The present invention relates generally to database access over the Internet and, more particularly, to Web page development, deployment, and execution conducive to database access and manipulation over the Internet.
The World Wide Web, commonly referred to as the xe2x80x9cWeb,xe2x80x9d has become a valuable Internet resource for business, scientific, and personal research and promotion. Individuals and businesses alike create and post Web pages containing all types of information. The files defining such Web pages are typically stored on a xe2x80x9cserverxe2x80x9d computer which is accessible to xe2x80x9cclientxe2x80x9d computers via the Internet or some other network. Once associated with a server, a Web page can be accessed and viewed on a client computer using commercially-available Web browsers, such as Netscape Navigator and Microsoft Explorer.
As the Web has become more popular, Web pages have become more complex and businesses have asked Web page developers to provide more and more information display capabilities. One such capability, which has become a highly-desirable Web application, is the capability to remotely access and manipulate data. For example, a company may want its sales personnel to have Internet access to the company""s databases while those sales personnel are in the field. As is described in detail below, prior art systems struggle with Internet database applications, specifically in the areas of efficiency, security, state management, and data xe2x80x9cbriefcasing.xe2x80x9d
As used herein, a xe2x80x9cdatabasexe2x80x9d refers to a collection of information organized in tables and stored on a server computer or accessible to a server computer via a database manager. A xe2x80x9ctablexe2x80x9d refers to a collection of data which organizes similar things together. For example, in a company database, one table might keep track of employee information and another table might keep track of sales activities. Every table contains columns and rows. For the purposes of this description, a column defines what type of information is gathered (e.g., name, hire date, salary) and a row stores that information (e.g., a row exists for each salesperson). A row of data is also referred to herein as a xe2x80x9crecord,xe2x80x9d and a column of data is referred to herein as a xe2x80x9cfield.xe2x80x9d A xe2x80x9crelational databasexe2x80x9d is a database having multiple tables whose records are linked together by keys.
Early in the Web""s history, the HyperText Markup Language, commonly referred to as xe2x80x9cHTML,xe2x80x9d was developed. HTML is a language that describes a Web page, and it is interpretable by virtually all commercially-available Web browsers.
One disadvantage to using an HTML document for database access applications is that HTML document based access is very inefficient. If an HTML document is being used to display information from a database lookup, then each time the user requests a different set of data, the server must invoke a xe2x80x9cCommon Gateway Interfacexe2x80x9d or xe2x80x9cCGIxe2x80x9d script which interacts with the database manager to obtain the data. Then the server must send all information on the page to the browser. Even though the information in only a single field is different (i.e., the field containing the new set of data), all static and unmodified page information must also be downloaded. This HTML limitation leads to slow and inefficient database access. In addition, the CGI scripts add a layer of processing between the server and the database, thus adding a level of inefficiency to the system.
Another problem with using pure HTML documents for database applications springs from the interactive nature of such applications. Database access is considered an interactive Web application because it often requires a client computer to interchange many messages with a server. This is particularly true when a user wants to access, via a Web page, a large number of records within a database table.
HTML was developed primarily as a language to enable text displays, and it is not well-suited to interactive applications, including database access and manipulation applications. Therefore, many Web pages, including database-oriented Web pages, have added Java, JavaScript, and ActiveX controls to their HTML documents in order to provide better interactive capabilities. Unfortunately, however, the use of Java, JavaScript, and Active X controls pose serious security problems to the integrity of computers and computer networks.
Java is a programming language which is specially adapted to support the development of Internet applications. Java enables an application designer to transport objects across the Internet, hence enabling database access. During an interactive session with a Web page, Java, JavaScript, and Active X operate similarly. In the interests of brevity, only Java is discussed, although the security problems pertaining to Java exist also with JavaScript and ActiveX.
