Archive for the ‘Articles’ Category

« Older Entries

Software Licensing

Wednesday, August 5th, 2009

A software license is a legal instrument which governs the usage and distribution of copyrighted software. Software licenses can fall into two broad categories:

Proprietary software licenses grant the buyer of a copy of the software the permission to use it, but ownership of the copy remains with the publisher. A limited set of rights is granted to the buyer. The buyer has to accept the terms and conditions in order to be able to use the software. Microsoft Office, for example, is distributed under a proprietary license.
Open source and free software licenses transfer ownership of the copy to the buyer/end user. The end user is free to modify the source code and redistribute the modified version(for free or at a price), with a few simple conditions that depend on the type of license. There are many open source licenses; we will look at some common ones here:
MIT License: This is probably the simplest license. It surrenders all rights that the copyright holder/publisher typically receives, including the exclusive right to commercially exploit the work. It also disclaims any express warranty and fitness for a purpose.. There is no clause prohibiting use of the names of publishing organizations and contributors for product endorsement. When the original work or “substantial portions” of it are distributed, the licensee is required to include a copyright notice and the notice giving permission to potential licensees of their rights to use the work. However, modifications may go into proprietary software and need not necessarily be redistributed.
BSD License: The BSD license is very similar to the MIT license except with respect to a major clause: the names of the contributors may not be used without their explicit permission. This provides protection to contributors in the event that the product is associated with a poorly written program.
GPL – GNU General Public License: The GPL, created by the Richard M. Stallman of the Free Software Foundation (FSF), also provides licensees with full modification and distribution rights, with two conditions: redistribution can be done under the same terms as the original license  and redistributed copies must contain the original GPL text without any modifications. This ensures that a licensee has the same rights that the licensor had over the document, the idea of copyleft. The GPL also allows value-add activities: a person can sell a guarantee that a GPL work will perform under a particular condition and make the changes necessary to achieve this goal. There are multiple versions of this license, the latest being version 3.
LGPL – GNU Lesser General Public License: This license allows work licensed under GPL to link to non-GPL software. A company could integrate LGPL software for with proprietary software for in-house use, but if the integrated work were to be sold under a proprietary license, it would violate the legal terms of the GPL. This license is generally applicable to subroutine libraries.
(There is another category of licenses called free software licenses, but since most of them are compatible with one of the above open source licenses mentioned above, this is not listed separately.)
One of the greatest advantages of open source licensing is innovation: contrary to popular belief, programmers are willing to contribute to open source projects with only a more useful program as the reward. More people using a software and more people trying to fix known issues (in a well organized manner, as is the case with many open source software) generally results in better quality and reliability. Also, while the publisher of a proprietary software can stop supporting it after some time, it is generally quite easy to find someone on the internet who will be able to help you out with the problems you may be facing with your open source code.
http://oreilly.com/catalog/9780596005818/

Proprietary software licenses grant the buyer of a copy of the software the permission to use it, but ownership of the copy remains with the publisher. A limited set of rights is granted to the buyer. The buyer has to accept the terms and conditions in order to be able to use the software. Microsoft Office, for example, is distributed under a proprietary license.

Open source and free software licenses transfer ownership of the copy to the buyer/end user. The end user is free to modify the source code and redistribute the modified version(for free or at a price), with a few simple conditions that depend on the type of license. There are many open source licenses; we will look at some common ones here:

MIT License: This is probably the simplest license. It surrenders all rights that the copyright holder/publisher typically receives, including the exclusive right to commercially exploit the work. It also disclaims any express warranty and fitness for a purpose.. There is no clause prohibiting use of the names of publishing organizations and contributors for product endorsement. When the original work or “substantial portions” of it are distributed, the licensee is required to include a copyright notice and the notice giving permission to potential licensees of their rights to use the work. However, modifications may go into proprietary software and need not necessarily be redistributed.

BSD License: The BSD license is very similar to the MIT license except with respect to a major clause: the names of the contributors may not be used without their explicit permission. This provides protection to contributors in the event that the product is associated with a poorly written program.

