Web Server Side Technology

Server-side technology refers to technology executed by a server in a client-server model.

Server-side technology refers to scripting languages ​​such as PHP, databases such as MySQL, and web server software such as Apache used on the server side. A variety of technologies can be used depending on how the web application is implemented.

In the early days of the web, most websites provided static (=unchanging) web content. At this time, all you had to do was create a web page in advance on the server side, save it, and show it to the user who requested the web page. However, with the development and spread of the web, websites have evolved into web applications that provide dynamic (=changing) web content, such as providing customized data or personalized UI to users by taking data requested by users from back-end data storage. This requires the server to do a lot more work, and it’s good to understand what the server is doing to respond to the user’s requests.

The following figure is a more detailed representation of the generally implemented server side.

A more detailed look inside the server side

The step-by-step operations in the picture above are as follows.

    ➀ The web browser sends an HTTP request to the server.

    ➁ The HTTP request received by the server is received by the web server or WAS and the data sent by the user along with the request is passed to the server-side script. NginX, Apache, JBoss, etc. are used. 

    ➂ Server-side scripts implemented in PHP, Python, etc. send queries to back-end data storage such as databases using the received user data as parameters.

    ➃ The database returns a recordset that satisfies the query conditions through the passed parameters. Frequently used databases include MySQL, MSSQL, ORACLE, and Postgresql.

    ➄ Again, the server-side script places the data extracted from the database into the appropriate location in the pre-made HTML Template.

    ➅ The server-side script finally returns the final HTML page to the web server or WAS.

    ➆ The web server or WAS responds the final HTML page generated from the server-side script to the web browser through HTTP communication.

Web Server (WAS)

A web server is software that responds to HTTP requests. Strictly speaking, the original term web server refers to software that serves static content such as HTML, CSS, images, videos, etc. in response. Software for retrieving data from a database and dynamically providing web content has a different term for it than a web server, called WAS (Web Application Server), and the two terms are generally conceptually distinct. However, most web servers these days provide modules for scripting languages ​​such as PHP, ASP, and JSP to create dynamic content, and since WAS also includes web server functions, the boundary has become blurred. Of course, depending on the organization’s conditions or circumstances, there are cases where both roles are separated, with the web server processing static web content and WAS processing dynamic web content. Anyway, this training does not specifically explain the difference between web servers and WAS.

A web server or WAS includes the following:

Apache HTTP Server

Apache HTTP Server (Apache HTTP Server) is the most widely used open source web server software in the world. It was created by the Apache Software Foundation and was created in 1995 based on NCSA HTTPd, which was created based on Unix. It is cross-platform, running on all operating systems such as Windows and Linux as well as Unix, and  has the advantage of being highly scalable as it supports modular configuration using MPM (Multi-Processing Module). It has the advantage of being able to handle both static and dynamic web content.

Together with PHP and MySQL (or MariaDB), it is considered the standard stack for web application development, under the acronym APM. As some of you may have heard of, LAMP, WAMP, etc. are named based on what operating system the APM runs on, and they are all stacks composed of Apache HTTP server, PHP, and MySQL (or MariaDB).

NGINX

NGINX is a next-generation open-source web server software that is attracting attention as an alternative to Apache HTTP server. It was created by a Russian man named Igor Sysoev to solve the C10K problem of the Apache HTTP server and was released in 2004. Since its announcement, it has grown rapidly by taking up less resource space than other web servers such as Apache HTTP Server, handling more simultaneous connections, and keeping pace with the development of the web, meeting requirements that Apache HTTP Server cannot provide. Igor Shishov founded a company to market a commercial version for enterprises called NGINX Plus. NGINX cannot process dynamic web content on its own and must be used in conjunction with other programs such as FastCGI and SCGI. According to W3Tech ‘s analysis, NGINX’s market share shows steady growth. 

 Web server utilization status (Source:  W3Techs)

Google Web Server

GWS is web server software that Google uses for its infrastructure. 

Microsoft IIS

IIS (Internet Information Service) is web server software created by Microsoft and runs on the Windows operating system. When compared to the web servers we looked at earlier in terms of market share (based on active websites), this is the web server with the worst performance. 

Apache Tomcat

Apache Tocat (Apache Tomcat) is not a web server but a WAS. It is an open source software and, as the name suggests, it was created by the Apache Software Foundation. Among the server-side scripting languages, it is used in Java-based web applications. It can be used alone as it has a built-in web server function, but in large-scale web applications with many users, it is recommended to use it in conjunction with Apache HTTP server (web server).

JBoss

JBoss is an open source WAS developed by RedHat. It is mainly used in Java-based web applications and runs in Unix, Linux, and Windows environments.

