BCS The Chartered Institute for IT THE BCS PROFESSIONAL EXAMINATIONS BCS Level 6 Professional Graduate Diploma in IT WEB

ENGINEERING
Friday 30 April 2010 - Morning Answer THREE questions out of FIVE. All questions carry equal marks. Time: THREE hours. Answer any Section A questions you attempt in Answer Book A Answer any Section B questions you attempt in Answer Book B The marks given in brackets are indicative of the weight given to each part of the question. Calculators are NOT allowed in this examination. Section A Answer Section A questions in Answer Book A A1. a) i) ii) Explain the role and structure of a DTD in relation to an XML document. (2 marks) Explain the role and structure of an XML schema in relation to an XML document. (2 marks) iii) Explain how an XML document would call: an internal DTD an external DTD and; an XML schema. (3 marks) Compare and contrast the workings of a DTD and an XML schema. You should state the benefits of using each. (3 marks) Generate an appropriate sample XML document based on the XML schema in figure 1.1 (2 marks)
th

b) i) ii)

<?xml version="1.0" encoding="ISO-8859-1" ?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="order"> <xs:complexType> <xs:sequence> <xs:element name="orderperson" type="xs:string"/> <xs:element name="shipto"> <xs:complexType> <xs:sequence> <xs:element name="name" type="xs:string"/> <xs:element name="address" type="xs:string"/> <xs:element name="city" type="xs:string"/> <xs:element name="country" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="item" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="title" type="xs:string"/> <xs:element name="note" type="xs:string" minOccurs="0"/> <xs:element name="quantity" type="xs:positiveInteger"/> <xs:element name="price" type="xs:decimal"/> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> <xs:attribute name="orderid" type="xs:string" use="required"/> </xs:complexType> </xs:element> </xs:schema>

Figure 1.1 XML Schema for Question A1 b) ii)

c) Write an external DTD for the XML file in figure 1.2: The element trainlog may contain, in any order, one or more session and progress_report elements. A session element must first contain a duration element, followed by distance element, followed by a location element, followed optionally by a comment element, followed by zero or more photo elements. The date and heartrate attributes in session are optional. The type attribute in session must be present but allow only 3 values running, swimming, cycling - with default set to running. A photo element must contain a url attribute, but may not contain any text. A progress_report element must contain one or more comment elements. (13 marks) <?xml version="1.0"?>
<trainlog> <session date="11/01/10" type="running" heartrate="158"> <duration units="minutes">50</duration> <distance units="miles">5.5</distance> <location>Hyde Park</location> <comment>Mid-morning run, a little winded throughout.</comment> <photo url="http://www.bcs.org/cloud.jpg" /> <photo url="http://www.bcs.org/london.jpg" /> </session> <session date="16/01/10" type="cycling" heartrate="153"> <duration units="hours">1.5</duration> <distance units="miles">26.4</distance> <location>Crystal Palace</location> <comment>Hilly ride, felt strong as an ox.</comment> </session> <session date="23/01/10" type="running" heartrate="156"> <duration units="hours">2.5</duration> <distance units="miles">16.8</distance> <location>Regents Park</location> <comment>Afternoon run, felt reasonably strong.</comment> </session> <progress_report> <comment> Performance improved significantly</comment> </progress_report> </trainlog>

Figure 1.2 Sample Document for Question A1 c)

A2. a) A simple DTD to record company information is provided in figure 2.1. i) ii) Explain what it means for an XML document to be well formed and valid. (1 mark)

The XML document in figure 2.2 contains precisely four errors when validated against the DTD of figure 2.1. Identify all of the errors and for each one provide a correction. Note: the line numbers are for your benefit and are not part of the XML code. (4 marks)

1. 2. 3. 4. 5. 6. 7.

<?xml version = "1.0" encoding="ISO-8859-1"?> <!ELEMENT CompanyList (Company*)> <!ELEMENT Company (Company_name,Company_url)> <!ATTLIST Company CODE CDATA #REQUIRED> <!ELEMENT Company_name (#PCDATA)> <!ELEMENT Company_url EMPTY> <!ATTLIST Company_url page CDATA #REQUIRED>

Figure 2.1 DTD for Question A2 a) and A2 c)

1. 2. 3. 4. 5. 6. 7. 8. 9. <?xml version="1.0" encoding="ISO-8859-1" standalone="no"?> <!DOCTYPE CompanyList SYSTEM "company.dtd"> <?xml-stylesheet type="text/xsl" href="Company.xsl"?> <CompanyList> <Company CODE=A121> <company_name>IBM</company_name> <Company_url ="http://www.ibm.com" /> </Company> </Companylist>

