基于j2ee在線購物系統(tǒng)外文翻譯

1、<p><b>　　東南大學(xué)成賢學(xué)院</b></p><p><b>　　畢業(yè)設(shè)計(jì)（論文）</b></p><p><b>　　文獻(xiàn)綜述和外文翻譯</b></p><p>　　所在系別： 計(jì)算機(jī)工程 </p><p>　　專 業(yè)：

2、 軟件工程 </p><p>　　年 級： 2008級 </p><p>　　姓 名： 劉振雷 </p><p>　　指導(dǎo)教師： 鄭浩鳴 </p><p>　　完成日期： 2012 年 2 月 29 日 &l

3、t;/p><p><b>　　文獻(xiàn)綜述</b></p><p>　　摘要：Servlet程序在服務(wù)器端運(yùn)行，動態(tài)地生成Web頁面與傳統(tǒng)的CGI和許多其他類似CGI的技術(shù)相比，Java Servlet具有更高的效率，更容易使用，功能更強(qiáng)大，具有更好的可移植性，更節(jié)省投資。</p><p>　　關(guān)鍵字：JSP技術(shù)，Servlet，HTTP服務(wù)</

4、p><p>　　1.1Servlet的功能</p><p>　　Servlets是運(yùn)行在Web或應(yīng)用服務(wù)器上的Java程序，它是一個(gè)中間層，負(fù)責(zé)連接來自Web瀏覽器或其他HTTP客戶程序的請求和HTTP服務(wù)器上的數(shù)據(jù)庫或應(yīng)用程序。Servlet的工作是執(zhí)行西門的任務(wù)，如圖1.1所示 。</p><p>　　圖1.1Web中間件的作用</p><p&g

5、t;　　讀取客戶發(fā)送的顯式數(shù)據(jù)。</p><p>　　最終用戶一般在頁面的HTML表單中輸入這些數(shù)據(jù)。然而，數(shù)據(jù)還有可能來自applet或定制的HTTP客戶程序。</p><p>　　讀取由瀏覽器發(fā)送的隱式請求數(shù)據(jù)。</p><p>　　圖1.1中顯示了一條從客戶端到Web服務(wù)器的單箭頭，但實(shí)際上從客戶端傳送到Web服務(wù)器的數(shù)據(jù)有兩種，它們分別為用戶在表單中輸入的顯

6、式數(shù)據(jù)，以及后臺的HTTP信息。兩種數(shù)據(jù)都很重要。HTTP信息包括cookie、瀏覽器所能識別的媒體類型和壓縮模式等。</p><p><b>　　生成結(jié)果。</b></p><p>　　這個(gè)過程可能需要訪問數(shù)據(jù)庫、執(zhí)行RMI或EJB調(diào)用、調(diào)用Web服務(wù)，或者直接計(jì)算得出對應(yīng)的響應(yīng)。實(shí)際的數(shù)據(jù)可能存儲在關(guān)系型數(shù)據(jù)庫中。該數(shù)據(jù)庫可能不理解HTTP，或者不能返回HTML形

7、式的結(jié)果，所有Web瀏覽器不能直接與數(shù)據(jù)庫進(jìn)行會話。即使它能夠做到這一點(diǎn)，為了安全上的考慮，我們也不希望讓它這么做。對應(yīng)大多數(shù)其他應(yīng)用程序，也存在類似的問題。因此，我們需要Web中間層從HTTP流中提取輸入數(shù)據(jù)，與應(yīng)用程序會話，并將結(jié)果嵌入到文檔中。</p><p>　　向客戶發(fā)送顯式數(shù)據(jù)（即文檔）。</p><p>　　這個(gè)文檔可以用各種格式發(fā)送，包括文本（HTML或XML），二進(jìn)制（G

8、IF圖），甚至可以式建立在其他底層格式之上的壓縮格式，如gzip。但是，到目前為止，HTML式最常用的格式，故而servelt和JSP的重要任務(wù)之一就式將結(jié)果包裝到HTML中。</p><p>　　發(fā)送隱式的HTTP響應(yīng)數(shù)據(jù)。</p><p>　　圖1.1中顯示了一條從Web中間層到客戶端的單箭頭。但是，實(shí)際發(fā)送的數(shù)據(jù)有兩種：文檔本身，以及后臺的HTTP信息。同樣，兩種數(shù)據(jù)對開發(fā)來說都式至

