CHAPTER: 1

INTRODUCTION
1.1 What is cloud computing :
Cloud computing is the use of computing resources (hardware and software) that are
delivered as a service over a network (typically the Internet). The name comes from the use of
a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system
diagrams. Cloud computing entrusts remote[1]services with a user's data, software and
computation. Cloud computing provides three fundamental services[2] which are in Fig 1.
1.1.1 Infrastructure as a service (IAAS)
In this most basic cloud service model, cloud providers offer computers, as physical or
more often as virtual machines, and other resources. The virtual machines are run as guests by
a hypervisor, such as Xen or KVM. Management of pools of hypervisors by the cloud
operational support system leads to the ability to scale to support a large number of virtual
machines. Other resources in IAAS clouds include images in a virtual machine image library,
raw (block) and file-based storage, firewalls, load balancers, IP addresses, virtual local area
networks (VLANs), and software bundles. IAAS cloud providers supply these resources on
demand from their large pools installed in data centers. For wide area connectivity, the Internet
can be used or in carrier clouds dedicated virtual private networks can be configured. To deploy
their applications, cloud users then install operating system images on the machines as well as
their application software. In this model, it is the cloud user who is responsible for patching and
maintaining the operating systems and application software. Cloud providers typically bill
IAAS services on a utility computing basis, that is, cost will reflect the amount of resources
allocated and consumed. IAAS refers not to a machine that does all the work, but simply to a
facility given to businesses that offers users the leverage of extra storage space in servers and
data centers.
Examples of IAAS include: Amazon Cloud Formation (and underlying services such
as Amazon EC2), Rackspace Cloud, Google Compute Engine, and Right Scale.

1.1.2 Platform as a service (PAAS)

Dept. Of CSE, MRCET
1

In the PAAS model, cloud providers deliver a computing platform typically including
operating system, programming language execution environment, database, and web server.
Application developers can develop and run their software solutions on a cloud platform
without the cost and complexity of buying and managing the underlying hardware and software
layers. With some PAAS offers, the underlying computer and storage resources scale
automatically to match application demand such that cloud user does not have to allocate
resources manually.
Examples of PAAS include: Amazon Elastic Beanstalk, Heroku, EngineYard, Mendix, Google
App Engine, Microsoft Azure and OrangeScape.
1.1.3 Software as a service (SAAS)
In this model, cloud providers install and operate application software in the cloud and
cloud users access the software from cloud clients. The cloud users do not manage the cloud
infrastructure and platform on which the application is running. This eliminates the need to
install and run the application on the cloud user's own computers simplifying maintenance and
support. What makes a cloud application different from other applications is its elasticity. This
can be achieved by cloning tasks onto multiple virtual machines at run-time to meet the
changing work demand Load balancers distribute the work over the set of virtual machines.
This process is inconspicuous to the cloud user who sees only a single access point. To
accommodate a large number of cloud users, cloud applications can be multitenant, that is, any
machine serves more than one cloud user organization. It is common to refer to special types of
cloud based application software with a similar naming convention: desktop as a service,
business process as a service, test environment as a service, communication as a service. The
pricing model for SAAS applications is typically a monthly or yearly flat fee per user.
Examples of SAAS include: Google Apps, Quickbooks Online, Salesforce.com and Microsoft
Office 365.

Dept. Of CSE, MRCET

2

Fig 1: Cloud Services

1.2 Why do we need Cloud computing :

1.2.1

Life before cloud Computing:

Traditional business applications have always been very complicated and expensive.
The amount and variety of hardware and software required to run them are daunting. You need a
whole team of experts to install, configure, test, run, secure, and update them. When you
multiply this effort across dozens or hundreds of apps, its easy to see why the biggest
companies with the best IT departments arent getting the apps they need. Small and mid-sized
businesses dont stand a chance.
1.2.2 Cloud computing: a better way
With cloud computing, you eliminate those headaches because youre not managing
hardware and software thats the responsibility of an experienced vendor like salesforce.com.

Dept. Of CSE, MRCET

3

The shared infrastructure means it works like a utility: You only pay for what you need,
upgrades are automatic, and scaling up or down is easy. Cloud-based apps [16] can be up and
running in days or weeks, and they cost less. With a cloud app, you just open a browser, log in,
customize the app, and start using it.
Businesses are running all kinds of apps in the cloud, like customer relationship
management (CRM), HR, accounting, and much more. Some of the worlds largest companies
moved their applications to the cloud with salesforce.com after rigorously testing the security
and reliability of our infrastructure.
As cloud computing grows in popularity, thousands of companies are simply rebranding
their non-cloud products and services as cloud computing. Always dig deeper when
evaluating cloud offerings and keep in mind that if you have to buy and manage hardware and
software, what youre looking at isnt really cloud computing but a false cloud.
1.2.3 Cloud Mobility and collaboration
The latest innovations in cloud computing are making our business applications even
more mobile and collaborative, similar to popular consumer apps like Facebook and Twitter. As
consumers, we now expect that the information we care about will be pushed to us in real time,
and business applications in the cloud are heading in that direction as well. With Cloud 2,
keeping up with your work is as easy as keeping up with your personal life on Facebook.

1.3 Types Of clouds :

Public cloud
Public cloud applications, storage, and other resources are made available to the general
public by a service provider. These services (Fig 2) are free or offered on a pay-per-use model.
Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and
operate the infrastructure and offer access only via Internet (direct connectivity is not offered).
Community cloud

Dept. Of CSE, MRCET

4

Community cloud shares infrastructure between several organizations from a specific

community with common concerns (security, compliance, jurisdiction, etc.), whether managed
internally or by a third-party and hosted internally or externally. The costs are spread over fewer
users than a public cloud (but more than a private cloud), so only some of the cost savings
potential of cloud computing are realized.
Hybrid cloud
Hybrid cloud is a composition of two or more clouds (private, community or public)
that remain unique entities but are bound together, offering the benefits of multiple deployment
models. By utilizing "hybrid cloud" architecture, companies and individuals are able to obtain
degrees of fault tolerance combined with locally immediate usability without dependency on
internet connectivity. Hybrid (Fig 2) Cloud architecture requires both on-premises resources and
off-site (remote) server based cloud infrastructure.
Hybrid

clouds

lack

the

flexibility,

security

and

certainty

of

in-house

applications. Hybrid cloud provides the flexibility of in house applications with the fault
tolerance and scalability of cloud based services.
Private cloud
Private cloud is cloud infrastructure operated solely for a single organization, whether
managed internally or by a third-party and hosted internally or externally. Undertaking a private
cloud (Fig2) project requires a significant level and degree of engagement to virtualize the
business environment, and it will require the organization to reevaluate decisions about existing
resources. When it is done right, it can have a positive impact on a business, but every one of
the steps in the project raises security issues that must be addressed in order to avoid serious
vulnerabilities.
They have attracted criticism because users "still have to buy, build, and manage them"
and thus do not benefit from less hands-on management, essentially "[lacking] the economic
model that makes cloud computing such an intriguing concept".

Dept. Of CSE, MRCET

5

Fig 2: Types of Clouds

Dept. Of CSE, MRCET

6

CHAPTER: 2
SYSTEM ANALYSIS
2.1 Existing System:
Enterprises usually store data in internal storage and install firewalls to protect against
intruders to access the data. They also standardize data access procedures to prevent insiders to
disclose the information without permission. In cloud computing, the data will be stored in
storage provided by service providers.
Service providers must have a viable way to protect their clients data, especially to
prevent the data from disclosure by unauthorized insiders. Storing the data in encrypted form is
a common method of information privacy protection. If a cloud system is responsible for both
tasks on storage and encryption/decryption of data, the system administrators may
simultaneously obtain encrypted data and decryption keys.
This allows them to access information without authorization and thus poses a risk to
information privacy. This study proposes a business model for cloud computing based on the
concept of separating the encryption and decryption service from the storage service.
Furthermore, the party responsible for the data storage system must not store data in plaintext,
and the party responsible for data encryption and encryption must delete all data upon the
computation on encryption or decryption is complete. A CRM (Customer Relationship
Management) service is described in this paper as an example to illustrate the proposed business
model.
Existing methods for protecting data stored in a cloud environment
Common methods for protecting user data include encryption prior to storage [9], user
authentication procedures prior to storage or retrieval, and building secure channels for data
transmission. These protection methods normally require cryptography algorithms and digital
signature techniques, as explained below.
Common data encryption methods include symmetric and asymmetric cryptography
algorithms. Symmetric cryptography is used in the U.S. Federal Information Processing
Standards (FIPS) 46-3 Triple Data Encryption Algorithm (TDEA, also known as Triple-DES or
Dept. Of CSE, MRCET
7

3DES) or 197 Advanced Encryption Standard (AES) and others. This type of encryption and
decryption process uses a secret key. Asymmetric cryptography, on the other hand, uses two
different keys, a public key for encryption, and a private key for decryption. Examples
include RSA cryptography and Elliptic Curve Cryptography[11] (ECC). Generally speaking,
symmetric cryptography is more efficient, and is suitable for encrypting large volumes of data.
Asymmetric cryptography requires more computation time and is used for the decryption keys
required for symmetric cryptography. The use of passwords as an authentication process is more
familiar to general users, but messages sent by the user are vulnerable to surreptitious recording
by hackers who can then use the data in the message to log into the service as the user. In more
advanced authentication systems, the system side will generate a random number to send the
user a challenge message, requesting the user to transmit an encrypted response message in
reply to the challenge message, thus authenticating that the user has the correct encryption key.
Without this key, the user will not be allowed access. In the process of challenge and response
the clients encrypted key uses the clients password to convert a derived value and. In this
program, each communication between the client and server is unique, and a hacker[10] using an
old message would fail to access the system.
In addition, the One-Time Password (OTP) authentication system differs from most
peoples conception of a password. Most people understand a password to be a password chosen
by the user to be meaningful, and can be used again and again. The emphasis of OTP [12],
however is the single-use nature of the password. After receiving authentication from the user,
the system side must create a secure transmission channel to exchange information with the
user. The Secure Sockets Layer[13] (SSL) is a common method of building secure channels,
primarily using RSA encryption to transmit the secret keys needed for the both sides to encrypt
and decrypt data transmitted between them. When using cryptographic technology to protect
user data, the keys used for encryption and decryption of that data must be securely stored. In
particular, cloud computing service providers must have specific methods for constraining
internal system management personnel to prevent them from obtaining both encrypted data and
their decryption keys this is critical to protecting user data. Operator policies for protecting
user data must be clearly laid out in the Service Level Agreement (SLA) and must explain how
special privilege users are prevented from improperly accessing user data. Kandukuri, Paturi
and Rakshit offer six recommendations for SLA content, including
Dept. Of CSE, MRCET
8

1) Special privilege user data access must be controlled to prevent unauthorized storage or
2)
3)
4)
5)

retrieval,
Cloud computing services must comply with relevant laws,
User data must be properly stored and encrypted,
A reset mechanism must be provided in case of service disruption or system crash
Service must be sustainable and guaranteed against service discontinuation due to

change or dissolution of the provider and

6) If cloud computing services are used for illegal purposes, the provider must be able to
provide records to assist with investigations.

