Secure Mailing System Report
Secure Mailing System Report
Secure Mailing System Report
a. Password Module: In this module, Member enters a password and the software checks its validity. If the password is valid then he is allowed to enter, otherwise Invalid User/Password message is displayed. Different data access rights are assigned to different users. A new member can also be registered in this module.
b. New User Registration Module: In this module new user can submit his personal details regarding the users email id, password, contact no, date of birth etc. c. Login Module: In this module, user can login in his account if he is already registered and if not then he/she can register a new account.
d. Encrypt Mail Module: In this module login user can write his mail and either he/she save the mail or first encrypt the mail by giving the two prime numbers & a password and then send the mail to the user in the network only. e. Decrypt Mail Module: In this module, Login user can decrypt the mail by entering the same password which the user gives it while encrypting the mail. Then after he/she can open the mail or see the attachment.
f. Forgot Password: In this module, a user can get a new password if he forget his password. For this he has to remember the answer of the question, asked at the time of registration.
g. View Module: In this module, a user can view his/her decrypted mails from inbox, sent mails and drafts.
h. Store Module: This module includes inbox, sent mails and drafts. This provides the facility of storing mails coming from other users as well as mails sent to other users.
CHAPTER 3 Tools and Technologies 3.1 Introduction to .NET Framework 3.2 Advantages of .NET Framework 3.3 Interactive web applications
3.3.1 Client side scripts 3.3.2 Server side scripts
SECURE MAILING SYSTEM as life-cycle management, strong type naming, cross-language exception handling, and dynamic binding to turn business logic into a reusable component. 3.1.2 .Net Framework class library This class library includes predefined sets of functionality that developers can use in their own applications. The library consists of three key components: o ASP.NET o Windows Forms o ADO.NET
SECURE MAILING SYSTEM 6. The source code and HTML are together therefore ASP.NET pages are easy to maintain and write. Also the source code is executed on the server. This provides a lot of power and flexibility to the web pages. 7. All the processes are closely monitored and managed by the ASP.NET runtime, so that if process is dead, a new process can be created in its place, which helps keep your application constantly available to handle requests. 8. It is purely server-side technology so, ASP.NET code executes on the server before it is sent to the browser. 9. Being language-independent, it allows you to choose the language that best applies to your application or partition your application across many languages. 10. ASP.NET makes for easy deployment. There is no need to register components because the configuration information is built-in. 11. The Web server continuously monitors the pages, components and applications running on it. If it notices any memory leaks, infinite loops, other illegal activities, it immediately destroys those activities and restarts itself. 12. Easily works with ADO.NET using data-binding and page formatting features. It is an application which runs faster and counters large volumes of users without having performance problems.
SECURE MAILING SYSTEM On the other end of the spectrum from HTML's standard text box and radio button, Java and ActiveX both offer ways to embed small, full-featured programs in the browser window, providing a richer user experience. Unfortunately, this power comes at the expense of relatively complex programming and heavy requirements for memory and processing power on the client. Client-side scripts occupy a middle ground between these two extremes, offering a Web application with more functionality than pure HTML, but with less complexity and a lower processing load than embedded Java or ActiveX controls. 3.3.1 Client side scripts: Client-side scripting is about "programming" the behavior of a browser. To deliver more dynamic web content, you should teach yourself JavaScript and other such client side scripts. It gives HTML designers a programming tool It can put dynamic text into an HTML page They can react to events They can change HTML elements They can be used to validate data.
3.3.2 Server-Side Scripts: Server-side scripting is about "programming" an Internet server. To deliver more dynamic web content, you should teach yourself server-side scripting. With server-side scripting, you can: 8
Dynamically edit, change, or add any content of a Web page Respond to user queries and form data Access databases and return the result to a browser Access files and return the result to a browser Transform XML data to HTML data and return the results to a browser Customize a Web page to make it more useful for individual users Provide security and access control to Web pages Tailor your output to different types of browsers Minimize network traffic.
Server side scripting is done using asp or php. Working of asp.net framework .Net Framework allows you to use different programming languages such as VB.Net, C#, Jscript, VBScript, and Managed C++ and run applications on different platforms such as Unix, Macintosh, and Linux.
SEC RE M
SYSTEM
The code written in any one these languages is called the source code.the compiler translates that source code into the intermediate code that is not dependant upon the is machine. The MSIL, a set of instructions, then translates the code into nati e code. Th concept of CLR is significant in making .Net Framework, platform and language independent. In addition, CLR is responsi le for run-time services such as language integration, security enforcement, memory process, and thread management. Thus, .Net Framework provides a wide infrastructure to create web-applications.
