Transcript Project Midterm Presentation

ECpE Student Database
Team 21
Adviser: Tien Nguyen
Client:
ECpE and Tony Moore
Team:
Steven Murray
Justin Sliekers
Nathan Staley
Mike Walsh
Problem Statement
• Faculty and staff in ECpE department need a better way to
recommend students for opportunities
• Problem stems from a lack of data
• Resolve with a new database of student info and opportunity info
• Also includes a web-based front end for ease of use for data
entry/retrieval
Functional Requirements
1. All users of the product will have a valid Iowa State NetID.
2. All users of the product shall be associated with the ECpE
Department.
3. The product shall allow advisers to query all available
student information.
4. The product shall run on a Engineering Computer Support
Group managed server.
5. The product shall provide a user friendly method for data
entry and retrieval.
6. The product shall allow multiple users to be on at the same
time.
Non-functional Requirements
1. The cost of this product shall not exceed $500.
2. The product shall prevent a student from viewing another
student’s information.
3. The database shall not exceed the storage size of the
provided server.
4. The product shall be accessible through ISU servers on
the web.
5. Users must Authenticate with ISU before logging in to the
server.
6. The product shall not block user activity during network
actions.
7. The product shall work on IE, as well as the other major
browsers.
Current Plan
Conceptual Sketch
Conecpt breakdown:
Model - communication
module, data interaction
View - display module
Controller - page
abstraction module,
permission enforcement
Detailed Design
Test Plan
• Database
o Load testing
o Network stress testing
o Security testing
• Browser
o Support for multiple browsers
o Functionality testing across browsers
o Visual testing across browser
• Permission Enforcement
o Unknown user
o Functionality access control
Communication Sample
Module Interface
construct( name, leftPos, topPos, posType )
- variable initialization and sets the structure of the module.
- checks user permission at framework level, so individual
pages
dont need to rewrite permissions check.
doInit( request )
- used to get the default html for the module, what should
be seen
then first loading the specific page.
- Returns an array of arrays, each with the form [divID] = html
refresh( request )
- handles processing logic for page events, and
database
interaction as needed.
- Returns an array of arrays, each with the form [divID] = html
Security
Pubcookie:
- Used by various secure sites on ISU (CyMail, ASW, etc)
- .htaccess files force authentication before running server
code.
- sets $_SERVER["REMOTE_USER"] to the ISU NetID of
the logged in user. This variable is never set by client
provided information, so it cannot be faked.
Privacy:
- Database interaction relies on prepared queries to avoid
SQL Injection attacks.
- Content mapped to User ID derived from authentication.
- Data Saved in server session to avoid having to send sensitive
information to client.
Plan For Rest of Semester
• Database
o Finish implementation
o Test security and network capabilities
• Web Interface
o Multiple browser support testing
o Student components
o Administrator components
• Security
o Data security
• Approval
o Client and Student acceptance
o Receive student feedback
Questions