
Language Runtime (CLR). Therefore, the powerful and flexibility of the .NET
platform is available enable you to ensure that the .NET Framework class library,
messaging and data access solutions are seamlessly over the web. ASP.NET is
also language-independent. Therefore, you can choose any .NET language to
develop your application.
Simplicity - ASP.NET enables you to build user interfaces that separate
application logic from presentation content. In addition, CLR simplifies
application development by using managed code services, such as automatic
reference counting and garbage collection. Therefore, ASP.NET makes it easy to
perform common tasks ranging from submission and client authentication to site
configuration and deployment.
23
Manageability - ASP.NET enables you to manage Web application by
storing the configuration information in an XML file. You can open the XML file
in the visual Studio .NET IDE.
Scalability - ASP.NET has been designed with scalability in mind. It has
features that help improve performance in a multiprocessor environment.
Security - ASP.NET provides a number of options for implementing
security and restricting user access to a web application. All these options are
configured within the configuration file.
IIS- Internet Information Service
The most important server you can install is internet information server (IIS)
because you will need it to run your ASP.NET applications. There a number of other
servers specifically designed to work with the .NET Framework.
SQL-SERVER
SQL Server is an enterprise-scale, industrial strength, relational database
management solution. It contains all the features expected of high-end DBMS systems, as
well as XML support.
Introduction for C-Sharp
C# (pronounced "see sharp") is a multi-paradigm programming language
encompassing imperative, declarative, functional, generic, object-oriented (class-based),
and component-oriented programming disciplines. It was developed by Microsoft within
the .NET initiative and later approved as a standard by Ecma (ECMA-334) and ISO
24
(ISO/IEC 23270). C# is one of the programming languages designed for the Common
Language Infrastructure.
C# is intended to be a simple, modern, general-purpose, object-oriented programming
language.[7] Its development team is led by Anders Hejlsberg. The most recent version is
C# 4.0, which was released on April 12, 2010.
Design goals
The ECMA standard lists these design goals for C#:
C# language is intended to be a simple, modern, general-purpose, object-oriented
programming language.
The language, and implementations thereof, should provide support for software
engineering principles such as strong type checking, array bounds checking, detection of
attempts to use uninitialized variables, and automatic garbage collection. Software
robustness, durability, and programmer productivity are important.
The language is intended for use in developing software components suitable for
deployment in distributed environments.
Source code portability is very important, as is programmer portability, especially for
those programmers already familiar with C and C++.
Support for internationalization is very important.
C# is intended to be suitable for writing applications for both hosted and embedded
systems, ranging from the very large that use sophisticated operating systems, down to
the very small having dedicated functions.
25
Although C# applications are intended to be economical with regard to memory and
processing power requirements, the language was not intended to compete directly on
performance and size with C or assembly language.
Name
C-sharp musical note (left)
The name "C sharp" was inspired by musical notation where a sharp indicates that the
written note should be made a semitone higher in pitch. This is similar to the language
name of C++, where "++" indicates that a variable should be incremented by 1.
Due to technical limitations of display (standard fonts, browsers, etc.) and the fact that
the sharp symbol (♯, U+266F, MUSIC SHARP SIGN) is not present on the standard
keyboard, the number sign (#, U+0023, NUMBER SIGN) was chosen to represent the
sharp symbol in the written name of the programming language. This convention is
reflected in the ECMA-334 C# Language Specification.[7] However, when it is practical
to do so (for example, in advertising or in box art[10]), Microsoft uses the intended musical
symbol.
The "sharp" suffix has been used by a number of other .NET languages that are variants
of existing languages, including J# (a .NET language also designed by Microsoft which is
derived from Java 1.1), A# (from Ada), and the functional F#. The original
implementation of Eiffel for .NET was called Eiffel#,[12] a name since retired since the
full Eiffel language is now supported. The suffix has also been used for libraries, such as
Gtk# (a .NET wrapper for GTK+ and other GNOME libraries), Cocoa# (a wrapper for
Cocoa) and Qt# (a .NET language binding for the Qt toolkit).
History
During the development of the .NET Framework, the class libraries were originally
written using a managed code compiler system called Simple Managed C (SMC). In
January 1999, Anders Hejlsberg formed a team to build a new language at the time called
26
Cool, which stood for "C-like Object Oriented Language".[16] Microsoft had considered
keeping the name "Cool" as the final name of the language, but chose not to do so for
trademark reasons. By the time the .NET project was publicly announced at the July 2000
Professional Developers Conference, the language had been renamed C#, and the class
libraries and ASP.NET runtime had been ported to C#.
C#'s principal designer and lead architect at Microsoft is Anders Hejlsberg, who was
previously involved with the design of Turbo Pascal, Embarcadero Delphi (formerly
CodeGear Delphi and Borland Delphi), and Visual J++. In interviews and technical
papers he has stated that flaws in most major programming languages (e.g. C++, Java,
Delphi, and Smalltalk) drove the fundamentals of the Common Language Runtime
(CLR), which, in turn, drove the design of the C# language itself.
James Gosling, who created the Java programming language in 1994, and Bill Joy, a co-
founder of Sun Microsystems, the originator of Java, called C# an "imitation" of Java;
Gosling further claimed that "[C# is] sort of Java with reliability, productivity and
security deleted."Klaus Kreft and Angelika Langer (authors of a C++ streams book)
stated in a blog post that "Java and C# are almost identical programming languages.
Boring repetition that lacks innovation," "Hardly anybody will claim that Java or C# are
revolutionary programming languages that changed the way we write programs," and "C#
borrowed a lot from Java - and vice versa. Now that C# supports boxing and unboxing,
we'll have a very similar feature in Java."Anders Hejlsberg has argued that C# is "not a
Java clone" and is "much closer to C++" in its design.
C# used to have a mascot called Andy (named after Anders Hejlsberg). It was retired on
29 Jan 2004.
Versions
In the course of its development, the C# language has gone through several versions:
Version Language specification Date .NET Visual
27
Framework StudioECMA ISO/IEC Microsoft
C# 1.0
December
2002April 2003
January 2002January
2002
.NET
Framework
1.0
Visual
Studio .NET
2002
C# 1.2 October 2003 April 2003
.NET
Framework
1.1
Visual
Studio .NET
2003
C# 2.0 June 2006September
2006
September
2005 [note 1]
November
2005
.NET
Framework
2.0
Visual
Studio 2005
C# 3.0
None[note 2]
August 2007November
2007
.NET
Framework
3.5
Visual
Studio 2008
C# 4.0 April 2010 April 2010.NET
Framework 4
Visual
Studio 2010
^ The Microsoft C# 2.0 specification document only contains the new 2.0 features. For
older features use the 1.2 specification above.
^ There are currently, as of May 2010, no ECMA and ISO/IEC specifications for C# 3.0
and 4.0.