GPL – GNU General Public License: The GPL, created by the Richard M. Stallman of the Free Software Foundation (FSF), also provides licensees with full modification and distribution rights, with two conditions: redistribution can be done under the same terms as the original license  and redistributed copies must contain the original GPL text without any modifications. This ensures that a licensee has the same rights that the licensor had over the document, the idea of copyleft. The GPL also allows value-add activities: a person can sell a guarantee that a GPL work will perform under a particular condition and make the changes necessary to achieve this goal. There are multiple versions of this license, the latest being version 3.

LGPL – GNU Lesser General Public License: This license allows work licensed under GPL to link to non-GPL software. A company could integrate LGPL software for with proprietary software for in-house use, but if the integrated work were to be sold under a proprietary license, it would violate the legal terms of the GPL. This license is generally applicable to subroutine libraries.

One of the greatest advantages of open source licensing is innovation: contrary to popular belief, programmers are willing to contribute to open source projects with only a more useful program as the reward. More people using a software and more people trying to fix known issues (in a well organized manner, as is the case with many open source software) generally results in better quality and reliability. Also, while the publisher of a proprietary software can stop supporting it after some time, it is generally quite easy to find someone on the internet who will be able to help you out with the problems you may be facing with your open source code.

Reference: http://oreilly.com/catalog/9780596005818/

Tags: , , , , ,
Posted in Articles | No Comments »

Ajax & UI Performance

Wednesday, August 5th, 2009
Ajax (also, AJAX), short for Asynchronous JavaScript and XML, is a group of interrelated web development techniques used to create interactive web applications. Ajax can improve response time by communicating with the server without full page requests. The result  is a rich interface and better quality applications. A simple example of Ajax is the ‘Suggest’ feature in Google – suggestions are displayed as you type in your query in the search box.
Why use Ajax?
Bandwidth savings: In applications that have a significant part of each page containing content that is identical in multiple page requests, using Ajax to update only the relevant parts of a page can bring about a significant savings in bandwidth requirements. The savings is generally dependent on the complexity of the website. Even a 10% saving in bandwidth will be significant when considering data intensive web applications (like one requiring display of rich, interactive maps and graphs) or a bandwidth constrained web application.
Time savings: Ajax can also bring increase the efficiency of using a web application. Let’s say you only want to see a list of refreshed news items on the website. The time saved by making a request only for the news items instead of the entire page is significant when accumulated over a period.
Improved responsiveness: Ajax can bring about a better and uninterrupted work flow, thus increasing productivity. Ajax also lets you work on the page while information is being retrieved in the background for a part of it.
These three factors can significantly improve overall business productivity.
One drawback with Ajax is that using the ‘Back’ button on the browser may not always take the user to the previous logical operation that they had performed, but to the previous page in the browser history, since an Ajax request is not a page request. Bookmarking will also not work. Recent releases of browsers have exposed functionality that allows developers to manipulate the browser history to show the correct operations performed by users on an Ajax enabled page, but not all web applications have incorporated this feature. Also, since the screen content is being updated dynamically, the changes may not be detected by accessibility tools.
Another is that, in many cases, complex JavaScript is required to make use of the full potential that Ajax offers, and JavaScript with high complexity is not the easiest of things to understand.
Ajax has been around for quite some time now, and has been playing a significant part in improving the interactivity of web applications. With the rich experience it can offer users, it is also one of the enablers of Web 2.0 (note: Ajax itself is not Web 2.0), and we can probably expect to see it around for quite some time to come.
http://www.helium.com/items/49433-advantages-and-disadvantages-of-ajax; http://www.webperformanceinc.com/library/reports/AjaxBandwidth/; http://www.ibm.com/developerworks/web/library/wa-aj-perform/index.html

Ajax (also, AJAX), short for Asynchronous JavaScript and XML, is a group of interrelated web development techniques used to create interactive web applications. Ajax can improve response time by communicating with the server without full page requests. The result  is a rich interface and better quality applications. A simple example of Ajax is the ‘Suggest’ feature in Google – suggestions are displayed as you type in your query in the search box.

