WAREHOUSE EXECUTIVE PROGRESSION

Project report submitted in partial fulfillment of the requirements For the award of the degree of BACHELOR OF SCIENCE IN SOFTWARE to

MADURAI KAMARAJ UNIVERSITY, MADURAI

Submitted by S.SUGANYA (Reg.No:B0124917)

Under the guidance of

MISS.S.Sharmila Jeyarani Assistant professor

M.Sc., M.Phil,

DEPARTMENT OF SOFTWARE
N.P.R. ARTS AND SCIENCE COLLEGE NATHAM 2010-2013

BONAFIDE CERTIFICATE

This is to certify that the project titledE-DOCUMENT PROTECTING is the bonafid record work done by S.SUGANYA(REG NO: B0124917) in partial fulfillment of the requirement for the award of the Degree of Bachelor of software during the year 2010-2013 and this project represents the original work of the candidates.

INTERNAL GUIDE

HEAD OF THE DEPT, DEPARTMENT OF SOFTWARE

Submitted for the viva voce examination held on________

EXTERNAL EXAMINER

DECLARATION

I hereby declare that the project entitled E-DOCUMENT PROTECTING is developed in N.P.R.ARTS AND SCIENCE COLLEGE,NATHAM. This project report is originally prepared by me and carried out under the guidance of MISS.S.SHARMILA JEYARANI M.C.A.,M.phil.,N.P.R.ARTS AND SCIENCE COLLEGE, NATHAM for the partial fulfillment of Bachelor of Science in Software.

S.SUGANYA (Reg.No:B0124917)

ACKNOWLEDGEMENT
3

First and foremost, thank our almighty, good for showing his grace and balancing on to finish this project in a successful way. I am kindly thanking our management for providing me all kind of facilities at right time for completing my projects. I express my heartfelt thanks to our beloved principal Dr.P.SARAVANAN., M.Sc, Ph.D., for giving me an opportunity to undergo this project work. I taking this great opportunity to express my immense pleasure with heartful gratitude to Mr.A.KUMARA VADIVELAN, M.C.A., HOD Department of software for his kindly guidance & providing all necessary facilities at the right time for completing my project. I express my heartfelt thanks to our class In Charge Mrs.P.CHITRADEVI M.C.A.,M.Phil.,B.Ed(cs) assistant professor, Department of Software for her excellent suggestion and guidance. This project would not been possible without the motivation and guidance of our internal guide, MISS.S.SHRMILA JEYARANI.,M.C.A., M.Phil., N.P.R ARTS AND SCIENCE COLLEGE, NATHAM, assistant professor, Department of Software. They were backbone of our project and gave as encouragement and moral support to finish this project. Finally, I express my high thankfulness to my parents, brother and my friends for their help and encouragement throughout the successful completion of my project work.

S.SUGANYA (Reg.No:B0124917)

INDEX

S.No 1

Content INTRODUCTION 1.1 About the project 2 SYSTEM ANALYSIS 2.1 Feasibility Study 2.2 Existing System 2.3 Proposed System 3 2.4 SDLC SYSTEM ENVIRONMENT 3.1 Hardware Requirement 3.2 Software Requirement 3.3 Software Description 3.3.1 Front End 4 3.3.2 Back End SYSTEM DESIGN 4.1 System flow Diagram 4.2 Data flow diagram 4.3 Database Design 5 4.4 Input Output Design SYSTEM DESCRIPTION 5.1 Module Description 6 SYSTEM TESTING & IMPLEMENTATION 6.1 System Implementation 7 8 9 10 6.2 System Testing CONCLUSION FUTURE ENHANCEMENTS BIBILIOGRAPHY APPENDIX 10.1 SCREEN LAYOUT 10.2 SAMPLE CODING

Page No

1.21OBJECTIVES

This project is used to reduce the workload of the server. It provides secure document service for online book published and seller. This project is designed as a middleman between the client and the website. This project provides all kinds of services to the publisher.

1. INTRODUCTION

1.1 About

the project

Authenticity is based on the identity of some entity. This entity has to prove that it is genuine. In many Network applications the identity of participating entities is simply determined by their names or addresses. High level create, understand, and maintain than name lists. Assuming an entity wants to spoof the identity of some other entity, it is enough to change the mapping between its low level address and its high level name. It means that an attacker can fake the name of someone by modifying the association of his address from his own name to the name he wants to impersonate. Once an attacker has done that, an authenticator can no longer distinguish between the true and fake entity. Encryption is also referred as the cipher text; it is nothing but the process of converting some information into unreadable format to get protected from the unauthorized users. The text that is encrypted can be decrypted into readable format using a secret key. This process can also be referred as enciphering when the information is converted into unintelligible format using the translation tables and algorithms. The process of converting the information is also called as reversible translation. This cipher text which is converted into unreadable format is again re-converted into plain text to make it readable and this process is called as decryption or deciphering. Cryptographic systems are divided into symmetric key systems, in other words it is described as the systems of cryptography are broadly classified into symmetric key systems.
9

applications

use

mainly names for authentication purposes, because address lists are much harder to

In a system if information is to be shared between the sender and the receiver then the process of encryption and decryption of the information is done by using a single key that known to both the sender and the receiver. The sender of the message uses the private key and the public key whereas the receiver uses the private key alone.

The process of encryption and decryption is done based on the algorithms and so appropriate algorithms are required for these processes. The sender uses a key to encrypt a plain text into unreadable format or chipper text. Then the receiver should use the same key used by the sender to decrypt the encrypted text to convert into plain text again.

This process of encrypting and decrypting is done using an algorithm called symmetric key crypto graphic algorithm. The best examples for symmetric key encryption are blowfish and data encryption standard (DES). The encrypted public key algorithm in the conversion of plain text, in this process the sender uses the public key to encrypt the plain text into cipher text and that text when received by the receiver then a private key owned particularly is used to decrypt the cipher text into plain text. There are some examples for the public key encryption algorithms and they are Elliptic Curve Cryptograph (ECC) and RSA. Cryptography plays a major role in security issues of multicasting.

10

SYSTEM ANALYSIS

11

2.SYSTEM ANALYSIS 2.1 FEASIBILITY STUDY

Feasibility study has three aspects. They are 2.1.1 Technical Feasibility 2.1.2Economic Feasibility 2.1.3 Operational Feasibility 2.1. 1 Technical Feasibility In Technical Feasibility, the following issues are taken into consideration.

Whether the required technology is available or not Whether the required resources are available. The resources considered here are Manpower, Software and Hardware. Our project had the required man power, software and hardware. Hence our project is technical feasible. Once the technical feasibility is established, it is important to consider the monetary factors also. Since it might happen that developing a particular project may be technically possible but it may require huge investments and benefits may be less. For evaluating this, economic feasibility of the proposed system is carried out. 2.1. 2 Economic Feasibility

Economic Feasibility is the most frequently used method for evaluating the effectiveness of a system. There should be sufficient benefits in creating the system and the costs must be acceptable. Such a system is economically feasible. Our project is also economically feasible.

12

2.1.3 Operational Feasibility Operational Feasibility is a measure of how well the solution of problems or a specific alternative solution will work in an organization. It is also a measure of how the people feel about the system. Operational Feasibility criteria measure the urgency of the problem or acceptability of a solution. Proposed systems are beneficial only if they turned into information system that will meet the organizations operating requirements. Operational feasibility is a consideration about the working of the system after installation in the company. Simply stated, this system asks if the system will work when it is developed and installed. Our project is operationally feasible.

13

2.2 EXISTING SYSTEM:

The existing system is manually maintained.

It uses password for key generation. Since it uses password it is necessary to provide two Prime numbers to

generate Key Pair which results in Mathematical and Brute force attack. It sends the Private key through the Network. Time consumption Low reliability DISADVANTAGES Error prone Less operational speed
Low speed communication

2.3 PROPOSED SYSTEM:

Taking the above prevailing system into consideration the best solution is using Pseudo Random Number Generator for generating Key Pair in a quick and more secured manner. SHA-1 for producing We use MD5 (or) Message Digest and Compressing the message. Signature is created using Private Key and Message Digest which is transmitted along with the Public Key. The transfer of the packets from each System to System is shown using Graphical User Interface (GUI).

Introduction to the Software Development Life Cycle (SDLC)

This section of the document will describe the Software Development Life Cycle (SDLC) for small to medium database application development efforts. This chapter presents an overview of the SDLC, alternate lifecycle models, and associated references. This chapter also describes the 14

internal processes that are common across all stages of the SDLC and describes the inputs, outputs, and processes of each stage. The SDLC Waterfall Small to medium database software projects are generally broken down into six stages:

The relationship of each stage to the others can be roughly described as a waterfall, where the outputs from a specific stage serve as the initial inputs for the following stage. To follow the waterfall model, one proceeds from one phase to the next in a purely sequential manner. For example, After completing the Project Planning phase, one will be completing the "requirements definitions" phase. When and only when the requirements are fully completed, one proceeds to design. This design should be a plan for implementing the requirements given. When and only when the design is fully completed, an implementation of that design is made by coders. Towards the later stages of this implementation phase, disparate software components produced by different teams are integrated. After the implementation and integration phases are complete, the software product is tested and debugged; any faults introduced in earlier phases are removed here. Then the software product is installed, and later maintained to introduce new functionality and remove bugs. 15

Thus the waterfall model maintains that one should move to a phase only when its proceeding phase is completed and perfected. Phases of development in the waterfall model are thus discrete, and there is no jumping back and forth or overlap between them. The central idea behind the waterfall model - time spent early on making sure that requirements and design are absolutely correct is very useful in economic terms (it will save you much time and effort later). One should also make sure that each phase is 100% complete and absolutely correct before proceeding to the next phase of program creation. It is argued that the waterfall model in general can be suited to software projects which are stable (especially with unchanging requirements) and where it is possible and likely that designers will be able to fully predict problem areas of the system and produce a correct design before implementation is started. The waterfall model also requires that implementers follow the well made, complete design accurately, ensuring that the integration of the system proceeds smoothly. The waterfall model however is argued by many to be a bad idea in practice, mainly because of their belief that it is impossible to get one phase of a software product's lifecycle "perfected" before moving on to the next phases and learning from them (or at least, the belief that this is impossible for any non-trivial program). For example clients may not be aware of exactly what requirements they want before they see a working prototype and can comment upon it - they may change their requirements constantly, and program designers and implementers may have little control over this. If clients change their requirements after a design is finished, that design must be modified to accommodate the new requirements, invalidating quite a good deal of effort if overly large amounts of time have been invested into the model. In response to the perceived problems with the "pure" waterfall model, many modified waterfall models have been introduced namely Royce's final model, sashimi model, and other alternative models. These models may address some or all of the criticism of the "pure" waterfall model.