9、關(guān)重要的。HTTP響應(yīng)數(shù)據(jù)的發(fā)送過程涉及告知瀏覽器或其他客戶程序所返回文檔的類型（如HTML），設(shè)置cookie和緩存參數(shù)，以及其他類似的任務(wù)。</p><p>　　1.2動態(tài)構(gòu)建網(wǎng)頁的原因</p><p>　　預(yù)先建立的文檔可以滿足客戶的許多請求，服務(wù)器無需調(diào)用servlet就可以處理這些請求。然而，許多情況下靜態(tài)的結(jié)果不能滿足要求，我們需要針對每個(gè)請求生成一個(gè)頁面。實(shí)時(shí)構(gòu)建頁面的理由有

10、很多種：</p><p>　　1、網(wǎng)頁基于客戶發(fā)送的數(shù)據(jù)。</p><p>　　例如，搜索引擎生成的頁面，以及在線商店的訂單確認(rèn)頁面，都要針對特定的用戶請求而產(chǎn)生。在沒有讀取到用戶提交的數(shù)據(jù)之前，我們不知道應(yīng)該顯示什么。要記住，用戶提交兩種類型的數(shù)據(jù)：顯示（即HTML表單的數(shù)據(jù)）和隱式（即HTTP請求的報(bào)頭）。兩種輸入都可用來構(gòu)建輸出頁面?；赾ookie值針對具體用戶構(gòu)建頁面的情況尤其普

11、遍。</p><p>　　2、頁面由頻繁改變的數(shù)據(jù)導(dǎo)出。</p><p>　　如果頁面需要根據(jù)每個(gè)具體的請求做出相應(yīng)的改變，當(dāng)然需要在請求發(fā)生時(shí)構(gòu)建響應(yīng)。但是，如果頁面周期性地改變，我們可以用兩種方式來處理它：周期性地在服務(wù)器上構(gòu)建新的頁面（和客戶請求無關(guān)），或者僅僅在用戶請求該頁面時(shí)再構(gòu)建。具體應(yīng)該采用哪種方式要根據(jù)具體情況而定，但后一種方式常常更為方便，因?yàn)樗恍韬唵蔚氐却脩舻恼埱蟆?/p>

12、例如，天氣預(yù)報(bào)或新聞網(wǎng)站可能會動態(tài)地構(gòu)建頁面，也有可能會返回之前構(gòu)建的頁面（如果它還是最新的話）。</p><p>　　3、頁面中使用了來自公司數(shù)據(jù)庫或其他數(shù)據(jù)庫斷數(shù)據(jù)源的信息。</p><p>　　如果數(shù)據(jù)存儲在數(shù)據(jù)庫中，那么，即使客戶端使用動態(tài)Web內(nèi)容，比如applet，我們依舊需要執(zhí)行服務(wù)器端處理。想象以下，如果一個(gè)搜索引擎網(wǎng)站完全使用applet，那么用戶將會看到：“正在下載50

13、TB的applet，請等待！”。顯然，這樣很愚蠢；這種情況下，我們需要與數(shù)據(jù)庫進(jìn)行會話。從客戶端到Web層再到數(shù)據(jù)庫（三層結(jié)構(gòu)），要比從applet直接到數(shù)據(jù)庫（二層結(jié)構(gòu)）更靈活，也更安全，而性能上的損失很少甚至沒有。畢竟數(shù)據(jù)庫調(diào)用通常是對速度影響最大的步驟，因而，經(jīng)過中間層可以執(zhí)行高速緩存和連接共享。</p><p>　　理論上講，servelt并非只用于處理HTTP請求的Web服務(wù)器或應(yīng)用服務(wù)器，它同樣可以用

