How ERP system helps the organisation to grow & what are the benefits of using ERP System?

What IS ERP?

ERP Enterprise Resource Planning is business software that integrates every part of your business from raw materials, inventory, production, scheduling, and finance to sales. It enables businesses to identify waste, eliminate inefficiencies, improves customer relations and real-time collaboration in the organization.

How will it help your business?

ERP systems can help businesses to become more time efficient and enhance productivity by eliminating duplication and manual work. It helps the managers to make critical decision and maintain a competitive edge over competitors. An ERP system can help you have a 360 degree visibility to all your operations and hence it becomes easy to identify problems at an early stage and one can make informed decisions efficiently. The real time integration between finance, human resource, manufacturing, sales, marketing, production etc will help the organization to keep track of entire business hand in hand.

ERP vendors like custom ERP software development companies in india can maintain close ties to the industries they serve, and respond quickly to the emerging needs of their customers. This provides the customer with the long-term assurance that as their mid-market businesses continue to grow, their ERP systems will grow with them to in response to future needs.

The integration of Supply chain management and ERP system allows distribution and manufacturing organizations the capability to gain greater visibility of its operations. Also it increases speed, efficiency and overall customer satisfaction.

For further details about the integration of ERP and SCM follow the link http://www.ifourtechnolab.com/category/erp

Session Hijacking

Session hijacking, also well-known as TCP session hijacking, is a technique of taking over a Web user session by secretly obtaining the session ID and masquerading as the legal user. Once the user's session ID has been retrieved (through session calculation), the attacker can masquerade as that user and do whatever the user is authorized to do on the network.

SPOOFING VERSUS HIJACKING spoofing and hijacking are measured to be same thing. Actually they are completely different from each other.

Spoofing: A hacker will imitate himself to gain access. Unlike hijacking, it actually creates a new session using target pinched credentials rather than using present session.

Hijacking: Unlike spoofing, it takes over current active session. It will depend on some legitimate user to establish a linking and even authentication.

Techniques of session Hijacking:

It may include any of the following techniques:

• Stealing: It refers to all those methods accepted in order to steal session IDs.  
• Brute Force: It is totally hit and trial. An attacker will try various IDs until get success. 
• Calculation: An attacker will try to compute the session Ids with use of non-randomly twisted IDs.

Application level session hijacking

Session Hijacking in OSI model can be attained at both application as well as network level. Here, in this article, application level session hijacking is explained in much detail.

1. Sniffing: An attacker to sniff a valid session IDs on the network can make use of a sniffer like a popular one is Wireshark. It keeps its eye on network traffic and from this usefulness we can use valid token session to get authorized access in an unauthorized way.
2. Session Token Prediction: It is commonly used to forecast a session ID or for impersonation task. It helps an attacker to use compromised user privileges to ping the websites with them.
3. MITM attack:  The MITM attack is a Man in the Middle attack. It is used to interrupt into an existing connection between machines to know traded messages between them.

Process:
i. First divide the TCP connection into two: Client to Attacker, An Attacker to Server.
ii. On being completely interrupted, an attacker can read, inject and even modify data into this connection

4. MIB attack: The MIB attack is a Man in the Browser attack. It makes use of the Trojan horse to interrupt the calls between the browser and its security model. It is mainly used for triggering financial deceptions by adjusting transactions of Net Banking mechanism.

Process:
 i. The Trojan horse first tries to infect computer application or its OS.
ii. Malevolent code installation and saved to configuration of the browser.
iii. When user restarts the infested browser, Trojan is being loaded and a handler is listed for every visit.
iv. While web page is loaded, extensions make use of URL and equate it with list of targeted sites.
 v. User then log in.
vi. When a specific page load is noticed, button event handler is enumerated and then compared to targeted list. vii. Finally, browser directs the form and manipulated values to the server.

5. Client Side Attacks: They are kind of an attack, in which the malevolent scripts are then injected into websites. This destructive code can be embedded in a web page and even does not alert any kind of notice.