Summary of versions
C# 2.0 C# 3.0 C# 4.0 C# 5.0 (planned)
28
Features
added
Generics
Partial types
Anonymous
methods
Iterators
Nullable types
Implicitly typed
variables
Implicitly typed
arrays
Anonymous types
Extension methods
Query expressions
Lambda
expressions
Expression trees
Dynamic binding
Named and optional
arguments
Generic co- and
contravariance
Asynchronous
methods
Compiler As a
Service
Features
By design, C# is the programming language that most directly reflects the underlying
Common Language Infrastructure (CLI). Most of its intrinsic types correspond to value-
types implemented by the CLI framework. However, the language specification does not
state the code generation requirements of the compiler: that is, it does not state that a C#
compiler must target a Common Language Runtime, or generate Common Intermediate
Language (CIL), or generate any other specific format. Theoretically, a C# compiler
could generate machine code like traditional compilers of C++ or Fortran.
Some notable distinguishing features of C# are:
There are no global variables or functions. All methods and members must be declared
within classes. Static members of public classes can substitute for global variables and
functions.
Local variables cannot shadow variables of the enclosing block, unlike C and C++.
Variable shadowing is often considered confusing by C++ texts.
29
C# supports a strict Boolean datatype, bool. Statements that take conditions, such as
while and if, require an expression of a type that implements the true operator, such as the
boolean type. While C++ also has a boolean type, it can be freely converted to and from
integers, and expressions such as if(a) require only that a is convertible to bool, allowing
a to be an int, or a pointer. C# disallows this "integer meaning true or false" approach on
the grounds that forcing programmers to use expressions that return exactly bool can
prevent certain types of common programming mistakes in C or C++ such as if (a = b)
(use of assignment = instead of equality ==).
In C#, memory address pointers can only be used within blocks specifically marked as
unsafe, and programs with unsafe code need appropriate permissions to run. Most object
access is done through safe object references, which always either point to a "live" object
or have the well-defined null value; it is impossible to obtain a reference to a "dead"
object (one which has been garbage collected), or to a random block of memory. An
unsafe pointer can point to an instance of a value-type, array, string, or a block of
memory allocated on a stack. Code that is not marked as unsafe can still store and
manipulate pointers through the System.IntPtr type, but it cannot dereference them.
Managed memory cannot be explicitly freed; instead, it is automatically garbage
collected. Garbage collection addresses the problem of memory leaks by freeing the
programmer of responsibility for releasing memory which is no longer needed.
In addition to the try...catch construct to handle exceptions, C# has a try...finally
construct to guarantee execution of the code in the finally block.
Multiple inheritance is not supported, although a class can implement any number of
interfaces. This was a design decision by the language's lead architect to avoid
complication and simplify architectural requirements throughout CLI.
C# is more type safe than C++. The only implicit conversions by default are those which
are considered safe, such as widening of integers. This is enforced at compile-time,
during JIT, and, in some cases, at runtime. There are no implicit conversions between
booleans and integers, nor between enumeration members and integers (except for literal
30
0, which can be implicitly converted to any enumerated type). Any user-defined
conversion must be explicitly marked as explicit or implicit, unlike C++ copy
constructors and conversion operators, which are both implicit by default.
Enumeration members are placed in their own scope.
C# provides properties as syntactic sugar for a common pattern in which a pair of
methods, accessor (getter) and mutator (setter) encapsulate operations on a single
attribute of a class.
Full type reflection and discovery is available.
C# currently (as of version 4.0) has 77 reserved words.
Checked exceptions are not present in C# (in contrast to Java). This has been a conscious
decision based on the issues of scalability and versionability.[21]
Common Type System (CTS)
C# has a unified type system. This unified type system is called Common Type System
(CTS).[22]
A unified type system implies that all types, including primitives such as integers, are
subclasses of the System.Object class. For example, every type inherits a ToString()
method. For performance reasons, primitive types (and value types in general) are
internally allocated on the stack.
Libraries
The C# specification details a minimum set of types and class libraries that the compiler
expects to have available. In practice, C# is most often used with some implementation of
the Common Language Infrastructure (CLI), which is standardized as ECMA-335
Common Language Infrastructure (CLI).
"Hello, world" example
31
The following is a very simple C# program, a version of the classic "Hello, world"
example:
using System;
class ExampleClass
{
static void Main()
{
Console.WriteLine("Hello, world!");
}
}
The effect is to write the following text to the output console:
Hello, world!
Each line has a purpose:
using System;
The above line of code tells the compiler to use 'System' as a candidate prefix for types
used in the source code. In this case, when the compiler sees use of the 'Console' type
later in the source code, it tries to find a type named 'Console', first in the current
assembly, followed by all referenced assemblies. In this case the compiler fails to find
such a type, since the name of the type is actually 'System.Console'. The compiler then
attempts to find a type named 'System.Console' by using the 'System' prefix from the
using statement, and this time it succeeds. The using statement allows the programmer to
32
state all candidate prefixes to use during compilation instead of always using full type
names.
class ExampleClass
Above is a class definition. Everything between the following pair of braces describes
ExampleClass.
static void Main()
This declares the class member method where the program begins execution. The .NET
runtime calls the Main method. (Note: Main may also be called from elsewhere, like any
other method, e.g. from another method of ExampleClass.) The static keyword makes the
method accessible without an instance of ExampleClass. Each console application's Main
entry point must be declared static. Otherwise, the program would require an instance,
but any instance would require a program. To avoid that irresolvable circular
dependency, C# compilers processing console applications (like that above) report an
error if there is no static Main method. The void keyword declares that Main has no
return value.
Console.WriteLine("Hello, world!");
This line writes the output. Console is a static class in the System namespace. It provides
an interface to the standard input, output, and error streams for console applications. The
program calls the Console method WriteLine, which displays on the console a line with
the argument, the string "Hello, world!".
Implementations
The reference C# compiler is Microsoft Visual C#.
Other C# compilers exist, often including an implementation of the Common Language
Infrastructure and the .NET class libraries up to .NET 2.0:
33
Microsoft's Rotor project (currently called Shared Source Common Language
Infrastructure) (licensed for educational and research use only) provides a shared source
implementation of the CLR runtime and a C# compiler, and a subset of the required
Common Language Infrastructure framework libraries in the ECMA specification (up to
C# 2.0, and supported on Windows XP only).
The Mono project provides an open source C# compiler, a complete open source
implementation of the Common Language Infrastructure including the required
framework libraries as they appear in the ECMA specification, and a nearly complete
implementation of the Microsoft proprietary .NET class libraries up to .NET 3.5. As of
Mono 2.6, there are no plans to implement WPF; WF is planned for a later release; and
there are only partial implementations of LINQ to SQL and WCF.
The DotGNU project also provides an open source C# compiler, a nearly complete
implementation of the Common Language Infrastructure including the required
framework libraries as they appear in the ECMA specification, and subset of some of the
remaining Microsoft proprietary .NET class libraries up to .NET 2.0 (those not
documented or included in the ECMA specification but included in Microsoft's
standard .NET Framework distribution).
The DotNetAnywhere Micro Framework-like Common Language Runtime is targeted at
embedded systems, and supports almost all C# 2.0 specifications. It is licensed under the
MIT license conditions, is implemented in C and directed towards embedded devices.
Unity 3D uses C# as a scripting language as an alternative to Javascript
INTRODUCTION TO SQL SERVER:
To create a database determines the name of the database, its owner (the user
who creates the database), its size, and the files and file groups used to store it.