16

There are other alternate SDLC models such as Spiral and V which have been explained in the later part of this chapter. After the project is completed, the Primary Developer Representative (PDR) and Primary EndUser Representative (PER), in concert with other customer and development team personnel develop a list of recommendations for enhancement of the current software. Prototypes The software development team, to clarify requirements and/or design elements, may generate mockups and prototypes of screens, reports, and processes. Although some of the prototypes may appear to be very substantial, they're generally similar to a movie set: everything looks good from the front but there's nothing in the back. When a prototype is generated, the developer produces the minimum amount of code necessary to clarify the requirements or design elements under consideration. No effort is made to comply with coding standards, provide robust error management or integrate with other database tables or modules. As a result, it is generally more expensive to retrofit a prototype with the necessary elements to produce a production module than it is to develop the module from scratch using the final system design document. For these reasons, prototypes are never intended for business use, and are generally crippled in one way or another to prevent them from being mistakenly used as production modules by end-users. Allowed Variations In some cases, additional information is made available to the development team that requires changes in the outputs of previous stages. In this case, the development effort is usually suspended until the changes can be reconciled with the current design, and the new results are passed down the waterfall until the project reaches the point where it was suspended. The PER and PDR may, at their discretion, allow the development effort to continue while previous stage deliverables are updated in cases where the impacts are minimal and strictly limited in scope. In this case, the changes must be carefully tracked to make sure all their impacts are appropriately handled.

17

Other SDLC Models Apart from the waterfall model other popular SDLC modules are the Spiral model and V model which have been explained in this section. Spiral Lifecycle

The spiral model starts with an initial pass through a standard waterfall lifecycle, using a subset of the total requirements to develop a robust prototype. After an evaluation period, the cycle is initiated again, adding new functionality and releasing the next prototype. This process continues with the prototype becoming larger and larger with each iteration, hence the spiral. The Spiral model is used most often in large projects and needs constant review to stay on target. For smaller projects, the concept of agile software development is becoming a viable alternative. Agile software development tends to be rather more extreme in their approach than the spiral model. 18

The theory is that the set of requirements is hierarchical in nature, with additional functionality building on the first efforts. This is a sound practice for systems where the entire problem is well defined from the start, such as modeling and simulating software. Business-oriented database projects do not enjoy this advantage. Most of the functions in a database solution are essentially independent of one another, although they may make use of common data. As a result, the prototype suffers from the same flaws as the prototyping lifecycle. For this reason, the software development teams usually decide against the use of the spiral lifecycle for database projects. V-Model

The V-model was originally developed from the waterfall software process model. The four main process phases requirements, specification, design and Implementation have a corresponding verification and validation testing phase. Implementation of modules is tested by unit testing, system design is tested by Integration testing, system specifications are tested by system testing and finally Acceptance testing verifies the requirements. The V-model gets its name from the timing of the phases. Starting from the requirements, the system is developed one phase at a time until the lowest phase, the implementation phase, is finished. At this stage testing begins, starting from unit testing and moving up one test level at a time until the acceptance testing phase is completed. During development stage the program will be tested at all levels simultaneously.

V-Model

19

The different levels in V-Model are unit tests, integration tests, system tests and acceptance test. The unit tests and integration tests ensure that the system design is followed in the code. The system and acceptance tests ensure that the system does what the customer wants it to do. The test levels are planned so that each level tests different aspects of the program and so that the testing levels are independent of each other. The traditional V-model states that testing at a higher level is started only when the previous test level is completed. Verification and Validation

Verification: Are we building the product right? The software should conform to its specification. The process of evaluating a system or component to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase and form formal proof of program correctness. Validation: Are we building the right product? The software should do what the user really requires. The process of evaluating a system or component during or at the end of the development process to determine whether it satisfies specified requirements. The V & V process V & V is a whole life-cycle process and it must be applied at each stage in the software process. It has two principal objectives The discovery of defects in a system The assessment of whether or not the system is usable in an operational situation.

Verification Vs Validation

Verification Validation Am I building the product right Am I building the right product The review of interim work steps and Determining if the system complies with the interim deliverables during a project to requirements and performs functions for which ensure they are acceptable. To it is intended and meets the organizations determine if the system is consistent, goals and user needs. It is traditional and is adheres to standards, uses reliable performed at the end of the project. techniques and prudent practices, and 20

performs the selected functions in the correct manner. Am I accessing the data right (in the Am I accessing the right data (in terms of the right place; in the right way) data required to satisfy the requirement) Low level activity High level activity Performed during development on key Performed after a work product is produced artifacts, like walkthroughs, reviews against established criteria ensuring that the and inspections, mentor feedback, product integrates correctly into the training, checklists and standards environment Demonstration of consistency, Determination of correctness of the final completeness, and correctness of the software product by a development project software at each stage and between each with stage of the development life cycle. respect to the user needs and requirements

2.4SOFTWARE DEVELOPMENT LIFECYCLE

The software methodology followed in this project includes the object oriented methodology and the application system development methodologies. The description of these methodologies is given below.

Application System Development A Life cycle Approach:

Although there are a growing number of applications (such as decision support systems) that should be developed using an experimental process strategy such as prototyping, a significant amount of new development work continue to involve major operational applications of broad scope. The application systems are large highly structured. User task comprehension and developer task proficiency is usually high. These factors suggest a linear or iterative assurance strategy. The most common method for this stage class of
21

problems is a system development life cycle modal in which each stage of development is well defined and has straightforward requirements for deliverables, feedback and sign off. The system development life cycle is described in detail since it continues to be an appropriate methodology for a significant part of new development work. The basic idea of the system development life cycle is that there is a well-defined process by which an application is conceived and developed and implemented. The life cycle gives structure to a creative process. In order to manage and control the development effort, it is necessary to know what should have been done, what has been done, and what has yet to be accomplished. The phrases in the system development life cycle provide a basis for management and control because they define segments of the flow of work, which can be identified for managerial purposes and specifies the documents or other deliverables to be produced in each phase. The phases in the life cycle for information system development are described differently by different writers, but the differences are primarily in the amount of necessity and manner of categorization. There is a general agreement on the flow of development steps and the necessity for control procedures at each stage. The information system development cycle for an application consists of three major stages. Definition. Development. Installation and operation. The first stage of the process, which defines the information

requirements for a feasible cost effective system. The requirements are then translated into a physical system of forms, procedures, programs etc., by the system design, computer programming and procedure development. The resulting system is test and put into operation. No system is perfect so there is
22

always a need for maintenance changes. To complete the cycle, there should be a post audit of the system to evaluate how well it performs and how well it meets the cost and performance specifications. The stages of definition, development and installation and operation can therefore be divided into smaller steps or phrases as follows.

DEFINITION:

Proposed definition applications.

preparation of request for proposed

Feasibility assessment : evaluation of feasibility and cost benefit of proposed system.

Information requirement analysis: determination of information needed.

DESIGN:

Conceptual design development.

User-oriented design of application

23

Physical system design applications specification. processing

: Detailed design of flows and processes in system and preparation of program

DEVELOPMENT:

Program development Procedure development user instructions.

: coding and testing of computer programs. : design of procedures and preparation of

INSTALLATION AND OPERATION:

Conversion Operation and maintenance: maintenance Post audit : Evaluation of development process, application system and results of use at the completion of the each phase, formal approval sign-off is required from the users as well as from the manager of the project development. : final system test and conversion. Month to month operation and

3.SYSTEM REQUIREMENTS
3.1 Hardware Requirements
24

Processor Hard Disk RAM Monitor Keyboard Mouse

: : : : : :

Intel Core 2 DUO processor 3 GHZ 500 GB HDD 2 GB RAM 15.5 LCD Monitor Multimedia Keyboard Optical Mouse

3.2Software Requirements
Operating environment : Front end Back end : : Windows XP Vb.Net MS SQL 2000

3. 3SOFTWARE OVERVIEW
3.1 .NET Framework
.NET Framework 25

From Wikipedia, the free encyclopedia Jump to: navigation, search This article is about the Microsoft technology. For the top-level domain, see .net. For other uses, see .NET. .NET Framework Developer(s) Microsoft Initial release 13 February 2002; 11 years ago Stable release 4.5 (4.5.50709) / 15 August 2012; 6 months ago Operating system Windows 98 or later, Windows NT 4.0 or later Type Software framework License Proprietary; BCL under Microsoft Reference Source License[1] Website www.microsoft.com/net The .NET Framework (pronounced dot net) is a software framework developed by Microsoft that runs primarily on Microsoft Windows. It includes a large library and provides language interoperability (each language can use code written in other languages) across several programming languages. Programs written for the .NET Framework execute in a software environment (as contrasted to hardware environment), known as the Common Language Runtime (CLR), an application virtual machine that provides services such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework. The .NET Framework's Base Class Library provides user interface, data access, database connectivity, cryptography, web application development, numeric algorithms, and network communications. Programmers produce software by combining their own source code with the .NET Framework and other libraries. The .NET Framework is intended to be used by most new applications created for the Windows platform. Microsoft also produces an integrated development environment largely for .NET software called Visual Studio.Contents [hide] 1 History 2 Design features 3 Architecture 3.1 Common Language Infrastructure (CLI) 3.2 Security 3.3 Class library 3.4 Memory management 4 Standardization and licensing 5 Alternative implementations 6 Criticism 6.1 Performance 6.2 Security 6.3 Availability 7 References 8 External links [edit] History Main article: .NET Framework version history