10
3.4ASP TECHNOLOGY
3.4.1 Introduction to asp ASP stands for Active Server Pages ASP is a Microsoft Technology ASP is a program that runs inside IIS IIS stands for Internet Information Services IIS comes as a free component with Windows 2000 IIS is also a part of the Windows NT 4.0 Option Pack The Option Pack can be downloaded from Microsoft PWS is a smaller - but fully functional - version of IIS PWS can be found on your Windows 95/98 CD
3.4.2 ASP Compatibility To run IIS you must have Windows NT 4.0 or later To run PWS you must have Windows 95 or later Chili ASP is a technology that runs ASP without Windows OS Instant ASP is another technology that runs ASP without Windows
11
SECURE MAILING SYSTEM 3.4.3 What is an ASP File? An ASP file is just the same as an HTML file An ASP file can contain text, HTML, XML, and scripts Scripts in an ASP file are executed on the server An ASP file has the file extension ".asp" How Does ASP Differ from HTML? When a browser requests an HTML file, the server returns the file When a browser requests an ASP file, IIS passes the request to the ASP engine. The ASP engine reads the ASP file, line by line, and executes the scripts in the file. Finally, the ASP file is returned to the browser as plain HTML. 3.4.5 What can ASP do for you? Dynamically edit, change, or add any content of a Web page Respond to user queries or data submitted from HTML forms Access any data or databases and return the results to a browser Customize a Web page to make it more useful for individual users The advantages of using ASP instead of CGI and Perl, are those of simplicity and speed Provide security - since ASP code cannot be viewed from the browser Clever ASP programming can minimize the network traffic 12
3.4.4
SECURE MAILING SYSTEM Note: Because ASP scripts are executed on the server, the browser that displays the ASP file does not need to support scripting at all! ASP.NET has better language support, a large set of new controls, XML-based components, and better user authentication. ASP.NET provides increased performance by running compiled code. ASP.NET code is not fully backward compatible with ASP. 3.4.6 New in ASP.NET Better language support Programmable controls Event-driven programming XML-based components User authentication, with accounts and roles Higher scalability Increased performance - Compiled code Easier configuration and deployment Not fully ASP compatible
13
SECURE MAILING SYSTEM Language Support ASP.NET uses ADO.NET. ASP.NET supports full Visual Basic, not VBScript. ASP.NET supports C# (C sharp) and C++. ASP.NET supports JScript. ASP.NET Controls ASP.NET contains a large set of HTML controls. Almost all HTML elements on a page can be defined as ASP.NET control objects that can be controlled by scripts.ASP.NET also contains a new set of object-oriented input controls, like programmable list-boxes and validation controls. A new data grid control supports sorting, data paging, and everything you can expect from a dataset control. Event Aware Controls All ASP.NET objects on a Web page can expose events that can be processed by ASP.NET code. Load, Click and Change events handled by code makes coding much simpler and much better organized. ASP.NET Components ASP.NET components are heavily based on XML. Like the new AD Rotator, that uses XML to store advertisement information and configuration. User Authentication ASP.NET supports form-based user authentication, cookie management, and automatic redirecting of unauthorized logins. 14
SECURE MAILING SYSTEM User Accounts and Roles ASP.NET allows user accounts and roles, to give each user (with a given role) access to different server code and executables. High Scalability Much has been done with ASP.NET to provide greater scalability. Server-to-server communication has been greatly enhanced, making it possible to scale an application over several servers. One example of this is the ability to run XML parsers, XSL transformations and even resource hungry session objects on other servers. Easy Configuration Configuration of ASP.NET is done with plain text files. Configuration files can be uploaded or changed while the application is running. No need to restart the server. No more metabase or registry puzzle. Easy Deployment No more server-restart to deploy or replace compiled code. ASP.NET simply redirects all new requests to the new code. Compatibility ASP.NET is not fully compatible with earlier versions of ASP, so most of the old ASP code will need some changes to run under ASP.NET. To overcome this problem, ASP.NET uses a new file extension ".aspx". This will make ASP.NET applications able to run side by side with standard ASP applications on the same server.
15
Display:
Minimum: 800 X 600 256 colors. 1024 X 768 High Color - 16-bit.
Recommended:
16
SECURE MAILING SYSTEM 3.5.2 Software Specification 3.5.2.1 Operating System Minimum: Microsoft Windows 2000 SP4. Recommended: Microsoft Windows XP SP2 (All Edition). Microsoft Windows Server 2003 SP1 (All Edition). 3.5.2.3 Web Browsers Minimum: Internet Explorer 5, Mozilla 5, Firefox 2, Netscape 7. 3.5.2.3 Database Microsoft SQL Server 2005. 3.5.3 SOFTWARE TOOLS Language: ASP.NET 2005 C#
The frontend that has been used for developing this project is ASP.NET 2.0 with C#(C Sharp) as the programming language for writing the source code. Now, let us take a brief look at this two frontend tools. BACK-END The backend that has been used for developing this project is SQL SERVER2005.SQL pronounced as sequel stands for structured query language. SQL is 17
SECURE MAILING SYSTEM used toCommunicate with the database according to ANSI. It is a standard language for a relationaldatabase management system that use SQL are or acle, Sybase, Microsoft SQL SERVER,access interface etc. Standard SQL command such as Select, Insert, Delete, Update, Create andDrop can be used to accomplish almost everything that one needs to do with the database.