2.2 Proposed system:

For cloud computing to spread, users must have a high level of trust in the methods by
which service providers protect their data. This study proposes a Business Model for Cloud
Computing[17] Based on a Separate Encryption and Decryption Service, emphasizing that
authorization for the storage and encryption/decryption of user data [7] must be vested with two
different service providers.
Furthermore, the privileges of the Encryption/Decryption as Service provider includes
management of the key required for the encryption/decryption of user data, but not the storage
of decrypted or encrypted user data. In this new business model, user data in the Storage
Service System is all saved encrypted. Without the decryption key, there is no way for the
service provider to access the user data. Within the Encryption/Decryption Service System there
is no stored user data, thus eliminating the possibility that user data might be improperly
disclosed.

2.3 Problem Formulation:

2.3.1 Problem Definition:
Enterprises usually store data in internal storage and install firewalls to protect against
intruders to access the data. In cloud computing, the data will be stored in storage provided by
storage service providers.
Service providers must have a viable way to protect their clients data, especially to
prevent the data from leak by unauthorized insiders. If a cloud system is responsible for both
tasks on storage and encryption/decryption of data, the system administrators may
Dept. Of CSE, MRCET
9

simultaneously obtain encrypted data and decryption keys. This allows them to access
information without authorization and thus poses a risk to information privacy.
2.3.2 Problem Modules:
User Registration and Control
CRM Service
Encryption/Decryption Service
Accessing Storage service

2.4 Module Description:

2.4.1 User Registration and Control:
This study proposes a Business Model for Cloud Computing Based on a Separate
Encryption and Decryption Service. The concept is based on separating the storage and
encryption/decryption of user data. In this business model, Encryption/Decryption as a Service
and Storage as a Service (SaaS) are not provided by a single operator. In addition, the SaaS
provider may not store unencrypted user data and, once the provider of Encryption/Decryption
as a Service has finished encrypting the user data and handed it off to an application (e.g. a
CRM system), the encryption/decryption system must delete all encrypted and decrypted user
data. The concept of dividing authority is often applied in business management. For example,
responsibility for a companys finances is divided between the accountant and cashier. In
business operations, the accountant is responsible for keeping accounts, while the cashier is
responsible for making payments. By keeping these two functions separate, the company can
prevent the accountant from falsifying accounts and embezzling corporate funds. Official
documents frequently need to be stamped with two seals (i.e., the corporate seal and the legal
representatives seal), thus preventing a staff member from abusing his position to issue fake
documents, and these seals are normally entrusted to two different people. These examples of
the division of authority are designed to avoid a concentration of power which could raise
operational risks.

2.4.2 CRM Service:

Dept. Of CSE, MRCET
10

In a cloud computing environment, the user normally uses cloud services with specific
functions, e.g., Salesforce.coms CRM service

[14]

, SAPs ERP services

[15]

, etc. Data generated

while using these services is then stored on storage facilities on the cloud service. This study
emphasizes the addition of an independent encryption/decryption cloud service to this type of
business model, with the result that two service providers split responsibility for data storage and
data encryption/decryption. To illustrate the concept of our proposed business model, Fig. 3
presents an example in which the user uses separate cloud services for CRM, storage and
encryption/decryption. According to the users needs, CRM Cloud Services could be swapped for
other function-specific application services (e.g., ERP Cloud Services, Account Software Cloud
Services, Investment Portfolio Selection and Financial Operations Cloud Services). Prior to the
emergence of an emphasis on the independence of encryption/decryption services, CRM, ERP and
other cloud services would simultaneously provide their users with storage services. This study
emphasizes that Encryption/Decryption Cloud Services must be provided independently by a
separate provider.

Fig 3. Business model concept integrating separate cloud services for

data encryption/decryption, CRM and storage

2.4.3 Encryption/Decryption Service:

Dept. Of CSE, MRCET
11

This section presents a CRM application service as an example of the new business
model. After the user logs into the CRM system, if the CRM Service System requires any client
information, it will execute a Data Retrieval Program. When this data needs to be saved, it will
execute a Data Storage Program. The Data Retrieval Program is illustrated in Fig. 4 and is
explained below. When a user wants to access the CRM Cloud Service, he must first execute the
Login Program as shown in Step 1. This step can use current e-commerce or other services which
have already securely verified the users registration, such as symmetric key-based challenge and
reply login verification, or through a One-Time Password. After the users login has been
successfully verified, if the CRM Service System requires client information from the user, it sends
a request for information to the Storage Service System, as shown in Step 2. In this step, the CRM
Service System transmits the user ID to the Storage Service System where it searches for the users
data. This data is encrypted so, once found, a request must be sent to the Encryption/Decryption
Service System along with the user ID. Step 3 shows the Storage Service System executing the
transmission of encrypted client data and the user ID to the Encryption/Decryption Service System.
Since the Encryption/Decryption Service System can serve multiple users and the
encryption/decryption for each users data requires a different key, therefore each users unique ID
and keys

[5]

are stored together. Therefore, in Step 4, the Encryption/Decryption Service System

uses the received user ID to index the users data decryption key, which is then used to decrypt the
received data. Using the correct decryption key to decrypt the data is critical to restoring the data to
its original state.

Fig 4. Encryption/Decryption as an independent service

2.4.4 Accessing Storage service:

Dept. Of CSE, MRCET
12

After the Encryption/Decryption Service System has decrypted the clients data, in Step
5 the decrypted client data is provided to the CRM Service System which then displays the client
data to the user in Step 6, completing the Data Retrieval Program. Prior to sending the decrypted
client data, the Encryption/Decryption Service System and the CRM Service System can establish a
secure data transmission channel (e.g., a Secure Sockets Layer connection) to securely transmit the
decrypted client data. After the decrypted client data is sent, the Encryption/Decryption Service
System is not allowed to retain the decrypted data and any unencrypted data must be deleted to
prevent the encrypted data and the decryption key from being stored in the same system. This is a
critical factor in ensuring the privacy of user data. The above-mentioned Data Retrieval Program
requires the collaboration of three different cloud service systems. Different methods of system
collaboration are already supported by mature technologies, including two systems based on
Universal Description Discovery and Integration (UDDI), Web Service Description Language
(WSDL), and Simple Object Access Protocol (SOAP) to use Web Services or transmit Extensible
Markup Language (XML) formatted data . Next, we describe the Data Storage Program, as shown
in Fig.3. This program also involves the collaboration of three cloud service systems: CRM Service
System, Encryption/Decryption Service System, and Storage Service System. Step 1 of Fig. 3
shows the client sending a Data Storage Request to the CRM Service System which then initiates
the Data Storage Program, requesting data encryption from the Encryption/Decryption Service
System as shown in Step 2. In Step 2, the CRM Service System and the Encryption/Decryption
Service System establish a secure data transfer channel to transmit the user ID and the data
requiring storage from the CRM Service System to the Encryption/Decryption Service System. As
the encryption of data from different users requires different keys, in Step3 the
Encryption/Decryption Service System initiates data encryption, which involves using the received
user ID to index the users encryption key which is then used to encrypt the received data.
Following this studys emphasis on the principle of divided authority, once the client data is
encrypted by the Encryption/Decryption Service System it must be transferred to the Storage
Service System where the user ID and encrypted data are stored together. Therefore, when the
Encryption/Decryption Service System executes Step 4, it must transfer the user ID and encrypted
client data to the Storage Service System. Step 5 shows the Storage Service System receiving the
user ID paired with the data for storage. In this business model, the following the completion of
Step 4 at the Encryption/Decryption Service System, all unencrypted and decrypted user data must
be deleted. Step 6, the final step of the Data Storage Program [4], transmits a Data Storage Complete
Dept. Of CSE, MRCET
13

message from the Storage Service System to the CRM Service System, at which point the CRM
Service System may confirm that the client data has been stored. If it doesnt receive a Data Storage
Complete message, it can re-initiate the Data Storage Program or, after a given period of time,
proceed with exceptional situation handling. In the above example, the users goal in logging into
the CRM Service System is possibly to maintain part of the client data, thus the system design must
take data maintenance into consideration. Feasible design methods include matching the encrypted
client data with the corresponding user ID and client ID, thus allowing for the indexing of the user
ID to obtain the corresponding client data. Then the client ID can be used to index the client data
the user wishes to maintain. Considering the massive amount of client data, search efficiency could
be improved by combining the user ID and client ID to form a combined ID used for searching for
a specific clients data. In the new business model, multiple cloud service operators jointly serve
their clients through existing information technologies including various application systems such
as ERP, accounting software, portfolio selection and financial operations which may require the
user ID to be combined with other IDs for indexing stored or retrieved data. In addition, the
foregoing description of the two systems can use Web Service related technology to achieve
operational synergies and data exchange goals. These technologies can consider open international
standards including the World Wide Web Consortiums (W3C) published Web Service, UDDI,
WSDL and SOAP standard documentation.

2.5 Advantages from Proposed System:

Cloud computing environments include three types of services[6]: infrastructure, platform
and software. To the user, cloud computing virtualizes resources and, to access services, the user
only requires a means of accessing the Internet, e.g., a smart phone or PDA, or even a Smart Card
or other active smart chip, thus reducing purchasing and maintenance costs for software and
hardware. Because key industrial data is stored on the service providers equipment, the service
provider must protect the users data, for example by encrypting the users data prior to storage.
However, this leaves the service providers high-privilege internal staff (e.g., system administrators)
with access to both the Decryption Key and the users encrypted data, exposing the users data to
risk of potential disclosure. For cloud computing to spread, users must have a high level of trust in
the methods by which service providers protect their data. This study proposes a Business Model
for Cloud Computing Based on a Separate Encryption and Decryption Service, emphasizing that
authorization for the storage and encryption/decryption of user data must be vested with two
Dept. Of CSE, MRCET
14

different service providers. The privileges of Storage as Service provider include storing user data
which has already been encrypted through an Encryption/Decryption Service System, but does not
allow this service provider access to the Decryption Key or allow for the storage of decrypted data.
Furthermore, the privileges of the Encryption/Decryption as Service provider includes management
of the key required for the encryption/decryption of user data, but not the storage of decrypted or
encrypted user data. In this new business model, user data in the Storage Service System is all
saved encrypted. Without the decryption key, there is no way for the service provider to access the
user data. Within the Encryption/Decryption Service System there is no stored user data, thus
eliminating the possibility that user data might be improperly disclosed. After establishing
Independent Encryption/Decryption Services in cloud computing environments, users of cloud
computing services (e.g., CRM, ERP, etc.) will use the services of at least two cloud computing
service providers, so agreements between these service providers are required to establish a model
for cooperation and division of responsibilities in providing a common service to clients. This study
provides a draft of a multi-signatory Service Level Agreement[3] (SLA) in which the signatories can
include cloud computing rental users, application service providers, encryption/decryption service
providers, storage service providers, etc., with content including the rights and obligations between
operators and also includes data security policies between each operator and clients. The core
concept of this study is consistent with division of management authority to reduce operational risk,
thus avoiding the risk of wrongful disclosure of user data.