Why use Ajax?

Bandwidth savings: In applications that have a significant part of each page containing content that is identical in multiple page requests, using Ajax to update only the relevant parts of a page can bring about a significant savings in bandwidth requirements. The savings is generally dependent on the complexity of the website. Even a 10% saving in bandwidth will be significant when considering data intensive web applications (like one requiring display of rich, interactive maps and graphs) or a bandwidth constrained web application.

Time savings: Ajax can also bring increase the efficiency of using a web application. Let’s say you only want to see a list of refreshed news items on the website. The time saved by making a request only for the news items instead of the entire page is significant when accumulated over a period.

Improved responsiveness: Ajax can bring about a better and uninterrupted work flow, thus increasing productivity. Ajax also lets you work on the page while information is being retrieved in the background for a part of it.

These three factors can significantly improve overall business productivity.

One drawback with Ajax is that using the ‘Back’ button on the browser may not always take the user to the previous logical operation that they had performed, but to the previous page in the browser history, since an Ajax request is not a page request. Bookmarking will also not work. Recent releases of browsers have exposed functionality that allows developers to manipulate the browser history to show the correct operations performed by users on an Ajax enabled page, but not all web applications have incorporated this feature. Also, since the screen content is being updated dynamically, the changes may not be detected by accessibility tools.

Another is that, in many cases, complex JavaScript is required to make use of the full potential that Ajax offers, and JavaScript with high complexity is not the easiest of things to understand.

Ajax has been around for quite some time now, and has been playing a significant part in improving the interactivity of web applications. With the rich experience it can offer users, it is also one of the enablers of Web 2.0 (note: Ajax itself is not Web 2.0), and we can probably expect to see it around for quite some time to come.

References: http://www.helium.com/items/49433-advantages-and-disadvantages-of-ajax; http://www.webperformanceinc.com/library/reports/AjaxBandwidth/; http://www.ibm.com/developerworks/web/library/wa-aj-perform/index.html

Tags: ,
Posted in Articles | No Comments »

Security Threats – II: SQL Injection

Wednesday, August 5th, 2009
In this article, the second in our website security attacks series, we look at the hows and whys of SQL injection.
SQL injection involves compromising the security of an application by insertion or injection of an SQL query via the input data from the client to the application. This can happen when the input data is not correctly filtered for string literal escape cahracters. Successful SQL exploits can read data from the database and DBMS files, make modifications to it and execute administrative functions on the database.
How does this work? Let’s take a simple query
Select * from user_details where username = ;
The webpage probably has something similar to the following to capture the username and pass it on to the  backend:
string userName = field.getUserName();
string query = “Select * from user_details where username = ‘” + userName + “’”;
If a malicious user wanted to obtain the contents of the entire table (and the application is vulnerable to SQL injection attacks), all he would have to do is, instead of just typing in a username, he’d input <m_user’ OR ‘x’='x>. When this gets inserted into the query, the query gets transformed into
Select * from user_details where username = ‘m_user’ OR ‘x’='x’;
Because ‘x’ always equals ‘x’; the condition is always true and the query, which essentially converts into ‘Select * from user_details;’  returns the entire contents of the table user_details.
Hackers can make use of this vulnerability to obtain data and perpetrate malicious attacks on websites. Some databases allow multiple SQL statements separated by semicolons to be executed as a batch, allowing the attacker to execute arbitrary commands on the database.
How can you avoid such an attack on your website? A simple approach is to accept characters only from an allowed list of safe characters. This provides a first layer of security for the application. Another way is to use parameterized statements and stored procedures. Also, it must be ensured that the account with the least privileges is used for all user interactions. These precautions will go a long way in preventing your site from being hacked.
http://www.owasp.org/index.php/Guide_to_SQL_Injection; http://en.wikipedia.org/wiki/SQL_injection; http://www.owasp.org/index.php/SQL_injection

In this article, the second in our series of articles on website security attacks, we look at the hows and whys of SQL injection.