Before creating a database, consider that:
34
Permission to create a database defaults to members of the sysadmin and
dbcreator fixed server roles, although permissions can be granted to other users.
The user who creates the database becomes the owner of the database.
A maximum of 32,767 databases can be created on a server.
The name of the database must follow the rules for identifiers.
Three types of files are used to store a database:
Primary files
These files contain the startup information for the database. The primary files are
also used to store data. Every database has one primary file.
Secondary files
These files hold all the data that does not fit in the primary data file. Databases do
not need secondary data files if the primary file is large enough to hold all the data
in the database. Some databases may be large enough to need multiple secondary
data files, or they may use secondary files on separate disk drives to spread the
data across multiple disks.
Transaction log
These files hold the log information used to recover the database. There must be
at least one transaction log file for each database, although there may be more
than one. The minimum size for a log file is 512 kilobytes (KB).
When a database is created, all the files that comprise the database are filled with zeros to
overwrite any existing data left on the disk by previously deleted files. Although this
means that the files take longer to create, this action prevents the operating system from
having to fill the files with zeros when data is written to the files for the first time during
usual database operations. This improves the performance of day-to-day operations.
35
It is recommended that you specify a maximum size to which the file is permitted to
grow. This prevents the file from growing, as data is added, until disk space is exhausted.
To specify a maximum size for the file, use the MAXSIZE parameter of the CREATE
DATABASE statement or the Restrict filegrowth (MB) option when using the Properties
dialog box in SQL Server Enterprise Manager to create the database.
CREATING DATABASE PLAN:
The first step in creating a database is creating a plan that serves both as a
guide to be used when implementing the database and as a functional specification for the
database after it has been implemented. The complexity and detail of a database design is
dictated by the complexity and size of the database application as well as the user
population.
The nature and complexity of a database application, as well as the
process of planning it, can vary greatly. A database can be relatively simple and designed
for use by a single person, or it can be large and complex and designed, for example, to
handle all the banking transactions for hundreds of thousands of clients. In the first case,
the database design may be little more than a few notes on some scratch paper. In the
latter case, the design may be a formal document with hundreds of pages that contain
every possible detail about the database.
In planning the database, regardless of its size and complexity, use these basic steps:
Gather information.
Identify the objects.
Model the objects.
Identify the types of information for each object.
Identify the relationships between objects.
36
GATHERING INFORMATION:
Before creating a database, you must have a good understanding of the job
the database is expected to perform. If the database is to replace a paper-based or
manually performed information system, the existing system will give you most of the
information you need. It is important to interview everyone involved in the system to find
out what they do and what they need from the database. It is also important to identify
what they want the new system to do, as well as to identify the problems, limitations, and
bottlenecks of any existing system. Collect copies of customer statements, inventory lists,
management reports, and any other documents that are part of the existing system,
because these will be useful to you in designing the database and the interfaces.
IDENTIFYING OBJECTS
During the process of gathering information, you must identify the key
objects or entities that will be managed by the database. The object can be a tangible
thing, such as a person or a product, or it can be a more intangible item, such as a
business transaction, a department in a company, or a payroll period. There are usually a
few primary objects, and after these are identified, the related items become apparent.
Each distinct item in your database should have a corresponding table.
The primary object in the pubs sample database included with Microsoft® SQL Server™
2000 is a book. The objects related to books within this company's business are the
authors who write the books, the publishers who manufacture the books, the stores which
sell them, and the sales transactions performed with the stores. Each of these objects is a
table in the database.
37
Modeling the Objects
As the objects in the system are identified, it is important to record them
in a way that represents the system visually. You can use your database model as a
reference during implementation of the database.
For this purpose, database developers use tools that range in technical complexity from
pencils and scratch paper to word processing or spreadsheet programs, and even to
software programs specifically dedicated to the job of data modeling for database
designs. Whatever tool you decide to use, it is important that you keep it up-to-date.
SQL Server Enterprise Manager includes visual design tools such as the Database
Designer that can be used to design and create objects in the database.
Identifying the Types of Information for Each Object
After the primary objects in the database have been identified as
candidates for tables, the next step is to identify the types of information that must be
stored for each object. These are the columns in the object's table. The columns in a
database table contain a few common types of information:
Raw data columns
These columns store tangible pieces of information, such as names, determined by
a source external to the database.
Categorical columns
These columns classify or group the data and store a limited
selection of data such as true/false, married/single, VP/Director/Group Manager,
and so on.
Identifier columns
38
These columns provide a mechanism to identify each item stored
in the table. These columns often have id or number in their names (for example,
employee_id, invoice_number, and publisher_id). The identifier column is the
primary component used by both users and internal database processing for
gaining access to a row of data in the table. Sometimes the object has a tangible
form of ID used in the table (for example, a social security number), but in most
situations you can define the table so that a reliable, artificial ID can be created
for the row.
Relational or referential columns
These columns establish a link between information in one table
and related information in another table. For example, a table that tracks sales
transactions will commonly have a link to the customer’s table so that the
complete customer information can be associated with the sales transaction.
Identifying the Relationships between Objects
One of the strengths of a relational database is the ability to relate or
associate information about various items in the database. Isolated types of information
can be stored separately, but the database engine can combine data when necessary.
Identifying the relationships between objects in the design process requires looking at the
tables, determining how they are logically related, and adding relational columns that
establish a link from one table to another.
For example, the designer of the pubs database has created tables for titles
and publishers in the database. The titles table contains information for each book: an
identifier column named title_id; raw data columns for the title, the price of the book, and
the publishing date; and some columns with sales information for the book. The table
contains a categorical column named type, which allows the books to be grouped by the
type of content in the book. Each book also has a publisher, but the publisher information
39
is in another table; therefore, the titles table has a pub_id column to store just the ID of
the publisher. When a row of data is added for a book, the publisher ID is stored with the
rest of the book information.
Data Security
One of the functions of a database is to protect the data by preventing
certain users from seeing or changing highly sensitive data and preventing all users from
making costly mistakes. The security system in Microsoft® SQL Server™ 2000 controls
user- access to the data, and user-permissions to perform activities in the database.
Designing Tables
When you design a database, you decide what tables you need, what type
of data goes in each table, which can access each table, and so on. As you create and
work with tables, you continue to make more detailed decisions about them.
The most efficient way to create a table is to define everything you need in the table at
one time, including its data restrictions and additional components. However, you can
also create a basic table, add some data to it, and then work with it for a while. This
approach gives you a chance to see what types of transactions are most common and
what types of data are frequently entered before you commit to a firm design by adding
constraints, indexes, defaults, rules, and other objects.
It is a good idea to outline your plans on paper before creating a table and
its objects. Decisions that must be made include:
Types of data the table will contain.
Columns in the table and the data type (and length, if required) for each column.
Which columns accept null values?
40
Whether and where to use constraints or defaults and rules.
Types of indexes needed, where required, and which columns are primary keys
and which are foreign keys.
Microsoft SQL Server uses features similar to those found in other
databases and some features that are unique. Most of these additional features are made
possible by SQL Server's tight integration with the Windows NT operating system. SQL
Server contains the data storage options and the capability to store and process the same
volume of data as a mainframe or minicomputer.
