Supplementary Reading
E-business Web Site Design
1.General Strategies of E-business Web Site Design
For many people,the thought of building a web site is a daunting task.But in fact,it's pretty simple(in terms of the process).Here's what you can expect(in order):
(1)Defining the task
Once you have decided to hire staff,the first step is to define the project very carefully and very thoroughly.It is critical to put down on paper what is and isn't included for theagreedprice.We call this the “Statement of Work”and include it as a part of our proposal.For us to prepare this document,we're going to have a lot of questions to ask.If you havent done so already,please review(and fill out)our free estimate form.This form collects the basic information we need to begin developing the Statement of Work.Of course,we will have more questions and will want to talk with you about the details.But this form lays out the basics.
We will prepare a full proposal for you at no cost or obligation.These are not template documents where we change out the executive summary and fire them off a mass.We often have dozens of hours(sometimes much more)into a single proposal because it is the document and the document alone,that will define our entire relationship.By some section headings you can expect to find in our website design proposals:Executive Summary,Primary Objectives,Statement of Work,Technology Platforms,Maintenance Terms,Search Engine Rankings,Production Process,Timelines,Deliverables,Fee Breakdown,Terms of Service,etc.
(2)Negotiating price
As mentioned,there are no set rules as to how we determine price since everything we do is so customized.So the good news is that there is always room for negotiation.But it isn't into playing pricing games.Our price is primarily based on how much work we have to put into your website,so our idea of negotiation is to discuss how to accomplish the objectives within a budget and not to simply toss around numbers.Sometimes there are sacrifices and compromises that must be made by both us and the client.
(3)Beginning production
Once the proposal is agreed to and the price is set,We will begin production.We don't ask for a deposit or any kind of advanced payment.We don't ask you to sign a contract.We will work completely at our own risk so that at every step of the process,we still have to earn your business.We build everything out on our live development servers so that our clients can monitor ourprogressin real time.During production,we expect to be in contact with you at least every other day(and usually more often than that).We want to make sure we're always on the right track,so we'll touch base with you often.
(4)Develop the design & layout
The first phase of production involves building screenshots of what your project will look like.If you ordered a logo,this would be the first thing to produce.The screenshot is a static image that essentially determines the template by which we will build the rest of your websites pages.
(5)Build the beta site
When everything is approved with the alpha site,we begin adding your content.This is where the Web site really takes on its final form and comes together.For ecommerce and other functional sites,many clients opt to begin accepting a few “beta testers”to use their site with the understanding that there may still be some bugs to work out.
When the beta site is complete,everyone spends some time looking over the site,testing,tweaking,revising,etc.When the client is completely happy with everything,we ask him/her to sign a “Final Acceptance Agreement”as well as a “Contract for Professional Services”.(Click to view samples)These documents include several things.The Final Acceptance Agreement basically states that the project is completely done and that the client is satisfied and agrees to pay.After signing this document,any additional requests for work must fall under the maintenance agreement or will incur additional fees.The Contract for Professional Services is a very standard legal contract that defines ownership,liability,indemnification,and all that other legal mumbo jumbo that is a necessary evil.
(6)Payment & launch
Our only rule is quite simple:when we get paid,you get your work.We take a big chance by not requiring any payment or contracts from our clients or from the outset.Most of our peers think were nuts to operate this way(though never in our history has a client every taken us up on this unconditional satisfaction guarantee).So the only protection that we have against mal-intending clients is to own and possess all the work until payment is received,not invoiced,not in the mail,not when contracts are signed.When your money is in our bank,then and only then,we will turn everything over to you.At that time we upload and install everything on your infrastructure(or whatever infrastructure has been decided upon).We turn over all development documents to you,including the raw files we used every step of the way.When were done,you own everything you paid for.
(7)Maintaining the Web site
Every client has different needs when it comes to keep their web site up-to-date.Some require daily or weekly updates.Some just need typos fixed here and there.Some clients can dabble in their own HTML.Some wouldn't want to go near the stuff.Whatever your situation is,we can accommodate you.Every maintenance contract is custom tailored to your specific needs.In general,the way it works is this:We set a minimum number of hours per month that we agree should cover most maintenance work.In exchange for guaranteeing that minimum number of hours,we drop our hourly rates substantial(in half or more).If you don't use up your full allocation of hours,we spend the balance doing Web site promotion(because you can never spend too much time promoting your web site).If you go over,you're locked into the reduced rate that weve agreedto.Anything more than about 5 hours overtime will be quoted as a “mini project”with a fixed fee.
2.Software and Hardware for Web site Design
(1)How to choose an Internet service provider
An Internet Service Provider,or ISP,is a company that provides its customers with access to the Internet.Customers may connect to their ISP through dialup(telephone),broadband(including DSL,ISDN and cable modem services),or wireless connections.There are countless national and regional ISPs,and a great many Web sites exist to help you locate the best one for you.