18
20
SECURE MAILING SYSTEM 3. Inexpensive MySQL is very popular since it is free. However, if you opt to have a commercial license, then there is no need for you to worry because it is inexpensive as compared to other common databases like Microsoft SQL Server or Oracle. 4. Customizable Sine MySQL is formed under the GPL; you can customize its function if you have the technical know-how. In addition, you can use server side language (SSL) to create dynamic pages. Using MySQL allows you to create interactive web sites and applications. 5. Easy to learn The SQL language is easy to learn and use, and is available on different operating systems. MySQL can run several operating systems from Linux, FreeBSD, UNIX, Mac OS and Windows.
22
SECURE MAILING SYSTEM 5.2.6 Coding 5.2.7 Implementation. 5.2.8 Testing and Maintenance Feasibility The feasibility study is used to determine if the project should get the go-ahead. If the project is to proceed, the feasibility study will produce a project plan and budget estimates for the future stages of development. Requirement Analysis and Design Analysis gathers the requirements for the system. This stage includes a detailed study of the business needs of the organization. Design focuses on high level design like, what programs are needed and how are they going to interact, low-level design (how the individual programs are going to work), interface design (what are the interfaces going to look like) and data design (what data will be required). During these phases, the software's overall structure is defined. Analysis and Design are very crucial in the whole development cycle. Any glitch in the design phase could be very expensive to solve in the later stage of the software development. The logical system of the product is developed in this phase. Implementation In this phase the designs are translated into code. Computer programs are written using a conventional programming language or an application generator. Programming tools like Compilers, Interpreters, and Debuggers are used to generate the code. Different high
24
SECURE MAILING SYSTEM level programming languages like C, C++, Pascal, and Java are used for coding. With respect to the type of application, the right programming language is chosen. Testing In this phase the system is tested. Normally programs are written as a series of individual modules, this subject to separate and detailed test. The system is then tested as a whole. The separate modules are brought together and tested as a complete system. The system is tested to ensure that interfaces between modules work (integration testing), the system works on the intended platform and with the expected volume of data (volume testing) and that the system does what the user requires (acceptance/beta testing). Maintenance Inevitably the system will need maintenance. Software will definitely undergo change once it is delivered to the customer. There are many reasons for the change. Change could happen because of some unexpected input values into the system. In addition, the changes in the system could directly affect the software operations. The software should be developed to accommodate changes that could happen during the post implementation period.
25
SECURE MAILING SYSTEM connect to masses via internet. Thus the efforts were found to be justified and the project was considered feasible. 5.3.2 Requirement analysis and design In this phase, the basic features required and expected of a blogging website were brought into consideration. The features which are most important like posting of posts, sign in,comments,rating etc. were included. The detailed study of other already existing websites dedicated to blogging was also done to have a better understanding of functionality and user expectations. This also helped in generation of more creative ideas concerning the design issue. 5.3.3 Implementation In this phase the front end and the back end were decided. The designs of the forms obtained from the previous stage acted as inputs and guided the developer through the complex process of conversion of the mere designs of forms into the forms in ASP.net and this phase also included the development of the databases which would be used in the project. The coding was done to include functionalities. 5.3.4 Testing The project thus developed was later dutifully tested on test data, by providing dummy data as user ids and posting a few articles. Many test runs were conducted. The developer ensured that the project was tested by a some users other than himself so that the process was done in an unbiased way, and loopholes could be detected.