26

Microsoft started development of the .NET Framework in the late 1990s, originally under the name of Next Generation Windows Services (NGWS). By late 2000 the first beta versions of .NET 1.0 were released. Version 3.0 of the .NET Framework is included with Windows Server 2008 and Windows Vista. Version 3.5 is included with Windows 7 and Windows Server 2008 R2, and can also be installed on Windows XP and Windows Server 2003.[2] On 12 April 2010, .NET Framework 4 was released alongside Visual Studio 2010. The .NET Framework family also includes two versions for mobile or embedded device use. A reduced version of the framework, the .NET Compact Framework, is available on Windows CE platforms, including Windows Mobile devices such as smartphones. Additionally, the .NET Micro Framework is targeted at severely resource-constrained devices. Overview of .NET Framework release historyGeneration Version number Release date Development tool Distributed with 1.0 1.0.3705.0 13 February 2002 Visual Studio .NET N/A 1.1 1.1.4322.573 24 April 2003 Visual Studio .NET 2003 Windows Server 2003 2.0 2.0.50727.42 7 November 2005 Visual Studio 2005 Windows Server 2003 R2 3.0 3.0.4506.30 6 November 2006 Expression Blend Windows Vista, Windows Server 2008 3.5 3.5.21022.8 19 November 2007 Visual Studio 2008 Windows 7, Windows Server 2008 R2 4.0 4.0.30319.1 12 April 2010 Visual Studio 2010 N/A 4.5 4.5.50709.17929 15 August 2012 Visual Studio 2012 Windows 8, Windows Server 2012 view talk edit [edit] Design features Interoperability Because computer systems commonly require interaction between newer and older applications, the .NET Framework provides means to access functionality implemented in newer and older programs that execute outside the .NET environment. Access to COM components is provided in the System.Runtime.InteropServices and System.EnterpriseServices namespaces of the framework; access to other functionality is achieved using the P/Invoke feature. Common Language Runtime engine The Common Language Runtime (CLR) serves as the execution engine of the .NET Framework. All .NET programs execute under the supervision of the CLR, guaranteeing certain properties and behaviors in the areas of memory management, security, and exception handling. Language independence The .NET Framework introduces a Common Type System, or CTS. The CTS specification defines all possible datatypes and programming constructs supported by the CLR and how they may or may not interact with each other conforming to the Common Language Infrastructure (CLI) specification. Because of this feature, the .NET Framework supports the exchange of types and object instances between libraries and applications written using any conforming .NET language. Base Class Library The Base Class Library (BCL), part of the Framework Class Library (FCL), is a library of functionality available to all languages using the .NET Framework. The BCL provides classes that encapsulate a number of common functions, including file reading and writing, graphic

27

rendering, database interaction, XML document manipulation, and so on. It consists of classes, interfaces of reusable types that integrates with CLR(Common Language Runtime). Simplified deployment The .NET Framework includes design features and tools which help manage the installation of computer software to ensure it does not interfere with previously installed software, and it conforms to security requirements. Security The design addresses some of the vulnerabilities, such as buffer overflows, which have been exploited by malicious software. Additionally, .NET provides a common security model for all applications. Portability While Microsoft has never implemented the full framework on any system except Microsoft Windows, it has engineered the framework to be platform-agnostic,[3] and cross-platform implementations are available for other operating systems (see Silverlight and the Alternative implementations section below). Microsoft submitted the specifications for the Common Language Infrastructure (which includes the core class libraries, Common Type System, and the Common Intermediate Language),[4][5][6] the C# language,[7] and the C++/CLI language[8] to both ECMA and the ISO, making them available as official standards. This makes it possible for third parties to create compatible implementations of the framework and its languages on other platforms. [edit] Architecture Visual overview of the Common Language Infrastructure (CLI) [edit] Common Language Infrastructure (CLI) Main article: Common Language Infrastructure The purpose of the Common Language Infrastructure (CLI) is to provide a language-neutral platform for application development and execution, including functions for Exception handling, Garbage Collection, security, and interoperability. By implementing the core aspects of the .NET Framework within the scope of the CL, this functionality will not be tied to a single language but will be available across the many languages supported by the framework. Microsoft's implementation of the CLI is called the Common Language Runtime, or CLR. Main article: Assembly (CLI) The CIL code is housed in CLI assemblies. As mandated by the specification, assemblies are stored in the Portable Executable (PE) format, common on the Windows platform for all DLL and EXE files. The assembly consists of one or more files, one of which must contain the manifest, which has the metadata for the assembly. The complete name of an assembly (not to be confused with the filename on disk) contains its simple text name, version number, culture, and public key token. Assemblies are considered equivalent if they share the same complete name, excluding the revision of the version number. A private key can also be used by the creator of the assembly for strong naming. The public key token identifies which public key an assembly is signed with. Only the creator of the keypair (typically the .NET developer signing the assembly) can sign assemblies that have the same strong name as a previous version assembly, since he is in possession of the private key. Strong naming is required to add assemblies to the Global Assembly Cache [edit] Security

28

.NET has its own security mechanism with 2 general features: Code Access Security (CAS), and validation and verification. Code Access Security is based on evidence that is associated with a specific assembly. Typically the evidence is the source of the assembly (whether it is installed on the local machine or has been downloaded from the intranet or Internet). Code Access Security uses evidence to determine the permissions granted to the code. Other code can demand that calling code is granted a specified permission. The demand causes the CLR to perform a call stack walk: every assembly of each method in the call stack is checked for the required permission; if any assembly is not granted the permission a security exception is thrown. [edit] Class libraryNamespaces in the BCL[9] System System.Diagnostics System.Globalization System.Resources System.Text System.Runtime.Serialization System.Data See also: Base Class Library and Framework Class Library The .NET Framework includes a set of standard class libraries. The class library is organized in a hierarchy of namespaces. Most of the built-in APIs are part of either System.* or Microsoft.* namespaces. These class libraries implement a large number of common functions, such as file reading and writing, graphic rendering, database interaction, and XML document manipulation, among others. The .NET class libraries are available to all CLI compliant languages. The .NET Framework class library is divided into two parts: the Base Class Library and the Framework Class Library The Base Class Library (BCL) includes a small subset of the entire class library and is the core set of classes that serve as the basic API of the Common Language Runtime.[9] The classes in mscorlib.dll and some of the classes in System.dll and System.core.dll are considered to be a part of the BCL. The BCL classes are available in both .NET Framework as well as its alternative implementations including .NET Compact Framework, Microsoft Silverlight and Mono. The Framework Class Library (FCL) is a superset of the BCL classes and refers to the entire class library that ships with .NET Framework. It includes an expanded set of libraries, including Windows Forms, ADO.NET, ASP.NET, Language Integrated Query, Windows Presentation Foundation, Windows Communication Foundation among others. The FCL is much larger in scope than standard libraries for languages like C++, and comparable in scope to the standard libraries of Java. [edit] Memory management The .NET Framework CLR frees the developer from the burden of managing memory (allocating and freeing up when done); it handles memory management itself by detecting when memory can be safely freed. Memory is allocated instantiations of .NET types (objects) from the managed heap, a pool of memory managed by the CLR. As long as there exists a reference to an object, which might be either a direct reference to an object or via a graph of objects, the object is considered to be in use. When there is no reference to an object, and it cannot be reached or used, it becomes garbage, eligible for collection. NET Framework includes a garbage collector

29

which runs periodically, on a separate thread from the application's thread, that enumerates all the unusable objects and reclaims the memory allocated to them. The .NET Garbage Collector (GC) is a non-deterministic, compacting, mark-and-sweep garbage collector. The GC runs only when a certain amount of memory has been used or there is enough pressure for memory on the system. Since it is not guaranteed when the conditions to reclaim memory are reached, the GC runs are non-deterministic. Each .NET application has a set of roots, which are pointers to objects on the managed heap (managed objects). These include references to static objects and objects defined as local variables or method parameters currently in scope, as well as objects referred to by CPU registers.[10] When the GC runs, it pauses the application, and for each object referred to in the root, it recursively enumerates all the objects reachable from the root objects and marks them as reachable. It uses CLI metadata and reflection to discover the objects encapsulated by an object, and then recursively walk them. It then enumerates all the objects on the heap (which were initially allocated contiguously) using reflection. All objects not marked as reachable are garbage.[10] This is the mark phase.[11] Since the memory held by garbage is not of any consequence, it is considered free space. However, this leaves chunks of free space between objects which were initially contiguous. The objects are then compacted together to make used memory contiguous again.[10][11] Any reference to an object invalidated by moving the object is updated by the GC to reflect the new location.[11] The application is resumed after the garbage collection is over. The GC used by .NET Framework is actually generational.[12] Objects are assigned a generation; newly created objects belong to Generation 0. The objects that survive a garbage collection are tagged as Generation 1, and the Generation 1 objects that survive another collection are Generation 2 objects. The .NET Framework uses up to Generation 2 objects.[12] Higher generation objects are garbage collected less frequently than lower generation objects. This helps increase the efficiency of garbage collection, as older objects tend to have a longer lifetime than newer objects.[12] Thus, by removing older (and thus more likely to survive a collection) objects from the scope of a collection run, fewer objects need to be checked and compacted.[12] [edit] Standardization and licensing In August 2000, Microsoft, Hewlett-Packard, and Intel worked to standardize CLI and the C# programming language. By December 2001, both were ratified ECMA standards (ECMA 335 and ECMA 334). ISO followed in April 2003 - the current version of the ISO standards are ISO/IEC 23271:2012 and ISO/IEC 23270:2006.[13][14] While Microsoft and their partners hold patents[citation needed] for the CLI and C#, ECMA and ISO require that all patents essential to implementation be made available under "reasonable and non-discriminatory terms". In addition to meeting these terms, the companies have agreed to make the patents available royalty-free.[citation needed] However, this does not apply for the part of the .NET Framework which is not covered by the ECMA/ISO standard, which includes Windows Forms, ADO.NET, and ASP.NET. Patents that Microsoft holds in these areas may deter non-Microsoft implementations of the full framework. [15] On 3 October 2007, Microsoft announced that much of the source code for the .NET Framework Base Class Library (including ASP.NET, ADO.NET, and Windows Presentation Foundation) was to have been made available with the final release of Visual Studio 2008 towards the end of 30