14、于其他類型的服務(wù)器。例如，servlet能夠嵌入到FTP或郵件服務(wù)器中，擴(kuò)展他們的功能。而且，用于會話啟動協(xié)議服務(wù)器的servlet API最近已經(jīng)被標(biāo)準(zhǔn)化（參見http://jcp.org/en/jsr/detail?id=116）。但在實(shí)踐中，servelt的這種用法尚不流行，在此，我們只論述HTTP Servlet。</p><p>　　1.3 Servlet相對于“傳統(tǒng)”CGI的優(yōu)點(diǎn)</p>

15、<p>　　和傳統(tǒng)CGI及許多類CGI技術(shù)相比，Java servelt效率更高、更易用、更強(qiáng)大、更容易移植、更安全、也更廉價(jià)。</p><p><b>　　1、效率</b></p><p>　　應(yīng)用傳統(tǒng)的CGI，針對每個(gè)HTTP請求都用啟動一個(gè)新的進(jìn)程。如果CGI程序自身相對比較簡短，那么啟動進(jìn)程的開銷會占用大部分執(zhí)行時(shí)間。而使用servelt，Java

16、虛擬機(jī)會一直運(yùn)行，并用輕量級的Java線程處理每個(gè)請求，而非重量級的操作系統(tǒng)進(jìn)程。類似地，應(yīng)用傳統(tǒng)的CGI技術(shù)，如果存在對同一CGI程序的N個(gè)請求，那么CGI程序的代碼會載入內(nèi)存N次。同樣的情況，如果使用servlet則啟動N個(gè)線程，單僅僅載入servlet類的單一副本。這種方式減少了服務(wù)器的內(nèi)存需求，通過實(shí)例化更少的對象從而節(jié)省了時(shí)間。最后，當(dāng)CGI程序結(jié)束對請求的處理之后，程序結(jié)束。這種方式難以緩存計(jì)算結(jié)果，保持?jǐn)?shù)據(jù)庫連接打開，或是

17、執(zhí)行依靠持續(xù)性數(shù)據(jù)的其他優(yōu)化。然而，servelt會一直停留在內(nèi)存中（即使請求處理完畢），因而可以直接存儲客戶請求之間的任意復(fù)雜數(shù)據(jù)。</p><p><b>　　2、便利</b></p><p>　　Servelt提供大量的基礎(chǔ)構(gòu)造，可以自動分析和解碼HTML的表單數(shù)據(jù)，讀取和設(shè)置HTTP報(bào)頭，處理cookie，跟蹤會話，以及其他次類高級功能。而在CGI中，大部分工

18、作都需要我們資金完成。另外，如果您已經(jīng)了解了Java編程語言，為什么還有學(xué)校Perl呢？您已經(jīng)承認(rèn)應(yīng)用Java技術(shù)編寫的代碼要比Visual Basic，VBScript或C＋＋編寫的代碼更可靠，且更易重用，為什么還有倒退回去選擇那些語言來開發(fā)服務(wù)器端的程序呢？</p><p><b>　　3、強(qiáng)大</b></p><p>　　Servlet支持常規(guī)CGI難以實(shí)現(xiàn)或根

19、本不能實(shí)現(xiàn)的幾項(xiàng)功能。Servlet能夠直接于Web服務(wù)器對話，而常規(guī)的CGI程序做不到這一點(diǎn)，至少在不使用服務(wù)器專有API的情況下是這樣。例如，與Web服務(wù)器的通信使得講相對URL轉(zhuǎn)換成具體的路徑名變得更為容易。多個(gè)servelt還可以共享數(shù)據(jù)，從而易于實(shí)現(xiàn)數(shù)據(jù)庫連接共享和類似的資源共享優(yōu)化。Servelt還能維護(hù)請求之間的信息，使得諸如會話跟蹤和計(jì)算結(jié)果緩存等技術(shù)變得更為簡單。</p><p><b&g

20、t;　　4、可移植性</b></p><p>　　Servelt使用Java編程語言，并且遵循標(biāo)準(zhǔn)的API。所有主要的Web服務(wù)器。實(shí)際上都直接或通過插件支持servlet。因此。為Macromedia JRun編寫的servlet，可以不經(jīng)過任何修改地在Apache Tomcat，Microsoft Internet Information Server，IBM WebSphere 。iPlanet