A Java xe2x80x9cappletxe2x80x9d is a Java program specifically designed for incorporation by an HTML document. Rather than including the actual applet code within an HTML document, xe2x80x9ccannedxe2x80x9d applet code is often downloaded from somewhere else on the Web and then executed on the client machine. Such an applet is referred to generically as a xe2x80x9cdownloaded executable.xe2x80x9d In order to download an applet, an HTML document would include, among other things, the Uniform Resource Locator, or xe2x80x9cURL,xe2x80x9d identifying the location of the applet on the Web. For example, an HTML document could invoke an applet called xe2x80x9cClockxe2x80x9d stored at http://java.sun.com/openstudio/index.html. During operation of a Web page which invokes that applet, compiled xe2x80x9cClockxe2x80x9d applet code is downloaded from xe2x80x9cjava.sun.comxe2x80x9d to the client machine. The client""s browser then executes the applet on the client machine.
One enormous problem which faces Web page users is the security risks created by allowing downloaded executables to be run on the client machine. The Java applet is a major culprit, although similar security problems exist with JavaScript and ActiveX. Java applets, which can be downloaded from anywhere, may include xe2x80x9cmaliciousxe2x80x9d code. Upon execution of the downloaded applet, such applet could, for example, perform unauthorized file operations on the client machine.
Several solutions have been developed to deal with the threat of the malicious Java applet, but none have yet proved to be efficient and foolproof. For example, Finjan Software has developed the xe2x80x9cSurfinShield Xtraxe2x80x9d tool which, when a browser attempts to download an applet or control, scans the item in a fashion similar to an antivirus program. Unfortunately, many Web pages include numerous applets, and the scanning operation can substantially increase the time necessary to download and display a page. In addition, any antivirus-type tool is only as good as the level of ingenuity of the malicious-code creators at the time the antivirus tool is released. Therefore, it is likely that a user would need to update its antivirus-type software on a regular basis.
Microsoft recently released a similar antivirus-like solution called xe2x80x9cDynamic HTML,xe2x80x9d or xe2x80x9cDHTML,xe2x80x9d which is intended to replace ActiveX. DHTML is more secure than ActiveX because it is interpreted by the browser, which can override the code and prevent system violations. However, as with HTML, DHTML requires a server to dynamically create a Web page each time an update to the page is requested. For example, if a user interacting with a DHTML-generated page requests a new piece of data in a single field within the page, a CGI script would be invoked at the server to regenerate the entire page, even though only one piece of data changed. Thus, DHTML may reduce some security risks, but it requires developers to create server-side CGI scripts, and DHTML also has efficiency problems when used in database applications.
Besides the security risks associated with using downloaded executables within an HTML document, another challenge to providing interactive database access is that the nature of Web communications makes state management difficult. xe2x80x9cState managementxe2x80x9d refers to the maintenance of information which describes the particular state that a program is in. In a database application, state management enables a system to keep track of who is accessing a database, what records that user has accessed, and what records would be next.
To illustrate the Internet-related state management problem, a brief Internet data access scenario is described. When a user""s client machine requests, via a Web page, access to an initial set of data accessible to a remote server, the client browser establishes a connection with the remote server, sends a request, receives the requested data (if it is available), and closes the connection. When the client machine requests the next set of data, the browser must re-establish the connection with the remote server and send a new request. However, the remote server views the request in a vacuum and, thus, has no idea that the client previously requested records, what records the client previously requested, or what records would be next for that client. The browser also does not keep track of state information. Therefore, prior art systems did not maintain any state management information or they performed state management in an inefficient manner by allocating resources for each client, hoping the client would come back. The latter approach consumes great amounts of server resources and also limits the number of possible users.
In the Local Area Network (xe2x80x9cLANxe2x80x9d) and Wide Area Network (xe2x80x9cWANxe2x80x9d) situations, a persistent connection to the server is maintained, thus providing easy access and state management by the server. So, there is never any doubt about which database table a user is connected to, what record of that table the user is currently accessing, what record the user previously accessed, or what record is the next record. In the LAN/WAN situation, it is easy to provide state management for one or more simultaneous users. However, a persistent connection would be inefficient for Internet applications because it would consume too much bandwidth and other system resources.