SQL injection involves compromising the security of an application by insertion or injection of an SQL query via the input data from the client to the application. This can happen when the input data is not correctly filtered for string literal escape characters. Successful SQL exploits can read data from the database and DBMS files, make modifications to it and execute administrative functions on the database.

How does this work? Let’s take a simple query:

Select * from user_details where username = ;

The web page probably has something similar to the following to capture the username and pass it on to the  backend:

{ …

string userName = field.getUserName();

string query = “Select * from user_details where username = ‘” + userName + “’”;

…}

If a malicious user wanted to obtain the contents of the entire table (and the application is vulnerable to SQL injection attacks), instead of just typing in a username, he’d input <m_user’ OR ‘x’='x>. When this gets inserted into the query, the query gets transformed into:

Select * from user_details where username = ‘m_user’ OR ‘x’='x’;

Because ‘x’ always equals ‘x’, the condition is always true and the query, which essentially converts into ‘Select * from user_details;’ returns the entire contents of the table user_details.

Hackers can make use of this vulnerability to obtain data and perpetrate malicious attacks on websites. Some databases allow multiple SQL statements separated by semicolons to be executed as a batch, allowing the attacker to execute arbitrary commands on the database.

How can you avoid such an attack on your website? A simple approach is to accept characters only from an allowed list of safe characters. This provides a first layer of security for the application. Another way is to use parameterized statements and stored procedures. Also, it must be ensured that the account with the least privileges is used for all user interactions. These precautions will go a long way in preventing your site from being hacked.

References: http://www.owasp.org/index.php/Guide_to_SQL_Injection; http://en.wikipedia.org/wiki/SQL_injection; http://www.owasp.org/index.php/SQL_injection

Tags: , , ,
Posted in Articles | 1 Comment »

Google Chrome OS – Challenges Ahead

Monday, July 20th, 2009
Looking beyond the awe that Google  OS announcement has created,  Information Week writeup takes a look at the challenges ahead before Chrome OS wins it all.

Looking beyond the awe that Google  OS announcement has created,  Information Week writeup takes a look at the challenges ahead before Chrome OS wins it all

Posted in Articles | No Comments »

Video Goes Open Source

Monday, July 20th, 2009

For long, video has remained a blackbox.

Think about “text” as an expression medium,  it could be mixed with other text and it could evolve in interesting & powerful ways, could same be done with Video?

Going by Wikimedia Foundation’s plans,  it can soon be a reality.   For more visit this interesting story on Readwriteweb.

Posted in Articles | No Comments »

Google Chrome OS – Why Should you Care?

Thursday, July 9th, 2009

Is Google Chrome OS a game changer?  Undoubtedly yes.  Instead of going gaga over the game changing potential, here is ADPS team’s  attempt to decipher how it affects future of your business and how should you position your IT Initiatives to leverage this game changing event in years to come.

1. Platform Compatibility Issue is Dead – Long Live Browser

How many of us still remember the war between Netscape and IE?  Microsoft fought tooth and nail not because it loved Internet, MS just was smart enough to realize the future potential of browser as an application container, a platform that can make any application Windows independent.

If you have been betting on hosted applications as a server side paradigm of choice and browser as a client you are  already on the right side of the equation, if you have been waiting, it’s time you considered that golden move.  If you are a provider,  the hosted application market space just got a whole lot bigger, and its a good news.

2.  Arrival of a Killer Cloud App

Rhyme of “work from any where any time” has been there for some time now.  Things didn’t seem so obvious until the cloud arrived, web became faster and applications & data became detached from PC.

Arrival of free OS to drive the applications & a free Cloud to host them can just be the killer app the cloud computing has been waiting for.

3. Risk of Open source & Cloud Adoption just got Smaller

As an adopter of hosted application and open source paradigm, now you need not answer plethora of business continuity risks that you finally find a big brother in Google supporting your plans.