Resin

WAS developed by Caucho Technology is used in PHP and Java-based web applications. There is Resin, which adopts the GPL license, and Resin Pro, a product for companies that purchase the license.

Glassfish

Glassfish is an open source Java EE application server released by Sun Microsystems in 2006 and is currently hosted by the Eclipse Foundation. Like most Java application servers, Glassfish supports Java Servlets, Enterprise JavaBeans (EJB), etc., but it can also act as a web server serving web content in response to HTTP requests.

Jeus

Jeus is a domestic WAS made by TmaxSoft. As expected, our market share in Korea is high. 

Server Side Script

---

Server-side script refers to code that implements internal logic within the server using scripts to develop dynamic web applications, performs appropriate functions in response to user requests, or responds according to data requests. Server-side scripts are executed after querying the database according to the user’s request, before passing the response to the web browser, as seen in the “General model of server-side” picture above. It is limited to web applications that serve dynamic web content based on a database, but is almost similar, just performing a different function instead of database queries. Typical cases where server-side scripting is used include a login function that connects to a database and verifies whether the user entered the correct ID and password, an online shopping mall site that retrieves personalized data such as the user’s purchase history, and support for writing/sending/receiving mail. There are email sites that do this, websites that control access to resources based on user permissions, and they vary greatly depending on the role, type, function, and implementation method of the web application.

Server-side scripts are stored only on the server side and cannot be viewed by users as they are source code that runs only on the server side. On the other hand, JavaScript, which was previously included as a client-side technology along with HTML and CSS (nowadays, with the advent of Node.js, is also used as a server-side scripting language), is a representative client-side script that can be copied to the local PC by a web browser. It is saved so users can check the source code.

To write server-side scripts, you must use a server-side scripting language. Let’s take a quick look at some of the most commonly used server-side scripting languages. To learn how to use the scripting languages ​​described below, it is recommended that you purchase a professional book or use a platform that specializes in coding education.

PHP

PHP is a widely used open-source server-side scripting language used to create static or dynamic web applications. It was first released in 1995 by a person named “Rasmus Rudolph.” Originally, PHP started as a personal project, and at the time, the name PHP was an abbreviation for Personal Home Page. However, it is now chosen by people all over the world as a very powerful scripting language for developing web applications, and the abbreviation of PHP has been changed to PHP: Hypertext Preprocessor. 

The number of web apps built using PHP is enormous, from small web applications to large, well-known web applications (for example, Facebook was developed with PHP). Commercial solutions that support web application development include:

• Blog – WordPress, Joomla
• Bulletin Board – PHPBB, vBulletin
• Ecommerce, Shopping Cart – Prestashop, OpenCart
• Admin Panel – PHPMyAdmin

Additionally, there are two representative web development frameworks:

• Laravel
• CodeIgniter

PHP can be easily inserted into HTML files, and is implemented by inserting a script execution area surrounded by <?php … ?>, as follows:

<html> 
<head> 
  <title>PHP Simple Example</title> 
</head> 
<body> 
  <?php echo "Hello, hunters!" ?>
 </body> 
</html>

For further explanation of PHP,  please read Wikipedia PHP .

JSP

JSP stands for Jakarta Server Page or Java Server Page and is a server-side scripting language for creating Java-based dynamic web applications. You must have a WAS such as Apache Tomcat that supports a servlet container to run JSP. Before JSP is executed, it is internally compiled into a servlet, and WAS performs specified functions through this servlet. After the function is performed, the data extracted from the data storage is combined with the HTML Template as seen earlier, and finally sent as a response to the web browser.

As I mentioned, JSP is based on the Java language, so it has the following Java features.

• Object Orientation: In Java, everything is represented as an object. 
• Platform independence: Regardless of the type of operating system, an application once written can be easily run on another operating system without changing the source code.
• Operating system architecture neutrality: The memory capacity occupied by data types such as int is the same in both 32-bit and 64-bit operating systems. For reference, in C, the int data type occupies 2 bytes in 32-bit and 4 bytes in 64-bit.
• Multithreading support: Multiple threads can run simultaneously in one program.
• High performance: Java supports high performance because it uses a just-in-time (JIT) compiler. (For more information about JIT compilation,  see Wikipedia JIT compilation  )
• Security: Applications developed in Java are relatively safe because they run in the Java Runtime Environment (JRE).

Similar to PHP, JSP can be used to insert an area separated by a specific markup inside an HTML page.

• Directive: Defines properties and values ​​required by the container to process JSP pages.

