计算机科学与技术学院
本科毕业设计专业翻译资料(中文读书报告)
学生姓名: 郭 磊
专业班级: 网络工程0802
学 号:
2012 年 6 月 1 日
Java and the Internet
If Java is, in fact, yet another computer programming language, you may question why it is so important and why it is being promoted as a revolutionary step in computer programming. The answer isn’t immediately obvious if you’re coming from a traditional programming perspective. Although Java is very useful for solving traditional stand-alone programming problems, it is also important because it will solve programming problems on the World Wide Web.
1.Client-side programming
The Web’s initial server-browser design provided for interactive content, but the interactivity was completely provided by the server. The server produced static pages for the client browser, which would simply interpret and display them. Basic HTML contains simple mechanisms for data gathering: text-entry boxes, check boxes, radio boxes, lists and drop-down lists, as well as a button that can only be programmed to reset the data on the form or “submit” the data on the form back to the server. This submission passes through the Common Gateway Interface (CGI) provided on all Web servers. The text within the submission tells CGI what to do with it. The most common action is to run a program located on the server in a directory that’s typically called “cgi-bin.” (If you watch the address window at the top of your browser when you push a button on a Web page, you can sometimes see “cgi-bin” within all the gobbledygook there.) These programs can be written in most languages. Perl is a common choice because it is designed for text manipulation and is interpreted, so it can be installed on any server regardless of processor or operating system.
Many powerful Web sites today are built strictly on CGI, and you can in fact do nearly anything with it. However, Web sites built on CGI programs can rapidly become overly complicated to maintain, and there is also the problem of response time. The response of a CGI program depends on how much data must be sent, as well as the load on both the server and the Internet. (On top of this, starting a CGI program tends to be slow.) The initial designers of the Web did not foresee how
rapidly this bandwidth would be exhausted for the kinds of applications people developed. For example, any sort of dynamic graphing is nearly impossible to perform with consistency because a GIF file must be created and moved from the server to the client for each version of the graph. And you’ve no doubt had direct experience with something as simple as validating the data on an input form. You press the submit button on a page; the data is shipped back to the server; the server starts a CGI program that discovers an error, formats an HTML page informing you of the error, and then sends the page back to you; you must then back up a page and try again. Not only is this slow, it’s inelegant.
The solution is client-side programming. Most machines that run Web browsers are powerful engines capable of doing vast work, and with the original static HTML approach they are sitting there, just idly waiting for the server to dish up the next page. Client-side programming means that the Web browser is harnessed to do whatever work it can, and the result for the user is a much speedier and more interactive experience at your Web site.
The problem with discussions of client-side programming is that they aren’t very different from discussions of programming in general. The parameters are almost the same, but the platform is different: a Web browser is like a limited operating system. In the end, you must still program, and this accounts for the dizzying array of problems and solutions produced by client-side programming. The rest of this section provides an overview of the issues and approaches in client-side programming.
2.Plug-ins
One of the most significant steps forward in client-side programming is the development of the plug-in. This is a way for a programmer to add new functionality to the browser by downloading a piece of code that plugs itself into the appropriate spot in the browser. It tells the browser “from now on you can perform this new activity.” (You need to download the plug-in only once.) Some fast and powerful behavior is added to browsers via plug-ins, but writing a plug-in is not a trivial task, and isn’t something you’d want to do as part of the process of building a particular site. The value of the plug-in for client-side programming is
that it allows an expert programmer to develop a new language and add that language to a browser without the permission of the browser manufacturer. Thus, plug-ins provide a “back door” that allows the creation of new client-side programming languages (although not all languages are implemented as plug-ins).
3.Scripting languages
Plug-ins resulted in an explosion of scripting languages. With a scripting language you embed the source code for your client-side program directly into the HTML page, and the plug-in that interprets that language is automatically activated while the HTML page is being displayed. Scripting languages tend to be reasonably easy to understand and, because they are simply text that is part of an HTML page, they load very quickly as part of the single server hit required to procure that page. The trade-off is that your code is exposed for everyone to see (and steal). Generally, however, you aren’t doing amazingly sophisticated things with scripting languages so this is not too much of a hardship.