2007 under the shared source Microsoft Reference License.[1] The source code for other libraries including Windows Communication Foundation (WCF), Windows Workflow Foundation (WF), and Language Integrated Query (LINQ) were to be added in future releases. Being released under the non-open source Microsoft Reference License means this source code is made available for debugging purpose only, primarily to support integrated debugging of the BCL in Visual Studio. [edit] Alternative implementations The Microsoft .NET Framework is the predominant implementation of .NET technologies. Other implementations for parts of the framework exist. Although the runtime engine is described by an ECMA/ISO specification, other implementations of it may be encumbered by patent issues; ISO standards may include the disclaimer, "Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights."[16] It is more difficult to develop alternatives to the base class library (BCL), which is not described by an open standard and may be subject to copyright restrictions. Additionally, parts of the BCL have Windows-specific functionality and behavior, so implementation on non-Windows platforms can be problematic. Some alternative implementations of parts of the framework are listed here. Microsoft's .NET Micro Framework is a .NET platform for extremely resource-constrained devices. It includes a small version of the .NET CLR and supports development in C# (though some developers were able to use VB.NET,[17] albeit with an amount of hacking, and with limited functionalities) and debugging (in an emulator or on hardware), both using Microsoft Visual Studio. It also features a subset of the .NET base class libraries (about 70 classes with about 420 methods), a GUI framework loosely based on Windows Presentation Foundation, and additional libraries specific to embedded applications. Mono is an implementation of the CLI and the .NET Base Class Library (BCL), and provides additional functionality. It is dual-licensed under free software and proprietary software licenses. It includes support for ASP.NET, ADO.NET, and Windows Forms libraries for a wide range of architectures and operating systems. It also includes C# and VB.NET compilers. Portable.NET (part of DotGNU) provides an implementation of the Common Language Infrastructure (CLI), portions of the .NET Base Class Library (BCL), and a C# compiler. It supports a variety of CPUs and operating systems. Microsoft's Shared Source Common Language Infrastructure is a non-free implementation of the CLR component of the .NET Framework. However, the last version only runs on Microsoft Windows XP SP2, and was not updated since 2006, therefore it does not contain all features of version 2.0 of the .NET Framework. CrossNet[18] is an implementation of the CLI and portions of the .NET Base Class Library (BCL). It is free software using the open source MIT License. [edit] Criticism [edit] Performance The garbage collector, which is integrated into the environment, can introduce unanticipated delays of execution over which the developer has little direct control, and it can cause runtime memory size to be larger than expected. "In large applications, the number of objects that the garbage collector needs to deal with can become very large, which means it can take a very long time to visit and rearrange all of them."[19]

31

The .NET Framework currently does not provide support for calling Streaming SIMD Extensions (SSE) via managed code. However, Mono has provided support for SIMD Extensions as of version 2.2 within the Mono.Simd namespace; Mono's lead developer Miguel de Icaza has expressed hope that this SIMD support will be adopted by the CLR ECMA standard.[20] Streaming SIMD Extensions have been available in x86 CPUs since the introduction of the Pentium III. Some other architectures such as ARM and MIPS also have SIMD extensions. In case the CPU lacks support for those extensions, the instructions are simulated in software. [edit] Security Unobfuscated managed CIL bytecode can often be easier to reverse-engineer than native code. [21][22] One concern is over possible loss of trade secrets and the bypassing of license control mechanisms. To mitigate this, Microsoft included the Dotfuscator Community Edition obfuscation tool within Visual Studio .NET since 2002.[23] Third-party obfuscation solutions are also available from vendors such as vmware, V.i. Labs, Xenocode, Red Gate Software. .NET Decompiler programs enable developers with no reverse-engineering skills to view the source code behind unobfuscated .NET assemblies (DLL/EXE). In contrast, applications built with Visual C++ are much harder to reverse-engineer and source code is almost never produced successfully, mainly due to compiler optimizations and lack of reflection. [edit] Availability While the standards that make up .NET are inherently cross-platform, Microsoft's full implementation of .NET is supported only on Microsoft Windows.

Compilation and Execution of a .NET Application When you compile a .NET application, it is not compiled to binary machine code; rather, it is converted to IL. This is the form that your deployed application takesone or more assemblies consisting of executable files and DLL files in IL form. At least one of these assemblies will contain an executable file that has been designated as the entry point for the application. When execution of your program begins, the first assembly is loaded into memory. At this point, the common language runtime examines the assembly manifest and determines the requirements to run the program. It examines security permissions requested by the assembly and compares them with the systems
32

security policy. If the systems security policy does not allow the requested permissions, the application will not run. If the application passes the systems security policy, the common language runtime executes the code. It creates a process for the application to run in and begins application execution. The .NET Framework base class library contains the base classes that provide many of the services and objects you need when writing your applications. The class library is organized into namespaces. A namespace is a logical grouping of types that perform related functions. Namespaces are logical groupings of related classes. The namespaces in the .NET base class library are organized hierarchically. The root of the .NET Framework is the System namespace. Other namespaces can be accessed with the period operator. A typical namespace construction appears as follows:

System System.Data System.Data.SQLClient The first example refers to the System namespace. The second refers to the System.Data namespace. The third example refers to the System.Data.SQLClient namespace. Table 1.1 introduces some of the more commonly used .NET base class namespaces.

Introduction to Object-Oriented Programming Programming in the .NET Framework environment is done with objects. Objects are programmatic constructs that represent packages of related data and
33

functionality. Objects are self-contained and expose specific functionality to the rest of the application environment without detailing the inner workings of the object itself. Objects are created from a template called a class. The .NET base class library provides a set of classes from which you can create objects in your applications. You also can use the Microsoft Visual Studio programming environment to create your own classes. This lesson introduces you to the concepts associated with object-oriented programming. Objects, Members, and Abstraction An object is a programmatic construct that represents something. In the real world, objects are cars, bicycles, laptop computers, and so on. Each of these items exposes specific functionality and has specific properties. In your application, an object might be a form, a control such as a button, a database connection, or any of a number of other constructs. Each object is a complete functional unit, and contains all of the data and exposes all of the functionality required to fulfill its purpose. The ability of programmatic objects to represent realworld objects is called abstraction. Classes Are Templates for Objects Classes were discussed in Chapter 1 and represent user-defined reference types. Classes can be thought of as blueprints for objects: they define all of the members of an object, define the behavior of an object, and set initial values for data when appropriate. When a class is instantiated, an in-memory instance of that class is created. This instance is called an object. To review, a class is instantiated using the New (new) keyword as follows: Visual Basic .NET ' Declares a variable of the Widget type Dim myWidget As Widget
34

' Instantiates a new Widget object and assigns it to the myWidget ' variable myWidget = New Widget() When an instance of a class is created, a copy of the instance data defined by that class is created in memory and assigned to the reference variable. Individual instances of a class are independent of one another and represent separate programmatic constructs. There is generally no limit to how many copies of a single class can be instantiated at any time. To use a real-world analogy, if a car is an object, the plans for the car are the class. The plans can be used to make any number of cars, and changes to a single car do not, for the most part, affect any other cars. Objects and Members Objects are composed of members. Members are properties, fields, methods, and events, and they represent the data and functionality that comprise the object. Fields and properties represent data members of an object. Methods are actions the object can perform, and events are notifications an object receives from or sends to other objects when activity happens in the application. Object Models Simple objects might consist of only a few properties, methods, and perhaps an event or two. More complex objects might require numerous properties and methods and possibly even subordinate objects. Objects can contain and expose other objects as members. Similarly, every instance of the Form class contains and exposes a Controls collection that comprises all of the controls contained by the form. The object model defines the hierarchy of contained objects that form the structure of an object.
35

 Encapsulation Encapsulation is the concept that implementation of an object is independent of its interface. Put another way, an application interacts with an object through its interface, which consists of its public properties and methods. As long as this interface remains constant, the application can continue to interact with the component, even if implementation of the interface was completely rewritten between versions. Polymorphism Polymorphism is the ability of different classes to provide different implementations of the same public interfaces. In other words, polymorphism allows methods and properties of an object to be called without regard for the particular implementation of those members. There are two principal ways through which polymorphism can be provided: interface polymorphism and inheritance polymorphism. Interface Polymorphism An interface is a contract for behavior. Essentially, it defines the members a class should implement, but states nothing at all about the details of that implementation. An object can implement many different interfaces, and many diverse classes can implement the same interface. All objects implementing the same interface are capable of interacting with other objects through that interface.

Inheritance Polymorphism Inheritance allows you to incorporate the functionality of a previously defined class into a new class and implement different members as needed. A class
36

that inherits another class is said to derive from that class, or to inherit from that class. A class can directly inherit from only one class, which is called the base class. The new class has the same members as the base class, and additional members can be added as needed. Additionally, the implementation of base members can be changed in the new class by overriding the base class implementation. Inherited classes retain all the characteristics of the base class and can interact with other objects as though they were instances of the base class. Microsoft Visual Basic.Net With its release for the .NET platform, the Visual Basic language has undergone dramatic changes. For example: 1. The language itself is now fully object-oriented. 2. Applications and components written in Visual Basic .NET have full access to the .NET Framework, an extensive class library that provides system and application services. 3. All applications developed using Visual Basic .NET run within a managed runtime environment, the .NET common language runtime.

Networking

37

Based on the legacy system developed in the computer world, many networking program examples are in C codes that include the UNIX/Linux Socket. For Windows platform, before the .NET, network programming is based on the Winsock/Winsock2 that uses the C codes (standard C + Microsoft extension for C). Winsock 1 is based on the Berkeley Socket. The Winsock2 codes contains the Win32 API. Winsock is still there, 'wrapped by' .NET framework with more features. It is obvious if you use classes from the System.Net.Sockets namespace. Take note that these tutorials are based on the Winsok2 and .NET APIs and not 'through' the Windows Driver Kits (WDK). There are many people searching the C++ codes for the Winsock programming on the Internet. To develop Windows GUI based networking using C++, you may need to learn and use the classes available in Microsoft Foundation Class (MFC) or find the latest MFC version in VS 2008 with 3.5 or latest framework. Other uses the third party C++ networking libraries/APIs. You may want to consider the C++ networking API/libraries, free and commercial that can be searched at C/C++ API/Libraries collections. Well, whatever name it is: the MFC/C++CLI/VB .NET/C#/C, is nothing other than wrappers of the C sockets with extra 'features' too, and still based on the TCP/IP stack/OSI. However there is no reason for you not to use the .NET framework for the network programming for newer Windows platforms. At least, as shown in this tutorials, it is just for fun learning.