EFFECTIVE COUNTERMEASURES:

•  Use SSL to have protected communication channel. 
•  There must be logout utility for session termination. 
•  Trust HTTPS connection for transient authentication cookies. 
•  Always allow encrypted data between user and webservers. 
•  Accept a secure protocol. 
•  Regeneration of Session ID after user log in. 
•  Lessen having remote access. 
•  Importance on Encryption. 
•  Decrease incoming connections. 
•  Decrease the life span of session or cookie.
•  Create session keys with lengthy strings or random numbers. 
•  Try stopping Eavesdropping. 
•  Expire the session when user logs out. 
•  Do not access links received via mails. 
•  Use firewall and browser settings to limit cookies. 
•  Make sure website which we are retrieving is certified by certified authority.  Clear history, offline contents and cookies from browser after each secret or sensitive transaction.

Bibliography OF spring.net

SR NO	Web References
1	http://springframework.net/
2	https://github.com/spring-projects/spring-net
3	www.codeproject.com
4	www.tutorialspoint.com/spring/spring_dependency_injection.htm
5	martinfowler.com/articles/injection.html
6	http://tutorials.jenkov.com/dependency-injection/index.html
7	http://stackoverflow.com/questions/130794/what-is-dependency-injection
8	www.javatpoint.com/spring-aop-tutorial
9	www.tutorialspoint.com/spring/aop_with_spring.htm
10	hibernate.org/orm/what-is-an-orm/
11	http://sourceforge.net/projects/springnet/
12	sourceforge.net/projects/nhibernate/ http://www.ifourtechnolab.com/application-development.aspx

Spring.NET - Conclusion

At last using Spring.Net Software development companies can create decouple application which is useful for enterprise level. Spring.Net effectively uses dependency injection which is use for linking module at runtime. Thus it is used to make everything independent. AOP also use for keeping things separate from core logic so that we can keep core implementation and testing for QA separate for use.

Practical usage of spring.net

• Now to deal with data, Spring.NET provides NHibernate and ADO.NET support. 
• To NHibernate handles all things about database and work in the object world only.
• Now download Spring.Net source and find bin folder and load Spring.Core, Spring.Web,Spring,Spring.Data,Spring.Data.NHibernate12 and NHibernate from lib folder.

Let us take an example and understand the complete process. For hibernate i defined a table in the database named employee, create a new class named Employee and a NHibernate mapping file (Employee.hbm.xml). Reference: Custom software development company:

Employee Class

using System;

namespaceMyProject.DAO

{

public class Employee : ICodeEntity

{

private long idno;

private string fname;

privateint age;

//These methods should be virtual for NHibernate Mapping

public virtual long Id

{

get { return idno; }

set { idno = value; }

}

public virtual int Age

{

get { return age; }

set { age = value; }

}

public virtual string FName

{

get { return fname; }

set { fname = value; }

}

}

}

Employee.hbm.xml

<?xmlversion="1.0"encoding="utf-8" ?>

<hibernate-mappingxmlns="urn:nhibernate-mapping-2.2"namespace="MyProject.DAO"assembly="MyProject.DAO">

<classname="Employee"table="tblemp">

<idname="Id">

<columnname="ID"not-null="true"/>

<generatorclass="increment" />

</id>

<versioncolumn="Age"name="Age" />

<propertyname="FName">

<columnname="FirstName"length="20"not-null="true" />

</property>

</class>

</hibernate-mapping>

Now using base class implements basic functionality of database like LoadALL,SaveOrUpdateetc. Define an Interface and implement.

using System;

usingSystem.Collections.Generic;

usingSystem.Collections;

namespaceMyProject.DAO

{

publicinterfaceIMainDAO<EntityT, idT>

{

IListGetAll();

EntityTGetByID(idT id);

IListLoad(stringhsqlQuery, object[] values);

void Save(EntityT fine);

voidSaveOrUpdate(EntityT fine);