Like most mainframe or minicomputer databases, SQL Server is a database that has seen
an evolution from its introduction in the mid-1960s until today. Microsoft's SQL Server
is founded in the mature and powerful relational model, currently the preferred model for
data storage and retrieval.
Unlike mainframe and minicomputer databases, a server database is accessed by users--
called clients--from other computer systems rather than from input/output devices, such
as terminals. Mechanisms must be in place for SQL Server to solve problems that arise
from the access of data from perhaps hundreds of computer systems, each of which can
process portions of the database independently from the data on the server. Within the
framework of a client/server database, a server database also requires integration with
communication components of the server in order to enable connections with client
systems. Microsoft SQL Server's client/server connectivity uses the built-in network
components of Windows NT.
Unlike a stand-alone PC database or a traditional mainframe or minicomputer database, a
server database, such as Microsoft SQL Server, adds service-specific middleware
components--such as Open Database Connectivity (ODBC)--on top of the network
components. ODBC enables the interconnection of different client applications without
requiring changes to the server database or other existing client applications.
41
SQL Server also contains many of the front-end tools of PC databases that traditionally
haven't been available as part of either mainframe or minicomputer databases. In addition
to using a dialect of Structured Query Language (SQL), GUI applications can be used for
the storage, retrieval, and administration of the database.
SQL Server permits client applications to control the information retrieved from the
server by using several specialized tools and techniques, including options such as stored
procedures, server-enforced rules, and triggers that permit processing to be done on the
server automatically. You don't have to move all processing to the server, of course; you
still can do appropriate information processing on the client workstation.
Although organizations routinely use SQL Server to manipulate millions of records, SQL
Server provides several tools that help you manage the system and its databases and
tables. The Windows- and command-line-based tools that come with SQL Server allow
you to work with the many aspects of SQL Server. You can use these tools to
1. Perform the administration of the databases
2. Control access to data in the databases
3. Control the manipulation of data in the databases
You also can use a command-line interface to perform all operations with SQL Server.
A key characteristic of SQL Server is that it is a relational database. You must understand
the features of a relational database to effectively understand and access data with SQL
Server. You can't construct successful queries to return data from a relational database
unless you understand the basic features of a relational database.
ADO.NET
ADO.NET is all about data access. Data is generally stored in a
relational database in the form of related tables. Retrieving and manipulating data directly
from a database requires the knowledge of database commands to access the data.
42
Features of ADO.NET
Disconnected data architecture- ADO.NET uses the disconnected
data architecture. Applications connect to the database only while retrieving and updating
data. After data is retrieved, the connection with the database closed. When the database
needs to be updated, the connection is re-established. Working with applications that to
do not follow a disconnected architecture leads to a wastage of valuable system
resources, since the application connect to the database and keeps the connection open
until it stops running, but does not actually interact with the database can cater to the
needs of several applications simultaneously since the interaction is for a shorter
duration.
Data cached in datasets- A dataset is the most common method of
accessing data since it implements a disconnected architecture. Since ADO.NET is based
on a disconnected data structure, it is not possible for the application to interact with the
database for processing each record. Therefore, the data is retrieved and stored in
datasets. A dataset is a cached set of database records. We can work with the records
stored in a dataset as we work with real data; the only difference being that the dataset is
independent of data source and we remain disconnected from the data source.
ADO.NET supports scalability by working with datasets. Datasets
operations are performed on the datasets instead of on the database. As a result, resources
are saved, and the database can meet the increasing demands of users more efficiently.
Data transfer in XML format- XML is the fundamental format for
data transfer in ADO.NET. Data is transferred from a database into a dataset and from
the dataset to another component by using XML. We can even use an XML file as a
data source and store data from it in a dataset. Using XML as the data transfer
language is beneficial as XML is an industry standard format for exchanging information
between different types of applications. The knowledge of XML is not required for
working with ADO.NET since data conversion in the XML and any component that can
read the dataset structure from and to XML is hidden from the user. Since a dataset is
stored can process the data.
43
Interaction with the database is done through data commands – All operations on the
database are performed by using data commands. A data command can be a SQL
statement or a stored procedure. We can retrieve, insert, delete or modify data from a
database by executing data commands.
Introduction for SILVER LIGHT
Microsoft Silver light is an application framework for writing and running rich
Internet applications with emphasis on multimedia, animations, and graphics, with
features and purposes similar to those of Adobe Flash. The run-time environment for
Silver light is available as a plug-in for most web browsers. While early versions of
Silver light focused on streaming media, current versions support multimedia, graphics
and animation, and give developers support for CLI languages and development tools.
The current version 4 was released in April 2010. It is compatible with multiple
web browsers used on Microsoft Windows and Mac OS X operating systems. Mobile
devices, starting with Windows Phone 7 and Symbian (Series 60) phones, are likely to
become supported in 2010.[4] [5] A free software implementation named Moonlight,
developed by Novell in cooperation with Microsoft, is available to bring most Silver light
functionality to Linux, FreeBSD and other open source platforms.
Silver light provides a retained mode graphics system similar to Windows
Presentation Foundation, and integrates multimedia, graphics, animations and
interactivity into a single runtime environment. In Silver light applications, user
interfaces are declared in Extensible Application Markup Language (XAML) and
programmed using a subset of the .NET Framework. XAML can be used for marking up
the vector graphics and animations. Silver light can also be used to create Windows
Sidebar gadgets for Windows Vista.[6]
Silver light supports H.264 video, Advanced Audio Coding, Windows Media
Video (WMV), Windows Media Audio (WMA) and MPEG Layer III (MP3) media
content[7] across all supported browsers without requiring Windows Media Player, the
Windows Media Player ActiveX control or Windows Media browser plug-ins. Because
44
Windows Media Video 9 is an implementation of the Society of Motion Picture and
Television Engineers (SMPTE) VC-1 standard, Silver light also supports VC-1 video.
According to the End user license agreement VC-1 and H.264 are only licensed for the
"personal and non-commercial use of a consumer".[8] Silver light, since version 3,
supports the playback of H.264 video.[9] Silver light makes it possible to dynamically
load Extensible Markup Language (XML) content that can be manipulated through a
Document Object Model (DOM) interface, a technique that is consistent with
conventional Ajax techniques. Silver light exposes a Downloader object which can be
used to download content, like scripts, media assets or other data, as may be required by
the application.[10] With version 2, the programming logic can be written in any .NET
language, including some derivatives of common dynamic programming languages like
Iron Ruby and Iron Python
A Silver light 1.0 application hosted in Internet Explorer. Interactivity is provided
by Silver light, but user input controls are HTML controls overlaid on top of Silver light
content
Silver light 1, which was developed under the codename Windows Presentation
Foundation/Everywhere (WPF/E) and released in 2007, consists of the core presentation
framework, which is responsible for the user interface (UI), interactivity and user input,
basic UI controls, graphics and animation, media playback, Digital rights management
(DRM), and DOM integration.[12] It is made up of the following components:
Input—handling input from devices like keyboard, mouse, stylus etc.
UI core—managing rendering of bitmap images (including compressed raster
images like Joint Photographic Experts Group (JPEG)), vector graphics, text and
animations.