Nobody ever got fired for hiring IBM and may we add — No body will ever get fired for choosing Google Cloud.

4.   Whats  in it for YOU?

If you are an IT Services provider, it just makes plain future sense to focus on hosted open source application space and particularly on Cloud based applications.

As an adopter of open source, there couldn’t have been a better news.  It means a future that attracts more credible service providers and increasing lower total life cycle cost for your future IT initiatives.

Tags: , , , ,
Posted in Articles | 2 Comments »

Why Use a PHP Framework?

Thursday, July 9th, 2009

There are many PHP frameworks currently in use, with Zend and CakePHP being the most common, followed by Symfony and CodeIgniter. Why should frameworks be so popular? Why should you invest time in understanding and using them?

PHP frameworks follow the MVC architecture, which means that the presentation is separated from the database and business layers, resulting is neat, clean and understandable code modules.
You are forced to stick to certain coding rules, ensuring good coding standards, which means that the code is written as it is supposed to be written and you do not run into unreadable code later on.
Most frameworks have built in checks to ensure that urls are clean. This is particularly important when you consider SEO.
Access to service APIs makes expanding connecting to other applications like Facebook and Google Maps very easy
Access to plugins means that many commonly used components need not be developed.
Automatic includes mean that you never have to worry about forgetting to manually include common files ever again.
Validation of forms and error flagging are made easy with built-in objects.
Strictly followed coding standards and code modules makes it easier to reuse code.

You may be tempted to create just one or two controllers, which, if done, defeats one of the purposes of using MVC. So, keep your controllers small and as close to the view as possible.

Although the learning curve can be steep when it comes to understanding frameworks, the effort pays off in the end – applications are a lot easier, and quicker, to develop using frameworks.

Sources: http://joshsharp.com.au/blog/view/why_you_should_be_using_a_framework, http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html, http://www.workoninternet.com/article_26808.html

Tags: , , , , ,
Posted in Articles | No Comments »

Security Threats – I: Cross Site Request Forgery

Tuesday, July 7th, 2009

Website security is a burning issue these days. We read about hackers gaining illegal access to government websites and banking and other secure sites almost every day. With this in mind, this is the first of a series of articles where we  intend to explain various forms of website security threats.

This article takes a look at Cross Site Request Forgery (XSRF or CSRF), and what you, as a user or as an application owner, can do to avoid it.

CSRF is an attack from that enables an attacker to send HTTP requests from a victim’s computer without his/her knowledge. To elaborate: Assume that you checked the ‘Keep me signed in’ box when you logged in to your blog. This means that your security credentials are stored on your computer and sent by the browser to the site every time you make a request. You trust that the website will not impinge on your privacy and security, while the website trusts that any request coming with your credentials embedded in it actually comes from you. With this being the situation, it is very easy for an attacker to make unauthorized actions on the website while pretending to be you. Let’s see how.

Let’s assume that Jane generally uses the website examplestocks.com to trade in stocks. Since she uses the website quite frequently, she clicks on the ‘Keep me signed in’ box while logging in the first time to avoid having to key in her credentials every time she wants to look at the stock price. A malicious attacker wants to make use of this fact to sell some of Jane’s shares without Jane knowing about it. The attacker knows that the request to buy/sell is sent to the website in the form ‘http://examplestocks.com/sell.php?uid=Jane&symbol=XYZ&sharestosell=100’.

Before we proceed, some background of how a webpage is generated by a browser: When a browser makes a request, it receives a bunch of HTML code, which it then parses to render the page to the user. Attackers commonly use the tags that are used to include images on a webpage. The image tag is as follows: <img src=”http://examplestocks.com/stock.gif”> . When the browser comes across this tag, it sends a request to the server, and uses a standard ‘Get’ request to do so. It is impossible for the browser to differentiate between requests for different resources.