This points out that the scripting languages used inside Web browsers are really intended to solve specific types of problems, primarily the creation of richer and more interactive graphical user interfaces (GUIs). However, a scripting language might solve 80 percent of the problems encountered in client-side programming. Your problems might very well fit completely within that 80 percent, and since scripting languages can allow easier and faster development, you should probably consider a scripting language before looking at a more involved solution such as Java or ActiveX programming.
The most commonly discussed browser scripting languages are JavaScript (which has nothing to do with Java; it’s named that way just to grab some of Java’s marketing momentum), VBScript (which looks like Visual Basic), and Tcl/Tk, which comes from the popular cross-platform GUI-building language. There are others out there, and no doubt more in development.
JavaScript is probably the most commonly supported. It comes built into both Netscape Navigator and the Microsoft Internet Explorer (IE). In addition, there are probably more JavaScript books available than there are for the other browser
languages, and some tools automatically create pages using JavaScript. However, if you’re already fluent in Visual Basic or Tcl/Tk, you’ll be more productive using those scripting languages rather than learning a new one. (You’ll have your hands full dealing with the Web issues already.)
4.Java
If a scripting language can solve 80 percent of the client-side programming problems, what about the other 20 percent—the “really hard stuff?” The most popular solution today is Java. Not only is it a powerful programming language built to be secure, cross-platform, and international, but Java is being continually extended to provide language features and libraries that elegantly handle problems that are difficult in traditional programming languages, such as multithreading, database access, network programming, and distributed computing. Java allows client-side programming via the applet.
An applet is a mini-program that will run only under a Web browser. The applet is downloaded automatically as part of a Web page (just as, for example, a graphic is automatically downloaded). When the applet is activated it executes a program. This is part of its beauty—it provides you with a way to automatically distribute the client software from the server at the time the user needs the client software, and no sooner. The user gets the latest version of the client software without fail and without difficult reinstallation. Because of the way Java is designed, the programmer needs to create only a single program, and that program automatically works with all computers that have browsers with built-in Java interpreters. (This safely includes the vast majority of machines.) Since Java is a full-fledged programming language, you can do as much work as possible on the client before and after making requests of the server. For example, you won’t need to send a request form across the Internet to discover that you’ve gotten a date or some other parameter wrong, and your client computer can quickly do the work of plotting data instead of waiting for the server to make a plot and ship a graphic image back to you. Not only do you get the immediate win of speed and responsiveness, but the general network traffic and load on servers can be reduced, preventing the
entire Internet from slowing down.
One advantage a Java applet has over a scripted program is that it’s in compiled form, so the source code isn’t available to the client. On the other hand, a Java applet can be decompiled without too much trouble, but hiding your code is often not an important issue. Two other factors can be important. As you will see later in this book, a compiled Java applet can comprise many modules and take multiple server “hits” (accesses) to download. (In Java 1.1 and higher this is minimized by Java archives, called JAR files, that allow all the required modules to be packaged together and compressed for a single download.) A scripted program will just be integrated into the Web page as part of its text (and will generally be smaller and reduce server hits). This could be important to the responsiveness of your Web site. Another factor is the all-important learning curve. Regardless of what you’ve heard, Java is not a trivial language to learn. If you’re a Visual Basic programmer, moving to VBScript will be your fastest solution, and since it will probably solve most typical client/server problems you might be hard pressed to justify learning Java. If you’re experienced with a scripting language you will certainly benefit from looking at JavaScript or VBScript before committing to Java, since they might fit your needs handily and you’ll be more productive sooner.to run its applets withi
5.ActiveX
To some degree, the competitor to Java is Microsoft’s ActiveX, although it takes a completely different approach. ActiveX was originally a Windows-only solution, although it is now being developed via an independent consortium to become cross-platform. Effectively, ActiveX says “if your program connects to its environment just so, it can be dropped into a Web page and run under a browser that supports ActiveX.” (IE directly supports ActiveX and Netscape does so using a plug-in.) Thus, ActiveX does not constrain you to a particular language. If, for example, you’re already an experienced Windows programmer using a language such as C++, Visual Basic, or Borland’s Delphi, you can create ActiveX components with almost no changes to your programming knowledge. ActiveX
also provides a path for the use of legacy code in your Web pages.