CHAPTER: 3
SOFTWARE AND HARDWARE REQUIREMENTS
Dept. Of CSE, MRCET
15

3.1 Software Specifications:

Softwares that are used for implementing are as follows
Language: PHP, HTML
Database: MySQL
Server: XAMPP
Operating System: XP

3.2 Hardware Specifications:

The Minimum hardware requirements for running the project are like below
Processor: P IV
RAM: 512 Mb
Hard Disk: 40 GB

CHAPTER: 4
SELECTED SOFTWARES
Dept. Of CSE, MRCET
16

4.1 PHP:
PHP is a general-purpose server-side scripting language originally designed for Web
development to produce dynamic Web pages. It is one of the first developed server-side scripting
languages to be embedded into an HTML source document rather than calling an external file to
process data. The code is interpreted by a Web server with a PHP processor module which
generates the resulting Web page. It also has evolved to include a command-line interface capability
and can be used in standalone graphical applications. PHP can be deployed on most Web servers
and also as a standalone shell on almost every operating system and platform free of charge. A
competitor to Microsoft's Active Server Pages (ASP) server-side script engine and similar
languages, PHP is installed on more than 20 million Web sites and 1 million Web servers. Software
that uses PHP[18] includes Joomla, Word press, Concrete5, MyBB, and Drupal.
PHP was originally created by Rasmus Lerdorf in 1995. The main implementation of PHP is now
produced by The PHP Group and serves as the formal reference to the PHP language. PHP is free
software released under the PHP License, which is incompatible with the GNU General Public
License (GPL) due to restrictions on the usage of the term PHP.
While PHP originally stood for Personal Home Page, it is now said to stand for PHP:
Hypertext

Preprocessor,

a recursive

acronym.PHP development

began

in

1994

when

the Danish/Greenlandic/Canadian programmer Rasmus Lerdorf initially created a set of Perlscripts

he called "Personal Home Page Tools" to maintain his personal homepage. The scripts performed
tasks such as displaying his rsum and recording his web-page traffic. Lerdorf initially announced
the release of PHP on the comp.infosystems.www.authoring.cgi Usenet discussion group on June 8,
1995. He rewrote these scripts as Common Gateway Interface (CGI) binaries in C, extending them
to add the ability to work with Web formsand to communicate with databases and called this
implementation "Personal Home Page/Forms Interpreter" or PHP/FI. PHP/FI could be used to build
simple, dynamic Web applications. Lerdorf released PHP/FI as "Personal Home Page Tools (PHP
Tools) version 1.0" publicly on June 8, 1995, to accelerate bug location and improve the code.
This release already had the basic functionality that PHP has today. This included Perllike variables, form handling, and the ability to embed HTML. The syntax was similar to Perl but
Dept. Of CSE, MRCET
17

was more limited and simpler, although less consistent. A development team began to form and,
after months of work and beta testing, officially released PHP/FI 2 in November 1997.
Zeev Suraski and Andi Gutmans, two Israeli developers at the Technion IIT, rewrote
the parser in 1997 and formed the base of PHP 3, changing the language's name to the recursive
initialismPHP: Hypertext Preprocessor. Afterward, public testing of PHP 3 began, and the official
launch came in June 1998. Suraski and Gutmans then started a new rewrite of PHP's core,
producing the Zend Engine in 1999. They also founded Zend Technologies in Ramat Gan, Israel.
On May 22, 2000, PHP 4, powered by the Zend Engine 1.0, was released. As of August 2008 this
branch is up to version 4.4.9. PHP 4 is no longer under development nor will any security updates
be released. On July 13, 2004, PHP 5 was released, powered by the new Zend Engine II. PHP 5
included new features such as improved support for object-oriented programming, the PHP Data
Objects (PDO) extension (which defines a lightweight and consistent interface for accessing
databases), and numerous performance enhancements. In 2008 PHP 5 became the only stable
version under development. Late static binding had been missing from PHP and was added in
version 5.3. A new major version has been under development alongside PHP 5 for several years.
This version was originally planned to be released as PHP 6 as a result of its significant changes,
which included plans for full Unicode support. However, Unicode support took developers much
longer to implement than originally thought, and the decision was made in March 2010 to move the
project to a branch, with features still under development moved to trunk.
Changes in the new code include the removal of register_globals, magic quotes,
and safe mode. The reason for the removals was that register_globals had opened security holes by
intentionally allowing runtime data injection, and the use of magic quotes had an unpredictable
nature. Instead, to escape characters, magic quotes may be replaced with the addslashes() function,
or more appropriately an escape mechanism specific to the database vendor itself like
mysql_real_escape_string() for MySQL. Functions that will be removed in future versions and have
been deprecated in PHP 5.3 will produce a warning if used.
Many high-profile open-source projects ceased to support PHP 4 in new code as of
February 5, 2008, because of the GoPHP5 initiative, provided by a consortium of PHP developers
promoting the transition from PHP 4 to PHP 5.
Dept. Of CSE, MRCET
18

Since version 5.4, PHP has native support for Unicode or multibyte strings, allowing
strings as well as class-, method-, and function-names to contain non-ASCII characters. PHP
interpreters

are available on both 32-bit and 64-bit operating

systems,

but on Microsoft

Windows the only official distribution is a 32-bit implementation, requiring Windows 32-bit
compatibility mode while using Internet Information Services (IIS) on a 64-bit Windows platform.
Experimental 64-bit versions of PHP 5.3.0 were briefly available for MS Windows, but have since
been removed.
PHP is free software released under the PHP License, which insists that: Products
derived from this software may not be called "PHP", nor may "PHP" appear in their name, without
prior written permission from [email protected]. You may indicate that your software works in
conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo".
This restriction on use of the name PHP makes it incompatible with the GNU General Public
License (GPL).
Usage
PHP is a general-purpose scripting language that is especially suited to server-side web
development where PHP generally runs on a web server. Any PHP code in a requested file
is executed by the PHP runtime, usually to create dynamic web page content or dynamic images
used on Web sites or elsewhere. It can also be used for command-line scripting and clientside graphical user interface (GUI) applications. PHP can be deployed on most Web servers,
many operating systems and platforms, and can be used with many relational database management
systems(RDBMS). It is available free of charge, and the PHP Group provides the complete source
code for users to build, customize and extend for their own use.
PHP acts primarily as a filter, taking input from a file or stream containing text and/or
PHP instructions and outputting another stream of data; most commonly the output will be HTML.
Since PHP 4, the PHP parser compiles input to produce byte code for processing by the Zend
Engine, giving improved performance over its interpreter predecessor.
Originally designed to create dynamic Web pages, PHP now focuses mainly on serverside scripting, and it is similar to other server-side scripting languages that provide dynamic content
Dept. Of CSE, MRCET
19

from a Web server to a client, such as Microsoft's ASP.NET, Sun Microsystems' JavaServer
Pages, and mod_perl. PHP has also attracted the development of many frameworks that provide
building blocks and a design structure to promote rapid application development (RAD). Some of
these include CakePHP, Symfony, CodeIgniter, Yii Framework, and Zend Framework, offering
features similar to other web application frameworks. The LAMP architecture has become popular
in the Web industry as a way of deploying Web applications.
PHP is commonly used as the P in this bundle longside Linux, Apache and MySQL,
although the P may also refer to Python, Perl, or some mix of the three. Similar packages are also
available for Windows and OS X, then called WAMP and MAMP, with the first letter standing for
the respective operating system. However both PHP and Apache are provided as part of the Mac OS
X base install.
As of April 2007, over 20 million Internet domains had Web services hosted on servers
with PHP installed and mod_php was recorded as the most popular Apache HTTP
Server module. PHP is used as the server-side programming language on 75% of all Web sites.
Web content management systems written in PHP include MediaWiki[19], Joomla, eZ
Publish, SilverStripe, WordPress, Drupal and Moodle. All Web sites created using these tools are
written in PHP, including the user-facing portion of Wikipedia, Facebook, and Digg.
Security
About 30% of all vulnerabilities listed on the National Vulnerability Database are
linked to PHP. These vulnerabilities are caused mostly by not following best practice programming
rules: technical security flaws of the language itself or of its core libraries are not frequent (23 in
2008, about 1% of the total). Recognizing that programmers make mistakes, some languages
include taint checking to detect automatically the lack of input validation which induces many
issues. Such a feature is being developed for PHP, but its inclusion in a release has been rejected
several times in the past.
There are advanced protection patches such as Suhosin and Hardening-Patch, especially
designed for Web hosting environments.
Dept. Of CSE, MRCET
20

PHPIDS adds security to any PHP application to defend against intrusions. PHPIDS
detects attacks based on cross-site scripting (XSS), SQL injection, header injection, directory
traversal, remote file execution, remote file inclusion, and denial-of-service[10] (DoS).
Variables are prefixed with a dollar symbol, and a type does not need to be specified in
advance. Unlike function and class names, variable names are case sensitive. Both double-quoted
("") and heredoc strings provide the ability to interpolate a variable's value into the string. PHP
treats newlines as whitespace in the manner of a free-form language (except when inside string
quotes), and statements are terminated by a semicolon. PHP has three types of comment syntax: /*
*/ marks block and inline comments;// as well as # are used for one-line comments.
[68]

The echo statement is one of several facilities PHP provides to output text, e.g., to a Web

browser.In terms of keywords and language syntax, PHP is similar to most high level languages that
follow the C style syntax. if conditions, for and while loops, and function returns are similar in
syntax to languages such as C, C++, Java and Perl.
Data types
PHP stores whole numbers in a platform-dependent range, either a 64-bit or 32bit signed integer equivalent to the C-language long type. Unsigned integers are converted to signed
values in certain situations; this behavior is different from other programming languages. Integer
variables

can

be

assigned

using

decimal

(positive

and

negative), octal,

and hexadecimal notations.Floating point numbers are also stored in a platform-specific range.
They can be specified using floating point notation, or two forms of scientific notation.[ PHP has a
native Boolean type that is similar to the native Boolean types in Java and C++. Using the Boolean
type conversion rules, non-zero values are interpreted as true and zero as false, as in Perl and C+
+.The null data type represents a variable that has no value. The only value in the null data type
is NULL. Variables of the "resource" type represent references to resources from external sources.
These are typically created by functions from a particular extension, and can only be processed by
functions from the same extension; examples include file, image, and database resources. Arrays
can contain elements of any type that PHP can handle, including resources, objects, and even other
arrays. Order is preserved in lists of values and in hashes with both keys and values, and the two
can be intermingled. PHP also supports strings, which can be used with single quotes, double
quotes, nowdoc or heredoc syntax.
Dept. Of CSE, MRCET
21

The Standard PHP Library (SPL) attempts to solve standard problems and implements
efficient data access interfaces and classes.
Functions
PHP has hundreds of base functions and thousands more via extensions. These
functions are well documented on the PHP site; however, the built-in library has a wide variety of
naming conventions and inconsistencies. PHP currently has no functions for thread programming,
although it does support multiprocess programming on POSIX systems.
PHP 5.2 and earlier
Functions are not first-class functions and can only be referenced by their name,
directly or dynamically by a variable containing the name of the function. User-defined functions
can be created at any time without being prototyped. Functions can be defined inside code blocks,
permitting a run-time decision as to whether or not a function should be defined. Function calls
must use parentheses, with the exception of zero argument class constructor functions called with
the PHP new operator, where parentheses are optional. PHP supports quasi-anonymous
functionsthrough the create_function() function, although they are not true anonymous functions
because anonymous functions are nameless, but functions can only be referenced by name, or
indirectly through a variable $function_name();, in PHP.
PHP 5.3 and newer
PHP gained support for closures. True anonymous functions are supported using the following
syntax:
function getAdder($x) {
return function($y) use ($x) {
return $x + $y;
};
}
$adder = getAdder(8);
Dept. Of CSE, MRCET
22

echo $adder(2); // prints "10"

Here, the getAdder() function creates a closure using the parameter [20] $x (the
keyword use imports a variable from the lexical context), which takes an additional
argument $y and returns it to the caller. Such a function is a first class object, meaning that it can be
stored in a variable, passed as a parameter to other functions, etc. For more details see Lambda
functions and closures RFC .
The goto flow control statement is used as follows:
function lock() {
$file = fopen('file.txt', 'r+');
retry:
if (!flock($file, LOCK_EX & LOCK_NB)) {
goto retry;
}
fwrite($file, 'Success!');
fclose($file);
return 0;
}
When flock() is called, PHP opens a file and tries to lock it. The target label retry: defines the point
to

which

execution

should

return

if flock() is

unsuccessful

and goto

retry; is

called.