The Internet holds a huge amount of information about any conceivable subject.You can read the daily news,check your bank balance,monitor share prices,listen to the latest music releases or even watch trailers for the latest movies.
The most common use for the Internet is E-mail.This allows you to write a message on your computer and post it to a friend or relative instantly.It is also possible to use the Internet to chat in “real time”with your friends or relatives.This can be by typing,speaking or even videophone.
Other facilities exist for obtaining updates and information on your software,testing new software.
(2)Web-based database application services
This is the newest,and perhaps the most intriguing,type of database product,these are database programs that reside entirely on the servers of an “Application Service Provider”(ASP)company.There are several nonprofit-oriented donor/member database services that have started up before.The one with which were most familiar is e-tapestry.
You purchase e-tapestry as a service rather than as a product.There's no software to purchase or install on your machines—all you need is a Web browser and an Internet connection(56k works fine,although obviously a high-speed connection is better).The cost depends on the number ofrecordsin your database,and starts at FREE for databases with 1,000 records or less.For groups with 1,000~5,000 records,the cost is 99 per month.There are a number of additional services that can be added as well.While the program can be customized quite a bit,the fundamental workflow can't be modified as extensively as ebase can permit.However,because e-tapestry is a hosted application,it is upgraded often,and upgrades are automatically and seamlessly rolled out to all users.
E-tapestry is a very new product,but weve been very impressed by what weve seen.It'sparticularly attractive to groups with less than 1,000 members,as it's completely free to small groups,and requires absolutely no hardware or software purchase,and no database expertise to administer or maintain.Another significant benefit of ASP-hosted database products is that they can be accessed by multiple users in multiple locations—something that is quite tricky with anyothertype of database solution.
For groups with more than 1,000 members,the cost of e-tapestry is significant,but that cost has to be weighed against the time and expense of developing your own system or even that ofcustomizinga low up-front cost system such as abase.If you don't need the total customizability ofabaseor a custom solution,and would rather spend some cash than your precious time,then e-tapestry might be worth investigating.
Another prominent ASP-type database product is Social Ecologys Donor Link IT product.While we haven't reviewed it in-depth,it has features and functions that are roughly similar to e-tapestry,and a similar pricing model(99 per month for organizations with fewer than 5,000records).
(3)Web site security
Successful attacks on websites can result in a great deal of bad publicity,especially when an official site is replaced by pages presenting the host organization in an unflattering light.Damage to political and government Web sites have made the national news,but defacing any Web site is likely to harm its owner.Internet image increasingly influences attitudes in the real world too,especiallyfor organizations with customers around the world.For many prospective students or sponsors,your Web site will be their first,and in some cases only,to contact with your institution.All web managers should therefore be concerned with security to ensure that the content and conduct of their site remains are under control.
Attacks against web servers are not usually motivated by dislike of the owner organization.Some people just wish to publish their own views and will use any well-connected server for this;others are simply looking for powerful computers with good connectivity to distribute pirated software or to mount attacks on other Internet sites.A web server on a high-speed network like JANET is likely to be a good choice for every type of activity.
Although running a web server may make a machine be a more attractive target for attackers,it is unlikely to make it significantly easier to break into.Web server software is generally reasonably secure already:Successful attacks are usually achieved through errors in configuration or vulnerabilities in the underlying operating system.There is no point in securing the web function if the rest of the machine offers open doors to intruders.There are three basic rules for securing any system:
①Offer as few services or as few people as possible.Extra services will,in any case,affect the machine's performance as a web server as well as provide possible routes for break-ins.
②Keep the system up to date.New vulnerabilities are discovered every week,and are exploitedsoon afterwards.
③Check log files for warning signs.
Each of these should continue throughout the life of the server.Although this requires effort,the procedures are well known.Few people have the ability to discover and exploit new vulnerabi-lities,so the vast majority of security breaches result from well-known problems that could have been avoided.Prevention may seem expensive until you consider the alternative cost of repairing the damage after a breach has occurred.
There are three categories of damage that may result from a security breach:loss of service,loss of information and loss of control.
Loss of service generally happens either by accident or through hostile intent.And it is usually caused by overloading the server with requests.Unfortunately it is very hard to protect a public web server against this kind of“denial of service”attack:A web server's function is to respond torequestsfrom browsers and it is almost impossible to distinguish between a busy day and an attack.No vulnerability is being exploited except the finite capacity of any system,so no amount of preventative work can help.The best solution is to ensure that your system still has spare capacity when“normally”loaded and hope you can handle requests faster than your attacker can generate them.An attack at this level will be highly unpopular with the originating network,as well as your own,so it should be stopped at source before too long.JANET-CERT can help trace the origin of attacks,and can also advise on blocking problem hosts.