6.Security
Automatically downloading and running programs across the Internet can sound like a virus-builder’s dream. ActiveX especially brings up the thorny issue of security in client-side programming. If you click on a Web site, you might automatically download any number of things along with the HTML page: GIF files, script code, compiled Java code, and ActiveX components. Some of these are benign; GIF files can’t do any harm, and scripting languages are generally limited in what they can do. Java was also designed to run its applets within a “sandbox” of safety, which prevents it from writing to disk or accessing memory outside the sandbox.
ActiveX is at the opposite end of the spectrum. Programming with ActiveX is like programming Windows—you can do anything you want. So if you click on a page that downloads an ActiveX component, that component might cause damage to the files on your disk. Of course, programs that you load onto your computer that are not restricted to running inside a Web browser can do the same thing. Viruses downloaded from Bulletin-Board Systems (BBSs) have long been a problem, but the speed of the Internet amplifies the difficulty.
The solution seems to be “digital signatures,” whereby code is verified to show who the author is. This is based on the idea that a virus works because its creator can be anonymous, so if you remove the anonymity individuals will be forced to be responsible for their actions. This seems like a good plan because it allows programs to be much more functional, and I suspect it will eliminate malicious mischief. If, however, a program has an unintentional destructive bug it will still cause problems.
The Java approach is to prevent these problems from occurring, via the sandbox. The Java interpreter that lives on your local Web browser examines the applet for any untoward instructions as the applet is being loaded. In particular, the applet cannot write files to disk or erase files (one of the mainstays of viruses). Applets are generally considered to be safe, and since this is essential for reliable
client/server systems, any bugs in the Java language that allow viruses are rapidly repaired. (It’s worth noting that the browser software actually enforces these security restrictions, and some browsers allow you to select different security levels to provide varying degrees of access to your system.)
You might be skeptical of this rather draconian restriction against writing files to your local disk. For example, you may want to build a local database or save data for later use offline. The initial vision seemed to be that eventually everyone would get online to do anything important, but that was soon seen to be impractical (although low-cost “Internet appliances” might someday satisfy the needs of a significant segment of users). The solution is the “signed applet” that uses public-key encryption to verify that an applet does indeed come from where it claims it does. A signed applet can still trash your disk, but the theory is that since you can now hold the applet creator accountable they won’t do vicious things. Java provides a framework for digital signatures so that you will eventually be able to allow an applet to step outside the sandbox if necessary.
Digital signatures have missed an important issue, which is the speed that people move around on the Internet. If you download a buggy program and it does something untoward, how long will it be before you discover the damage? It could be days or even weeks. By then, how will you track down the program that’s done it? And what good will it do you at that point?
7.Internet vs. intranet
The Web is the most general solution to the client/server problem, so it makes sense that you can use the same technology to solve a subset of the problem, in particular the classic client/server problem within a company. With traditional client/server approaches you have the problem of multiple types of client computers, as well as the difficulty of installing new client software, both of which are handily solved with Web browsers and client-side programming. When Web technology is used for an information network that is restricted to a particular company, it is referred to as an intranet. Intranets provide much greater security than the Internet, since you can physically control access to the servers within your
company. In terms of training, it seems that once people understand the general concept of a browser it’s much easier for them to deal with differences in the way pages and applets look, so the learning curve for new kinds of systems seems to be reduced.
The security problem brings us to one of the divisions that seems to be automatically forming in the world of client-side programming. If your program is running on the Internet, you don’t know what platform it will be working under, and you want to be extra careful that you don’t disseminate buggy code. You need something cross-platform and secure, like a scripting language or Java.
If you’re running on an intranet, you might have a different set of constraints. It’s not uncommon that your machines could all be Intel/Windows platforms. On an intranet, you’re responsible for the quality of your own code and can repair bugs when they’re discovered. In addition, you might already have a body of legacy code that you’ve been using in a more traditional client/server approach, whereby you must physically install client programs every time you do an upgrade. The time wasted in installing upgrades is the most compelling reason to move to browsers, because upgrades are invisible and automatic. If you are involved in such an intranet, the most sensible approach to take is the shortest path that allows you to use your existing code base, rather than trying to recode your programs in a new language.
When faced with this bewildering array of solutions to the client-side programming problem, the best plan of attack is a cost-benefit analysis. Consider the constraints of your problem and what would be the shortest path to your solution. Since client-side programming is still programming, it’s always a good idea to take the fastest development approach for your particular situation. This is an aggressive stance to prepare for inevitable encounters with the problems of program development.