38

The C++ .NET in the 'latest version' of the .NET framework is based on the C++/CLI. At the end, the 'stable version', the Managed Extension for C++ => Managed C++ => C++ .NET => C++/CLI => another version ~> WCF. The C++/CLI is Microsoft extension to the standard C++ (2003). Other C++ codes for network programming might use the third party libraries or APIs such as Chilkat libraries and components Back to this site, it is a repository of code samples and examples for network programming using .NET framework based on the outdated version of the Network Programming for Microsoft Windows, 2nd Edition (here) and Network Programming for the Microsoft .NET Framework (this tutorial) by Anthony Jones, Jim Ohlund and Lance Olson. However, these tutorials try to concentrate more on the code examples part and the sample outputs (which are lacking in those books coupled with no updates and new editions). For the information part, you must refer to MSDN C/C++/VB .NET/C# because it is updated regularly making the info may outdated fast. This stepby-step tutorial with tons of screenshots and program examples output samples have been refined for better learning. All code has been recompiled using Visual Studio 2008 Express Edition (free)/Visual Studio 2008 Professional Edition (free for trial version) and using .NET framework 3.5. All the credit, copyright and related thingy must go to the original authors and publishers and please, don't forget to read the disclaimer, and privacy too.

39

Most of the program examples also include the C++ .NET (C++/CLI huh?). The .NET framework used is 3.5 and all the obsolete classes/methods have been replaced by newer one. All the program examples include a step-by-step with sample outputs. Code samples dominated by C# and VB .NET. It is not just learning the network part of the .NET programming, by going through the stepby-step, you will also get familiar with the .NET programming as a general. You will learn on how to create and use the .NET classes, properties, defining and using new classes, calling methods/subroutines/functions, creating several type of projects such as class libraries (DLL), console mode applications, simple Windows forms (Windows GUI) and a very simple web applications. After some time of practising those tutorials, hopefully, you will get the impression that C# is closely 'similar' to C++ .NET. Hence, it should be 'easy' to convert the C# code to C++ .NET and vice versa.

40

Introduction System.Net is the namespace in the Microsoft Windows .NET Framework that contains the core classes intended for building applications that communicate over a network. The types of functionality found in System.Net range from access to a raw socket to the ability to upload to and download from resources on the Internet. In addition to providing a language-independent, object-oriented way to access network resources, System.Net serves as the communication infrastructure for higher-level, distributed application programming models such as XML-based Web services and .NET Remoting. Layers of System.Net The System.Net classes can be divided into four layers, as depicted in Figure 6-1 and described in the following list.

1.

Basic network types and services: Fundamental types that are used for working with Internet Protocol (IP) addresses or non-IP network addresses such as Internetwork Packet Exchange (IPX). This layer also includes classes for performing Domain Name System (DNS) resolution.

2.

Socket-level APIs: A set of managed classes for performing network

41

In this section, well walk through each layer and introduce the most commonly used classes for each layer. The layers will be covered in-depth in the following chapters. Basic Network Types and Services Figure 6-2 contains the classes that make up the basic types and services included in System.Net. In the subsequent sections, well look briefly at each of the basic types and services that are made accessible through System.Net. Although this section introduces the key types, most of them are covered in- depth in the chapters that follow.

Using IP Addresses The IPAddress type provides a class representation of an IP address. It includes methods that can be used to perform common operations on an IP address, such as parsing the address. The following code shows how you would parse an IP address.

42

Visual Basic .NET Sub ParseIPAddress(ByVal addressString As String) Try Dim address As IPAddress address = IPAddress.Parse(addressString) Console.WriteLine("The address is " & address.ToString _ & " and is of the family " & _ address.AddressFamily.ToString + ".") Catch ex As Exception Console.WriteLine("Failure parsing" & addressString & _ ". " & ex.ToString) End Try End Sub Note that if an invalid IP address is specified in this case, IPAddress will throw a FormatException that should be handled by the application. The IPAddress class should be used for validation any time your application receives an IP address as input from a user, a configuration file, or another source. IPAddress also provides the ability to determine whether a particular address is a member of the Internet Protocol version 6 (IPv6) or the Internet Protocol version 4 (IPv4) address family. Finally, IPAddress contains a number of helper methods and fields, such as IPAddress.Any, IPAddress.IPv6Any, and IPAddress.IsLoopback. The Any fields can be used to indicate that the application should bind to a port that listens on all
43

network interfaces of that address family. The IsLoopback method can be useful when validating whether a local loopback address is being used.

Working with Different Address Families The System.Net.EndPoint class provides developers with a way to access resources through System.Net over protocols that belong to different address families that have different semantics at the addressing level. This functionality is useful when you need to write an application that talks over a nonIP protocol, such as AppleTalk, IPX, or infrared. Because IP-based protocols are the most commonly used on todays networks, System.Net includes an IPEndPoint type in the .NET Framework. In the case of IPEndPoint, an end point is defined as an IP address and a port number. The .NET Compact Framework includes an IrDAEndPoint implementation of the EndPoint class that can be used for communicating with other nodes using infrared technologies. In the case of an IrDAEndPoint, an end point is defined as a device ID and a service name. Although most developers will simply work within the confines of the IP address family, this extensibility point is useful because the definition of an end point often varies from one address family to another. Accessing Protected Resources System.Net defines an ICredential interface and an associated NetworkCredential class that provide a means of specifying network credentials, such as a user name and a password in cases where network authentication is required when accessing a resource. These classes are mainly used in the context of the HTTP application protocol classes. However, in newer release of the .NET Framework, their use is likely to be expanded to include other socket-level authentication scenarios as well. The following code demonstrates how you can use the NetworkCredential class to authenticate with a remote resource.
44

Visual Basic .NET Sub RequestProtectedResource(ByVal resource As String) Console.WriteLine("Please enter your user name. ") Dim userName As String userName = Console.ReadLine() Console.WriteLine("Please enter your password. ") Dim password As String password = Console.ReadLine() Dim client As New WebClient client.Credentials = New NetworkCredential(userName, password) client.DownloadFile(resource, "page.htm") End Sub

Notice that in this code the credentials are obtained by prompting the user to enter them on the command line. System.Net also provides a way of using the default credentials of the account under which the application is running. You do so by setting the Credentials property on a class equal to CredentialCache.DefaultCredentials. Whenever possible, developers should use default credentials instead of prompting the user or reading credentials from some

45

other source because default credentials are obtained through the security systems integrated into the underlying operating system. Accessing DNS DNS can be used to represent nodes on the network with human-readable names rather than IP addresses. For example, imagine trying to remember a string of characters such as www.contoso.com instead of a series of numbers such as 207.168.24.30. One feature provided by DNS is the ability to have multiple IP addresses assigned to one host name. You can even have different IP address types (for example, IPv4 and IPv6) assigned to the same host. Its often useful to be able to resolve a name to the list of IP addresses associated with that name. Access to DNS is enabled and controlled in System.Net through the Dns, DnsPermission, and IPHostEntry classes. DNS is covered in more detail in Chapter 7. The following example shows the basic steps involved in resolving a name and outputting the corresponding IP addresses to the console using System.Net.

46

MS SQL Microsoft SQL Server is a relational database management system developed by Microsoft. As a database, it is a software product whose primary function is to store and retrieve data as requested by other software applications, be it those on the same computer or those running on another computer across a network (including the Internet). There are at least a dozen different editions of Microsoft SQL Server aimed at different audiences and for different workloads (ranging from small applications that store and retrieve data on the same computer, to millions of users and computers that access huge amounts of data from the Internet at the same time). Its primary query languages are T-SQL and ANSI SQL. Introduction Security is becoming increasingly important as more networks are connected together. Your organizations assets must be protected, particularly its databases, which contain your companys valuable information. Security is one of the critical features of a database engine, protecting the enterprise against myriad threats. The new security features of Microsoft SQL Server 2005 are designed to make it more secure and to make security more approachable and understandable to those who are responsible for data protection. During the past few years, the world has developed a far more mature understanding of what a secure, computer-based system must be. Microsoft has been in the forefront of this development, and SQL Server is one of the first server products that fully implements that understanding. It enables the important principle of least privilege so you do not have to grant users more permissions than are necessary for them to do their jobs. It provides in-depth tools for defense so that you can implement measures to frustrate even the most skillful attackers.
47

Features of SQL-SERVER The OLAP Services feature available in SQL Server version 7.0 is now called SQL Server 2000 Analysis Services. The term OLAP Services has been replaced with the term Analysis Services. Analysis Services also includes a new data mining component. The Repository component available in SQL Server version 7.0 is now called Microsoft SQL Server 2000 Meta Data Services. References to the component now use the term Meta Data Services. The term repository is used only in reference to the repository engine within Meta Data Services SQL-SERVER database consist of six type of objects, They are, 1. TABLE 2. QUERY 3. FORM 4. REPORT 5. MACRO SQL Server 2005 (code named Yukon), released in October 2005, is the successor to SQL Server 2000. It included native support for managing XML data, in addition to relational databases. For this purpose, it defined an xml data type that could be used either as a data type in database columns or as literals in queries. XML columns can be associated with XSD schemas; XML data being stored is verified against the schema. XML is converted to an internal binary data type before being stored in the database. SQL Server 2005 also allows a database server to be exposed over web services using TDS packets encapsulated within SOAP Protocol requests. When the data is accessed over web services, results are returned as XML. SQL Server
48