Figure 2.2 XML document with errors for Question A2 a) ii) b) Data can be stored in child elements or in attributes as demonstrated by figure 2.3. Briefly state five factors to be considered when using attributes instead of child elements. (5 marks)
<note date="12/11/2002"> <to>Tove</to> <from>Jani</from> <heading>Reminder</heading> <body>Don't forget me this weekend!</body> </note> <note> <date>12/11/2002</date> <to>Tove</to> <from>Jani</from> <heading>Reminder</heading> <body>Don't forget me this weekend!</body> </note> <note> <date> <day>12</day> <month>11</month> <year>2002</year> </date> <to>Tove</to> <from>Jani</from> <heading>Reminder</heading> <body>Don't forget me this weekend!</body> </note> <note day="12" month="11" year="2002" to="Tove" from="Jani" heading="Reminder" body="Don't forget me this weekend!"> </note>

Figure 2.3 Example of child elements and attributes for Question A2 b)

c) A simple DTD to record company information is provided in figure 2.1. The employment agency has updated the above simple DTD to record information on all client companies that have commissioned recruitment activity since the beginning of the year. Sample XML is shown in figure 2.4. There is now a need to render this information as a web page that can be accessed by the agency staff. Using the XSL template provided in figure 2.5, complete the missing code in figure 2.5 (the section marked <!-- TO BE COMPLETED -->) to accomplish this. A mock-up of the required rendered page is shown in figure 2.6. (15 marks)
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?> <!DOCTYPE CompanyList SYSTEM "company1.dtd"> <?xml-stylesheet type="text/xsl" href="company1.xsl"?> <CompanyList> <Company CODE="1212"> <Company_name>IBM</Company_name> <Company_url page="http://www.ibm.com" /> <Contact> <Contact_name>Bob Jones</Contact_name> <Contact_phone>0044112233</Contact_phone> <Contact_email>bjones@ibm.com</Contact_email> </Contact> <Job_vacancy> <Job_title>Analyst</Job_title> <Job_description>Design payment systems</Job_description> <Job_location>London</Job_location> <Job_salary>30000</Job_salary> <Start_date>25 Feb 2010</Start_date> </Job_vacancy> <Job_vacancy> <Job_title>Usability Engineer</Job_title> <Job_description>Evaluation of new systems</Job_description> <Job_location>Glasgow</Job_location> <Job_salary>28000</Job_salary> <Start_date>12 Mar 2010</Start_date> </Job_vacancy> </Company> <Company CODE="1202"> <Company_name>ORACLE</Company_name> <Company_url page="http://www.oracle.com" /> <Contact> <Contact_name>Bill Smart</Contact_name> <Contact_phone> 0044454545</Contact_phone> <Contact_email>bsmart@oracle.com</Contact_email> </Contact> <Job_vacancy> <Job_title>Database Designer</Job_title> <Job_description>OO background</Job_description> <Job_location>London</Job_location> <Job_salary>40000</Job_salary> <Start_date>25 Mar 2010</Start_date> </Job_vacancy> </Company> </CompanyList>

Figure 2.4 Sample XML document for Question A2 c)

<?xml version="1.0" encoding="ISO-8859-1"?> <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <html> <head> <title>Current Job Vacancies</title> </head> <body> <h1>Current Job Vacancies</h1> <table border="1"> <tr bgcolor="#9acd32"> <th align="left">Company</th> <th align="left">Contact</th> <th align="left">email</th> <th align="left">Phone</th> </tr> <!--TO BE COMPLETED --> </table> </body> </html> </xsl:template> </xsl:stylesheet>

Figure 2.5 XSL stylesheet for Question A2 c)

Figure 2.6 Mock-up of required web page for Question A2 c)

Section B Answer Section B questions in Answer Book B B3. You are acting as a consultant for a financial institution, advising on the development of an online banking service. a) One possible security risk when accessing a banking website from a publicly accessible computer, is a hardware key logger that captures passwords; this is often solved by using on-screen (virtual) keyboards to enter data into a web form. i) What is meant by the term hardware key logger? (2 marks) ii) Aside from the use of key loggers, outline four other security risks and, for each risk, detail a method to prevent it. (8 marks) b) The in-house developers have outlined three possible schemes for authenticating their users. You have been asked to comment on these systems both from a security perspective (how safe the scheme will be) as well as from a users perspective (how easy the scheme will be to use). Proposed scheme A Type in your email address Type in your password (6 characters, alphabetic) Select the first and the second digits of your PIN (6 digits) from a drop-down list

Proposed scheme B Type in your System-generated user number (created on registration, 11 digits long) Type in your password (6-12 alphanumeric characters) Type in your favourite colour

Proposed scheme C i) ii) Type in your first name Type in your last name Type in your postcode/Zip code Type in your date of birth Type in your mothers maiden name Enter a one-time code using a hardware bank card reader and your debit card.