Java和因特网
既然Java不过另是一种类型的程序设计语言,那么大家可能会
奇怪它为什么会值得如此重视?这有这么多的人认为它是计算机程序设计的一个里程碑呢?如果你原来在一个传统的程序设计背景里,那么答案在刚开始的时候并不是很明显。Java除了可以解决传统的程序设计问题以外,还可以解决World Wide Web(万维网)上的编程问题。
1.客户端编程
Web最初采用的“服务器——浏览器”方案可提供交互式的内容,但这种交互能力完全有服务器提供,为服务器和因特网带来啦不小的负担。服务器一般为客户端浏览器产生的静态网页,由后者简单的解释并显示出来。基本的HTML语言提供了简单的数据收集机制:文字输入框、复选框、单选钮、列表一级下拉列表等等。另外还有一个按钮,只能有程序规定重新设置表单中的数据,以便回传给服务器。用户提交的信息通过所有的Web服务器均能支持的“通用网关接口(CGI)”会传到服务器,包含在提交中的文字只是CGI如何操作。最常见的行动时运行位于服务器的一个程序,那个程序一般保存在一个名称为“cgi——bin”的目录中(按下Web页内的一个按钮时,请注意一下浏览器顶部的地址窗经常都能发现“cgi——bin”的字样)。大多数语言都可以用来编写这些程序,但其中最常见的是Perl。这是由于Perl是专门为文字的处理及解释而设计的。所以可以再任何服务器上安装和使用,无论采用的服务器和操作系统是什么。
2.插件
朝客户端编程迈进的时候,最重要的一个问题就是插件的设计。利用插件,程序员可以方便的为浏览器添加新的功能,用户只需要下载一些代码,把它们“插入”浏览器适当的位置即可。这些代码的作用是告诉浏览器“从现在开始,你可以进行这些新活动了”(只需下载使用这些插件)。有些快速和功能强大的行为是通过插件添加到浏览器的。但插件的编写并不是一件简单的任务。在我们构建一个特定的站点时,可能并不希望设计这方面的工作。对于客户端程序设计来说,插件的价值在于它允许专业程序员设计出一种新的语言,并将哪种语言添加到浏览器中,同时不必经过浏览器原创者的许可。由此可以看出,插件实际是浏览器的一个“后门”,允许创建新的客户端程
序设计语言(尽管并非所有的语言都是作为插件来实现的)。
3.脚本编制语言
插件造成了脚本编制语言的爆炸性增长。通过这种脚本语言,可将用于自己客户端程序的源码插入HTML页,而对哪种语言进行解释的插件会在HTML页显示的时候自动激活,脚本语言一般都倾向于尽量简化,易于理解而且它们是从属于HTML页的一些简单的正文,所以只需要向服务器发送对那个页的一次请求,即可非常快的载入。缺点是我们的代码全部暴漏在人们的面前。另一方面,由于通常不用脚本编制语言做过分复杂的事情,所以这个问题可以暂且放在一边。
脚本编制语言真正面向的是特定类型问题的解决,其中主要涉及如何创建更丰富、更具有互动能力的图形用户界面(GUI)。然而,脚本编制语言也许能解决客户端编程中80%的问题,你所碰见的问题完全有可能在那80%里面,而且脚本编制语言的宗旨是尽可能的简化与快速,所以在考虑其他更复杂的方案前(tcl/TK、java及ActiveX),首先应该想一下,脚本语言是否可行。
目前讨论最多的脚本编制语言包括Javascript(它与Java没有任何的关系,之所以叫这个名字,完全是一种市场策略)、VBscript(同Visualbasic很相似)、以及Tcl/TK(来源于流行的跨平台GUI构造语言)。当然还有许多其他语言,也有许多赈灾开发中。
Javascript也许是日常用的,他的得到的支持也最全面。无论NetscaptNavigator Microsoft Internet Explorer,还是Opera,目测都提供了对Javascript的支持。除此以外,市面上讲述的Javascript的书籍要比讲述其他语言的书籍多很多。有些工具还能利用Javascript自动的产生网页。当然,如果你已经有Visual Basic或者TCl/TK的深厚功底,纳闷他们就会简单许多,最起码可以避免学习新语言的烦恼(解决web方面的问题已经够让人头疼的了)。
