Previous Table of Contents Next


The proxy’s disk-based caching feature minimizes use of the external network by eliminating recurrent retrievals of commonly accessed documents. This feature provides additional “virtual bandwidth” to existing network resources and significantly improves interactive response time for locally attached clients. The resulting performance improvements provide a cost-effective alternative to purchasing additional network bandwidth. Because the cache is disk-based, it can be tuned to provide optimal performance based on network usage patterns.

The proxy server should allow dynamic process management, which allows the creation of a configurable number of processes that reside in memory waiting to fulfill HTTP requests. This feature improves system performance by eliminating the unnecessary overhead of creating and deleting processes to fulfill every HTTP request. The dynamic process management algorithm increases the number of server processes, within configurable limits, to efficiently handle periods of peak demand, resulting in faster document serving, greater throughput delivery, and better system reliability.

Firewall Software

An application-level firewall acts as a security wall and gateway between a trusted internal network and such untrustworthy networks as the Internet. Access can be controlled by individuals or groups of users or by system names, domains, subnets, date, time, protocol, and service.

Security is bidirectional, simultaneously prohibiting unauthorized users from accessing the corporate network while also managing internal users’ Internet access privileges. The firewall even periodically checks its own code to prevent modification by sophisticated intruders.

The firewall gathers and logs information about where attempted break-ins originate, how they got there, and what the people responsible for them appear to be doing. Log entries include information on connection attempts, service types, users, file transfer names and sizes, connection duration, and trace routes. Together, this information leaves an electronic footprint that can help identify intruders.

WEB DATABASE CONSIDERATIONS

Internet servers are the repositories of various databases. These databases may be set up for public access or for restricted intracompany access. In either case, the challenge of maintaining the information is apparent to IS professionals charged with keeping it accurate and up to date.

Vendors are developing ways to ease the maintenance burden. For example, database management vendors such as Oracle Corp. offer ways of integrating an existing data warehouse with the Internet without having to reformat the data into HTML. The data is not sent until a request is received and validated.

In addition, the server supports HTTP-type negotiation, so it can deliver different versions of the same object (e.g., an image stored in multiple formats) according to each client’s preferences. The server also supports national language negotiation, allowing the same document in different translations to be delivered to different clients.

The database server should support the two common authentication mechanisms: basic and digest authentication. Both mechanisms allow certain directories to be protected by user name/password combinations. However, digest authentication transmits encrypted passwords and basic authentication does not. Other security extensions that may be bundled with database servers include HTTP, S-HTTP and SSL standards, which are especially important in supporting electronic commerce applications.

Maintenance and Testing Tools

The maintenance of most Web databases still relies on the diligence of each document owner or site administrator to periodically check for integrity by testing for broken links, malformed documents, and outdated information. Data base integrity is usually tested by visually scanning each document and manually activating every hypertext link. Particular attention should be given to links that reference other Web sites because they are usually controlled by a third party who can change the location of files to a different server or directory or delete them entirely.

Link Analyzers. Link analyzers can examine a collection of documents and validate the links for accessibility, completeness, and consistency. However, this type of integrity check is usually applied more as a means of one-time verification than as a regular maintenance process. This check also fails to provide adequate support across distributed databases and for situations in which the document contents are outside the immediate span of control.

Log Files. Some types of errors can be identified by the server’s log files. The server records each document request and, if an error occurred, the nature of that error. Such information can be used to identify requests for documents that have moved and those that have misspelled URL, which are used to identify the location of documents on the Internet. Only the server manager usually has access to that information, however. The error is almost never relayed to the person charged with document maintenance, either because it is not recognized as a document error or because the origin of the error is not apparent from the error message.


Previous Table of Contents Next

Copyright © CRC Press LLC