2005 has also been enhanced with new indexing algorithms and better error recovery systems. Data pages are Check summed for better error resiliency, and optimistic concurrency support has been added for better performance. Partitions on tables and indexes are supported natively, so scaling out a database onto a cluster is easier. Architecture of SQL Server 2005 Protocol layer - implements the external interface to SQL Server. All operations that can be invoked on SQL Server are communicated to it via a Microsoft-defined format, called Tabular Data Stream (TDS). TDS is an application layer protocol, used to transfer data between a database server and a client. Initially designed and developed by Sybase Inc. for their Sybase SQL Server relational database engine in 1984, and later by Microsoft in Microsoft SQL Server, TDS packets can be encased in other physical transport dependent protocols,including TCP/IP, Named pipes, and Shared memory. Consequently, access to SQL Server is available over these protocols. In addition, the SQL Server API is also exposed over band web services. Data storage - The main unit of data storage is a database, which is a collection of tables with typed columns. SQL Server supports different data types, including primary types such as Integer, Float, Decimal, Char (including character strings), Varchar (variable length character strings), binary (for unstructured blobs of data), Text (for textual data) among others. It also allows user-defined composite types (UDTs) to be defined and used. SQL Server also makes server statistics available as virtual tables and views (called Dynamic Management Views or DMVs). A database can also contain other objects including views, stored procedures, indexes and constraints, in addition to tables, along with a transaction log. Buffer management - SQL Server buffers pages in RAM to minimize disc I/O. The amount of memory available to SQL Server decides how many pages will be cached in memory. The buffer cache is managed by the Buffer Manager. Subsequent reads or writes are redirected to the
49

in-memory copy, rather than the on-disc version. The page is updated on the disc by the Buffer Manager only if the in-memory cache has not been referenced for some time.While writing pages back to disc, asynchronous I/O is used whereby the I/O operation is done in a background thread so that other operations do not have to wait for the I/O operation to complete. Data retrieval - The main mode of retrieving data from an SQL Server database is querying for it. The query declaratively specifies what is to be retrieved. It will be necessary to retrieve the requested data. The sequence of actions necessary to execute a query is called a query plan. There might be multiple ways to process the same query. In such case, SQL Server chooses the plan that is supposed to yield the results in the shortest possible time. This is called query optimization and is performed by the query processor itself. SQL Server includes a cost-based query optimizer which tries to optimize on the cost, in terms of the resources it will take to execute the query. Given a query, the query optimizer looks at the database schema, the database, which sequence to execute the operations and what access method to be used to access the tables Server also allows stored procedures to be defined. Stored procedures are parameterized T-SQL queries that are stored in the server itself. Stored procedures can accept values sent by the client as input parameters, and send back results as output parameters. Distributed Databases As more and more applications are used on an enterprise wide basis or beyond, the ability of a single, centralized database to support dozens of major applications and thousands of concurrent users will continue to erode. Instead, major corporate databases will become more and more distributed, with dedicated databases supporting the major applications and functional areas of the corporation. To meet the higher service levels required of enterprise wide or Internetbased applications, data must be distributed; but to ensure the integrity of business

50

decisions and operations, the operation of these distributed databases must be tightly coordinated.

Roles and permissions For a sense of the number of permissions available in SQL Server you can invoke the fn_builtin_permissions system function: SELECT * FROM sys.fn_builtin_permissions(default) Here are the new permission types in SQL Server 2005:

CONTROL. Confers owner-like permissions that effectively grant all defined permissions to the object and all objects in its scope, including the ability to grant other grantees any permissions. CONTROL SERVER grants the equivalent of sysadmin privileges.

ALTER. Confers permission to alter any of the properties of the securable objects except to change ownership. Inherently confers permissions to ALTER, CREATE, or DROP securable objects within the same scope. For example, granting ALTER permissions on a database includes permission to change its tables.

ALTER ANY <securable object>. Confers permission to change any securable object of the type specified. For example, granting ALTER ANY ASSEMBLY allows changing any .NET assembly in the database, while at the server level granting ALTER ANY LOGIN lets the user change any login on that server.

IMPERSONATE ON <login or user>. Confers permission to impersonate the specified user or login. As you'll see later in this article, this permission is necessary to switch execution contexts for stored procedures. You also need this permission when doing impersonating in a batch.

51

TAKE OWNERSHIP. Confers the permission to the grantee to take ownership of the securable, using the ALTER AUTHORIZATION statement.

SQL Server 2005 still uses the familiar GRANT, DENY, and REVOKE scheme for assigning or refusing permissions on a securable object to a principal. The GRANT statement is expanded to cover all of the new permission options, such as the scope of the grant and whether the principal is able to grant the permission to other principals. Cross-database permissions are not allowed. To grant such permissions, you create a duplicate user in each database and separately assign each database's user the permission. Like earlier versions of SQL Server, activating an application role suspends other permissions for the duration that the role is active. However, new in SQL Server 2005, is the ability to unset an application role. Another difference between SQL Server 2000 and 2005 is that when activating an application role, the role also suspends any server privilege, including public. For example, if VIEW ANY DEFINITION is granted to public, the application role wont honor it. This is most noticeable when accessing server-level metadata under an application role context.

52

Functional Requirements: Functional requirements specify which output file should be produced from the given file they describe the relationship between the input and output of the system, for each functional requirement a detailed description of all data inputs and their source and the range of valid inputs must be specified. Non Functional Requirements: Describe user-visible aspects of the system that are not directly related with the functional behavior of the system. Non-Functional requirements include quantitative constraints, such as response time (i.e. how fast the system reacts to user commands.) or accuracy ((.e. how precise are the systems numerical answers.)

Pseudo Requirements: The client that restricts the implementation of the system imposes these requirements. Typical pseudo requirements are the implementation language and the platform on which the system is to be implemented. These have usually no direct effect on the users view of the system.

53

SYSTEM DESIGN

54

4.SYSTEM DESIGN

4.1 DATABASE DESIGN

TABLE 6.1.1 S. No FIELD

User Details DATA TYPE String String String Date/Time SIZE 25 25 15 6

4.2 DATA FLOW

1 2 3 4

User_Name Password User_Type Date

DIAGRAM

55

Key Generation Module Design

PRNG ALGORITHM CALL THE METHOD IN THE CODING GENERATE TWO RANDOM NUMBERS (PUBLIC AND PRIVATE KEY) DISPLAY THE KEYS IN THE BACK END GENERATE SIGNATURE AND SEND

AUTHENTICATION
AUTHENTICATION

ENTER THE USER NAME AND PASSWORD VERIFY LOGIN TEXT FILE

SEND MESSAGE OR ATTACHMENT

56

MESSAGE ENCRYPTION
MESSAGE DIGEST ALGORITHM READ CHARACTER BY CHARACTER CONVERT EACH CHARACTER TO ASCII CODE CONVERT THE ASCII CODE TO HEX CODE ENCRYPTED MESSAGE

57

5. SYSTEM DESCRIPTION
5.1 MODULES Admin User Document Interface Security Level up Uploading in server Authentication protection Admin User User Management Operations such as adding new users and assigning them roles, editing the existing users and deleting the user could be performed only by the Administrators. Other three types of users do not have this privilege. Administrators can create as many users as required and define appropriate roles for the user. administrators can View all the existing users Create new users Change the access level, device list of existing users Delete an existing user File managing Protection setting.

58

Document Interface This module is used to create and modify document on server space. Security Level up Encrypting the file on before loading in server, which cannot be accessed by any unauthorized user. client data which must be encrypted at all times. The part we have been struggling with is encrypting files on network shares. Currently we have network folders encrypted using document Netshare. This works pretty well for file encryption but it should not stuck for files which need to be accessed by two or more people simultaneously, This have tried Microsoft EFS, which is pretty straight forward, but difficult to configure for multiple users. You can't set multiple users to decrypt a file without explicitly adding their cert to the file though Windows Explorer (from what we have discovered). This module will suggested as a clean way to encrypt files and configure across the enterprise.

Authentication protection Authentication is any process by which you verify that someone is who they claim the book on this site. Authorization is any process by which someone is allowed to be where they want to go, or to have information that they want to have.File was allowed to downloaded to authorized users. Decrypted to user on after user validation

59

 Downloading in server File downloaded with security program

SYSTEM IMPLEMENTATION & TESTING

60

IMPLEMENTATION IMPLEMENTATION PHASE

Implementation refers to post-sales process of guiding a client from purchase to use of the software or hardware that was purchased. This includes Requirements Analysis, Scope Analysis, Customizations, Systems Integrations, User Policies, User Training and Delivery. These steps are often overseen by a Project Manager using Project Management Methodologies set forth in the Project Management Body of Knowledge. Software Implementations involve several professionals that are relatively new to the knowledge based economy such as Business Analysts, Technical Analysts, Solutions Architect, and Project Managers. The implementation is the final and important phase. It involves User training, system testing and successful running of the developed system. The users test the developed system when changes are made according to the needs. The testing phase involves the testing of the developed system using various kinds of data. An elaborate testing of data is prepared and system is tested using the tests data. Implementation is the stage where theoretical design turned into a working system. Implementation is planed carefully to propose system to avoid unanticipated problems. Many preparations involved before and during the implementation of proposed system. The system needed to be plugged in to the organizations network then it could be accessed from anywhere, after a user logins into the portal. The tasks that had to be done to implement the system were to create the database tables in the organization database domain. Then the administrator was granted his role so that the system could be accessed.

61

The next phase in the implementation was to educate the system. A demonstration of all the functions that can be carried out by the system was given to examination department person, who will make extensive use of the system.

Technical analysis
In finance, technical analysis is security analysis discipline for forecasting the direction of prices through the study of past market data, primarily price and volume.[1] Behavioral economics and quantitative analysis build on and incorporate many of the same tools of technical analysis
[2] [3][4] [5]

, which, being an aspect of active management, stands in

contradiction to much of modern portfolio theory. The efficacy of both technical and fundamental analysis is disputed by efficient-market hypothesis which states that stock market prices are essentially unpredictable.

Social Analysis
The role title has a wider meaning in relation to solving problems, but is more often used in the narrower domain of Technical architecture - the context for the remainder of this definition. In this context, the Solutions Architect is a very experienced architect with cross-domain, cross-functional and cross-industry expertise. He/she outlines solution architecture descriptions, then monitors and governs their implementation.