Media—playback of MP3, WMA Standard, WMV7, WMV8 and WMV9/VC-1
streams.
XAML—to allow the UI layout to be created using XAML markup language.
45
A Silver light application starts by invoking the Silver light control from the
HyperText Markup Language (HTML) page, which then loads up a XAML file. The
XAML file contains a Canvas object, which acts as a container for other elements. Silver
light provides various geometrical primitives like lines, ellipses and other shapes, to
elements like text, images, and media, etc. The elements are properly positioned to
achieve the desired layout. Any arbitrary shape can be created as well. These elements
can be animated using Event triggers; some animation effects are predefined, others can
be created as composite of the pre-defined effects. Events like keyboard or mouse
movements can also raise Events which can be handled by custom scripts.
Programmatic manipulation of the UI is achieved by using scripting languages to
modify the Document Object Model of the Silver light Canvas object. To facilitate this,
Silver light exposes a DOM application programming interface (API), accessible from
any scripting language supported by Silver light, which in version 1 release is limited to
JavaScript running in the browser. However, there are no UI widgets built in. The native
widgets of the browser must be overlaid on top of the Silver light Canvas for user input.
Support for data formats is limited to XML and JavaScript Object Notation (JSON) only
Silver light 2:
A Silver light 2 application hosted in Internet Explorer. Version 2 brings
improved interactivity and support for some native .NET languages and development
tools
Silver light 2 (previously referred to as version 1.1) includes a version of the
.NET Framework, implementing the same full Common Language Runtime (CLR)
version as .NET Framework 3.0; so it can execute programs written in any .NET
language. (By default, however, you cannot reference assemblies compiled with the
regular .NET Framework.[citation needed]) Unlike the CLR included with .NET
Framework version 3.5 and earlier, but like .NET Framework 4.0, multiple instances of
the CoreCLR included in Silver light can be hosted in one process. With this, the XAML
layout markup file (.xaml file) can be augmented by code-behind code, written in
46
any .NET language, which contains the programming logic. It can be used to
programmatically manipulate both the Silver light application and the HTML page which
hosts the Silver light control. The XAML markup, as well as the code, is compiled into
.NET assemblies which are then compressed using ZIP and stored in a .xap file.
Silver light ships with a lightweight class library which includes features such as
extensible controls, XML Web Services, networking components and Language
Integrated Query (LINQ) APIs. This class library is a subset of, and is considerably
smaller than, .NET Framework's Base Class Library (BCL). Silver light code runs in a
sandbox, thus preventing the invocation of platform APIs.
Silver light 2 Architecture:
The version of .NET Framework in Silver light adds a subset of Windows
Presentation Foundation (WPF) UI-programming model, including support for shapes,
documents, media and animation objects of WPF. Beta 2 onwards, it ships with more
than 30 UI controls (including TextBox, CheckBox, Slider, ScrollViewer, and Calendar
controls), for two-way databinding support, automated layout management (by means of
StackPanel, Grid, etc.) as well as data-manipulation controls, such as DataGrid and
ListBox. UI controls are skinnable using a template-based approach. Third-party libraries
of expanded UI-control sets are also available.
A set of Silver light controls rendered with different skins
The included BCL provides classes for collections, reflection, regular expressions,
string handling and data access. It also supports LINQ, with full support for LINQ to
Objects and expression trees. Almost all of the System.Linq and System.Linq.Expression
namespaces are exposed. It also supports serialization of objects, for data persistence.
Silver light can handle data in Really Simple Syndication (RSS) or JSON format, in
addition to XML. The BCL provides enhanced support for working with XML data,
47
including the XMLReader and XMLWriter classes. Silver light 2 also supports
asynchronous programming via the use of the threading libraries.
Silver light also includes classes for data access over XML-based Web services,
Representational State Transfer (REST), Windows Communication Foundation (WCF)
Services and ADO.NET Data Services.[18] The networking support in Silver light can be
used by Silver light applications to communicate using Hypertext Transfer Protocol
(HTTP), or at the lower socket level. Cross-domain communication is supported. Silver
light uses an XML-based configuration file to control the cross-domain resource-access
policy, for both HTTP and socket connections. It can be used by site administrators to
control which resources a Silver light application can access, when that application did
not originate in the domain of the site. In addition, Silver light also supports the Adobe
Flash Cross-domain policy file format. Silver light sockets can only initiate a connection;
they cannot listen for connections.
Silver light 2 includes the Dynamic Language Runtime (DLR) which allows
dynamic compilation and execution of dynamic (scripting) languages. Compilers for the
languages based on the DLR (including IronPython and IronRuby) are [to be?] packaged
with the Dynamic Languages application in the .xap package. The Dynamic Languages
software development kit (SDK) includes a web server named Chiron, that can
dynamically package all the dependencies for the Dynamic Languages application and
serve it to the browser. The first upcoming languages written for the DLR are Managed
JScript, IronPython 2.0, and IronRuby. Microsoft also plans to build Visual Basic .NET
10.0 (VBx) on the DLR. All four languages share the same infrastructure, to allow Silver
light to compile and execute the language source. Conversely, other .NET languages
must be compiled ahead-of-time and delivered to Silver light as .NET assemblies. The
implementation of Managed JScript conforms to the ECMAScript 3.0 specification, and
Microsoft asserts that it is 250 times faster than interpreted JScript.
A Python interpreter in Silver light 2 hosted in Mozilla Firefox
48
With the integration of .NET Framework, Silver light also allows HTML-
managed code interaction, which enables the manipulation of HTML DOM elements
from managed code, and permits JavaScript code to call managed code and use objects
instantiated by managed code. Silver light encloses JavaScript objects and DOM
elements in managed wrappers to make them available from managed code. While there
is no provision for calling JavaScript code directly in the 1.1 alpha release, managed-code
events can fire JavaScript handlers. A Silver light instance does not need to have a UI
component in order to manipulate the HTML DOM from managed code. It is done by
creating a XAML Canvas with both width and height set to zero, and using its code-
behind code to modify the Document Object Model of the HTML page via the APIs in
the System.Browser namespace.
Silver light 2 includes Deep Zoom, a technology derived from Microsoft Live
Labs' Seadragon. It allows users to zoom into, or out of, an image (or a collage of
images), with smooth transitions, using the mouse wheel. The images can scale from 2 or
3 megapixels in resolution into the gigapixel range, but the user need not wait for it to be
downloaded entirely; rather, Silver light downloads only the parts in view, optimized for
the zoom level being viewed. Beta 2 onwards, Deep Zoom uses an XML-based file
format.
A Silver light 2 application using DeepZoom, running in Safari 3.1, on Windows
XP
Media features in Silver light 2 include:
WMA Professional support, including WMA 10 Pro low-bitrate modes. However,
multi-channel audio content is still down-converted to stereo output.
Content protection powered by Microsoft PlayReady DRM client.
Server-side playlists in Windows Media Services.
Media Stream Source API.
49
The Media Stream Source is the API responsible for enabling adaptive streaming
of media. Adaptive streaming allows the player application to choose the bit rate of the
media based on available client bandwidth and central processing unit (CPU) resources.