NHibernate.ISessionFactorySessionFactory{ set; }

}

}

Implementation of interface

MainDAO

using System;

usingSystem.Collections.Generic;

usingSystem.Text;

usingSpring.Data.NHibernate;

usingNHibernate;

usingSystem.Collections;

namespaceMyProject.DAO

{

publicabstractclassMainDAO<EntityT, idT> : IMainDAO<EntityT, idT>

{

protectedHibernateTemplatehibernateTemplate;

publicISessionFactorySessionFactory

{

set

{

hibernateTemplate = newHibernateTemplate(value);

hibernateTemplate.TemplateFlushMode = TemplateFlushMode.Auto;

}

}

publicMainDAO()

{

}

publicvirtualEntityTGetByID(idT id)

{

EntityT entity = (EntityT)hibernateTemplate.Load(typeof(EntityT), id);

return entity;

}

publicvirtualIListGetAll()

{

returnhibernateTemplate.LoadAll(typeof(EntityT));

}

publicvirtualIList Load(stringhsqlQuery, object[] values)

{

returnhibernateTemplate.Find(hsqlQuery, values);

}

publicvirtualvoid Save(EntityT fine)

{

ICodeEntity entity = (ICodeEntity)fine;

hibernateTemplate.Save(fine);

}

publicvirtualvoidSaveOrUpdate(EntityT fine)

{

ICodeEntity entity = (ICodeEntity)fine;

hibernateTemplate.SaveOrUpdate(fine);

}

}

}

By Adding a new property to Default.aspx code file named EmployeeDAO we have to use the interface of DAO class here.

Default.aspx code

using System;

usingSystem.Data;

usingSystem.Configuration;

usingSystem.Web;

usingSystem.Web.Security;

usingSystem.Web.UI;

usingSystem.Web.UI.WebControls;

usingSystem.Web.UI.WebControls.WebParts;

usingSystem.Web.UI.HtmlControls;

usingMyProject.DAO;

publicpartialclass_Default : System.Web.UI.Page

{

privatestringmsg;

publicstringMsg

{

get { returnmsg; }

set { msg = value; }

}

privateMathmathx;

publicMathMaths

{

get { returnmathx; }

set { mathx = value; }

}

IEmpDAOempDAO;

publicIEmpDAO EMPDAO

{

get { returnempDAO; }

set { empDAO = value; }

}

protectedvoidPage_Load(object sender, EventArgs e)

{

Response.Write(msg);

Response.Write(mathx.add(10, 20));

Employee e1 = newEmployee();

e1.FName = "Martin Parmar";

EMPDAO.Save(e1);

Employee e416 = EMPDAO.GetByID(1); 

}

}

Now configuration of hibernate in web.xml file

<?xmlversion="1.0"?>

<configuration>

<configSections>

<!-- Spring -->

<sectionGroupname="spring">

<sectionname="context"type="Spring.Context.Support.WebContextHandler, Spring.Web"/>

<sectionname="objects"type="Spring.Context.Support.DefaultSectionHandler, Spring.Core"/>

<sectionname="parsers"type="Spring.Context.Support.NamespaceParsersSectionHandler, Spring.Core"/>

</sectionGroup>

</configSections>

<!-- Spring -->

<spring>

<parsers>

<parsertype="Spring.Data.Config.DatabaseNamespaceParser, Spring.Data"/>

</parsers>

<context>

<resourceuri="config://spring/objects"/>

</context>

<objectsxmlns="http://www.springframework.net"xmlns:db="http://www.springframework.net/database">

<!-- You may choose any database -->

<!--<db:provider id="DbProvider" provider="SqlServer-1.1" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=F:\projects\pm\App_Data\PM9Database.mdf;Integrated Security=True;User Instance=True"/>

<db:provider id="DbProvider" provider="SqlServer-1.1" connectionString="Data Source=.\SQLEXPRESS;"/>-->

<db:providerid="DbProviderMySQL"provider="MySql"connectionString="Server=localhost;Database=persondb;User ID=root;Password='';"providername="MySql.Data.MySqlClient"/>