<%@ directive-name 
  attribute1="value1" 
  attribute2="value2" 
  ... 
  attributeN="valueN" %>

• Expression: Used when outputting a value or calling a method.

<%= Some-expression %>

• Declaration: Used when declaring variables or methods.

<%! Dec var %>

• Scriptlet: Used when executing Java code.

<% Some-java-code %>

The following is a simple example of a game where you leave work if the random number is greater than 100, and you stay if the random number is less than 100.

<html>
<head>
  <title>JSP simple example</title></head><body>
  <%
    double num = Math.random(); // Execute if-else Java code using scriptlet.
    if (num > 100) {
  %>
      <h2>Congratulations. Get off work quickly!</h2><p>( <%= num %> )</p> // Print the num value using an expression.
   <%
    } else {
  %>
      <h2>Oh, there's something you need to do.</h2><p>( <%= num %> )</p> // Print the num value using an expression.
   <%
    }
  %> <a href=" <%= request.getRequestURI() %>
   "> // Call the getRequestURI() method using an expression.
    <h3>Shall we try again?</h3>
  </a>
</body>
</html>

Python

Python is an object-oriented general-purpose programming language created by Guido van Rossum and released in 1991, and is, of course, open source. This is a language that Guido developed as a way to kill time because he was bored during Christmas week. It is said that the name was taken from “Monty Python,” the name of his favorite comedy group. It is used for server-side scripting in the web development field but is also used in a variety of professional practices, including the development of desktop applications, machine learning, and deep learning. In addition, it is a programming language that even beginners can easily learn, and is chosen in many places as an educational language. If you focus only on web development, the Ruby language below stands out more than Python, but Python is undoubtedly a popular language that is widely used not only in the web but also in data science fields. In terms of search word share by programming language selected by TIOBE in October 2020, it ranked 3rd after C and Java, and TIOBE’s CEO “Paul Jansen” mentioned Java’s decline and Python’s continuous rise, saying that the reversal of rankings is important. They also said it would be an incident. 

TIOBE Programming Community Index (as of October 2020) 

The features of Python are as follows:

• Open source: Free.
• Object Orientation: Everything is made of objects. It supports OOP, including the concept of classes and object encapsulation. 
• Platform independence: Can be run on platforms such as Windows and Linux without changing the code.
• Highly extensible: You can easily write and compile Python code in C or C++ languages.  
• High productivity: Because of its fast development speed, it is also popular as a language for developing prototypes.
• Dynamic data type: The type of the variable, such as int, double, etc., is automatically determined based on the assigned value without the need to specify it separately.
• Short and easy syntax: The code is short and concise, making it a human-friendly language that is easy to learn.

Django is a web development framework for Python.

Ruby

Ruby is an object-oriented programming language released in 1995 by a Japanese person named “Matsumoto Yukihiro (nickname: Matsu)” and is free and open source. At the time, Matsu enjoyed using Perl and Python, and it is said that he was naturally influenced by these two programming languages. Some say that Matsu, who was a fan of the perl language, chose the language he developed because Perl has the same pronunciation as pearl, so he chose the language he developed as one of the easier-to-pronounce gemstones. It is also said that the name Ruby was taken from the birthstone of one of Matsu’s acquaintances. there is. In fact, Ruby is very similar to Python, and Ruby and Python are often considered competing languages. After its announcement, it gained sensational popularity among developers in the early and mid-2000s, but its popularity has now slowed down. It is mainly used in the United States and Japan (especially in Japan, where it is more popular than Python perhaps because it was created by its own citizens), but it is difficult to find Ruby developers or related materials in Korea (South Korea).  

Ruby has almost similar features to Python.

• Open source: Free.
• Object Orientation: Everything is made of objects.
• Platform independence: As long as the operating system supports Ruby, an application once written can be run on other operating systems without modifying the code.
• High productivity: Because of its fast development speed, it is also popular as a language for developing prototypes.
• Free format: Unlike other programming languages, it is not sensitive to indentation and allows you to write code in any row or column.
• Easy syntax: Relatively simple and clean syntax, highly readable and human-friendly.

A web development framework using Ruby is Ruby On Rails, which is a framework called “Rails” based on the Ruby language. It is no exaggeration to say that this web framework served as a driving force in the growth of the Ruby language.

ASP.NET

ASP.NET (ASP.NET)   is a server-side web framework based on the .NET framework released by Microsoft in 2002 to create dynamic web applications. It is the successor to ASP (Active Server Page) and is open source. It was created to compete with the Java platform to create applications that run on multiple platforms such as Windows, Linux, and various home appliances with a single development. ASP.NET applications are mainly written using languages ​​such as  C# ,  F# , and  Visual Basic.NET and a development tool called Visual Studio, and although they support running on web servers such as Apache, there are some incompatible parts, so they are generally not used. It is configured to run on IIS, Microsoft’s web server.