26
6.2DESCRIPTION OF MODULES
a) Login Module The ASP.NET login controls provide a robust login solution for ASP.NET Web applications without requiring programming. By default, login controls integrate with ASP.NET membership and forms authentication to help automate user authentication for a Web site. It provides you with a ready-to-use user interface that queries the user name and password from the user and offers a Log In button for login. It validate user credentials against the membership API and encapsulating the basic forms authentication functionality like redirecting back to the original requested page in a restricted area of you application after the successful login. The Login control displays a user interface for user authentication. The Login control contains text boxes for the user name and password and a check box that allows users to indicate whether they want the server to store their identity using ASP.NET membership and automatically be authenticated the next time they visit the site. The Login control has properties for customized display, for customized messages, and for links to other pages where users can change their password or recover a forgotten password. The Login control can be used as a standalone control on a main or home page, or you can use it on a dedicated login page. If you use the Login control with ASP.NET membership, you do not need to write code to perform authentication. However, if you want to create your own authentication logic, you can handle the Login control's Authenticate event and add custom authentication code. Whenever user hits the Log In button, the control automatically validates the user name and password using the membership API function Membership.ValidateUse() and then calls FormAuthentication.redirectFromLoginPage() if the validation was successful. All options on the UI of the LoginControl affect the input delivered by the control to these methods. For Example, if you click the "Remember me next time" check box, it passes the
28
SECURE MAILING SYSTEM value true to the createPresistentCookie parameter of the RedirectFromLoginPage() method. Therefore, the FormAuthenticateModule creates a persistent cookie. b) New User Registration Module In this module new user can submit his personal details regarding the users email id, password, contact no, date of birth etc. c) Encrypt Mail Module In this module login user can write his mail and either he/she save the mail or first encrypt the mail by giving the two prime numbers & a password and then send the mail to the user in the network only.Data Protection is a must these days, and if we are able to encrypt our data easily, it makes a big difference.One textbox and button will be used to encrypt data, and the other will be used to decrypt the data. What is Encryption? Encryption is the process of converting a string of characters into another such that the original characters cannot be deciphered upon examination. This process is performed with the use of another string of characters called the KEY. Symmetrical Encryption In symmetric encryption, a secret key is used to encrypt data and the very same key is used to decrypt it too Examples: DES and RC2. Asymmetrical Encryption Asymmetric encryption uses a related key-pair to encrypt and decrypt data. One of the keys is the public key and the other is the private key. The data encrypted with the public key can only be decrypted with the private key, and vice-versa.RSA is one of the popular asymmetric algorithms and thats what were going to deal with in this article. 29
theSystem.Security.Cryptographynamespace. Lets begin by creating the following files 1. Cryptography.cs 2. publickey.xml 3. privatekey.xml 4. WebForm1.aspx d)Decrypt Mail Module In this module, Login user can decrypt the mail by entering the same password which the user give it while encrypting the mail. Then after he/she can open the mail or see the attachment. e)Forgot Password In this module, a user can get a new password if he forget his password. For this he has to remember the answer of the question, asked at the time of registration. The ASP.NET 2.0 password recovery control asks for the username first; then if the user name exists in the membership database, the user receives a clean password.
30
Field Name
Data Type
U_id
Nvarchar
U_fname
Char
U_lname
Char
U_pass
Char
U_dob
Char
U_gen
Char
31
U_pcode
Char
U_add
Nvarchar
U_cno
Nvarchar
U_dttm
Nvarchar
U_block
Char
U_no
Int
2. usr_mail Table
Field Name
Data Type
M_id
Int
M_sen
Nvarchar
32
M_rec
Nvarchar
M_sub
Nvarchar
M_mail
Nvarchar
M_type
Char
M_dttm
Datetime
M_att
Nvarchar
M_enc
Char
M_pass
Nvarchar
M_rsamail
Nvarchar
33
0-LEVEL DFD
34
1-LEVEL DFD
35
36
User
NO
YES
Is Data available? Accept confirmation for part Data
NO YES
Are more Data Forwarding?
YES NO
Transfer control to Sending Mail
STOP
37
Has
Registered User
Login
User Home
Save To Draft
Encrypt Mail
Mail Send
38
USER
<<pk>>UId : Int FirstName :Varchar (50) MiddleName :Varchar (50) LastName :Varchar (50) Address: Varchar (300) ViewInfo( ) GetInfo( )
User Mail
<<pk>>MID: int User Name :Varchar (100) Sender-Name:Varchar(20) Sending Mail(); Views -Mail(); Deleting-Mail
Topic
<<pk>> dft_id : Integer Dtf-dtm: Varchar (20) Ptf-topic :DateTime ViewDetails ( ) Upload topic()
Detail Views
<<pk>>Dfv : Int Dfv-Views :Varchar (50) Dfv-Dttm :Varchar (50) Dfv-Uid :int Monitor ( ) CheckDetails( )
39
40
41
42
43
CONCLUSION
The website SECURE MAILING SYSTEM is developed using ASP .NET as a front-end & SQL Server as a back-end. Its programs could be run on any kind of client machine on the Internet without actually making any changes to the source code.Through this website a user can send or receive mails. The extra feature involved in our mailing site is that it is secured in a way that there is use of CRYPTOGRAPHY for mails i.e. mails send will be encrypted by the user and on receiving they will be decrypted by the user.
44
BIBLIOGRAPHY
Books:
Software Engineering- Roger S. Pressman C#.NET-Marshall ASP.NET-Esposito
Websites:
http://blog.loadingdata.nl/2011/01/secure-e-mail-using-webid/ http://www.perthcomputers.net/?portfolio=secure-mail http://www.google.com http://www.ieee.org
45