4.Java
如果说一种脚本编制语言能解决80%的客户端程序设计问题,那么剩下的20%又该怎么办呢?它们属于高难度的问题吗?目前最流行的方案就是Java,它不仅是一种功能强大、安全度高、可以跨平台使用以及国际通用的程序设计语言也是一种具有旺盛生命力的语言。
对Java的扩展是不断在进行的,提供的语言特性和库能够很好地解决传统语言所不能解决的问题,比如多线程的操作、数据库的访问、联网程序的设计以及分布式计算机等等。Java通过“程序片”(Applet)巧妙地解决了库护短编程的问题。
程序片(或者小应用程序)是一种非常小的程序,只能在web浏览器中运行。作为web页的一部分,程序片代码会自动的下载回来(这和网页中的图片差不多)。激活程序片后,它会执行一个程序。程序片的一个优点体现在:通过程序片,一旦客户需要客户软件,软件就可以从服务器自动的下载回来,它们能自动的取得客户软件的最新版本,不会出现错误,也没有重新安装的麻烦。由于java的设计原理,程序员只需要创建程序的一个版本,那个程序就能在几乎所有的计算机以及安装了java解释器的浏览器中运行。由于java是一种全功能的编译语言,所以在想一个服务器发送一个请求之前,我们可以再客户端做尽可能多的工作。例如,再也不必通过因特网传送一个请求表单,再有服务器确定其中是否存在一个拼写或者其他参数错误。大多数数据校验工作均可在客户端完成,没有必要坐在计算机前面焦急的等待服务器的响应。这样一来,不仅速度和响应的灵敏度得到了极大地提高,对网络和服务器造成的负担也可以明显的减少,这对保障因特网的畅通至关重要。
与脚本程序相比,java程序片的另一个优点是它采用编译好的程序,所以客户看不到源码。当然在另一方面,反编译Java程序片可能包含了许多的模块,所以要多次,而且代码的隐藏一般并不是一个重要的问题。大家另外要注意的两个问题,正如书本以前会讲到的那样,要多次访问服务器以便下载。在另一个方面,脚本程序是作为web页正文的一部分集成到web页内的,这种程序一般都非常的小,可有效地减少对服务器的点击数。另一个问题是学习方面的问题。如果你以前是一名Visual basic程序员,那么转向VBscript会是一种最快捷的方案。由于VBscript可以解决大多数典型的客户机/服务器问题,所以一旦上手,就很难再下定决心再去学校java。如果对脚本编制语言比较熟,那么在转向java前,建议先熟悉一下Javascript或者VBscript,因为它们可能已经能够满足你的需要,不必经历学
习Java的艰苦过程。
5.ActiveX
在某种程度上,Java的一个有力的竞争对手应该就是微软的ActiveX,尽管它采用的是一种完全不同的实现机制。ActiveX最早是一种纯Windows的方案。经过一家独立的专业协会的努力,ActiveX现在已经具备了跨平台使用的能力。实际上,ActiveX的意思是”假如你的程序同它的工作环境正常连接,它就能进入web页并且支持ActiveX的浏览器运行”。所以ActiveX并没有限制我们使用一种特定的语言。比如,假设我们是一名有经验的Windows程序员,可以熟练的使用C++、Visual basic,就能几乎不加任何学习的创建出ActiveX组建。事实上,ActiveX是在我们的web页中使用“历史遗留”代码的最佳途径。
6.安全
自动下载和通过因特网运行程序听起来就像一个病毒制造者的梦想。在客户端的编程中,ActiveX带来啦最让人头疼的安全问题。点击一个web站点的时候,可能会随同HTML网页传回任何数量的东西:GIF文件、脚本代码、编译好的java代码以及ActiveX组件。有些是无害的;GIF文件不会对我们造成任何的威胁,而脚本编制语言通常在自己可做的事情上有很大的限制。Java也设计成在一个安全“沙箱”里的程序片可以正常运行,这样可以防止操作沙箱以外的磁盘或者内存区域。