The goto statement is restricted and requires that the target label be in the same file and context.
The goto statement has been supported since PHP 5.3.
Objects
Basic object-oriented programming functionality was added in PHP 3 and improved in
PHP 4. Object handling was completely rewritten for PHP 5, expanding the feature set and
enhancing performance. In previous versions of PHP, objects were handled like value types. The
drawback of this method was that the whole object was copied when a variable was assigned or
passed as a parameter to a method. In the new approach, objects are referenced by handle, and not
Dept. Of CSE, MRCET
23

by value. PHP 5 introduced private and protected member variables and methods, along
with abstract classes, final classes, abstract methods, and final methods. It also introduced a
standard way of declaring constructors and destructors, similar to that of other object-oriented
languages such asC++, and a standard exception handling model. Furthermore, PHP 5
added interfaces and allowed for multiple interfaces to be implemented. There are special interfaces
that allow objects to interact with the runtime system. Objects implementing ArrayAccess can be
used with array syntax and objects implementing Iterator or IteratorAggregate can be used with
the for each language construct. There is no virtual table feature in the engine, so static variables are
bound with a name instead of a reference at compile time.
If the developer creates a copy of an object using the reserved word clone, the Zend
engine will check if a clone() method has been defined or not. If not, it will call a default
clone()which will copy the object's properties. If a clone() method is defined, then it will be
responsible for setting the necessary properties in the created object. For convenience, the engine
will supply a function that imports the properties of the source object, so that the programmer can
start with a by-value replica of the source object and only override properties that need to be
changed.
Visibility of properties and methods
The visibility of PHP properties and methods refers to visibility in PHP. It is defined
using the keywords public, private, and protected. The default is public, if only var is used; var is a
synonym for public. Items declared public can be accessed everywhere. protected limits access
to inherited classes (and to the class that defines the item). private limits visibility only to the class
that defines the item. Objects of the same type have access to each other's private and protected
members even though they are not the same instance. PHP's member visibility features have
sometimes been described as "highly useful." However, they have also sometimes been described as
"at best irrelevant and at worst positively harmful."
PHP source code is compiled on-the-fly to an internal format that can be executed by
the PHP engine. In order to speed up execution time and not have to compile the PHP source code
every time the Web page is accessed, PHP scripts can also be deployed in executable format using
a PHP compiler.
Dept. Of CSE, MRCET
24

Code optimizers aim to enhance the performance of the compiled code by reducing its
size, merging redundant instructions and making other changes that can reduce the execution time.
With PHP, there are often opportunities for code optimization. An example of a code optimizer is
the eAccelerator PHP extension.
Another approach for reducing compilation overhead for PHP servers is using
an opcode cache. Opcode caches work by caching the compiled form of a PHP script (opcodes)
in shared memory to avoid the overhead of parsing and compiling the code every time the script
runs. An opcode cache, APC, is planned to be built into an upcoming release of PHP (but not 5.4 as
previously planned ).Opcode caching and code optimization can be combined for best efficiency, as
the modifications do not depend on each other (they happen in distinct stages of the compilation).
HTML :
Hyper Text Markup Language (HTML) is the main markup language for displaying
web pages and other information that can be displayed in a web browser.
HTML is written in the form of HTML elements consisting of tags enclosed in angle
brackets (like <html>), within the web page content. HTML tags most commonly come in pairs
like <h1> and </h1>, although some tags, known as empty elements, are unpaired, for
example <img>. The first tag in a pair is the start tag, the second tag is the end tag (they are also
called opening tags and closing tags). In between these tags web designers can add text, tags,
comments and other types of text-based content.The purpose of a web browser is to read HTML
documents and compose them into visible or audible web pages. The browser does not display the
HTML tags, but uses the tags to interpret the content of the page.
HTML elements form the building blocks of all websites. HTML allows images and
objects to be embedded and can be used to create interactive forms. It provides a means to
create structured documents by denoting structural semantics for text such as headings, paragraphs,
lists, links, quotes and other items. It can embed scripts in languages such as JavaScript which
affect the behavior of HTML webpages.

Dept. Of CSE, MRCET

25

Web browsers can also refer to Cascading Style Sheets (CSS) to define the appearance
and layout of text and other material. The W3C, maintainer of both the HTML and the CSS
standards, encourages the use of CSS over explicitly presentational HTML markup.
ORIGINS of HTML
In 1980, physicist Tim Berners-Lee, who was a contractor at CERN, proposed and
prototyped ENQUIRE, a system for CERN researchers to use and share documents. In 1989,
Berners-Lee wrote a memo proposing an Internet-based hypertext system. Berners-Lee specified
HTML and wrote the browser and server software in the last part of 1990. In that year, Berners-Lee
and CERN data systems engineer Robert Cailliau collaborated on a joint request for funding, but
the project was not formally adopted by CERN. In his personal notes from 1990 he lists"some of
the many areas in which hypertext is used" and puts an encyclopedia first.
Version of HTML(May 2011) Used
On 14 February 2011, the W3C extended the charter of its HTML Working Group with
clear milestones for HTML5. In May 2011, the working group advanced HTML5 to "Last Call", an
invitation to communities inside and outside W3C to confirm the technical soundness of the
specification. The W3C is developing a comprehensive test suite to achieve broad interoperability
for the full specification by 2014, which is now the target date for Recommendation.

4.2 MYSQL:
MySQL "My S-Q-L", officially, but also called "My Sequel") is the world's most used
open source relational database management system (RDBMS) that runs as a server providing
multi-user access to a number of databases.It is named after co-founder Michael Widenius'
daughter, My. The SQL phrase stands for Structured Query Language.
The MySQL development project has made its source code available under the terms of
the GNU General Public License, as well as under a variety ofproprietary agreements. MySQL was
owned and sponsored by a single for-profit firm, the Swedish company MySQL AB, now owned
Dept. Of CSE, MRCET
26

by Oracle Corporation. Free-software-open source projects that require a full-featured database

management system often use MySQL. For commercial use, several paid editions are available, and
offer additional functionality.
Uses
MySQL is a popular choice of database for use in web applications, and is a central
component of the widely used LAMP open source web application software stackLAMP is an
acronym for "Linux, Apache, MySQL, Perl/PHP/Python".
MySQL is an open source database management system and is used in some of the most
frequently visited websites on the Internet, including Flickr, Nokia.com, YouTubeand as previously
mentioned, Wikipedia, Google, Facebook and Twitter.
Platforms and Interfaces
MySQL is written in C and C++. Its SQL parser is written in yacc, and a homebrewed lexical analyzer named sql_lex.cc. MySQL works on many different system platforms,
including AIX, BSDi, FreeBSD, HP-UX, eComStation, i5/OS, IRIX, Linux, Mac OS X, Microsoft
Windows, NetBSD, Novell,NetWare, OpenBSD,OpenSolaris, OS/2 Warp, QNX, Solaris, Symbian,
SunOS, SCO OpenServer, SCO UnixWare, Sanos and Tru64. A port of MySQL to OpenVMS also
exists.
Many programming

languages with

language-specific APIs include libraries for

accessing MySQL databases. These include MySQL Connector/Net for integration with
Microsoft's Visual Studio(languages such as C# and VB are most commonly used) and the JDBC
driver for Java. In addition, an ODBC interface called MyODBC allows additional programming
languages that support the ODBC interface to communicate with a MySQL database, such
as ASP or ColdFusion. The HTSQL - URL-based query method also ships with a MySQL adapter,
allowing direct interaction between a MySQL database and any web client via structured URLs.
Management and Graphical Frontends

Dept. Of CSE, MRCET

27

MySQL is primarily an RDBMS and ships with no GUI tools to administer MySQL
databases or manage data contained within the databases. Users may use the included command
line tools, or use MySQL "front-ends", desktop software and web applications that create and
manage MySQL databases, build database structures, back up data, inspect status, and work with
data records. The official set of MySQL front-end tools, MySQL Workbench is actively developed
by Oracle, and is freely available for use. Third-party command-line tools are also available, such
as Percona Toolkit.
Official
The official MySQL Workbench is a free integrated environment developed by MySQL
AB, that enables users to graphically administer MySQL databases and visually design database
structures. MySQL Workbench replaces the previous package of software, MySQL GUI Tools.
Similar to other third-party packages, but still considered the authoritative MySQL frontend,
MySQL Workbench lets users manage the following:

Database design & modeling

SQL development replacing MySQL Query Browser

Database administration replacing MySQL Administrator

MySQL Workbench is available in two editions, the regular free and open

source Community Edition which may be downloaded from the MySQL website, and the
proprietary Standard Editionwhich extends and improves the feature set of the Community Edition.
Deployment
MySQL can be built and installed manually from source code, but this can be tedious so
it is more commonly installed from a binary package unless special customizations are required. On
most Linux distributions the package management system can download and install MySQL with
minimal effort, though further configuration is often required to adjust security and optimization
settings.

Dept. Of CSE, MRCET

28

Though MySQL began as a low-end alternative to more powerful proprietary databases,

it has gradually evolved to support higher-scale needs as well. It is still most commonly used in
small to medium scale single-server deployments, either as a component in a LAMP-based web
application or as a standalone database server. Much of MySQL's appeal originates in its relative
simplicity and ease of use, which is enabled by an ecosystem of open source tools such as
phpMyAdmin. In the medium range, MySQL can be scaled by deploying it on more powerful
hardware, such as a multi-processor server with gigabytes of memory.
There are however limits to how far performance can scale on a single server, so on
larger scales, multi-server MySQL deployments are required to provide improved performance and
reliability. A typical high-end configuration can include a powerful master database which handles
data write operations and is replicated to multiple slaves that handle all read operations. The master
server synchronizes continually with its slaves so in the event of failure a slave can be promoted to
become the new master, minimizing downtime. Further improvements in performance can be
achieved by caching the results from database queries in memory using memcached, or breaking
down a database into smaller chunks called shards which can be spread across a number of
distributed server clusters.
Cloud-based deployment
Another deployment option is running MySQL on cloud computing platforms such
as Amazon EC2. There are two common deployment models for MySQL on the cloud:

Virtual Machine Image - cloud users can upload a machine image of their own with
MySQL installed, or use a ready-made machine image with an optimized installation of
MySQL on it, such as the one provided by Amazon EC2.