21、 Enterprise Server。Oracle9i AS 或者StrNine WebStar上運(yùn)行。他們是java2平臺企業(yè)版的一部分，所以對servlet的支持越來越普遍。</p><p><b>　　5、廉價(jià)</b></p><p>　　對于開發(fā)用的網(wǎng)站、低容量或中等容量網(wǎng)站的部署，有大量免費(fèi)或極為廉價(jià)的Web服務(wù)器可供選擇。因此，通過使用servelt和js

22、p，我們可以從免費(fèi)或廉價(jià)的服務(wù)器開始，在項(xiàng)目獲得初步成功后，在移植到更高性能或高級管理工具的昂貴的服務(wù)器上。這與其他CGI方案形成鮮明的對比，這些CGI方案在初期都需要為購買專利軟件包投入大量的資金。</p><p>　　價(jià)格和可移植性在某種程度上是相互關(guān)聯(lián)的。例如，Marty記錄了所有通過電子郵件向他發(fā)送問題的讀者的所在國。印度接近列表的頂端，可能僅次于美國。Marty曾在馬尼拉講授過jsp和servlet培訓(xùn)

23、課程，那兒對servelt和jsp技術(shù)抱很大的興趣。</p><p>　　那么，為什么印度和菲律賓都對這項(xiàng)技術(shù)著呢感興趣呢？我們推測答案可能分兩部分。首先，這兩個(gè)國家都擁有大量訓(xùn)練有素的軟件開發(fā)人員。其次，這兩個(gè)國家的貨幣對美元的匯率都極為不利。因此，從美國公司那里購買專用Web服務(wù)器會消耗掉項(xiàng)目的大部分前期資金。</p><p>　　但是，使用servlet 和JSP，他們能夠從免費(fèi)的服

24、務(wù)器開始：Apache Tomcat。項(xiàng)目取得成功之后，他們可以轉(zhuǎn)移到性能更高、管理更容易，但需要付費(fèi)的服務(wù)器。他們的servelt和jsp不需要重寫編寫。如果他們的項(xiàng)目變得更龐大，他們或許希望轉(zhuǎn)移到分布式環(huán)境。沒有問題：他們可以轉(zhuǎn)而使用Macromedia JRun Professional，該服務(wù)器支持分布式應(yīng)用。同樣，他們的servelt和jsp沒有任何部分需要重寫。如果項(xiàng)目變得極為龐大，錯(cuò)綜復(fù)雜，他們或許希望使用Enterpri

25、se JavaBeans來封裝他們的商業(yè)邏輯。因此，他們可以切換到BEA WebLogic或Oracle9i AS。同樣，不需要對servlet和jsp做出更改。最后，如果他們的項(xiàng)目變得更龐大，他們或許將他從Linux轉(zhuǎn)移到運(yùn)行IBM WebSphere的IBM大型機(jī)上。他們還是不需要做出任何更改。</p><p><b>　　6、安全</b></p><p>　　傳

26、統(tǒng)CGI程序中主要的漏洞來源之一就是，CGI程序常常由通過的操作系統(tǒng)外殼來執(zhí)行。因此,CGI程序必須仔細(xì)地過濾掉那些可能被外殼特殊處理的字符，如反引導(dǎo)和分號。實(shí)現(xiàn)這項(xiàng)預(yù)防措施的難度可能超出我們的想象，在廣泛應(yīng)用的CGI庫中，不斷發(fā)現(xiàn)由這類問題引發(fā)的弱點(diǎn)。</p><p>　　問題的第二個(gè)來源是，一些CGI程序用不自動檢查數(shù)組和字符串邊界的語言編寫而成。例如，在C和C＋＋中，可以分配一個(gè)100個(gè)元素的數(shù)組，然后向第