Outline TWO strengths and TWO weaknesses of each of the three schemes. (9 marks) Devise a new scheme for authenticating users on this site which is superior to all three schemes outlined above. Explain how it overcomes the weaknesses identified in part b) i). (6 marks)

B4. a) Write HTML to construct the form as indicated in figure 4.1. When the button marked Search for games is pressed, the form should submit to a script called games.php (4 marks) b) When invalid data is entered into a form, a well-designed system will spot the invalid data and report them back to the user with an error message. i) Why is it important to catch invalid data? (2 marks) ii) What would be an appropriate error message for a login attempt that fails due to an incorrect password (but correct username)? (2 marks) c) Better systems will automatically re-generate the form with most data already completed (to save the user from entering it a second time). (2 marks)

With a justification, give one example of form data that should NOT be automatically completed in a regenerated form. (2 marks) ii) Write code (at the server side in ASP, PHP, or Perl) to validate that the date of birth entered is not in the future, and if there is an error re-generate the original form from part a) with the entered data already filled in. (5 marks) Notes: You do not require regular expressions to complete this task, but you may use them if you wish. You may find the PHP function int strtotime (string $time) useful in this task (which parses a string into a Unix timestamp), where $time is a textual description of a date/time e.g. "2009-12-31" for the 31st December, 2009 or "now" for the current system time on execution.

i)

d) The server has a database named Games, with a single table named GameRatings (as shown in figure 4.2). You may assume the web server and the database server are hosted on the same computer. This database holds details of age ratings for video games which are listed in figure 4.3. For parts ii) and iii), assume that the php script games.php has already established a valid connection to this database. In all cases, you should state the language you are using (ASP, PHP or Perl). i) Write code to connect to the database. (1 mark) ii) Write code to retrieve the details of the game with the title that is exactly the same as the text entered in the Enter the game title field. (3 marks) iii) Write code to retrieve and display (in an appropriate format) the details of all games that can be bought by the person whose date of birth has been entered. (6 marks) Note: The following SQL syntax may be useful to accomplish these tasks: SELECT * FROM tbl_name WHERE col1 = val1; (Where tbl_name, col1, val1 etc. are to be replaced with appropriate values)

Figure 4.1 Sample HTML form for Question B4 a)

Figure 4.2 Database Entity-Attribute diagram for Question B4 d)

Rating UC PG 12 15 18 Minimum age 5 years 10 years 12 years 15 years 18 years Figure 4.3 Age rating categories and minimum age required to buy the game

B5. A small company selling digital cameras wants to have a web presence. They have come to you as an expert to seek your advice. The owner has been told about some different approaches to web development and is confused as to whether he should have a website developed using: HTML and other related technologies or, a content management system (CMS) developed using technology such as joomla. a) i) ii) Explain what is meant by a content management system, and how this differs from writing HTML by hand/with an authoring package (such as Dreamweaver). (2 marks) In no more than 500 words, write a brief report identifying the benefits and drawbacks of each approach with a clear recommendation as to which approach the company should adopt. (7 marks) Define and distinguish between a mashup and a portal. (2 marks) ii) Using suitable examples discuss how mashups are changing the way users access information and data from web sources. (6 marks)

b) i)

You should reference the use of contemporary technologies such as Google maps, Yahoo! pipes, Microsoft Popfly (and others that are similar) to support your answers. c) Social networking sites (e.g. Facebook, LinkedIn, MySpace, Twitter, Flickr) have become extremely popular, with Google Trends reporting that in mid-2009 the number of searches made for the term social networking exceeded those for e-commerce. With specific reference to one or more contemporary social networking platforms: i) Identify three distinct risks or dangers that might result from active participation with social networking sites. (3 marks) ii) Discuss how a user can mitigate against these dangers whilst still actively maintaining a presence on social networking sites. (5 marks)