MySQL as a Service - some cloud platforms offer MySQL "as a service". In this
configuration, application owners do not have to install and maintain the MySQL database on
their own. Instead, the database service provider takes responsibility for installing and
maintaining the database, and application owners pay according to their usage. Two notable
cloud-based MySQL services are the Amazon Relational Database Service, and the Xeround
Cloud Database, which runs on EC2, Rackspace and Heroku.
Dept. Of CSE, MRCET
29

A third option is managed MySQL hosting on the cloud, where the database is not
offered as a service, but the cloud provider hosts the database and manages it on the application
owner's behalf. As of 2011, of the major cloud providers, only Rackspace offers managed hosting
for MySQL databases.
Licensing and Support
Both the MySQL server software itself and the client libraries use duallicensing distribution. They are offered under GPL, beginning from 28 June 2000 (which Oracle has
extended with a FLOSS License Exception) or to use a proprietary license.Support can be obtained
from the official manual. Free support additionally is available in different IRC channels and
forums. Oracle offers paid support via its MySQL Enterprise products. They differ in the scope of
services and in price. Additionally, a number of third party organizations exist to provide support
and services, including SkySQL Ab and Percona.

4.3 XAMPP:
XAMPP is a free and open source cross-platform web server solution stack package,
consisting mainly of the Apache HTTP Server, MySQL database, and interpreters for scripts
written in the PHP and Perl programming languages.
Etymology
XAMPP's name is an acronym for:

X (to be read as "cross", meaning cross-platform)

Apache HTTP Server

MySQL

PHP

Perl
Dept. Of CSE, MRCET
30

Requirements and features

XAMPP requires only one zip, tar, 7z, or exe file to be downloaded and run, and little
or no configuration of the various components that make up the web server is required. XAMPP is
regularly updated to incorporate the latest releases of Apache/MySQL/PHP and Perl. It also comes
with a number of other modules including OpenSSL and phpMyAdmin.
Self-contained, multiple instances of XAMPP can exist on a single computer, and any given
instance can be copied from one computer to another.It is offered in both a full, standard version
and a smaller version.
XAMPP USE
Officially, XAMPP's designers intended it for use only as a development tool, to allow
website designers and programmers to test their work on their own computers without any access to
the Internet. To make this as easy as possible, many important security features are disabled by
default. In practice, however, XAMPP is sometimes used to actually serve web pages on the World
Wide Web. A special tool is provided to password-protect the most important parts of the package.
XAMPP

also

provides

support

for

creating

and

manipulating

databases

in MySQL and SQLite among others.Once XAMPP is installed, it is possible to treat

a localhost like a remote host by connecting using an FTP client. Using a program like FileZilla has
many advantages when installing a content management system (CMS) like Joomla. It is also
possible to connect to localhost via FTP with a HTML editor. The default FTP user is "newuser",
the default FTP password is "wampp". The default MySQL user is "root" while there is no
default MySQL password.
XAMPP Components:
XAMPP 1.8.0 for Windows, including:

Apache 2.4.2

MySQL 5.5.25a

PHP 5.4.4
Dept. Of CSE, MRCET
31

phpMyAdmin 3.5.2

FileZilla FTP Server 0.9.41

Tomcat 7.0.28 (with mod_proxy_ajp as connector)

XAMPP 1.8.0 for Linux, including:

Apache 2.4.2

MySQL 5.5.25a

PHP 5.4.4

phpMyAdmin 3.5.1

OpenSSL 1.0.1c

4.4 OpenSSL:
OpenSSL[13] is an open-source implementation of the SSL and TLS protocols. The
core library, written in the C programming language, implements the basic cryptographic functions
and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a
variety of computer languages are available.
Versions
(including Solaris, Linux, Mac

are
OS

available
X and

the

for

most Unix-like operating

various

open

systems

source BSD operating

systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400).
OpenSSL is based on SSLeay by Eric A. Young and Tim Hudson, development of which
unofficially ended around December 1998, when Young and Hudson both started to work for RSA
Security.
Licensing
Dept. Of CSE, MRCET
32

OpenSSL is "dual licensed" under the OpenSSL License and the SSLeay License. The
OpenSSL License is Apache License 1.0 and SSLeay License is a 4-clause BSD License. The
common usage of the term dual-license is that the user may pick which license they wish to use.
However, OpenSSL documentation uses the term dual-license to mean that both licenses apply.
As the OpenSSL License is Apache License 1.0, but not Apache License 2.0, it requires
the phrase This product includes software developed by the OpenSSL Project for use in the
OpenSSL Toolkit. (http://www.openssl.org/) to appear in advertising material and any redistributions
(Sections 3 and 6 of the OpenSSL License). Due to this restriction, the OpenSSL License and the
Apache License are incompatible with the GPL. Some GPL developers have added an OpenSSL
exception to their licenses specifically allowing OpenSSL to be used with their system.
GNUWget and climm both

use

such

exceptions. Other

packages

use

the

LGPL

licensed GnuTLS which performs the same task.

Windows Xp:
Windows XP is an operating system produced by Microsoft for use on personal
computers, including home and business desktops,laptops and media centers. First released to
computer manufacturers on August 24, 2001, it is the second most popular version ofWindows,
based on installed user base. The name "XP" is short for "eXPerience", highlighting the
enhanced user experience.
Windows XP, the successor to Windows 2000 and Windows Me, was the first
consumer-oriented operating system produced by Microsoft to be built on the Windows NT kernel.
Windows XP was released worldwide for retail sale on October 25, 2001, and over 400 million
copies were in use in January 2006. It was succeeded by Windows Vista in January 2007.
Direct OEM and retail sales of Windows XP ceased on June 30, 2008. Microsoft
continued to sell Windows XP through their System Builders (smaller OEMs who sell assembled
computers) program until January 31, 2009. On April 10, 2012, Microsoft reaffirmed that extended
support for Windows XP and Office 2003 would end on April 8, 2014 and suggested that
administrators begin preparing to migrate to a newer OS.

Dept. Of CSE, MRCET

33

The NT-based

versions

of

Windows,

which

are

programmed

in C, C++,

and assembly, are known for their improved stability and efficiency over the 9x versions
of Microsoft Windows. Windows XP presented a significantly redesigned graphical user interface, a
change Microsoft promoted as more user-friendly than previous versions of Windows. A new
software management facility called Side-by-Side Assembly was introduced to ameliorate the
"DLL hell" that plagued 9x versions of Windows. It is also the first version of Windows to
use product activation to combat illegal copying.
During

Windows

XP's

development,

the project

was

codenamed "Whistler",

after Whistler, British Columbia, as many Microsoft employees skied at the WhistlerBlackcomb ski resort.

CHAPTER: 5
SYSTEM DESIGN

5.1 UML DIAGRAMS:

Unified Modeling Language or UML Diagrams are used to represent the system diagrammatically.
Dept. Of CSE, MRCET
34

5.1.1: Use case diagram:

Use case diagrams (Fig 5) are drawn to represent the functionality of the system.

Fig 5: Use Case Diagram

5.1.2 Class Diagram:

Dept. Of CSE, MRCET

35

Class diagrams (Fig 6) are used to represent the classes used in the system and their
relationships.

Fig 6: Class Diagram

5.1.3 Activity Diagram:

Dept. Of CSE, MRCET

36

Activity diagrams (Fig 7) are graphical representations of workflows of stepwise

activities and actions with support for choice, iteration and concurrency. In the Unified Modeling
Language, activity diagrams can be used to describe the business and operational step-by-step
workflows of components in a system. An activity diagram shows the overall flow of control.

Fig 7: Activity Diagram

5.1.4 Sequence Diagram:

Dept. Of CSE, MRCET
37

A sequence diagram (Fig 8) in a Unified Modeling Language (UML) is a kind

of interaction diagram that shows how processes operate with one another and in what order. It is
a construct of a Message Sequence Chart. A sequence diagram shows object interactions arranged
in time sequence. It depicts the objects and classes involved in the scenario and the sequence of
messages exchanged between the objects needed to carry out the functionality of the scenario.
Sequence diagrams typically are associated with use case realizations in the Logical View of the
system under development.Sequence diagrams are sometimes called event diagrams, event
scenarios, and timing diagrams.

Fig 8: Sequence Diagram

CHAPTER: 6
Dept. Of CSE, MRCET
38

SYSTEM IMPLEMENTATION
6.1 PLAN OF IMPLEMENTATION
System Development Life Cycle (SDLC) Model
This is also known as Classic Life Cycle Model (or) Linear Sequential Model (or)
Waterfall Method. This model has the following activities.
System/Information Engineering and Modeling
Software is perpetually of an outsized system or business, work starts by creating the
needs for all system elements and then allocating some subset of these requirements to software.
Software Requirement Analysis
This process is also known as possibility study. In this phase, the development team
visits the customer and studies their system. They examine the requirement for possible software
automation in the given system. By the end of the possibility study, the team provides a document
that holds the diverse specific recommendations for the candidate system.
System Analysis and Design
In this phase, the software development process, the software's general structure and its
gradations are defined. In terms of the client - server technology needed for the package
architecture, the database design, and the data structure design etc. are all helpful in this phase.
Code Generation
The design should be interpret into a machine readable form. The code generation step
achieves this task. If the design is executed in a detailed manner, code generation can be
accomplished without much complication.
Testing

Dept. Of CSE, MRCET

39

Once the code is generated, after that the software program testing starts. Different
testing methodologies are available to unravel the bugs that were committed during the previous
phases.
Maintenance
The software will unquestionably experience change once it is delivered to the
customer. There can be many reasons for this change to occur. Change could happen because of
some surprising input values into the system.