27、999個(gè)“元素“寫入數(shù)據(jù)——實(shí)際上是程序內(nèi)存的隨機(jī)部分，這完全合法。因而，如果程序員忘記執(zhí)行這項(xiàng)檢查，就會將系統(tǒng)暴露在蓄意或偶然的緩沖區(qū)溢出攻擊之下。</p><p>　　Servelt不存在這些問題。即使servelt執(zhí)行系統(tǒng)調(diào)用激活本地操作系統(tǒng)上的程序，它也不會用到外殼來完成這項(xiàng)任務(wù)。當(dāng)然，數(shù)組邊界的檢查以及其他內(nèi)存包含特性是java編程語言的核心部分。</p><p><b&g

28、t;　　7、主流</b></p><p>　　雖然存在許多很好的技術(shù)，但是，如果提供商助支持他們，或開發(fā)人員不知道如何使用這些技術(shù)，那么它們的優(yōu)點(diǎn)又如何體現(xiàn)呢？servelt和jsp技術(shù)得到服務(wù)器提供商的廣泛支持，包括Apache，Oracle，IBM，Sybase，BEA，Maromedia，Causho，Sun/iPlanet，New Atlanta，ATG，F(xiàn)ujitsu，Lutris，Silv

29、erstream，World Wide Web Consortinrm ，以及其他服務(wù)器。存在幾種低廉的插件，通過應(yīng)用這些插件，Microsoft IIS和Zeus也同樣支持servlet和jsp技術(shù)，它們運(yùn)行在Windows，Unix/Linus,MacOS,VMS，和IBM大型機(jī)操作系統(tǒng)之上。它們用在航空業(yè)、電子商務(wù)、在線銀行、web搜索引擎、門戶、大型金融網(wǎng)站、以及成百上千您日常光顧的其他網(wǎng)站。</p><p&

30、gt;　　當(dāng)然，僅僅是流行并不能證明技術(shù)的優(yōu)越性。很多泛美的例子。但我們的立場是：服務(wù)器端Java本非一項(xiàng)新的、為經(jīng)證實(shí)的技術(shù)。</p><p>　　An Overview of Servlet and JSP Technology</p><p>　　Abstract: Servlet program running in the server-side, dynamically gen

31、erated Web page with the traditional CGI and many other similar compared to CGI technology, Java Servlet with a more efficient, easier to use, more powerful and has better portability, more savings to invest .</p>

32、<p>　　Key words: JSP Technology, Servlet, HTTP server</p><p>　　1.1 A Servlet's Job</p><p>　　Servlets are Java programs that run on Web or application servers, acting as a middle layer

33、 between requests coming from Web browsers or other HTTP clients and databases or applications on the HTTP server. Their job is to perform the following tasks, as illustrated in Figure 1-1.</p><p>　　Figure 1

34、-1</p><p>　　1．Read the explicit data sent by the client.</p><p>　　The end user normally enters this data in an HTML form on a Web page. However, the data could also come from an applet or a cust

35、om HTTP client program.</p><p>　　2．Read the implicit HTTP request data sent by the browser.</p><p>　　Figure 1-1 shows a single arrow going from the client to the Web server (the layer where serv

36、lets and JSP execute), but there are really two varieties of data: the explicit data that the end user enters in a form and the behind-the-scenes HTTP information. Both varieties are critical. The HTTP information includ

37、es cookies, information about media types and compression schemes the browser understands, and so on.</p><p>　　3．Generate the results.</p><p>　　This process may require talking to a database, ex

38、ecuting an RMI or EJB call, invoking a Web service, or computing the response directly. Your real data may be in a relational database. Fine. But your database probably doesn't speak HTTP or return results in HTML, s

39、o the Web browser can't talk directly to the database. Even if it could, for security reasons, you probably would not want it to. The same argument applies to most other applications.You need the Web middle layer to

40、extract the result</p><p>　　inside a document.</p><p>　　4．Send the explicit data (i.e., the document) to the client.</p><p>　　This document can be sent in a variety of formats, incl

41、uding text (HTML or XML), binary (GIF images), or even a compressed format like gzip that is layered on top of some other underlying format. But, HTML is by far the most common format, so an important servlet/JSP task is

42、 to wrap the results inside of HTML.</p><p>　　5．Send the implicit HTTP response data.</p><p>　　Figure 1-1 shows a single arrow going from the Web middle layer (the servlet or JSP page) to the cl