[18] Media Stream Source allows the developer to specify a custom method of retrieving
media data, the only requirement being that the final video and audio streams be
presented to Silver light runtime in a format that Silver light can decode (VC-1, H.264,
WMA, MP3, etc.). This allows extensible support for otherwise natively unsupported file
formats (i.e. MP4, Matroska, Ogg), protocols (i.e. Shoutcast) and delivery methods (i.e.
adaptive streaming, peer-to-peer (P2P)). Microsoft first publicly showcased Media
Stream Source by powering the NBC Olympics website with their own implementation
of adaptive streaming.
Silver light 2 also allows limited filesystem access to Silver light applications. It
can use the operating system's native file dialog box to browse to any file (to which the
user has access). The file is sanitized of path information, to prevent the application from
getting access to information such as user name, and can be opened only in read-only
mode. For local storage of data, Silver light provides isolated local storage (isostorage),
namely, outside the browser cache, in a folder hidden inside the private user-profile
folder. It is set to 1 MB per URL by default, but this can be changed by the user. Data
stored by a Silver light application in the isostorage is identified by the URL from which
it loads, and can be accessed by that application only. All instances of Silver light share
the same isostorage, so all instances of the same Silver light application can share the
saved data, even if they are running on different browsers.
Silver light CoreCLR uses an attribute-based security model, as opposed to the
Code Access Security (CAS) model of the desktop version of .NET Framework.
Assemblies are marked with a security attribute, which can be transparent
(SecurityTransparentAttribute), safecritical (SecuritySafeCriticalAttribute) or critical
(SecurityCriticalAttribute). Methods in transparent assemblies run with partial trust, and
codes within such assemblies cannot call critical methods (methods which can cause
system-wide changes); neither can transparent assemblies contain unverifiable code (use
the unsafe C# keyword or use pointers) or invoke system functions by means of
50
P/Invoke. Code in both critical and safecritical assemblies run with full trust, and are
therefore not subject to such limitations. However, a transparent method can call a
safecritical method, and a safecritical method can call a critical method. In such a case,
the safecritical method will verify that the call is both safe and within the limited rights of
the caller; if so, then the safecritical method will proxy the call to the requested critical
method. In fact, the IsoStorage APIs are exposed as safecritical methods. An assembly
whose security attribute is unset is run as a transparent method. Analogous limitations
also apply to type-inheritance; namely, in the cases of virtual-method calls and interface-
method calls. Silver light assemblies can contain members that are not usable by
CoreCLR, as long as they can be processed by the .NET Framework CLR; such methods
will not be loaded when the assembly is being executed by CoreCLR.
However, only platform code is allowed to be marked as critical or safecritical. The
Silver light runtime ensures that platform assemblies are loaded only from the Silver light
installation directory, and are digitally signed by Microsoft. This effectively means that
user-application assemblies can only be transparent code (run under partial trust and
limited rights). Platform code can be marked with either attribute. The BCL methods of
the .NET Framework, which have the Internet attribute set, allowing them to be called
from untrusted code originating from Internet, are exposed in Silver light BCL as
transparent methods.
Silver light 3
A Silver light 3 application, with one instance running in Google Chrome as well as
installed locally. The start menu icon is also shown.
Silver light 3 was announced at the International Broadcasting Convention (IBC) 2008
show in Amsterdam on September 12, 2008. It was unveiled at MIX09 in Las Vegas on
March 18, 2009.[37] A beta version was made available for download the same day. The
final version was released July 9, 2009.
51
Silver light 3 includes an increased number of controls[38]—including but not limited to
DataGrid, TreeView, various layout panels, DataForm for forms-driven applications and
DataPager for viewing paginated data. Some of these controls are from the Silver light
Toolkit. In addition, Silver light 3 includes a navigation framework to let Silver light
applications use the hyperlinked navigation model as well as enabling deep-linking
(linking directly to specific pages) within Silver light applications.
On the media front, Silver light 3 supports Advanced Audio Coding (AAC) audio
decoding as well as hardware-accelerated H.264 video decoding. Silver light 3 also offers
1080p smooth streaming. The native multimedia pipeline is also programmatically
exposed, so that other formats can also be supported by third-parties using managed code
decoders. Silver light 3 supports perspective 3D which enables 3D transformations of 2D
elements. These transformations, as well as many 2D operations like stretches, alpha
blending etc. are hardware accelerated. Custom animations, including transforms and
blends, can be created on Silver light elements using High Level Shader Language
(HLSL) to make use of pixel shaders. A bitmap API is provided to let Silver light 3
applications manipulate bitmaps. Silver light now uses the graphics processing unit
(GPU) to accelerate the composition of Visual Trees (like WPF, Silver light elements
correspond to Visual elements, which, when coupled with the layout information, forms a
Composition Tree or Visual Tree which is then rendered to form the final display; see
WPF architecture). Visual trees can now be cached; this increases performance in cases
like transforms, which creates lots of throw-away intermediate states, by not making the
state transitions on the main Visual tree. Silver light 3 now also supports ClearType text
rendering.
A Silver light 3 application demonstrating local file access.
UI elements in Silver light 3 supports element-to-element binding—which allows one
element to be bound to the state of another element, as well as a validation mechanism
for data binding. Unlike Silver light 2, which allowed the applications to save files only
to the local isostorage, Silver light 3 applications can save to any location on the file
system via the system Save File dialog. However, the path where the file is saved will
still be hidden from the Silver light application. Any external assemblies used by Silver
52
light applications are cached too so that they need not be redownloaded for subsequent
instantiations of the application.
Silver light 3 also includes a LocalConnection API to communicate (using a named pipe
style model) among multiple running applications on the same machine, irrespective of
the browser and can monitor for network connectivity events. Silver light 3 can
optionally use Binary XML to communicate with WCF services.
Silver light 3 supports Out-of-Browser experiences, i.e., Silver light applications can be
installed to the system for offline access (provided the application manifest is designed to
allow local installation) where they run outside the browser. They are launched using the
Start Menu or desktop shortcuts, and run without the browser window. Applications can
check whether they are running inside a browser or not. When running outside of a
browser, HTML interop is disabled. In addition, access to the Function Keys is enabled.
Locally installed Silver light applications still run in a sandbox.
Installed Silver light 3 applications automatically check for updates asynchronously on
every launch and updates are automatically installed. Running instances of the
applications are informed when updates are available.
Silver light 3 is now listed as a requirement for eFiling income tax returns for free in the
US.
Introduction
a. Purpose
The mainstay of this project is to avoid tremendous attack from malicious
computer programs, CAPTCHA (Completely Automated Public Turing test to tell
Computers and Human Apart) mechanism has been introduced to distinguish humans
and computers.
53
b. Project Scope
A survey conducted in 1999 to figure out in which university graduates of the
department of computer science were the best. Although the voting system could prevent
the same IP address from voting more than once, students from CMU wrote a program to
make the number of votes for CMU go up rapidly. The next day, students from MIT
adopted a similar approach, resulting in that the number of votes for either of these two
universities far exceeded the other universities. Moreover, a report from the Barracuda
Network Security Corporation in the USA said that in 2007 nearly 95% of the mails
received by the world’s Internet users were junk mails. Similar situations are registering
user accounts maliciously, cracking account passwords with brute force, etc. All of these
bring a great threat to the network.