ActiveX是这些所有里面最让人担心的。用ActiveX编写程序就像编制windows程序——可以做任何自己想做的事情。下载回一个ActiveX组件后,它完全对我们磁盘上的文件造成破坏。当然,对于那些下载回来并不限于web浏览器内部运行的程序,它们同样也可能破坏我们的系统。从bbs下载回来的病毒一直是一个大问题,但因特网的速度使这个问题变得更加复杂。
目前想到的办法是“数字签名”,代码会得到权威机构的认证,显示出它的作者是谁。这一机制的基础是从认为病毒之所以会传播,是因为它的编写者匿名的缘故。所以假如匿名的因素,所有的程序设计者不得不为他们的行为负责。这似乎是一个好主意,因为它使程序
显得更加正规。但对它能消除恶意因素怀疑态度,因为假如一个程序本身含有一个bug,那么同样会造成问题。
Java通过“沙箱”来防止这些问题的发生。Java解释器内嵌于我们本地的web浏览器中,在程序片装载时会检查所有嫌疑的指令。特别的程序片根本没有权力将文件写入磁盘,或者删除文件(这是病毒最喜欢做的事情之一)。我们通常认为程序片是安全的。而且安全对于营建一个可靠地客户机/服务器系统至关重要。所以给病毒留下的漏洞的所有错误都可能很快的得到修复(浏览器软件实际需要强行遵守这些规则;而有些浏览器则允许我们选择不同的安全级别,防止对系统不同程度的访问)。
大家或许会怀疑这种限制是否会妨碍我们将文件写入到本地磁盘,比如,我们有时需要构建一个本地的数据库,或者将数据保存下来,以便以后离线使用。最早的版本似乎每个人都能在线做任何敏感的事情,但这很快的就变得非常的不现实(尽管低价“互联网工具”可能会满足大多数的用户需要)。解决大方案是“签了名的程序片”,它用公告密钥算法验证程序片确实来自它们所声称的地方。当然再通过验证后,签了名的一个程序片仍然可以清除你的磁盘。但从理论上说,既然现在能够找到创建人“算账”,那么它们一般不会干蠢事。Java1.1为数字签名提供了一个框架,在必要的时候,可以让一个程序片走到“沙箱”的外面来。
数字签名一露脸一个最重要的问题。那就是人们在因特网上移动的速度。如果下载回来一个漏洞百出的程序,而它很不幸的真的干了某些蠢事,需要多久才能发觉这一点呢?这也许是几天,也可能是几天之后。就算发现之后,又如何追踪当初肇事者的程序呢(以及追究它当时的责任有多大)?
7.因特网和内联网
Web是解决客户机/服务器问题的一种常见方案,所以最好能用相同的技术解决此类问题的“子集”。特别是公司内部的传统客户机/服务器问题。对于传统的客户机/服务器模式,我们面临的问题是拥有许多种不同类型的客户计算机,而且很难安装新的客户软件。但通过web浏览器和客户端编程,两类问题都可以得到很好地解决。若一
个信息网络局限于一家特定的公司,那么在将web技术应用于它后,即可称之为“内联网”。内联网提供了比互联网更高的安全级别,因为可以物理性能的控制对公司内部的服务器使用。说到培养,一般人们理解了浏览器的常规概念,就可以非常轻松的掌握网页和程序之间的差异,所以学习新型系统的开销会大幅度减少。
但假如在内联网中运行,面临的一些制约因素就会发生变化。全部机器为Inter/windows平台是件很平常的事情。在内联网中,需要对自己的代码质量负责,而且一旦发现错误,就可以立马改正。除此以外,可能已经有了一些历史遗留的代码,并用较为传统的客户机/服务器方式使用那些代码,但在进行升级时,每次都要物理性的安装一道客户程序。浪费在风机安装上的时间是转移到浏览器的一项重要原因。使用的浏览器之后,升级就会变得易如反掌,而且在整个过程中时透明的和自动进行的。如果真的是牵涉到这样一个内联网中,最明智的方法是采用ActiveX,而非试图采用一种新的语言来改程序的代码。
面临客户端编程问题,令人困惑的一系列的解决方案时,最好的方案时自己先做一次投资/回报分析。请总结出问题的全部制约因素,以及什么才是最快的方案。由于客户端程序设计仍要编程,所以无论如何都该针对自己的特殊情况采取最好的开发途径。这是准备面对程序开发中一些不可避免的问题。我们可以做出最好的姿态。