Transcript PowerPoint

Architecture
 Planning and designing a successful system
 Use tried and tested techniques
 Easy to maintain
 Robust and long lasting
The DVD Swap Shop
 Written in VB.NET
 Suffers from much poor design
 Available for download from the module web site /
blackboard
 We shall look at a quick demo of what the program
does
Security Issues
 The standard login for the program is
 User name
 Password
[email protected]
password123
 What happens if we use the following?
 User name
 User name
hi' or '1'='1
hi' or '1'='1
SQL Injection Attacks
 SQL is a language designed for querying database
 It stands for Structured Query Language
 Most commonly abbreviated to
 SQL or Sequel (as in Sequel Server)
 We are going to use SQL later in this module and you
will be learning it in a parallel module so it won’t do
any harm to show you a little SQL now
Concatenation
 select * from Users where EMail = '" + Email + "' and
UserPassword = '“ + Password + "'"
 With the following account
 [email protected]
 password123
 This concatenates to …
 select * from Users where EMail = '[email protected]'
and UserPassword = 'password123'
The Injection Attack
 select * from Users where EMail = '" + Email + "' and
UserPassword = '" + Password + "'"
 With the following “account”
 hi' or '1'='1
 This concatenates to …
 select * from Users where EMail = 'hi' or '1'='1' and
UserPassword = 'hi' or '1'='1'
How it Works
 The single speech mark has terminated the string early
 Since 1 always equals 1 we return all of the records
 There are more than zero records so it logs the user in
as the first account
 The first user on any system is often the administrator
 This is not a lesson on SQL injection attacks
 it does server to illustrate the vulnerabilities of poor
architecture
Maintenance
 DVD Swap Shop built on Access
 Not the best choice for an internet application
 Change to another database e.g. SQL Server
 DVD.MDB becomes DVD.MDF
The Problem
Web page 1
Database Name
Web page 2
Database Name
Data Connection
Class
Database
Web page 3
Database Name
Web page 4
Database Name
100 page site with ten references to the database per page = 1000 changes
to the code!
Scalability
 How many of you have FaceBook or Twitter on your
phone?
 How would we modify the DVD swap shop so there is a
phone app that does the same?
 Re-design the pages
 However what do we do about the functionality?
Compare the Following Pages
Other Issues to Think About
 Dealing with International Markets
 Dealing with Different Computer Platforms
Dealing with International
Markets
Amazon Search
Dealing with Different Computer
Platforms
 Mobile Apps - Apple/Android/WinMo 8
 Tablet computers e.g. iOS / Windows 8/ Android
 Windows Computers
 Linux machines
 Servers running Apache / IIS
 What is the technology that makes it possible to
support such a range of platforms?
Simple Three Layered Architecture
Presentation
(Interface)
Middle Tier
Business Logic
(Objects/Classes)
Data Layer
Database
Some Benfits
 The interface has no knowledge of the structure of the
database
 Middle tier handles communication of data
 Database may be switched with no impact on interface
 All functionality in the middle tier
 This means we may bolt on many different interfaces
Multiple Interfaces Single System
Presentation
(Interface)
Web browser
Middle Tier
Business Logic
(Objects/Classes)
Data Layer
Database
Presentation
(Interface)
Mobile phone app
The big plus here is that if we change the functionality of the middle tier, any
applications that are built on it instantly benefit.
Overview of Finished Address
Book