6.2 PHP SOURCE CODE

The index page is developed with HTML ,Java script and CSS. Coming to the Sign Up
process the page is with PHP code. That is as follows:
<?php
$con = mysql_connect("localhost","root","");
$con1 = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}mysql_select_db("cloud", $con);
$btname=$_POST['username']."b";
$ctname=$_POST['username']."c";
$db=$_POST['username'];
$sql="INSERT INTO user (username, password, firstname, lastname, gender, dob, email, phone,
address, securityquestion, answer)
VALUES
Dept. Of CSE, MRCET
40

('$_POST[username]','$_POST[password]','$_POST[firstname]','$_POST[lastname]','$_POST[gend
er]','$_POST[dob]','$_POST[email]','$_POST[phone]','$_POST[address]','$_POST[securityquestio
n]','$_POST[answer]')";
$sql1="CREATE TABLE $btname (bankname varchar(128) NOT NULL, branchno varchar(128),
accountholdername varchar(128) NOT NULL,accountnumber

varchar(128) NOT NULL,

accounttype varchar(128) NOT NULL, ifsccode varchar(128), branchaddress varchar(128))";

$sql2="CREATE TABLE $ctname (cardnumber varchar(128),PRIMARY KEY(cardnumber),
cardtype

varchar(128)

NOT

NULL,

nameoncard

varchar(128)

NOT

NULL,expirydate

varchar(128) NOT NULL, cvv varchar(128) NOT NULL, securedpassword varchar(128))";

if (!mysql_query($sql,$con) )
{ die('Error: ' . mysql_error());
}
else
{mysql_query("CREATE DATABASE $db",$con1);
mysql_select_db("$db", $con1);
mysql_query($sql1,$con1);
mysql_query($sql2,$con1);
}mysql_close($con1);
mysql_close($con);
?>
<?php
$connection = mysql_connect("localhost","root","");
if (!$connection)
{
Dept. Of CSE, MRCET
41

die('Could not connect: ' . mysql_error());

}
mysql_select_db("cloud", $connection);
$username=$_POST['username'];
$password=$_POST['password'];
$query = mysql_query('SELECT username, password FROM user WHERE username = "'.
$_POST['username'].'" AND password = "'.$_POST['password'].'" LIMIT 1', $connection);
if (mysql_num_rows($query) > 0)
{
$rand= rand(00000000,99999999);
mysql_query('UPDATE user SET otp="'.$rand.'" WHERE username = "'.$_POST['username'].'"
LIMIT 1', $connection);
print '<script type="text/javascript">';
print 'alert("The OTP is '.$rand.' . Please remember otp for second level of authentication.")';
print '</script>';
}
else
{mysql_query('UPDATE user SET loginfails= loginfails + 1 WHERE username = "'.
$_POST['username'].'" LIMIT 1', $connection);
header("Location: loginerror.php");
}
?>

Dept. Of CSE, MRCET

42

<?php
$btname=$_SESSION['login']."b";
// Establish the database connection
mysql_connect("localhost", "root", "") or
die("Could not connect: " . mysql_error());
$db=$_SESSION['login'];
mysql_select_db("$db");

// Issue the query

$result = mysql_query("SELECT * FROM $btname");
class Encryption {
var $skey ="hariprasadmtechcsemrcet"; // you can change it
public function safe_b64encode($string) {
$data = base64_encode($string);
$data = str_replace(array('+','/','='),array('-','_',''),$data);
return $data;
}
public function safe_b64decode($string) {
$data = str_replace(array('-','_'),array('+','/'),$string);
$mod4 = strlen($data) % 4;
if ($mod4) {
$data .= substr('====', $mod4);
Dept. Of CSE, MRCET
43

}
return base64_decode($data);
}
public function encode($value){
if(!$value){return false;}
$text = $value;
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$crypttext = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->skey, $text,
MCRYPT_MODE_ECB, $iv);
return trim($this->safe_b64encode($crypttext));
}
public function decode($value){
if(!$value){return false;}
$crypttext = $this->safe_b64decode($value);
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$decrypttext = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->skey, $crypttext,
MCRYPT_MODE_ECB, $iv);
return trim($decrypttext);
}
}
Dept. Of CSE, MRCET
44

$converter = new Encryption;

if(mysql_num_rows($result)>0)
{
// Capture the result in an array, and loop through the array
while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
// Print each row as HTML: <tr><td>row 0</td><td>row 1</td>
printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>
%s</td></tr>",

$converter->decode($row[0]),

$converter->decode($row[1]),$converter-

>decode($row[2]),$converter->decode($row[3]),$converter->decode($row[4]),$converter>decode($row[5]),$converter->decode($row[6]));
}}
else
{
echo

"<font

color=red><h3>NO

DATA

PRESENT</h3></font>";
}
// Free the result set
mysql_free_result($result);
?>

Using Of OpenSSl (SSl/TLS):

OpenSSL is software developed by openSSL team. This software will provide security to
the web information with SSL and TLS [8]. Here we are also using openSSl so that when we enter
Dept. Of CSE, MRCET
45

the address of the webpage that will be automatically opened with HTTPS protocol, where
information passed with strong encryption.

CHAPTER: 7
SYSTEM TESTING
Software testing forms an activity of software development .Software testing identifies
errors at an early stage. A planned testing identifies the difference between the expected results and
the actual results. The main objective of software testing is to find errors. A successful testing is one
that uncovers, as many as yet undiscovered errors, which helps to make the software more rugged
and reliable.
Testing is applied at different levels in the software development life cycle, but the
testing done is different in nature and has different objective at each level. The focus of all testing is
to find errors, but different type of error are looked for each level.
Testing plays a very critical role in determining the reliability and efficiency of the
software and hence is very important stage in software development. Tests are to be conducted on
the software to evaluate its performance under a number of conditions ideally it should do so at the
level of each module and also when all of them, are integrated to form the complete system.
Software testing is done at different levels. They are unit testing and system testing which
comprises of integration testing and acceptance testing.

7.1 Unit Testing:

At the level, the function of the basic unit of software is tested in isolation. This is
where the most detailed investigation of the internal working of individual units is carried out .The
programmer who wrote the code of then performs unit testing.
The purpose of unit testing is to find errors in the individual units ,which could be
logic-related errors. The test case can be derived from their program specification or design
document. Units which cannot be tested in isolation may require the creation of small test programs
Dept. Of CSE, MRCET
46

known as harness.
Here in our Project we have tested all module individually like login, signup,
encryption, storage, decryption.

7.2 Integration Testing:

At the level of develop mentation each and every module will be tested individually.
When coming to the integration testing, we have to integrate all modules and test the flow and
working of modules together. Here in this project also done the same thing and passed the
Integration test successfully.

Dept. Of CSE, MRCET

47

CHAPTER: 8
RESULTS
8.1 Sample screens

Fig 9: Home Page

Dept. Of CSE, MRCET

48

Fig 10: https Home Page

Fig 11: Registration Page

Dept. Of CSE, MRCET

49

Fig 12: Sign In Page

Fig 13: OTP Authentication Page

Dept. Of CSE, MRCET
50

Fig 14: Login Validation Pages

Fig 15: Accounts Page

Dept. Of CSE, MRCET

51

Fig 16: Store Bank Info Page

Fig 17: Retrieve Bank Info with Decryption

Dept. Of CSE, MRCET

52

Fig 18: Retrieve Bank Info without Decryption

Fig 19: Store Credit Card Info Page

Dept. Of CSE, MRCET
53

Fig 20: Retrieve Credit Card Info with Decryption

Fig 21: Retrieve Credit Card Info without Decryption

Dept. Of CSE, MRCET
54

Fig 22: Logout Page

Fig 23: Registration Page Validation

Dept. Of CSE, MRCET
55

Fig 24: Retrieving Password (Forgot password)

Fig 25: Maximum Login Attempts Reached (Login fails more than 3)
Dept. Of CSE, MRCET
56

CHAPTER: 9
CONCLUSION AND FUTURE ENHANCEMENT
Cloud computing environments include three types of service: infrastructure, platform
and software. To the user, cloud computing virtualizes resources and, to access services, the user
only requires a means of accessing the Internet, e.g., a smart phone or PDA, or even a Smart Card
or other active smart chip, thus reducing purchasing and maintenance costs for software and
hardware. Because key industrial data is stored on the service providers equipment, the service
provider must protect the users data, for example by encrypting the users data prior to storage.
However, this leaves the service providers high-privilege internal staff (e.g., system administrators)
with access to both the Decryption Key and the users encrypted data, exposing the users data to
risk of potential disclosure. For cloud computing to spread, users must have a high level of trust in
the methods by which service providers protect their data. This study proposes a Business Model
for Cloud Computing Based on a Separate Encryption and Decryption Service, emphasizing that
authorization for the storage and encryption/decryption of user data must be vested with two
different service providers. The privileges of Storage as Service provider include storing user data
which has already been encrypted through an Encryption/Decryption Service System, but does not
allow this service provider access to the Decryption Key or allow for the storage of decrypted data.
Furthermore, the privileges of the Encryption/Decryption as Service provider includes management
of the key required for the encryption/decryption of user data, but not the storage of decrypted or
encrypted user data.
In this new business model, user data in the Storage Service System is all saved
encrypted. Without the decryption key, there is no way for the service provider to access the user
data. Within the Encryption/Decryption Service System there is no stored user data, thus
eliminating the possibility that user data might be improperly disclosed. After establishing
Independent Encryption/Decryption Services in cloud computing environments, users of cloud
computing services (e.g., CRM, ERP, etc.) will use the services of at least two cloud computing
service providers, so agreements between these service providers are required to establish a model
for cooperation and division of responsibilities in providing a common service to clients.

Dept. Of CSE, MRCET

57

This study provides a draft of a multi-signatory Service Level Agreement (SLA) in

which the signatories can include cloud computing rental users, application service providers,
encryption/decryption service providers, storage service providers, etc., with content including the
rights and obligations between operators and also includes data security policies between each
operator and clients.

Dept. Of CSE, MRCET

58

APPENDIX
Source code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cloud | Home</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/cufon-yui.js"></script>
<script type="text/javascript" src="js/arial.js"></script>
<script type="text/javascript" src="js/cuf_run.js"></script>
</head>
<body>
<div class="main">
<div class="header">
<div class="header_resize">
<div class="logo">
<h1><a href="index.html">Cloud Project <small></small></a></h1>
</div>
<div class="menu_nav">
<ul>
<li class="active"><a href="index.html">Home</a></li>
<li><a href="register.html">Sign Up</a></li>
<li><a href="signin.html">Sign In</a></li>
</ul>
</div>
<div class="clr"></div>
<div class="htext">
<h2>ASSURANCE ON DATA STORAGE SECURITY IN CLOUD COMPUTING</h2>
<p></p>
<p></p>
<p></p>
</div>
<div class="clr"></div>
</div>
</div>
<div class="content">
<div class="content_resize">
<div class="mainbar">
<div class="article">
<h2><span>Is Cloud Data Storage Secured? </span></h2>
<div class="clr"></div>
Dept. Of CSE, MRCET
59

<p>In the Traditional Cloud Architecture Encryption and Decryption are with Storage service
provider, So there is a privacy Issue. Here in the new Cloud Architecture, we are devided the
storage system and Securtiy System into two saperate services, So risk Of Security is low in
Maximum. </p>
</div>
<div class="main">
<div class="logo">
<h1><a href="register.html">Join wit us...<small></small></a></h1>
</div>
</div>
<div class="clr"></div>
<!-- PLACE FORM Using ORDERED LIST -->
</div>
</div>
<div class="clr"></div>
</div>
</div>
<div class="fbg">
<div class="fbg_resize">
<p class="lf">&copy; Copyright ->ASSURANCE ON DATA STORAGE SECURITY IN
CLOUD COMPUTING.</p>
</div>
</div>
</div>
</div>
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cloud | Home</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/cufon-yui.js"></script>
<script type="text/javascript" src="js/arial.js"></script>
<script type="text/javascript" src="js/cuf_run.js"></script>
</head>
<body>
<div class="main">
<div class="header">
<div class="header_resize">
<div class="logo">
Dept. Of CSE, MRCET
60

