Transcript PowerPoint
Architecture
Planning and designing a successful system
Use tried and tested techniques
Easy to maintain
Robust and long lasting
The DVD Swap Shop
Written in VB.NET
Suffers from much poor design
Available for download from the module web site /
blackboard
We shall look at a quick demo of what the program
does
Security Issues
The standard login for the program is
User name
Password
[email protected]
password123
What happens if we use the following?
User name
User name
hi' or '1'='1
hi' or '1'='1
SQL Injection Attacks
SQL is a language designed for querying database
It stands for Structured Query Language
Most commonly abbreviated to
SQL or Sequel (as in Sequel Server)
We are going to use SQL later in this module and you
will be learning it in a parallel module so it won’t do
any harm to show you a little SQL now
Concatenation
select * from Users where EMail = '" + Email + "' and
UserPassword = '“ + Password + "'"
With the following account
[email protected]
password123
This concatenates to …
select * from Users where EMail = '[email protected]'
and UserPassword = 'password123'
The Injection Attack
select * from Users where EMail = '" + Email + "' and
UserPassword = '" + Password + "'"
With the following “account”
hi' or '1'='1
This concatenates to …
select * from Users where EMail = 'hi' or '1'='1' and
UserPassword = 'hi' or '1'='1'
How it Works
The single speech mark has terminated the string early
Since 1 always equals 1 we return all of the records
There are more than zero records so it logs the user in
as the first account
The first user on any system is often the administrator
This is not a lesson on SQL injection attacks
it does server to illustrate the vulnerabilities of poor
architecture
Maintenance
DVD Swap Shop built on Access
Not the best choice for an internet application
Change to another database e.g. SQL Server
DVD.MDB becomes DVD.MDF
The Problem
Web page 1
Database Name
Web page 2
Database Name
Data Connection
Class
Database
Web page 3
Database Name
Web page 4
Database Name
100 page site with ten references to the database per page = 1000 changes
to the code!
Scalability
How many of you have FaceBook or Twitter on your
phone?
How would we modify the DVD swap shop so there is a
phone app that does the same?
Re-design the pages
However what do we do about the functionality?
Compare the Following Pages
Other Issues to Think About
Dealing with International Markets
Dealing with Different Computer Platforms
Dealing with International
Markets
Amazon Search
Dealing with Different Computer
Platforms
Mobile Apps - Apple/Android/WinMo 8
Tablet computers e.g. iOS / Windows 8/ Android
Windows Computers
Linux machines
Servers running Apache / IIS
What is the technology that makes it possible to
support such a range of platforms?
Simple Three Layered Architecture
Presentation
(Interface)
Middle Tier
Business Logic
(Objects/Classes)
Data Layer
Database
Some Benfits
The interface has no knowledge of the structure of the
database
Middle tier handles communication of data
Database may be switched with no impact on interface
All functionality in the middle tier
This means we may bolt on many different interfaces
Multiple Interfaces Single System
Presentation
(Interface)
Web browser
Middle Tier
Business Logic
(Objects/Classes)
Data Layer
Database
Presentation
(Interface)
Mobile phone app
The big plus here is that if we change the functionality of the middle tier, any
applications that are built on it instantly benefit.
Overview of Finished Address
Book