The attacker embeds the sell request within a blank image, i.e., the image tag will look like this: <img src=” http://examplestocks.com/sell.php?uid=Jane&symbol=XYZ&sharestosell=100″>, and makes the image part of, for example, an email. When Jane opens the email to read it, the html in it is parsed, and the request embedded in the email is sent to the website examplestocks.com, and the 100 stocks belonging to Jane in company XYZ are sold, all without Jane being aware of it.  Since the browser automatically supplies the required credentials (remember, Jane is logged in), the server has no way to validate whether the request has, in fact, come from Jane.

You, as a user, do not really have any control over this, since security is defined by the application; however, it may make sense to not keep yourself signed into important accounts like the one in the example above.

You, as an application owner, can take some precautions to ensure that your website is not prone to such attacks. One simple way of doing this is to append user session tokens, which expire after a set time, with each request. The malicious attacker will have no way to replicate this token, thus ensuring that there is no simple way for a non-user to access the site. For example, if you do your bank transaction over the Internet, you may see a ‘Session Expired, Please Login Again’ message if you take too long to input the wire transfer details after logging in. This does not offer complete protection, since an attacker could use complex Cross Site Scripting (XSS) or make use of browser vulnerabilities to perpetrate the attack. The only way to avoid such attacks on your application is by following rigorous coding and security processes to ensure that there are no loopholes in the code that can be exploited.

Source: http://shiflett.org/articles/cross-site-request-forgeries, http://www.cgisecurity.com/csrf-faq.html, http://www.owasp.org/index.php/Cross-Site_Request_Forgery, http://www.debian-administration.org/article/Improving_website_security

Tags: , , , , ,
Posted in Articles | No Comments »

Cloud Computing: A Quick Primer

Tuesday, July 7th, 2009

You have heard of cloud computing, but how can it be useful to you? Read on.

Cloud computing is, simply put, using information technology as a service over the network. These services could relate to computing – for example, running complex calculations on multiple rented powerful servers on the network – or storage – for example, storing the results of the calculations on a virtual server and accessing it whenever necessary.  This system also has the ability to scale dynamically as needed. You may start a new service, giving you new clients and 10 times your existing documentation, and you would still be able to store them on the Cloud without having to spend a lot of money.

Cloud computing can reduce the cost of delivery of services, while increasing the speed and agility with which services are deployed. It incorporates virtualization, on-demand deployment, Internet delivery of services, and open source software. The self-service nature of cloud computing can enable companies, especially small ones without the resources of their larger counterparts, create elastic environments that can contract or expand based on need.  Its pay-by-use nature means that companies do not have to shell out large amounts of money for something that they cannot make full use of. So, basically, you can build applications, test them, and deploy them on a virtual machine, increasing your use of the cloud resources based on need.

Open source software plays an important part in cloud computing by allowing its basic elements to be created with easily and freely available components.

There are primarily two types of clouds:

Public Clouds: These are run by third parties and applications from different customers will be mixed together, although with security and data locality aspects in place, this should be transparent to the end user. Larger portions of the cloud can also be let out to individual customers as virtual datacenters. This gives customer greater visibility into its infrastructure, and greater manipulative capacity.

Private Clouds: These are built for the exclusive use of one customer, providing utmost control over data, security and quality of service. These can be managed either by a company’s IT organization or by a third party provider.

A third type, the Hybrid Cloud,  is a mixture of these two models, primarily by augmenting a private cloud with the resources of a public cloud.

Cloud computing makes use of three basic service models:

Software as a Service (SaaS): Software as a service features a complete application offered as a service on demand. A single instance of the software runs on the cloud and services multiple end users or client organizations.

Platform as a Service (PaaS): Platform as a service encapsulates a layer of software and provides it as a service that can be used to build higher-level services. (e.g.: Google Apps engine)

Infrastructure as a Service (IaaS): Infrastructure as a service delivers basic storage and compute capabilities as standardized services over the network. Servers, storage systems, switches, routers, and other systems are pooled and made available to handle workloads that range from application components to high-performance computing applications.