Database

Numerous web applications generate data either by users or for developers or administrators, and some data is stored well and provided again when needed. One of the things needed to perform this function is a database (DB).

Wikipedia describes the definition of the database as follows.

“It is a set of information that is managed in an integrated manner for the purpose of being shared and used by many people. It is a collection of one or more logically related data, and the contents are highly structured to improve the efficiency of search and update. In other words, several data files are organized systematically. “It can be said to be a collection of data that is integrated, eliminates duplication of data items, structures the data, and stores it.”

There are two types of databases: relational databases and non-relational databases.

relational database

Relational database, commonly abbreviated as RDB (Relational DB), is a representative example of the database world. If you just call it a database, you can think of it as a relational database. Relational databases store data consisting of pairs of Key and Value in tables consisting of rows and columns in a two-dimensional structure. If you have no idea what it looks like, it might be easier to think of a spreadsheet like Excel. And these tables where data is stored form relationships with each other as needed, creating dependencies and restrictions. 

Several movie data are stored in the Movie table of the database.

Special software is required to manage these databases. It is DBMS (DataBase Management System). DBMS allows you to build a database and manipulate data, such as creating, modifying, or deleting tables, or retrieving, storing, changing, or deleting data. What is used in this case is SQL (Structured Query Language). You may have heard the word SQL a lot. SQL injection, also called the flower of web hacking, is the SQL that is used when attacking. What you need to know to do SQL injection, right? This SQL will be covered in more detail in later SQL injection attack training, and we will briefly glance at it in this training.

SQL is broadly divided into three types:

• DDL (Data Definition Language): A syntax for managing tables and indexes such as CREATE, DROP, and ALTER.
• DML (Data Manipulation Language): Syntax for manipulating and retrieving data in tables, such as INSERT, UPDATE, DELETE, and SELECT.
• DCL (Data Control Language): Syntax for controlling access to data such as GRANT, REVOKE, COMMIT, and ROLLBACK.

As a simple example of one of the DMLs, the SQL query to retrieve the movie name, release year, and category code information of the movie “Parasite” from the Movie table above is as follows. 

SELECT MovieName, ReleasedYear, CategoryCode FROM movie WHERE MovieName = 'Parasite';

Major commercial DBMS products include:

• MySQL: It was a DBMS comparable to the Oracle database, but was acquired by Oracle. There is a free open source version and a version that requires a paid license. It is mainly used with Apache and PHP. 
• MariaDB: Open source. It was created by MySQL employees who were not very happy about Oracle’s acquisition of MySQL. It is almost identical to MySQL, just with a different name.
• Oracle DBMS: DBMS for Oracle database. It reigns as the strongest player in the DBMS industry and boasts enormous profits. It is mainly used by large-scale companies.
• MS SQL Server: Microsoft’s DBMS. It is generally used when building web applications based on the Windows operating system, IIS, and ASP.NET.
• PostgreSQL: Open source. It is an emerging powerhouse that is fiercely pursuing the DBMS above. 

Non-relational database

The relational database discussed earlier is intended to manage structured data stored in tables consisting of rows and columns. However, with the advent of smartphones, unstructured data such as images and videos began to rapidly increase, and existing relational databases were not suitable for managing such unstructured data. Therefore, non-relational databases, called NoSQL databases, emerge. NoSQL stands for Not only SQL and is a name inspired by the fact that it is a new set-oriented database that can manage unstructured data using various types of databases as well as SQL.

The various types of databases referred to here include four models: For now, you can just read it and move on.

• Key-value model: The simplest structure consists of a key and a value, and the value is accessed using the key. It is not possible to access the key using the value. You can store various types of data such as Strings, Bitmaps, Hash, and Lists. A representative example is Redis.

Structure of key-value model (Source: Redislabs)

• Document model:   A model that stores data in the form of documents in JSON or BSON format. MongoDB uses this model.

Structure of the Document model (Source: Pingax)

• Column-family model: A model that stores data as a collection of multiple column-value pairs mapped to one Row Key. Representative DBMSs include Casandra and Hbase.

Structure of Column-family model (Source: Tutorialspoint)

• Graph model: A model that stores data in the form of a graph using nodes, edges, and properties. In the picture below, the lines connecting each node define the relationships between nodes. In fact, it is closer to a relational model than a set-oriented one. Representative DBMSs include AllegroGraph and Amazon Neptune.

Structure of Graph model (Source: Wikipedia)