<h1><a href="index.html">Cloud Project <small></small></a></h1>

</div>
<div class="menu_nav">
<ul>
<li class="active"><a href="index.html">Home</a></li>
<li><a href="register.html">Sign Up</a></li>
<li><a href="signin.html">Sign In</a></li>
</ul>
</div>
<div class="clr"></div>
<div class="htext">
<h2>ASSURANCE ON DATA STORAGE SECURITY IN CLOUD COMPUTING</h2>
<p></p>
<p></p>
<p></p>
</div>
<div class="clr"></div>
</div>
</div>
<div class="content">
<div class="content_resize">
<div class="mainbar">
<div class="article">
<h2><span>Is Cloud Data Storage Secured? </span></h2>
<div class="clr"></div>
<p>In the Traditional Cloud Architecture Encryption and Decryption are with Storage service
provider, So there is a privacy Issue. Here in the new Cloud Architecture, we are devided the
storage system and Securtiy System into two saperate services, So risk Of Security is low in
Maximum. </p>
</div>
<div class="main"> <div class="logo">
<h1><a href="register.html">Join wit us...<small></small></a></h1>
</div>
</div>
<div class="clr"></div>
<!-- PLACE FORM Using ORDERED LIST -->
</div>
</div>
<div class="clr"></div>
</div>
</div>
<div class="fbg">
<div class="fbg_resize">
<p class="lf">&copy; Copyright ->ASSURANCE ON DATA STORAGE SECURITY IN
CLOUD COMPUTING.</p>
</div>
</div>
Dept. Of CSE, MRCET
61

</div>
</div>
</body>
</html> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cloud | Sign Up</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/cufon-yui.js"></script>
<script type="text/javascript" src="js/arial.js"></script>
<script type="text/javascript" src="js/cuf_run.js"></script>
<script src="jquery.js" type="text/javascript" language="javascript"></script>
</head>
<body>
<script language="javascript">
//<!---------------------------------+
// Developed by Roshan Bhattarai
// Visit http://roshanbh.com.np for this script and more.
// This notice MUST stay intact for legal use
// --------------------------------->
$(document).ready(function()
{
$("#username").blur(function()
{
//remove all the class add the messagebox classes and start fading
$
("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn("slow");
//check the username exists or not from ajax
$.post("user_availability.php",{ user_name:$(this).val() } ,function(data)
{
if(data=='no') //if username not avaiable
{
$("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox
{
//add message and change the class of the box and start fading
$(this).html('This User name Already
exists').addClass('messageboxerror').fadeTo(900,1);
});
}
else
{
$("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox
{
Dept. Of CSE, MRCET
62

//add message and change the class of the box and start fading
$(this).html('Username available to
register').addClass('messageboxok').fadeTo(900,1);
});
}
});
});
});
</script>
<style type="text/css">
body {
font-family:Verdana, Arial, Helvetica, sans-serif;
font-size:11px;
}
.top {
margin-bottom: 15px;
}
.messagebox{
position:relative;
width:100px;
margin-left:30px;
border:1px solid #c93;
background:#ffc;
padding:3px;
}
.messageboxok{
position:relative;
width:auto;
margin-left:30px;
border:1px solid #349534;
background:#C9FFCA;
padding:3px;
font-weight:bold;
color:#008000;
}
.messageboxerror{
position:relative;
width:auto;
margin-left:30px;
border:1px solid #CC0000;
background:#F7CBCA;
padding:3px;
font-weight:bold;
color:#CC0000;
}
Dept. Of CSE, MRCET
63

</style>
<div class="main">
<div class="header">
<div class="header_resize">
<div class="logo">
<h1><a href="index.html">Cloud Project <small></small></a></h1>
</div>
<div class="menu_nav">
<ul>
<li><a href="index.html">Home</a></li>
<li class="active"><a class="active" href="register.html">Sign Up</a></li>
<li><a href="signin.html">Sign In</a></li>
</ul>
</div>
<div class="clr"></div>
<div class="htext">
<h2>ASSURANCE ON DATA STORAGE SECURITY IN CLOUD COMPUTING</h2>
<p></p>
<p></p>
<p></p>
</div>
<div class="clr"></div>
</div>
</div>
<div class="content">
<div class="content_resize">
<div class="mainbar">

<div class="main">
<div class="logo">
<h1>Registration</h1>
</div>
</div>
<div class="clr"></div>
<div class="article">
<div class="clr"></div>

Dept. Of CSE, MRCET

64

<FORM name="frmSample" METHOD=POST ACTION="register.php" onSubmit="return

checkdate(this.dob)">

<OL>
<div >
<LI>User Name </br><INPUT TYPE="text" NAME="username" id="username"
class="text"></LI></br>
<span id="msgbox" style="display:none"></span>
</div>
<LI>Password </br><INPUT TYPE="password"NAME="password"class="text">
</LI></br>
<LI>Confirm Password</br><INPUT TYPE="password"class="text"
name="cpassword" onblur="return cnfpwd()"> </LI></br>
<LI>First Name</br><INPUT TYPE="text" NAME="firstname"class="text"
onblur="return validatefName()"> </LI></br>
<LI>Last Name</br><INPUT TYPE="text" NAME="lastname"class="text"
onblur="return validatefName()"> </LI></br>
<LI>Gender</br><select name="gender" class="text" >
<option value="Male">Male</option>
<option value="Female">Female</option>
</select> </LI></br>
<LI>DOB</br><INPUT TYPE="text" NAME="dob"class="text"> EX:
YYYY/MM/DD</LI></br>
<LI>E-mail</br><INPUT TYPE="text" NAME="email"class="text"
onblur="return ValidateForm()"> </LI></br>
<LI>Confirm E-mail</br><INPUT TYPE="text"
NAME="cemail"class="text" onblur="return cnfemail()" > </LI></br>
<LI>Phone </br><INPUT TYPE="text" NAME="phone"class="text"
onblur="return Validate()"> </LI></br>
<LI>Address</br> <TEXTAREA NAME="address" ROWS="2" cols="1"
class="text"></TEXTAREA> </LI></br>
<LI>Security Question </br><select name="securityquestion" id="sq"
size="4" class="text">
<option value="What is your mothers Median">What is your mother's Median</option>
<option value="What is yor favorite Pet">What is yor favorite Pet</option>
<option value="What is your favorite tourist place">What is your favorite tourist place</option>
<option value="What is your Fathers Middle name">What is your Father's Middle
name</option>
Dept. Of CSE, MRCET
65

<option value="Who is your favorite teacher">Who is your favorite teacher</option>

</select> </LI></br>
<LI>Answer</br> <INPUT TYPE="text" NAME="answer"class="text">
</LI></br>
<li>
<input type="image" name="imageField" id="imageField" src="images/submit.gif"
class="send" />
</li></br></br>
</OL>

</FORM>
<script language = "Javascript">
function validatefName(){
var namePattern = /^[A-Za-z]{3,25}$/;
if( !namePattern.test(document.frmSample.firstname.value))
alert("Enter valid name");

}
function validatelName(){
var namePattern = /^[A-Za-z]{1,25}$/;
if( !namePattern.test(document.frmSample.lastname.value))
alert("Enter valid name");

function cnfpwd()
{
var password=document.frmSample.password;
Dept. Of CSE, MRCET
66

var cpassword=document.frmSample.cpassword;
if (password.value != cpassword.value) {
alert("Your password and confirmation password do not match.");
cpassword.focus();
return false;
}
}
function cnfemail()
{
var email=document.frmSample.email;
var cemail=document.frmSample.cemail;
if (email.value != cemail.value) {
alert("Your Email and confirmation Email do not match.");
cemail.focus();
return false;
}
}
function checkdate(input){
var validformat=/^\d{4}\/\d{2}\/\d{2}$/ //Basic check for format validity
var returnval=false
if (!validformat.test(input.value))
alert("Invalid Date Format. Please correct and submit again.")
else{ //Detailed check for valid date ranges
var monthfield=input.value.split("/")[1]
var dayfield=input.value.split("/")[2]
var yearfield=input.value.split("/")[0]
var dayobj = new Date(yearfield, monthfield-1, dayfield)
if ((dayobj.getMonth()+1!=monthfield)||(dayobj.getDate()!=dayfield)||(dayobj.getFullYear()!
=yearfield))
alert("Invalid Day, Month, or Year range detected. Please correct and submit again.")
else
returnval=true
}
if (returnval==false) input.select()
return returnval
}
function Validate()
{
var x = document.frmSample.phone.value;
if(isNaN(x)|| x.indexOf(" ")!=-1){
alert("Enter numeric value");return false; }
Dept. Of CSE, MRCET
67

if (x.length > 12 || x.length < 10 ){

alert("Enter 10 or 12 characters"); return false;
}
}
function echeck(str) {
var at="@"
var dot="."
var lat=str.indexOf(at)
var lstr=str.length
var ldot=str.indexOf(dot)
if (str.indexOf(at)==-1){
alert("Invalid E-mail ID")
return false
}
if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr){
alert("Invalid E-mail ID")
return false
}
if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr){
alert("Invalid E-mail ID")
return false
}
if (str.indexOf(at,(lat+1))!=-1){
alert("Invalid E-mail ID")
return false
}
if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot){
alert("Invalid E-mail ID")
return false
}
if (str.indexOf(dot,(lat+2))==-1){
alert("Invalid E-mail ID")
return false
}
if (str.indexOf(" ")!=-1){
alert("Invalid E-mail ID")
return false
}
Dept. Of CSE, MRCET
68

return true
}
function ValidateForm(){
var emailID=document.frmSample.email;
if ((emailID.value==null)||(emailID.value=="")){
alert("Please Enter your Email ID")
emailID.focus()
return false
}
if (echeck(emailID.value)==false){
emailID.value=""
emailID.focus()
return false
}
return true
}
</script>
</div>
</div>
<div class="clr"></div>
</div>
</div>
<div class="fbg">
<div class="fbg_resize">
<p class="lf">&copy; Copyright ->ASSURANCE ON DATA STORAGE SECURITY IN
CLOUD COMPUTING.</p>
</div>
</div>
</div>
</div>
</body>
</html> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
session_start();
$_SESSION['login'] = $_POST['username'];
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Cloud </title>
Dept. Of CSE, MRCET
69

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link href="style.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="js/cufon-yui.js"></script>
<script type="text/javascript" src="js/arial.js"></script>
<script type="text/javascript" src="js/cuf_run.js"></script>
</head>
<body>

<div class="main">
<div class="header">
<div class="header_resize">
<div class="logo">
<h1><a href="index.html">Cloud APP <small></small></a></h1>
</div>
<div class="menu_nav">
<ul>
<li><a href="index.html">Home</a></li>
<li><a href="logout.php">Sign out</a></li><br>
<?php
$connection = mysql_connect("localhost","root","");
if (!$connection)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("cloud", $connection);
$username=$_POST['username'];
$field = 'loginfails';
$result = mysql_query("SELECT $field FROM user where username='$username' ");
$num=mysql_result($result, 0);
if($num>3)
{
header("location: loginfails.php");
}
?>
<?php
$link = mysql_connect('localhost', 'root', '') OR die(mysql_error());
mysql_select_db('cloud',$link);
Dept. Of CSE, MRCET
70

$username = $_POST['username'];
$password = $_POST['password'];
$otp = $_POST['otp'];

$login = sprintf("SELECT username, password, otp FROM user WHERE username='$username'

