1 / 25

Architecture

Architecture. Stuff to memorise…. "A method tells an object to perform an action. A property allows us to read or change the settings of the object.". Architecture. Planning and designing a successful system Use tried and tested techniques Easy to maintain Robust and long lasting.

marceloe
Download Presentation

Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Architecture

  2. Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."

  3. Architecture • Planning and designing a successful system • Use tried and tested techniques • Easy to maintain • Robust and long lasting

  4. The DVD Swap Shop • Written in VB.NET • Suffers from much poor design • Available for download from the module web site / blackboard • We shall look at a quick demo of what the program does

  5. Security Issues • The standard login for the program is • User name mjdean@dmu.ac.uk • Password password123 • What happens if we use the following? • User name hi' or '1'='1 • User name hi' or '1'='1

  6. SQL Injection Attacks • SQL is a language designed for querying database • It stands for Structured Query Language • Most commonly abbreviated to • SQL or Sequel (as in Sequel Server) • We are going to use SQL later in this module and you will be learning it in a parallel module so it won’t do any harm to show you a little SQL now

  7. Concatenation • select * from Users where EMail = '" + Email + "' and UserPassword = '“ + Password + "'" • With the following account • mjdean@dmu.ac.uk • password123 • This concatenates to … • select * from Users where EMail = 'mjdean@dmu.ac.uk' and UserPassword = 'password123'

  8. The Injection Attack • select * from Users where EMail = '" + Email + "' and UserPassword = '" + Password + "'" • With the following “account” • hi' or '1'='1 • This concatenates to … • select * from Users where EMail = 'hi' or '1'='1' and UserPassword = 'hi' or '1'='1'

  9. How it Works • The single speech mark has terminated the string early • Since 1 always equals 1 we return all of the records • There are more than zero records so it logs the user in as the first account • The first user on any system is often the administrator • This is not a lesson on SQL injection attacks • it does server to illustrate the vulnerabilities of poor architecture

  10. Maintenance • DVD Swap Shop built on Access • Not the best choice for an internet application • Change to another database e.g. SQL Server • DVD.MDB becomes DVD.MDF

  11. Web page 1 Database Name Web page 2 Database Name Data Connection Class Database Web page 3 Database Name Web page 4 Database Name The Problem 100 page site with ten references to the database per page = 1000 changes to the code!

  12. Scalability • How many of you have FaceBook or Twitter on your phone? • How would we modify the DVD swap shop so there is a phone app that does the same? • Re-design the pages • However what do we do about the functionality?

  13. Compare the Following Pages

  14. Other Issues to Think About • Dealing with International Markets • Dealing with Different Computer Platforms

  15. Dealing with International Markets

  16. Amazon Search

  17. Dealing with Different Computer Platforms • Mobile Apps - Apple/Android/Windows • PCs e.g. iOS / Windows/ Android • Linux machines • Servers running Apache / IIS • What is the technology that makes it possible to support such a range of platforms?

  18. Presentation (Interface) Middle Tier Business Logic (Objects/Classes) Data Layer Database Simple Three Layered Architecture

  19. Benefits : Change Database Technology without Changing the Interface • The interface has no knowledge of the structure of the database • Middle tier handles communication of data • Database technology may be changed with no impact on interface • All functionality in the middle tier • This means we may bolt on many different interfaces

  20. Presentation (Interface) Web browser Data Layer Database Middle Tier Business Logic (Objects/Classes) Presentation (Interface) Mobile phone app Benefits : Attach Multiple Presentation Layers

  21. Benefits : Code re-use and maintenance • All important code is stored in the middle layer • Any changes made here benefit all parts of the system using it • Code only created once so easier to find an maintain

  22. Overview of Finished Address Book

  23. The Presentation Layer

  24. The Middle Layer

  25. The Data Layer

More Related