<objecttype="Spring.Objects.Factory.Config.PropertyPlaceholderConfigurer, Spring.Core">

<propertyname="ConfigSections"value="databaseSettings"/>

</object>

<objectid="SessionFactory"type="Spring.Data.NHibernate.LocalSessionFactoryObject, Spring.Data.NHibernate12">

<!-- Depending on database you want set it-->

<propertyname="DbProvider"ref="DbProviderMySQL"/>

<propertyname="MappingAssemblies">

<list>

<value>MyProject.DAO</value>

</list>

</property>

<propertyname="HibernateProperties">

<dictionary>

<entrykey="hibernate.connection.provider"value="NHibernate.Connection.DriverConnectionProvider"/>

<entrykey="hibernate.dialect"value="NHibernate.Dialect.MySQLDialect"/>

<entrykey="hibernate.connection.driver_class"value="NHibernate.Driver.MySqlDataDriver"/>

</dictionary>

</property>

</object>

<!--TxManager-->

<objectid="HibernateTransactionManager"type="Spring.Data.NHibernate.HibernateTransactionManager, Spring.Data.NHibernate12">

<propertyname="DbProvider"ref="DbProviderMySQL"/>

<propertyname="SessionFactory"ref="SessionFactory"/>

</object>

<objectname="MyMathObj"type="Math, App_code"/>

<objectid="EmployeeDAO"type="MyProject.DAO.EmployeeDAO, MyProject.DAO">

<propertyname="SessionFactory"ref="SessionFactory"/>

</object>

<objectid="EmployeeDAOTx"type="Spring.Transaction.Interceptor.TransactionProxyFactoryObject, Spring.Data">

<propertyname="PlatformTransactionManager"ref="HibernateTransactionManager"/>

<propertyname="Target"ref="EmployeeDAO"/>

<propertyname="TransactionAttributes">

<name-values>

<addkey="Save*"value="PROPAGATION_REQUIRES_NEW"/>

<addkey="SaveO*"value="PROPAGATION_REQUIRES_NEW"/>

<addkey="Delete*"value="PROPAGATION_REQUIRED"/>

<addkey="Update*"value="PROPAGATION_REQUIRED"/>

<addkey="Query*"value="PROPAGATION_REQUIRED"/>

</name-values>

</property>

</object>

<!-- Pages -->

<objecttype="Default.aspx">

<propertyname="Msg"value="Hello!!! I am from webconfig"/>

<propertyname="Maths"ref="MathObj"/>

<propertyname="EmployeeDAO"ref="EmployeeDAOTx"/>

</object>

</objects>

</spring>

<appSettings/>

<connectionStrings/>

<system.web>

<compilationdebug="true">

<assemblies>

<addassembly="System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

<addassembly="System.Configuration.Install, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>

<authenticationmode="Windows"/>

<httpHandlers>

<!-- Spring Handler -->

<addverb="*"path="*.aspx"type="Spring.Web.Support.PageHandlerFactory, Spring.Web"/>

<addverb="*"path="*.asmx"type="Spring.Web.Services.WebServiceHandlerFactory, Spring.Web"/>

</httpHandlers>

<httpModules>

<addname="SpringModule"type="Spring.Context.Support.WebSupportModule, Spring.Web"/>

<!-- Required for managing NHibernate session between http requests-->

<addname="OpenSessionInView"type="Spring.Data.NHibernate.Support.OpenSessionInViewModule, Spring.Data.NHibernate12"/>

</httpModules>

</system.web>

</configuration>

Above source code sample is from a custom software development company.

Object Relational Mapping in Spring.Net

Object relation mapping is one king of method that relates real world object to data source as described by software development companies. There are certain issues to map object to data source but ORM provides three ways to deal it like bottom up, top-down and meet in the middle. Each approach has its own advantage and disadvantage. To select the best software solution, developers have to understand the environment and design requirementscompletly. 