The benefits of cloud computing are many. Some of them are:

Reduce run time and response time – use multiple servers instead of just one to run your calculations

Minimize infrastructure risk – you own lesser infrastructure

Lower cost of entry – infrastructure is rented, and applications are ‘assembled’

Increased pace of innovation – deploy quickly and at low cost, freeing resources

So, cloud computing is available, scalable, flexible, reliable, secure and efficient. Do you want more reasons to start evaluating your existing infrastructure?

Source: Introduction to Cloud Computing Architecture, White Paper, Sun Microsystems, 1st Edition, June 2009

Tags: , ,
Posted in Articles | 2 Comments »

Web Analytics: Why Should you Care?

Tuesday, June 23rd, 2009

You have a website. You have a fair idea of how many people visit your site every day/month. But did you know that getting visitors to come to your site is only a small percent of the game? What you really need is for them to stay on your site for longer, view all the right pages, and – if your website is an e-commerce site – buy something. How do you accomplish this? Read on.

Web analytics, very simply, is the study of the behavior of website visitors. If you own, for example, a website which sells jewelry (although web analytics is definitely not only for e-commerce sites), it is in your best interests to know, for example, which region a visitor originates from, what kind of links from the home page are most clicked, which are the top ten most purchased products etc. This will help you to better design your site to convert a larger number of your visitors into ‘lingerers’ and/or buyers. The ultimate goal of web analytics is to understand your customer’s online experience in order to improve it, which in turn will mean greater revenues for you.

Some of the more common terms used in web analytics are:

  • Hit: The number of times a file is requested from the web server. A larger number of hits does not necessarily make a page popular, since each webpage typically consists of multiple discrete files, each of which, when downloaded, is counted as a hit.
  • Page View: A request for a file with type defined as ‘Page’. A page view generates multiple hits for the reason stated above.
  • Unique Visitor: A unique client requesting for pages from the web server. The same person is counted as two unique visitors if he/she accesses the same web page from two different computers. This is because a visitor’s computer, by means of its IP address and/or cookie determines the uniqueness of the page request.
  • Session/ Session Duration: A session is a series of web page requests from the same client within a specific time period. Session duration is the average time a user spends on the website in one session.
  • Bounce Rate: The percentage of visits that the visitor enters and exits a website at the same page without visiting any other pages on the site.

Two of the most popular sources of data for web analytics are web traffic data and web transactional data. Web traffic data are typically obtained from server log files and JavaScript page tags, which provide a lot of data on visitors to a site. Many websites, like the jewelry selling website mentioned earlier, for example, also has details from all the transactions (like a visitor buying a book), which can be mined for further information.

These two sources of data lead to two main methods of analyzing traffic to a site – logfile analysis and page tagging. One big advantage with logfile analysis is that the data is already there, since servers anyway log all requests made by clients.  Page tagging, on the other hand, required explicit changes made to web pages, which may not be always easy. Web servers also reliably log all transactions, while page tags may be dependent on client browser to work and could result in uncounted page views. One issue with web servers is that, if pages are cached, then page views are generally not logged and could result in missed hits. Servers also cannot log activity which does not make explicit requests to servers, like in the case of interactions with flash movies, or on mouse events.

Some commonly used free web analytics programs are those by Google and Yahoo!, (although the Yahoo! module is available only to merchants and advertisers supported by Yahoo!). These, and similar, modules can easily be integrated with your website and feature a dashboard which gives you access to a wide array of reports and graphs on every aspect of visitor behavior.

If you are really serious about making sure that your website is getting a lot of visibility, you must ensure that you have proper web analytics installed. The feedback that this system provides indicates the strengths and weaknesses of you site. Small tweaks based on the numbers thrown up by analytics can result in tremendous increase in the traffic to your site.

Source: http://en.wikipedia.org/wiki/Web_analytics; http://www.sofizar.com/web-analytics.php

Tags: ,
Posted in Articles | 1 Comment »

« Older Entries