In order to prevent similar incidents from happening again, CAPTCHA
mechanism comes into being, which is short for Completely Automated Public Turing
Test to Tell Computers and Humans Apart. In 2000 Carnegie Mellon University set up
the first CAPTCHA group, followed by many scholars studying CAPTCHA to find how
to better tell between humans and computers apart.
2. Overall Description
a. Product Perspective
CAPTCHA also plays a significant role in limiting usage rate. For example, the
automatic use of a particular service is allowed unless such use goes beyond a certain
extent and affects other users. When that happens, we can limit such usage through the
introduction of CAPTCHA mechanism.
2.2 Product Features
54
Currently, in order to prevent malicious programs from issuing
advertisements or other useless information recklessly, message boards of BBS, blog
and wiki have widely used CAPTCHA mechanism, requiring that users must input
the correct letters to leave a message.
2.3 User Classes and Characteristics
Business System Description:
Development of business system used in a mobile terminal made its able to
complete goods purchase and sale on a mobile platform, merchandise information can be
updated timely, and furthermore it could share the server with Internet commerce
platform to form a complete e-Commerce business system. Therefore, the key concern is
client register and login, merchandise inquiries, order entry; data update these four areas,
respectively to achieve system sign-on, goods checking, orders placing and submit to the
node database
System Architecture design:
Architecture of mobile e-Commerce system mainly includes the server-side, client
and communication network. Server-side hardware uses PC-server, system software uses
Pre-installed with IIS, Windows Server 2000 or Windows Server 2003 operation system,
database software uses SQL Server 2000; also it deploys server-side application and be in
charge of certifying that a user login and processing of business data. Client hardware
devices use Pocket PC; system software uses Windows Mobile operation system;
database software uses SQL Server CE and deploys the mobile system applications. In
behalf of fully access service, we use GPRS, WiFi, ActiveSync to attain data
communication, and use RDA technology of SQL Server and Web Service technology to
55
exchange data, besides, data archiving module technology uses RDA for data
synchronization.
Application Design and Analysis:
Character Layer:
Implementation of Character Layer is very simple, as described below:
1. Determination of the number of characters. CAPTCHA often consists of 4-7
characters, and we choose the minimum length 4.
2. Random selection of characters. Our program randomly chooses 4 characters
from a total of 62 characters consisting of 26 lowercase letters, 26 uppercase
letters and 10 Arabic numerals.
3. Determination of character attributes. Optional character attributes are size, font,
color, tilt, twist, spin, etc. In the same CAPTCHA, a variety of fonts or different
sizes can easily increase the difficulty of attack
Background Interference Layer:
The background interference of this design can include not only background color
transformation and messy pixels or characters, etc, traditional interference sources used
in 2D static images, but also light, smoke and texture rendering, etc, new interference
sources used in 3D dynamic videos. In this case, we combine the interference point and
the interference character, randomly selecting some regions and generating a lot of
interference points as well as an interference character.
Foreground Interference Layer:
Different with the background interference layer, the foreground interference
is to make the identifying characters in the character layer incomplete, further increasing
56
difficulty of attack whether using single frame or multiple frames. Foreground
interference involves character interference, line interference and point interference. In
this case we combine all three together.
2.5 Design and Implementation Constraints
2.5.1 Constraints in Analysis
Constraints as Informal Text
Constraints as Operational Restrictions
Constraints Integrated in Existing Model Concepts
Constraints as a Separate Concept
Constraints Implied by the Model Structure
2.5.2 Constraints in Design
Determination of the Involved Classes
Determination of the Involved Objects
Determination of the Involved Actions
Determination of the Require Clauses
Global actions and Constraint Realization
2.5.3 Constraints in Implementation
A hierarchical structuring of relations may result in more classes and a more
complicated structure to implement. Therefore it is advisable to transform the
hierarchical relation structure to a simpler structure such as a classical flat one.
It is rather straightforward to transform the developed hierarchical model into a
bipartite, flat model, consisting of classes on the one hand and flat relations on
57
the other. Flat relations are preferred at the design level for reasons of
simplicity and implementation ease. There is no identity or functionality
associated with a flat relation. A flat relation corresponds with the relation
concept of entity-relationship modeling and many object oriented methods.
System Features
In order to make it easy for humans to identify, images of traditional static
CAPTCHA just contain sufficient valid information. However, the easier it is for humans
to identify, the less security it bears in general. So we can not help thinking that if we
distribute the valid information among multiple frames according to certain rules to make
every single frame difficult to identify, and that if we can also make sure that it is still
very difficult for computer programs to crack even using multiple frames, as well as easy
for humans to identify, then the new design can pursue a better balance between security
and racticality.
3. External Interface Requirements
a. User Interfaces
o User Interfaces are Graphical User Interfaces in this product.
o Users are communicated with Buttons to clear the content or send data to the destination.
o User can enter the data through the textbox.
o User can interact with text area to enter the multiple line of text.
b. Hardware Interfaces
58
Ethernet Ethernet on the AS/400 supports TCP/IP, Advanced Peer-to-Peer Networking
(APPN) and advanced program-to-program communications (APPC).
ISDN
You can connect your AS/400 to an Integrated Services Digital Network
(ISDN) for faster, more accurate data transmission. An ISDN is a public or
private digital communications network that can support data, fax, image, and
other services over the same physical interface. Also, you can use other protocols
on ISDN, such as IDLC and X.25.
c. Software Interfaces
1) This software is interacted with the TCP/IP protocol.
2) This product is interacted with the Socket and listening on unused ports.
3) This product is interacted with the ServerSocket and listening on unused
ports.
4) This product is interacted with JDK 1.5
d. Communication Interfaces
The TCP/IP protocol will be used to facilitate communications between the client and server.
5) Other Nonfunctional Requirements
5.1 Performance Requirements
59
The maximum satisfactory response time to be experienced most of the
time for each distinct type of user-computer interaction, along with a definition of most
of the time. Response time is measured from the time that the user performs the action
that says "Go" until the user receives enough feedback from the computer to continue the
task. It is the user's subjective wait time. It is not from entry to a subroutine until the first
write statement. If the user denies interest in response time and indicates that only the
result is of interest, you can ask whether "ten times your current estimate of stand-alone
execution time" would be acceptable. If the answer is "yes," you can proceed to discuss
throughput. Otherwise, you can continue the discussion of response time with the user's
full attention. The response time that is minimally acceptable the rest of the time. A
longer response time can cause users to think the system is down. You also need to
specify rest of the time; for example, the peak minute of a day, 1 percent of interactions.
Response time degradations can be more costly or painful at a particular time of the day.
5.2 Safety Requirements
The software may be safety-critical. If so, there are issues associated with its
integrity level. The software may not be safety-critical although it forms part of a safety-
critical system. For example, software may simply log transactions. If a system must be
of a high integrity level and if the software is shown to be of that integrity level, then the
hardware must be at least of the same integrity level. There is little point in producing
'perfect' code in some language if hardware and system software (in widest sense) are not
reliable. If a computer system is to run software of a high integrity level then that system
should not at the same time accommodate software of a lower integrity level. Systems
with different requirements for safety levels must be separated. Otherwise, the highest
level of integrity required must be applied to all systems in the same environment.