AND password='$password' AND otp='$otp' ",
mysql_real_escape_string($username, $link),
mysql_real_escape_string($password, $link),mysql_real_escape_string($otp, $link));
$query=mysql_query($login) OR die(mysql_error());
$rowcount = mysql_num_rows($query);
if ($rowcount > 0)
{
echo'&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;';
echo " WELCOME" ;
echo'&nbsp;&nbsp;&nbsp;';
echo '<strong><font color=red style="text-transform:uppercase;" >';
echo " $username ";
echo '</font></strong>';
}
else
{
mysql_query('UPDATE user SET loginfails= loginfails + 1 WHERE username = "'.
$_POST['username'].'" LIMIT 1', $link);
header("location: loginerror.php");
}
?>
</ul>
</div>
<div class="clr"></div>
<div class="htext">
<h2>ASSURANCE ON DATA STORAGE SECURITY IN CLOUD COMPUTING</h2>
<p></p>
<p></p>
Dept. Of CSE, MRCET
71

<p></p>
</div>
<div class="clr"></div>
</div>
</div>
<div class="content">
<div class="content_resize">
<div class="mainbar">
<div class="main">
<div class="logo">
<h1>SIMPLE E-VALLET INFO APP</h1>
</div>
</div>
<div class="clr"></div>
<div class="article">
<div class="clr"></div>
<style type="text/css">
table.sample {
border-width: 5px;
border-spacing: 10px;
border-style:inset;
border-color:#7fd0f6;
border-collapse: separate;
background-color:#7fd0f6 ;
}
</style>
<TABLE class="sample" width=600 height=400>
<TR>
<TD><center><a href="sbi.php"><IMG SRC="./images/button.png" WIDTH="201"
HEIGHT="38" BORDER="0" ALT=""></a></center></TD>
</TR>
<TR>
<TD><center><A HREF="scci.php"><IMG SRC="./images/button (3).png"
WIDTH="270" HEIGHT="38" BORDER="0" ALT=""></A></center></TD>
</TR>
<TR>

Dept. Of CSE, MRCET

72

<TD><center><A HREF="rbid.php"><IMG SRC="./images/button (1).png"

WIDTH="391" HEIGHT="38" BORDER="0" ALT=""></A></center></TD>
</TR>
<TR>
<TD><center><A HREF="rbi.php"><IMG SRC="./images/button (2).png" WIDTH="427"
HEIGHT="38" BORDER="0" ALT=""></A></center></TD>
</TR>
<TR>
<TD><center><A HREF="rccid.php"><IMG SRC="./images/button (4).png"
WIDTH="460" HEIGHT="38" BORDER="0" ALT=""></A></center></TD>
</TR>
<TR>
<TD><center><A HREF="rcci.php"><IMG SRC="./images/button (5).png"
WIDTH="496" HEIGHT="38" BORDER="0" ALT=""></A></center></TD>
</TR>
</TABLE>
<!-- <FORM METHOD=POST ACTION="encrypt.php">
<OL>
<LI>User Name(For security) </br><INPUT TYPE="text"
NAME="username"class="text"></LI></br>
<B>Enter Your Card(sample) Details :</br></B>
<LI>Card No</br><INPUT TYPE="text" NAME="cardnumber"class="text"
></LI></br>
<LI>Name on Card</br><INPUT TYPE="text"
NAME="nameoncard"class="text"> </LI></br>
<LI>Expiry Date</br><INPUT TYPE="text"
NAME="expirydate"class="text"> </LI></br>
<LI>CVV </br><INPUT TYPE="text" NAME="cvv"class="text">
</LI></br></br>
<INPUT TYPE="submit" value="Encrypt">
</FORM> -->
</div>
</div>
</div>
<div class="clr"></div>
</div>
</div>
Dept. Of CSE, MRCET
73

<div class="fbg">
<div class="fbg_resize">
<p class="lf">&copy; Copyright ->ASSURANCE ON DATA STORAGE SECURITY IN
CLOUD COMPUTING.</p>
</div>
</div>
</div>
</div>
</body>
</html> Crypt_RSA class, derived from Crypt_RSA_ErrorHandler
*
* Provides the following functions:
* - setParams($params) - sets parameters of current object
* - encrypt($plain_data, $key = null) - encrypts data
* - decrypt($enc_data, $key = null) - decrypts data
* - createSign($doc, $private_key = null) - signs document by private key
* - validateSign($doc, $signature, $public_key = null) - validates signature of document
*
* Example usage:
* // creating an error handler
* $error_handler = create_function('$obj', 'echo "error: ", $obj->getMessage(), "\n"');
*
* // 1024-bit key pair generation
* $key_pair = new Crypt_RSA_KeyPair(1024);
*
* // check consistence of Crypt_RSA_KeyPair object
* $error_handler($rsa_obj);
*
* // creating Crypt_RSA object
* $rsa_obj = new Crypt_RSA;
*
* // check consistence of Crypt_RSA object
* $error_handler($rsa_obj);
*
* // set error handler on Crypt_RSA object ( see Crypt/RSA/ErrorHandler.php for details )
* $rsa_obj->setErrorHandler($error_handler);
*
* // encryption (usually using public key)
* $enc_data = $rsa_obj->encrypt($plain_data, $key_pair->getPublicKey());
*
* // decryption (usually using private key)
* $plain_data = $rsa_obj->decrypt($enc_data, $key_pair->getPrivateKey());
*
* // signing
* $signature = $rsa_obj->createSign($document, $key_pair->getPrivateKey());
*
Dept. Of CSE, MRCET
74

* // signature checking
* $is_valid = $rsa_obj->validateSign($document, $signature, $key_pair->getPublicKey());
*
* // signing many documents by one private key
* $rsa_obj = new Crypt_RSA(array('private_key' => $key_pair->getPrivateKey()));
* // check consistence of Crypt_RSA object
* $error_handler($rsa_obj);
* // set error handler ( see Crypt/RSA/ErrorHandler.php for details )
* $rsa_obj->setErrorHandler($error_handler);
* // sign many documents
* $sign_1 = $rsa_obj->sign($doc_1);
* $sign_2 = $rsa_obj->sign($doc_2);
* //...
* $sign_n = $rsa_obj->sign($doc_n);
*
* // changing default hash function, which is used for sign
* // creating/validation
* $rsa_obj->setParams(array('hash_func' => 'md5'));
*
* // using factory() method instead of constructor (it returns PEAR_Error object on failure)
* $rsa_obj = &Crypt_RSA::factory();
* if (PEAR::isError($rsa_obj)) {
*
echo "error: ", $rsa_obj->getMessage(), "\n";
* }
*
* @category Encryption
* @package Crypt_RSA
* @author Alexander Valyalkin <[email protected]>
* @copyright 2005 Alexander Valyalkin
* @license http://www.php.net/license/3_0.txt PHP License 3.0
* @link
http://pear.php.net/package/Crypt_RSA
* @version @package_version@
* @access public
*/
class Crypt_RSA extends Crypt_RSA_ErrorHandler
{
/**
* Reference to math wrapper, which is used to
* manipulate large integers in RSA algorithm.
*
* @var object of Crypt_RSA_Math_* class
* @access private
*/
var $_math_obj;
/**
* key for encryption, which is used by encrypt() method
Dept. Of CSE, MRCET
75

*
* @var object of Crypt_RSA_KEY class
* @access private
*/
var $_enc_key;
/**
* key for decryption, which is used by decrypt() method
*
* @var object of Crypt_RSA_KEY class
* @access private
*/
var $_dec_key;
/**
* public key, which is used by validateSign() method
*
* @var object of Crypt_RSA_KEY class
* @access private
*/
var $_public_key;
/**
* private key, which is used by createSign() method
*
* @var object of Crypt_RSA_KEY class
* @access private
*/
var $_private_key;
/**

Dept. Of CSE, MRCET

76

BIBLIOGRAPHY
[1] A. Weiss, Computing in the clouds, netWorker, vol. 11, no. 4, pp. 16-25, December 2007.
[2] C. S. Yeo, S. Venugopal, X. Chu, and R. Buyya, "Autonomic meteredpricing for a utility
computing service", Future Generation ComputerSystems, vol. 26, issue 8, pp. 1368-1380, October
2010.
[3] B. R. Kandukuri, V, R. Paturi and A. Rakshit, Cloud security issues,in Proceedings of the
2009 IEEE International Conference on ServicesComputing, pp. 517-520, September 2009.
[4] R. Sterritt, Autonomic computing, Innovations in Systems andSoftware Engineering, vol. 1,
no. 1, Springer, pp. 79-88. 2005.
[5] R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, Cloudcomputing and emerging
IT platforms: vision, hype, and reality fordelivering computing as the 5th utility, Future
Generation ComputerSystems, vol. 25, issue 6, pp. 599-616, June 2008.
[6] L. M. Vaquero,L. Rodero-Merino,J. Caceres, and M. Lindner, A breakin the clouds: towards a
cloud definition, ACM SIGCOMM ComputerCommunication Review, vol. 39, no. 1, pp. 50-55,
January 2009.
[7] C. Weinhardt, A. Anandasivam, B. Blau, N. Borissov, T. Meinl, W.Michalk, and J. Ster,
Cloud computing a classification, businessmodels, and research directions, Business &
Information SystemsEngineering (BISE), vol. 1, no. 5, pp. 391-399, 2009.
[8] N. Hawthorn, Finding security in the cloud, Computer Fraud &Security, vol. 2009, issue 10,
pp. 19-20, October 2009.
[9] A. Parakh and S. Kak, Online data storage using implicit securityInformation Sciences, vol.
179, issue 19, pp. 3323-3333 ,September2009.
[10] R. Rivest, A. Shamir, and L. Adleman, A method for obtaining digitalsignatures and public
key cryptosystems, Communications of theACM, vol. 21, no. 2, pp.120-126, 1978.
[11] V. Miller, Uses of elliptic curves in cryptography, Advances inCryptology - CRYPTO '85,
Lecture Notes in Computer Science, pp.417-426, 1986.
[12] L. Lamport, Password authentication with insecure communication,Communications of the
ACM, vol. 24, no. 11, pp. 770-772, 1981.
[13] A. Elgohary, T. S. Sobh, and M. Zaki, Design of an enhancement forSSL/TLS protocols,
Computers & Security, vol. 25, no. 4, pp. 297-306,June 2006.
Dept. Of CSE, MRCET
77

[14]

Salesforce.com,

Inc.,

Force.com

platform,

Retrieved

Dec.

2009,

fromhttp://www.salesforce.com/tw/
[15] SAP AG., SAP services: maximize your success, Retrieved Jan. 2010,from
http://www.sap.com/services/index.epx
[16] D. Benslimane, S. Dustdar, and A. Sheth, "Services mashups: the new
generation of web applications". IEEE Internet Computing, vol. 12, no.5, pp. 1315, 2008.
[17] A Business Model for Cloud Computing Based on separate Encryption and Decryption.

978-1-

4244-9224-4/2011/IEEE, Jing-Jang Hwang and Hung-Kai Chuang, Yi-Chang Hsu and Chien-Hsing
Wu

[18] http://www.php.net/
[19] http://www.wikipedia.org/
[20] http://www.w3schools.com/

Dept. Of CSE, MRCET

78