Loss,or strictly leakage,of information is,in one sense,a rather paradoxical concern on the web.The web was,after all,designed as a publishing medium for public content.As a result there are few effective controls on who can read your content from the server:Passwords and restriction by source address can both be defeated by a determined thief.Especially beware of using the same password on a web site as on other more secure systems.Before you put truly secret information on a public web site,consider first whether this is really appropriate and if so it is,protect it with some off-line encryption method such as PGP.There is,however,a serious concern that a web server may give away information about the system it runs on such as usernames,configurations or password files.These could be useful for a hostile person to plan an attack on the machine.Such leaks are usually caused by bad design,either in the server program or,more usually,in its configuration.CGI scripts which allow readers to fetch any file from the server are a long-standing favorite with the hacker community,still being actively and successfully exploited.Any program to be installed on a server should be checked very carefully by someone other than the author.Writing safe scripts is hard and even commercial examples have been known to have problems.
The most serious consequence of a security incident is loss of control.Once an intruder has gained the ability to run commands on the server,it is usually impossible to determine whatchangeshave been made.In particular,most intruders take the precaution of installing another method for gaining access to the system,so that even fixing the original problem does not prevent them coming back.In this situation the owner can nolonger sure what the machine contains or what it may be doing.At any time the Web pages may be replaced or the server launch an attack on a U.S.corporate target,for example.With meticulous preparation before the event it may be possible to repair a compromised server but more often the whole system needs to be re-installed.Either option will involve a lengthy period of down time,considerable inconvenience and possibly lost work for publishers,readers and administrators.Such incidents can only be prevented by careful design,maintenance and use of the system.Users must be involved,especially if they can log in to the server from remote locations to maintain their pages.“Borrowing”the account of a legitimate user is one of the easiest ways to gain access to any computer.Some sites have decided that maintenance and publishing should be separated—the public machine then becomes a secure“read-only”site which can be tightly secured.Pages and scripts are developed on another server,which is not exposed to the Internet,and copied to the public site under strict control.This design can also isolate internal readers from the consequences of an external denial of service attack,though it does not protect against hostile or careless users within the organization.
In conclusion,it is possible to keep a Web site secure but it is not easy.The design,maintenanceand use of the server must all be carefully planned and executed to reduce the risk of incidents.In particular,claims of“ease of use”should be treated with caution in case they make life easier for the intruder as well.A web site can be a major asset for an institution and should be protected according to its value.Protection is not easy,but a reasonable level of security is notimpossible.There is ample advice available on the web and among the community.Finally,for JANET customers,you remember that the CERT is available to help in preventing incidents as well as curing them.
3.Web Site Content Designs
(1)Application of domain name
After you make a general decision for the framework of your Web site,you firstly have toregisteryour Web's domain name.The domain name is somehow like ID card on the Internet,so it is exclusive of a brand.
The brand of a company is a part of company's invisible asset and is important for the reputationand sales of a company.So when you decide to choose a domain name for yourcompany,you should think it over,considering the following factors:
We always find that some Web sites names are very simple and short,for they can be kept easily by the clients.We can take cnnews com as an example.
Distinguished there are some reasons why their names are confused.First,the two parts of comprising the name may be connected by“-”.Second,the top domain names may differ from websites,a point in case is the“163.com”which is owned by Net and the“163.net”which is owned by the electronic post office.In addition,the international names and the domestic names someway are ambiguous.
(2)Front page design and pages characters
To make your website impressive and attractive,it's indispensable to think over the layout of your website.A good page will make your company more competitive on the Internet.There are some factors should be taken into consideration.
①No matter what your Web site is about,it in the first place conveys its main topic.And the style of Web pages should be adjusted to the main topic of your Web site.Generally speaking,an EC Web site ought to be kept in simple style,while a entertainment website may be more lovely and intimate.
②Contents Factors Location.A Web site is always made up of many pages,in which some factors such as logo,banner are included.It's significant to distribute them logically.A good EC Web site must contain three key parts:the name of company,the products or service and contents of front page.
③Colors of the Web site.All the Web sites should be shaped respectively by their own main color,which is so full of conscience conveyed by the site that may produce some affection on the browsers.Meanwhile,the web designers should keep the color easily readable.
④Usage of Pictures.It seems much duller that pages just convey some words information.Some pictures embedded in the page will make your website vivid and lively.There are some rules that must be obeyed:firstly the pictures must keep in tune with your websitesstyles and they can be formatted,so that more space can be saved.Format files would do better than the Flash files,though existing some little weaknesses.
⑤Background Music.As for an EC website,it's suggested that background music should be set a limit,because some music will be distract the browsers attention on your products orservices.
In a word,all the factors used in the website should obey the topic of your display,and make sure to make your style of web pages united and inseparable.