6. SOFTWARE TESTING
INTRODUCTION: After finishing the development of any computer based application, the next complicated time consuming process is testing. During the time of testing only the development company knows that, how far the user requirements have been met. The testing methods applied to our project are as follows.
62

6. 1 Unit Testing 6. 2 Integration Testing 6. 3 Validation Testing 6. 4 Output Testing 6. 5 Acceptance Testing

6.2 TESTING METHODOLOGY 6.2.1 UNIT TESTING: In unit testing each module is tested individually. It focuses the verification efforts on the smallest unit of software in the module. This is known as module testing. In the project all the modules are tested separately. For our project testing is performed at programming stage itself. In this testing each module project is found to work satisfactorily with regard to the expected output from the module. There are some validations for fields. The unit testing is performed now and then whenever a patch is delivered for each module. This makes our project standard. Unit testing comprises the set of tests performed by an individual programmer

Prior to integration of the unit in to larger system. A program unit is usually small enough that the programmer who developed it can test it in a great detail. In unit testing the modules are independent of one another are tested, the test data for unit testing should follow each condition and option this testing helps to find out the errors in coding and option. 6.2.2 INTEGRATION TESTING:

63

Integration testing is the phase of software testing in which individual software modules are combined and tested as a group. In this project the parts of a module are tested first and then it will test some of its parts, integration testing is done successfully. 6.2.3 VALIDATION TESTING: It begins after the integration testing is successfully assembled. Validation succeeds when the software functions in a manner that can be reasonably accepted by the client. In this project, the majority of the validation is done during the data entry operation where there is a maximum possibility of entering wrong data. Other validation will be performed in all process where correct details and data should be entered to get the required results.

6.2.4 OUTPUT TESTING: After performing the validation testing, the next step is output testing of the proposed system since no application would be termed as useful until it produces the required output in the specified format.

6.2.5 ACCEPTANCE TESTING: User Acceptance Testing is the key factor for the success of any application. The project under consideration is tested for user acceptance by constantly keeping in touch with perspective system users at the time of developing and making changes whenever required.

64

All the above mentioned testing techniques are successfully completed by our project.

65

7. CONCLUSION

Thus this project successfully handle the process of encryption and decryption the ebook for sailing through online.The algorithms are required for securing these processes. The publisher uses a key to encrypt a plain text into unreadable format or chipper text. Then the book buyer should use the same key used by the sender to decrypt the encrypted text to convert into plain text again.

66

8. FUTURE ENHANCEMENT This project can be developed as website to access from anywhere in the world. This application is capable of converting ebook and document which can be implement in selling video tutorial and image ,ppt and protected works.

67

APPENDIX Screen Layout:

USER INTERFACE

68

69

70

71

72

73

74

75

76

77

SOURCE CODE
Public Class Form1 Private Sub GroupBox1_Enter(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles GroupBox1.Enter End Sub Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label1.Click Form2.Show() End Sub Private Sub Label3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label3.Click Form4.Show() Me.Hide() End Sub Private Sub Label2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label2.Click Form7.Show() End Sub Private Sub Label4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) End Sub End Class Imports System.Data.OleDb Public Class Form3 Public Sql As SQL Private Sub Label4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label4.Click End Sub Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label1.Click SQL.SqlCommand = New OleDbCommand("select * from user_sql", SQL.SqlConnection) SQL.SqlDataReader = SQL.SqlCommand.ExecuteReader While SQL.SqlDataReader.Read If TextBox1.Text = Sql.SqlDataReader.GetValue(4) And TextBox1.Text = Sql.SqlDataReader.GetValue(5) Then Form1.Show() Me.Hide() End If End While End Sub Private Sub Form3_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

78

Sql = New SQL Sql.Sql_Connection() End Sub End ClassImports System.Data.OleDb Public Class Form4 Public Sql As SQL Private Sub Label9_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label9.Click If OpenFileDialog1.ShowDialog <> Windows.Forms.DialogResult.Cancel Then TextBox5.Text = OpenFileDialog1.FileName End If End Sub Private Sub Label12_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label12.Click Form5.Show() Form5.TextBox1.Text = OpenFileDialog1.FileName End Sub Private Sub Form4_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load ComboBox1.Items.Add("Eduction") ComboBox1.Items.Add("Science") ComboBox1.Items.Add("History") ComboBox1.Items.Add("Computer") Sql = New SQL Sql.Sql_Connection() End Sub Private Sub Label5_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label5.Click Sql.SqlCommand = New OleDbCommand("insert into BookDB values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" & ComboBox1.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox6.Text & "','" & TextBox7.Text & "')", Sql.SqlConnection) Sql.SqlCommand.ExecuteNonQuery() MsgBox("Record Saved") Form6.Show() Form6.TextBox1.Text = TextBox2.Text Form6.TextBox2.Text = TextBox3.Text Form6.TextBox3.Text = TextBox4.Text Form6.PictureBox1.Load(OpenFileDialog1.FileName) Me.Hide() End Sub Private Sub Label14_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label14.Click If (OpenFileDialog1.ShowDialog() <> Windows.Forms.DialogResult.Cancel) Then TextBox6.Text = OpenFileDialog1.FileName PictureBox1.Load(OpenFileDialog1.FileName) End If

79

End Sub End Class Imports System.Data.OleDb Imports System Imports System.IO Imports System.Xml Imports System.Text Imports System.Security.Cryptography Public Class Form6 Public Sql As SQL Dim spath, textcon As String Dim s As Sampledata Private Sub Label8_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label8.Click Sql.SqlCommand = New OleDbCommand("select * from BookDB", Sql.SqlConnection) Sql.SqlDataReader = Sql.SqlCommand.ExecuteReader While Sql.SqlDataReader.Read If TextBox1.Text = Sql.SqlDataReader.GetValue(1) Then spath = Sql.SqlDataReader.GetValue(5) RichTextBox2.LoadFile(spath, RichTextBoxStreamType.PlainText) End If End While

End Sub Private Sub Form6_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Sql = New SQL Sql.Sql_Connection() s = New Sampledata End Sub Private Sub Label10_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label10.Click If TextBox4.TextLength = 8 Then s.EncryptionKey = TextBox4.Text textcon = s.Encrypt(spath) RichTextBox1.Text = textcon Sql.SqlCommand = New OleDbCommand("insert into EncryptedDB values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" & spath & "','" & textcon & "','" & TextBox4.Text & "')", Sql.SqlConnection) Sql.SqlCommand.ExecuteNonQuery() Else MsgBox("Key Should be 8 character") End If

End Sub Private Sub Label5_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label5.Click

80

Me.Hide() Form1.Show() End Sub End Class Class Sampledata Private key() As Byte = {} Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF} Public EncryptionKey As String = "abcdefgh" Public Function Decrypt(ByVal stringToDecrypt As String) As String Try Dim inputByteArray(stringToDecrypt.Length) As Byte key = System.Text.Encoding.UTF8.GetBytes(Left(EncryptionKey, 8)) Dim des As New DESCryptoServiceProvider inputByteArray = Convert.FromBase64String(stringToDecrypt) Dim ms As New MemoryStream Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write) cs.Write(inputByteArray, 0, inputByteArray.Length) cs.FlushFinalBlock() Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8 Return encoding.GetString(ms.ToArray()) Catch ex As Exception 'oops - add your exception logic End Try End Function Public Function Encrypt(ByVal stringToEncrypt As String) As String Try key = System.Text.Encoding.UTF8.GetBytes(Left(EncryptionKey, 8)) Dim des As New DESCryptoServiceProvider Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(stringToEncrypt) Dim ms As New MemoryStream Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write) cs.Write(inputByteArray, 0, inputByteArray.Length) cs.FlushFinalBlock() Return Convert.ToBase64String(ms.ToArray()) Catch ex As Exception 'oops - add your exception logic End Try End Function End Class

Imports System.Data.OleDb Public Class Form3 Public Sql As SQL Public FnalBook, price, Enfile, keys As String Private Sub Form3_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load ComboBox1.Items.Add("Eduction") ComboBox1.Items.Add("Science") ComboBox1.Items.Add("History") ComboBox1.Items.Add("Computer") Sql = New SQL Sql.Sql_Connection() End Sub

81

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click If TextBox1.Text = "None" Then Sql.SqlCommand = New OleDbCommand("select * from BookDB", Sql.SqlConnection) Sql.SqlDataReader = Sql.SqlCommand.ExecuteReader While Sql.SqlDataReader.Read If ComboBox1.Text = Sql.SqlDataReader.GetValue(3) Then ListBox1.Items.Add(Sql.SqlDataReader.GetValue(1)) End If End While

Else

Sql.SqlCommand = New OleDbCommand("select * from BookDB", Sql.SqlConnection) Sql.SqlDataReader = Sql.SqlCommand.ExecuteReader While Sql.SqlDataReader.Read If ComboBox1.Text = Sql.SqlDataReader.GetValue(3) And TextBox1.Text = Sql.SqlDataReader.GetValue(0) Or TextBox1.Text = Sql.SqlDataReader.GetValue(1) Then ListBox1.Items.Add(Sql.SqlDataReader.GetValue(1)) End If End While End If End Sub Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ListBox1.SelectedIndexChanged Sql.SqlCommand = New OleDbCommand("select * from BookDB", Sql.SqlConnection) Sql.SqlDataReader = Sql.SqlCommand.ExecuteReader While Sql.SqlDataReader.Read If ListBox1.Text = Sql.SqlDataReader.GetValue(1) Then TextBox7.Text = Sql.SqlDataReader.GetValue(0) TextBox2.Text = Sql.SqlDataReader.GetValue(1) TextBox3.Text = Sql.SqlDataReader.GetValue(2) TextBox4.Text = Sql.SqlDataReader.GetValue(4) TextBox5.Text = Sql.SqlDataReader.GetValue(3) PictureBox1.Load(Sql.SqlDataReader.GetValue(6)) FnalBook = Sql.SqlDataReader.GetValue(5) price = Sql.SqlDataReader.GetValue(7) End If End While End Sub Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click Sql.SqlCommand = New OleDbCommand("select * from EncryptedDB", Sql.SqlConnection) Sql.SqlDataReader = Sql.SqlCommand.ExecuteReader While Sql.SqlDataReader.Read If TextBox2.Text = Sql.SqlDataReader.GetValue(0) Then Enfile = Sql.SqlDataReader.GetValue(4) keys = Sql.SqlDataReader.GetValue(5) End If End While Form4.Show()