There are certain benefits of ORM:

• Simplified development because ORM automates object-to- data table and data table-to-object conversion, resulting in lower development and maintenance costs
• Code is reduce as compare to other database like stored procedure. 
• Improve performance by keeping transparent caching in application.
• By creating optimum solution, it makes application faster.

Custom software development companies should consider following object relational mapping tools which are used in .Net

·         Base One Foundation Component Library, free or commercial

·         Castle ActiveRecord, ActiveRecord for .NET, open source

·         DatabaseObjects .NET, open source

·         DataBloks .NET, free or commercial

·         DataObjects.NET, commercial

·         Dapper, open source

·         ECO, commercial but free use for up to 12 classes

·         Entity Framework, included in .NET Framework 3.5 SP1 and above

·         EntitySpaces, was commercial, now free

·         iBATIS, free open source, maintained by ASF but now inactive.

·         LINQ to SQL, included in .NET Framework 3.5

·         LLBLGen Pro, commercial

·         Neo, open source but now inactive.

·         nHydrate, open source

·         Persistor.NET, free or commercial

·         Quick Objects, free or commercial

·         Signum Framework, open source

·         SubSonic, open source

Transaction management in Spring.net

Transaction management in Spring.net provides following main benefits as custom software development companies :

• Provides a straightforward API for programming model such as ADO.NET, Enterprise Services and System. Transactions, and NHibernate.
• Provide declarative transaction management using any of the data access technologies
• Provides API which is very easy to use and applicable on programmatic transaction management
• Integrates with high level persistence integration APIs such as AdoTemplate.

Cosider following interface which is defined by transaction. It is called

Spring.Transaction.IPlatformTransactionManager interface, shown below:

public interface IPlatformTransactionManager {

ITransactionStatusGetTransaction(ITransactionDefinition definition );

void Commit( ITransactionStatustransactionStatus );

void Rollback( ITransactionStatustransactionStatus );

}

IPlatformTransactionManager is an interface and its implementations can be defined by any other object in the IoC container. Consider following implementations:

• AdoPlatformTransactionManager: Transaction based on local ADO.NET
• ServiceDomainPlatformTransactionManager: like distributed transaction manager from Enterprise Services
• TxScopePlatformTransactionManager:It is local/distributed transaction manager which belongs toSystem.Transactions.
• HibernatePlatformTransactionManager:It is local transaction manager which is use with NHibernate or ADO.NET/NHibernate data access operations.

The following API are made. For the AdoPlatformTransactionManager,

Transaction.Begin(), Commit(), Rollback(). ServiceDomainPlatformTransactionManager uses the'Services without Components' update so that your objects do not need to inherit fromServicedComponent or directly call the Enterprise Services API ServiceDomain.Enter(), Leave;ContextUtil.SetAbort()TxScopePlatformTransactionManager calls; new TransactionScope(); .Complete(),Dispose(), Transaction.Current.Rollback(). Configuration properties for each transaction manager are specific tothe data access technology used. Refer to the API docs for comprehensive information but the examples shouldgive you a good basis for getting started. The HibernatePlatformTransactionManager is described more in thefollowing section.

The GetTransaction(..) method returns a ITransactionStatus object and it is depending on aITransactionDefinition parameters. The returned ITransactionStatus may represent a new or existingtransaction (if there was a matching transaction in the current call stack - with the implication being that ITransactionStatus is associated with a logical thread of execution.

The ITransactionDefinition interface is described by software development companies as follow:

• Isolation: the degree of isolation means the transaction is reading data of another transaction. So if another transaction leave in uncommitted phase then current transaction has data which is not exist.
• Propagation: Most of code executed within a transaction boundary will run in that transaction‘s scope. However, there are several possible options there to specify behavior if a transactional method is executed when a transaction context already exists like, simply continue running in the existing transaction or suspending the execution of existing transaction and creating another new transaction.
• Timeout: Amount of time taken by transaction before timeout. It is automatically being rolled back by the underlying transaction infrastructure.
• Read-only status: Any data cannot be modified by a read-only transaction. This type of transaction is very much useful for optimization purpose in some area (Especially while using NHibernate).