43、ient. But, there are really two varieties of data sent: the document itself and the behind-the-scenes HTTP information. Again, both varieties are critical to effective development. Sending HTTP response data involves tel

44、ling the browser or other client what type of document is being returned (e.g., HTML), setting cookies and caching parameters, and other such tasks. </p><p>　　1.2 Why Build Web Pages Dynamically?</p>

45、<p>　　many client requests can be satisfied by prebuilt documents, and the server would handle these requests without invoking servlets. In many cases, however, a static result is not sufficient, and a page needs t

46、o be generated for each request. There are a number of reasons why Web pages need to be built on-the-fly:</p><p>　　1． The Web page is based on data sent by the client.</p><p>　　For instance, the

47、 results page from search engines and order-confirmation pages at online stores are specific to particular user requests. You don't know what to display until you read the data that the user submits. Just remember th

48、at the user submits two kinds of data: explicit (i.e., HTML form data) and implicit (i.e., HTTP request headers). Either kind of input can be used to build the output page. In particular, it is quite common to build a us

49、er-specific page based on a cookie value.</p><p>　　2．The Web page is derived from data that changes frequently.</p><p>　　If the page changes for every request, then you certainly need to build t

50、he response at request time. If it changes only periodically, however, you could do it two ways: you could periodically build a new Web page on the server (independently of client requests), or you could wait and only bu

51、ild the page when the user requests it. The right approach depends on the situation, but sometimes it is more convenient to do the latter: wait for the user request. For example, a weather report or news hea</p>&

52、lt;p>　　3．The Web page uses information from corporate databases or other server-side sources.</p><p>　　If the information is in a database, you need server-side processing even if the client is using dyna

53、mic Web content such as an applet. Imagine using an applet by itself for a search engine site:</p><p>　　"Downloading 50 terabyte applet, please wait!" Obviously, that is silly; you need to talk to

54、the database. Going from the client to the Web tier to the database (a three-tier approach) instead of from an applet directly to a database (a two-tier approach) provides increased flexibility and security with little o

55、r no performance penalty. After all, the database call is usually the rate-limiting step, so going through the Web server does not slow things down. In fact, a three-tier approach is ofte</p><p>　　In princip

56、le, servlets are not restricted to Web or application servers that handle HTTP requests but can be used for other types of servers as well. For example, servlets could be embedded in FTP or mail servers to extend their f

57、unctionality. And, a servlet API for SIP (Session Initiation Protocol) servers was recently standardized (see http://jcp.org/en/jsr/detail?id=116). In practice, however, this use of servlets has not caught on, and we'

58、;ll only be discussing HTTP servlets.</p><p>　　1.3 The Advantages of Servlets Over "Traditional" CGI</p><p>　　Java servlets are more efficient, easier to use, more powerful, more port

59、able, safer, and cheaper than traditional CGI and many alternative CGI-like technologies.</p><p>　　1．Efficient</p><p>　　With traditional CGI, a new process is started for each HTTP request. If t

60、he CGI program itself is relatively short, the overhead of starting the process can dominate the execution time. With servlets, the Java virtual machine stays running and handles each request with a lightweight Java thre

61、ad, not a heavyweight operating system process. Similarly, in traditional CGI, if there are N requests to the same CGI program, the code for the CGI program is loaded into memory N times. With servlets, how</p>&l

62、t;p>　　2．Convenient</p><p>　　Servlets have an extensive infrastructure for automatically parsing and decoding HTML form data, reading and setting HTTP headers, handling cookies, tracking sessions, and many

63、 other such high-level utilities. In CGI, you have to do much of this yourself. Besides, if you already know the Java programming language, why learn Perl too? You're already convinced that Java technology makes for

64、more reliable and reusable code than does Visual Basic, VBScript, or C++. Why go back to those languages for</p><p>　　3．Powerful</p><p>　　Servlets support several capabilities that are difficult

65、 or impossible to accomplish with regular CGI. Servlets can talk directly to the Web server, whereas regular CGI programs cannot, at least not without using a server-specific API. Communicating with the Web server makes