82

Form4.TextBox6.Text = price End Sub End Class Imports System.Data.OleDb Public Class Form2 Public Sql As SQL Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click Sql.SqlCommand = New OleDbCommand("insert into CustomerDB values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" & ComboBox1.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox6.Text & "')", Sql.SqlConnection) Sql.SqlCommand.ExecuteNonQuery() MsgBox("User Created") textclear() End Sub Private Sub Form2_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load ComboBox1.Items.Add("Academic") ComboBox1.Items.Add("Business") ComboBox1.Items.Add("General") Sql = New SQL Sql.Sql_Connection() End Sub Sub textclear() TextBox1.Text TextBox2.Text TextBox3.Text TextBox4.Text TextBox5.Text TextBox6.Text TextBox7.Text End Sub

= = = = = = =

"" "" "" "" "" "" ""

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click textclear() End Sub Private Sub Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button3.Click Form1.Show() End Sub End Class Imports System.Data.OleDb Public Class Form1 Dim Sql As SQL Private Sub Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button3.Click Form2.Show() Me.Hide() End Sub Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Sql = New SQL Sql.Sql_Connection()

83

End Sub Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Sql.SqlCommand = New OleDbCommand("select * from CustomerDB ", Sql.SqlConnection) Sql.SqlDataReader = Sql.SqlCommand.ExecuteReader While Sql.SqlDataReader.Read If TextBox1.Text = Sql.SqlDataReader.GetValue(5) And TextBox2.Text = Sql.SqlDataReader.GetValue(6) Then Me.Hide() Form3.Show() Exit While End If End While End Sub End Class Imports System.Data.OleDb Public Class SQL Public SqlConnection As OleDbConnection Public SqlCommand As OleDbCommand Public SqlDataReader As OleDbDataReader Public Sqlpath As String Public Sub Sql_Connection() Sqlpath = My.Application.Info.DirectoryPath Sqlpath = Sqlpath.Remove(Sqlpath.Length - 42, 42) Sqlpath = Sqlpath + "\WindowsApplication1\WindowsApplication1\bin\Debug" SqlConnection = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Sqlpath & "\SQL.mdb") SqlConnection.Open() End Sub End Class Imports System.Data.OleDb Public Class Form2 Public Sql As SQL Dim idcount As Integer Private Sub TextBox4_TextChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles TextBox4.TextChanged End Sub Private Sub Label4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label4.Click End Sub Private Sub Label11_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label11.Click Sql.SqlCommand = New OleDbCommand("insert into user_sql values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" &

84

TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox6.Text & "','" & TextBox7.Text & "')", Sql.SqlConnection) Sql.SqlCommand.ExecuteNonQuery() MsgBox("User Created") End Sub Private Sub Form2_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Sql = New SQL Sql.Sql_Connection() End Sub Private Sub Label13_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label13.Click End Sub Private Sub Label12_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label12.Click End Sub End Class Imports System.Data.OleDb Public Class Form3 Public Sql As SQL Private Sub Label4_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label4.Click End Sub Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label1.Click SQL.SqlCommand = New OleDbCommand("select * from user_sql", SQL.SqlConnection) SQL.SqlDataReader = SQL.SqlCommand.ExecuteReader While SQL.SqlDataReader.Read If TextBox1.Text = Sql.SqlDataReader.GetValue(4) And TextBox1.Text = Sql.SqlDataReader.GetValue(5) Then Form1.Show() Me.Hide() End If End While End Sub Private Sub Form3_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Sql = New SQL Sql.Sql_Connection() End Sub End Class Imports System.Data.OleDb Public Class Form4 Public Sql As SQL Private Sub Label9_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label9.Click If OpenFileDialog1.ShowDialog <> Windows.Forms.DialogResult.Cancel Then TextBox5.Text = OpenFileDialog1.FileName

85

End If End Sub Private Sub Label12_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label12.Click Form5.Show() Form5.TextBox1.Text = OpenFileDialog1.FileName End Sub Private Sub Form4_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load ComboBox1.Items.Add("Eduction") ComboBox1.Items.Add("Science") ComboBox1.Items.Add("History") ComboBox1.Items.Add("Computer") Sql = New SQL Sql.Sql_Connection() End Sub Private Sub Label5_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label5.Click Sql.SqlCommand = New OleDbCommand("insert into BookDB values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" & ComboBox1.Text & "','" & TextBox4.Text & "','" & TextBox5.Text & "','" & TextBox6.Text & "','" & TextBox7.Text & "')", Sql.SqlConnection) Sql.SqlCommand.ExecuteNonQuery() MsgBox("Record Saved") Form6.Show() Form6.TextBox1.Text = TextBox2.Text Form6.TextBox2.Text = TextBox3.Text Form6.TextBox3.Text = TextBox4.Text Form6.PictureBox1.Load(OpenFileDialog1.FileName) Me.Hide() End Sub Private Sub Label14_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label14.Click If (OpenFileDialog1.ShowDialog() <> Windows.Forms.DialogResult.Cancel) Then TextBox6.Text = OpenFileDialog1.FileName PictureBox1.Load(OpenFileDialog1.FileName) End If End Sub End Class Imports System.Data.OleDb Imports System Imports System.IO Imports System.Xml Imports System.Text Imports System.Security.Cryptography Public Class Form6 Public Sql As SQL Dim spath, textcon As String Dim s As Sampledata

86

Private Sub Label8_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label8.Click Sql.SqlCommand = New OleDbCommand("select * from BookDB", Sql.SqlConnection) Sql.SqlDataReader = Sql.SqlCommand.ExecuteReader While Sql.SqlDataReader.Read If TextBox1.Text = Sql.SqlDataReader.GetValue(1) Then spath = Sql.SqlDataReader.GetValue(5) RichTextBox2.LoadFile(spath, RichTextBoxStreamType.PlainText) End If End While

End Sub Private Sub Form6_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load Sql = New SQL Sql.Sql_Connection() s = New Sampledata End Sub Private Sub Label10_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label10.Click If TextBox4.TextLength = 8 Then s.EncryptionKey = TextBox4.Text textcon = s.Encrypt(spath) RichTextBox1.Text = textcon Sql.SqlCommand = New OleDbCommand("insert into EncryptedDB values('" & TextBox1.Text & "','" & TextBox2.Text & "','" & TextBox3.Text & "','" & spath & "','" & textcon & "','" & TextBox4.Text & "')", Sql.SqlConnection) Sql.SqlCommand.ExecuteNonQuery() Else MsgBox("Key Should be 8 character") End If

End Sub Private Sub Label5_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label5.Click Me.Hide() Form1.Show() End Sub End Class Class Sampledata Private key() As Byte = {} Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF} Public EncryptionKey As String = "abcdefgh" Public Function Decrypt(ByVal stringToDecrypt As String) As String Try Dim inputByteArray(stringToDecrypt.Length) As Byte

87

key = System.Text.Encoding.UTF8.GetBytes(Left(EncryptionKey, 8)) Dim des As New DESCryptoServiceProvider inputByteArray = Convert.FromBase64String(stringToDecrypt) Dim ms As New MemoryStream Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write) cs.Write(inputByteArray, 0, inputByteArray.Length) cs.FlushFinalBlock() Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8 Return encoding.GetString(ms.ToArray()) Catch ex As Exception 'oops - add your exception logic End Try End Function Public Function Encrypt(ByVal stringToEncrypt As String) As String Try key = System.Text.Encoding.UTF8.GetBytes(Left(EncryptionKey, 8)) Dim des As New DESCryptoServiceProvider Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(stringToEncrypt) Dim ms As New MemoryStream Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write) cs.Write(inputByteArray, 0, inputByteArray.Length) cs.FlushFinalBlock() Return Convert.ToBase64String(ms.ToArray()) Catch ex As Exception 'oops - add your exception logic End Try End Function End Class Imports System.Data.OleDb Public Class Form9 Public SQL As SQL Private Sub Form9_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load SQL = New SQL SQL.Sql_Connection() SQL.SqlCommand = New OleDbCommand("select * from CustomerDB", SQL.SqlConnection) SQL.SqlDataReader = SQL.SqlCommand.ExecuteReader While (SQL.SqlDataReader.Read) ListBox1.Items.Add(SQL.SqlDataReader.GetValue(0)) End While End Sub Private Sub ListBox1_SelectedIndexChanged(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ListBox1.SelectedIndexChanged SQL.SqlCommand = New OleDbCommand("select * from CustomerDB", SQL.SqlConnection) SQL.SqlDataReader = SQL.SqlCommand.ExecuteReader While (SQL.SqlDataReader.Read) If (SQL.SqlDataReader.GetValue(0) = ListBox1.Text) Then TextBox2.Text = SQL.SqlDataReader.GetValue(1)

88

TextBox3.Text TextBox4.Text TextBox5.Text TextBox6.Text TextBox7.Text End If End While End Sub

= = = = =

SQL.SqlDataReader.GetValue(2) SQL.SqlDataReader.GetValue(3) SQL.SqlDataReader.GetValue(4) SQL.SqlDataReader.GetValue(5) SQL.SqlDataReader.GetValue(6)

Private Sub Label5_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label5.Click Me.Hide() Form1.Show() End Sub Private Sub Label1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Label1.Click Form8.Show() End Sub End Class

1. BIBLIOGRAPHY

1. ELIAS. M. AWAD, SYSTEM ANALYSIS AND DESIGN, GALGOTIA PUBLICATIONS, II EDITION, 2003.

2. MARTIN, PRINCIPLE OF DATABASE MANAGEMENT, TATA MCGRAW HILL PUBLICATIONS, III EDITION, 2000. 3. BRIAN SILER AND JEFF SPOTTS, USING VISUAL BASIC.NET 2008, PRENTICE HALL INDIA PUBLICATIONS, 2002. 4. JOHN PAUL MELLER THE COMPLETE REFERENCE VISUAL BASIC.NET 2008 , TATA MCGRAW HILL PUBLICATIONS, III EDITION, 2001. 5. DANIEL CAZZULINO , BEGINNING WEB PROGRAMMING USING VB.NET AND VISUAL STUDIO .NET, 2003.

89

90