Dependency Injection in Spring.Net

Dependency Injection is a technique that provides decoupling application from the actual implementation during design/compile time and link them at run time. 

When we consume a class instance like ClassB from another class instance ClassA at compile time, then any changes which going to be made to ClassB will affect ClassA. For any single change, we need to recompile, redeploy the whole thing. Here, there is a static or compile time binding between ClassA and ClassB. Dependency Injection is one of the techniques that relieves us from the pain of static binding and decouples ClassA and ClassB at runtime. The end result, a decoupled or loosely coupled system.

Let’s consider an application being developed by software development companies which contains three layer Presentation Layer (UI), Business Login (BAL) Layer and Data Access Layer (DAL).  In that UI interacts with BAL and BAL interact with DAL. In tightly coupled system, UI is depended on BAL and BAL is depended on DAL so problem is that if make any changes in DAL then it is required to compile or redeploy rest of the layer. Where in case of loosely coupled system any instance can be changed at runtime rather than compile time. So by enforcing DI in application development we can link the layer at runtime, we can also develop layer independently and integrate later.  

Advantage of Using DI:

• Consider following for DI, whichcan be used in a real time:
• The dependent layer can be changed at runtime based on the environment.  
• The rapidly bug fixes can be done offline and linked at integration/testing phase 
• Side by side development of different layers which can be linked at integration phase.

Creating loosely typed System Using Dependency Injection

At first, create layered architecture in which there are Presentation, Business login and Data Access layer. UI interacts with Business Login and Business Login further interact with Data Access layer to get data.

Here by adding dependency injection in layered architecture, we can get change any instance at runtime rather than at compile time so there will not any dependency among all layers. Moreover, we are going to link layer at runtime.

Steps to implement DI in DotNet:

1. At first, it is required to create Interfacefor all layers, especially interface for Business login and Data access layer which contain method definition.
2. Give implementation of interface by both layers, BAL and DAL respectively.
3. Perform Spring configuration in dotnet in configuration file in which create unique instant for all above layer so that they can serve multiple request.
4. Add reference for Spring.Core in application and initialize your configuration by ContextRegistry.GetContext() method which validates about existence of your objects that you have created in configuration file and this method will return IApplicationContext instance
5. Now once instance is initialized then you can call method of DAL from BAL instance.

Real time use:

• Runtime change the dependent layer like create two kind of environment one for production which contains actual implementation and another for testing environment.
• Parallel development of layer and final can be integrated or linked.
• decoupling application from the actual implementation during design/compile time and link them at run time is the prime use of dependency injection for custom software development companies

Overview of Spring.NET

Spring.Net is open source framework which is used to develop enterprise level light-weight application to custom software development companies. The design of Spring.Net is based on the Java Spring Framework. Spring.Net provides following:

• Dependency Injection
• Integrate Aspect-Oriented Programming in application.
• Transaction management for middle tier.

Spring.Net is application at so many area. Core features, such as the Dependency Injection, AOP and the data access framework can be used in pretty much any .NET application. They allow you to create simple and pure applications. 

Spring.Net consists of following main modules:

• Spring.Core: Configure your application using DI
• Spring.Aop: Provides various libraries for transactions, logging, performance monitoring, caching and exception handling.
• Spring.Data: Support data access facilities with ADO.NET.
• Spring.Data.NHibernate: Integrating hibernate with transaction management and provides object relational mapping.
• Spring.Services: This includes dotnetremoting,web services using DI. 
• Spring.Web: Provides level of abstraction with ASP.NET web application.
• Spring.Web.Mvc3/4/5: Integrates Spring.Core and Spring.Aop into Dotnet MVC.

Spring.Net also support WCF integration which provides dependency Injection and application of AOP to WCF service.

It is not compulsory that custom software development companies have to use all the above module or not anything. It just likes creating ASP.NET front-end and write business logic using IOC and interact with middle layer which supports various services like transaction management along with accessing data.