66、it easier to translate relative URLs into concrete path names, for instance. Multiple servlets can also share data, making it easy to implement database connection pooling and similar resource-sharing optimizations. Serv

67、lets</p><p>　　4．Portable</p><p>　　Servlets are written in the Java programming language and follow a standard API. Servlets are supported directly or by a plugin on virtually every major Web ser

68、ver. Consequently, servlets written for, say, Macromedia JRun can run virtually unchanged on Apache Tomcat, Microsoft Internet Information Server (with a separate plugin), IBM WebSphere, iPlanet Enterprise Server, Oracle

69、9i AS, or StarNine WebStar. They are part of the Java 2 Platform, Enterprise Edition (J2EE; see http://java.sun.com/j2ee</p><p>　　5．Inexpensive</p><p>　　A number of free or very inexpensive Web

70、servers are good for development use or deployment of low- or medium-volume Web sites. Thus, with servlets and JSP you can start with a free or inexpensive server and migrate to more expensive servers with high-performan

71、ce capabilities or advanced administration utilities only after your project meets initial success. This is in contrast to many of the other CGI alternatives, which require a significant initial investment for the purcha

72、se of a proprietary</p><p>　　Price and portability are somewhat connected. For example, Marty tries to keep track of the countries of readers that send him questions by email. India was near the top of the l

73、ist, probably #2 behind the U.S. Marty also taught one of his JSP and servlet training courses (see http://courses.coreservlets.com/) in Manila, and there was great interest in servlet and JSP technology there.</p>

74、<p>　　Now, why are India and the Philippines both so interested? We surmise that the answer is twofold. First, both countries have large pools of well-educated software developers. Second, both countries have (or

75、had, at that time) highly unfavorable currency exchange rates against the U.S. dollar. So, buying a special-purpose Web server from a U.S. company consumed a large part of early project funds.</p><p>　　But,

76、with servlets and JSP, they could start with a free server: Apache Tomcat (either standalone, embedded in the regular Apache Web server, or embedded in Microsoft IIS). Once the project starts to become successful, they c

77、ould move to a server like Caucho Resin that had higher performance and easier administration but that is not free. But none of their servlets or JSP pages have to be rewritten. If their project becomes even larger, they

78、 might want to move to a distributed (clustered) enviro</p><p><b>　　6．Secure</b></p><p>　　One of the main sources of vulnerabilities in traditional CGI stems from the fact that the p

79、rograms are often executed by general-purpose operating system shells. So, the CGI programmer must be careful to filter out characters such as backquotes and semicolons that are treated specially by the shell. Implementi

80、ng this precaution is harder than one might think, and weaknesses stemming from this problem are constantly being uncovered in widely used CGI libraries.</p><p>　　A second source of problems is the fact that

81、 some CGI programs are processed by languages that do not automatically check array or string bounds. For example, in C and C++ it is perfectly legal to allocate a 100-element array and then write into the 999th "el

82、ement," which is really some random part of program memory. So, programmers who forget to perform this check open up their system to deliberate or accidental buffer overflow attacks.</p><p>　　Servlets s

83、uffer from neither of these problems. Even if a servlet executes a system call (e.g., with Runtime.exec or JNI) to invoke a program on the local operating system, it does not use a shell to do so. And, of course, array b

84、ounds checking and other memory protection features are a central part of the Java programming language.</p><p>　　7．Mainstream</p><p>　　There are a lot of good technologies out there. But if ven

85、dors don't support them and developers don't know how to use them, what good are they? Servlet and JSP technology is supported by servers from Apache, Oracle, IBM, Sybase, BEA, Macromedia, Caucho, Sun/iPlanet, Ne

86、w Atlanta, ATG, Fujitsu, Lutris, Silverstream, the World Wide Web Consortium (W3C), and many others. Several low-cost plugins add support to Microsoft IIS and Zeus as well. They run on Windows, Unix/Linux, MacOS, VMS, an

87、d IBM main</p><p>　　Of course, popularity alone is no proof of good technology. Numerous counter-examples abound. But our point is that you are not experimenting with a new and unproven technology when you w