Because prior-art servers were unable to maintain state information, several applications have been created to provide some semblance of state management in the interest of enabling a user to browse information within a database. One such tool is xe2x80x9cIntraBuilderxe2x80x9d from Inprise Corporation (a.k.a. Borland International). IntraBuilder is a tool which runs on the server machine. When a new user requests access to a database, the IntraBuilder tool creates an xe2x80x9cagentxe2x80x9d on the server for that user. The agent is responsible for knowing what user it is associated with and for providing state management for that user. One disadvantage to this agent concept is that hundreds or even thousands of agents could simultaneously exist on a server which provides access to one or more particularly-popular databases. The presence of a substantial number of agents is a burden on the server and limits the server""s ability to provide database access.
Another problem originally encountered with the IntraBuilder tool was that the browser had difficulty positioning an active page component (i.e., an element of a Web page which includes data) in the proper place on the page. The browser would independently calculate the component""s position. More often than not, the browser-calculated position would be different from the desired position.
In order to alleviate this problem, Netscape apparently modified its browser to recognize the messages coming from the server side when the Web page is posted. That enhanced the Netscape browser""s ability to post the information in a relatively close position to the desired position. However, the Netscape modification has not resulted in an optimum solution because it only works for a Web page with a relatively small number of components (e.g., approximately 20). Many Web page designers incorporate numerous components, sometimes in the hundreds. For example, a particular database may have sixty or more fields that a designer would like the page to display. Thus, the Web page would require sixty or more components. The current Netscape browser would be ill equipped to handle such a page.
Another tool for providing database access is xe2x80x9cEmrys Visionsxe2x80x9d from Emrys Solutions, Inc. The Emrys Visions tool is located and runs on the client machine. The Emrys Visions tool also seeks to solve the problem of state management inherent in the make-transfer-break data transfer protocol by forcing the browser to maintain a persistent connection with the server during the entire database browsing session. Although this enables state management to be maintained, a major disadvantage to the Emrys Visions solution is that it forces the client to continuously consume bandwidth, both on the client and server sides. As stated previously, such a persistent connection is undesirable for an Internet application because it consumes substantially more bandwidth than may be necessary.
Another disadvantage to prior-art systems is that they do not adequately provide the ability to xe2x80x9cbriefcasexe2x80x9d data. xe2x80x9cBriefcasingxe2x80x9d refers to a user""s ability to download data from a server to his client machine, manipulate the data offline, re-connect to the server at a later time, and post his changes to the database. The inability to briefcase is related to the inability to maintain state information adequately. In prior-art systems, because of the lack of state management capabilities, the server would have no idea how to reconcile a user""s changes with existing records or with changes posted by other users. Although one solution might be to enable a server or database manager to place a lock on the records to prevent other users from making changes after one user downloads those records, such an approach would be impractical in a situation where many users need to manipulate the data.
One additional disadvantage to prior-art systems is that current Web browsers enable a user to jump from page to page, but a single instance of a browser will not display multiple pages simultaneously. Therefore, if a user wants to view multiple pages simultaneously, the user must launch another instance of the Web browser. This consumes additional client computer resources and complicates the user""s interaction with the browsers. In addition, no mechanism exists to link the simultaneously displayed pages. The user interacts with each page independently.
What is needed is a way to access data over the Internet which is efficient and provides state management without unduly consuming bandwidth or other server resources. What is further needed is a database access tool which eliminates security risks imposed by malicious code without a reduction in download and display efficiency. What is further needed is a way to provide an Internet-based xe2x80x9cbriefcasingxe2x80x9d capability for database access and modification. What is further needed is a way for Web-page users to view and interact with multiple pages simultaneously, surfacing the relationships of database tables without launching another instance of the Web browser.