5.3 Security Requirements
60
Do not block the some available ports through the windows firewall
Two machines should be connected with LAN setting.
5.4 Software Quality Attributes
Functionality: are the required functions available, including Interoperability and
security
Reliability: maturity, fault tolerance and recoverability
Usability: how easy it is to understand, learn, and operate the software System
Efficiency: performance and resource behavior.
Maintainability: Maintaining the software.
Portability: can the software easily be transferred to another environment, Including
install ability
CHAPTER 4
Architecture:
61
4.1 Sequence Diagram:
Character Layer
(A-Z|a-z|0-9)
Background Interference Layer (Image, Noise)
Foreground Interference Layer (Special Characters)
62
User Application Server
Request Invoke
Generate codeSend Code
Display code
Identify code
Type verification Send Verification
Verify code
Respond
Respond
4.2 Use Case Diagram
63
User
Register
Identify Code
Enter Verification code
Login
Verify code
Generate Verification code
System
4.3 Activity Diagram
64
Collaboration Diagram:
65
User Application
Server
1:
2:
3: 4:
5:
6:
7:
8:
9: 10:
11:
66
DATA FLOW DIAGRAM:
67
Class Diagram
68
CHAPTER 5
69
SYSTEM DESIGN
5.1 MODULES
1. Character Layer
2. Background Interference Layer
3. Foreground Layer
5.2 MODULE EXPLANATION:
Character Layer:
Implementation of Character Layer is very simple, as described below:
1. Determination of the number of characters. CAPTCHA often consists of 4-7
characters, and we choose the minimum length 4.
2. Random selection of characters. Our program randomly chooses 4 characters
from a total of 62 characters consisting of 26 lowercase letters, 26 uppercase
letters and 10 Arabic numerals.
3. Determination of character attributes. Optional character attributes are size, font,
color, tilt, twist, spin, etc. In the same CAPTCHA, a variety of fonts or different
sizes can easily increase the difficulty of attack
Background Interference Layer:
The background interference of this design can include not only background
color transformation and messy pixels or characters, etc, traditional interference sources
used in 2D static images, but also light, smoke and texture rendering, etc, new
interference sources used in 3D dynamic videos. In this case, we combine the
interference point and the interference character, randomly selecting some regions and
generating a lot of interference points as well as an interference character.
Foreground Interference Layer:
70
Different with the background interference layer, the foreground interference
is to make the identifying characters in the character layer incomplete, further increasing
difficulty of attack whether using single frame or multiple frames. Foreground
interference involves character interference, line interference and point interference. In
this case we combine all three together.
CHAPTER 6
VERIFICATION AND VALIDATION
Once the program exists, we must test it to see if it is free of bugs.
High quality products must meet user’s needs and expectations. Further more the product
should attain this with minimal or no defects, the focus being on improving products
prior to delivery rather than correcting them after delivery. The ultimate goal of building
high quality software is user’s satisfaction.
There are two basic approaches to system testing.
Validation is the task of predicting correspondence, which cannot be determined until
this system is in place.
Verification is the exercise of determining correctness.
Testing strategies
The extent of testing a system is controlled by many factors, such as the risk involved, the
limitations of the resources and deadlines. We deploy a testing strategy that does the best
job of finding the defects in the product within the given constraints. The different testing
strategies are:
Black Box Testing:
The concept of black box testing is used to represent the system whose
inside workings are not available for inspection. In black box testing, we try various
inputs and examine the resulting outputs. Black box testing works very nicely in testing
71
objects in object oriented environment. For inspection the input and output are defined
through use cases or other analysis information.
White Box Testing:
White box testing assumes that the specific logic is important and must
be tested to guarantee the systems proper functioning. The main use of the white box id
the error based testing. In a white box testing, the bugs are looked for that have a low
probability of execution that have been overlooked previously. It is also known as path
testing.
There are two types of path testing:
Statement testing coverage: where every statement in the objects method is covered by
executing it at least once.
Branch testing coverage: it is to perform enough tests to ensure that every branch
alternative is executed at least once.
Top down testing
A top-down strategy supports the user interface and event driven system. This serves two
purposes; first the top down approach can test navigation through screens and verify that
it matches the requirement. Second, users at the early stage can see how the final
application will look and feel.
Bottom up testing
Bottom up testing starts with the details of the system and proceeds to higher levels by a
progressive aggregation of details until they collectively fit requirements of the system.
In this testing the methods and classes which are independent are tested.
Source Code
72
Screenshots:
73
REFERENCES
[1] JIN Hai-kun, DU Wen-jie SHA Li-min. Research on security model with Chinese
CAPTCHA [J]. Computer Engineering and Design, 2006,27(6): 985-987 (in Chinese).
74
[2] Luis von Ahn, Manuel Blum, Nicholas J, Hopper and John Langford,The CAPTCHA
Web Page: http://www.captcha.net, 2000.
[3] Luis von Ahn, Manuel Blum and John Langford, Telling Humans and Computers
Apart Automatically: How Lazy Cryptographers do AI, In Communications of the ACM,
2004.
[4] L. von Ahn, M. Blum, N. Hopper, and J. Langford. CAPTCHA: Using hard AI
problems for security. In Proceedings of Eurocrypt, 2003, 2003.
[5] HU Jin-rong, WANG Ling. Technique of randomized question reading CAPTCHA
based on character feature [J]. Computer Engineering and Design, 2008, 29(7): 1619-
1621 (in Chinese).
[6] R. Datta, J. Li, and J. Z. Wang. IMAGINATION: a robust image-based CAPTCHA
generation system. Proc. of 13th ACM Int. Conf. on Multimedia (MULTIMEDIA 05),
pp. 331–334, November 2005.
[7] J. Elson, J. R. Douceur, J. Howell, and J. Saul. ASIRRA: a CAPTCHA that exploits
interest-aligned manual image categorization. Proc. of 14th ACM Conf. on Computer and
Communications Security (CCS 2007),pp. 366–374, October – November 2007.
[8] G. Kochanski, D. Lopresti, and C. Shih. A Reverse Turing Test Using Speech. Proc.
of 7th Int. Conf. on Spoken Language Processing, pp.1357–1360, September 2002.
[9] M. Chew and J. Tygar. Collaborative filtering CAPTCHAs. Proc. Of 2nd Int.
Workshop on Human Interactive Proofs (HIP 2005), vol. 3517 of Lecture Notes in
Computer Science, pp. 66–81, May 2005.
[10] Lin Hongwen, Tu Dan, and Li Guohui. Moving Objects Detection Method Based on
Statistical Background Model. Computer Engineering,Vol.29, No.16, p97-99, September
2003 (in Chinese).
[11] Luo Yanlin, Luo Yuejia. Research Status Of Brain Mechanism Of Visual Motion
Perception [J]. Advances in Psychological Science, 2003,11(2): 132-135 (in Chinese).
75
[12] http://img.bimg.126.net/photo/i0qg9hqHVxtd_gp86Szrdg==/256902211
2438987652.jpg. September 2009.
76