Transcript PowerPoint
We will cover in this lecture A first look at issues related to Security Maintenance Scalability Simple Three Layer Architecture Module Road Map Assignment 1 Road Map/Claims for Credit Internet Software Not web sites! We experience the web as users there is much more behind the scenes we are interested in Some things we are interested in Security Maintenance Scalability The DVD Swap Shop Used on the first year to teach programming Written in VB.NET Uses some of the concepts we teach in this module However it suffers from much poor design Available for download from the module web site / blackboard We shall look at a quick demo of what the program does Security Issues The standard login for the program is User name Password [email protected] password123 What happens if we use the following? User name User name hi' or '1'='1 hi' or '1'='1 SQL Injection Attacks SQL is a language designed for querying database It stands for Structured Query Language Most commonly abbreviated to SQL or Sequel (as in Sequel Server) We are going to use SQL later in this module and you will be learning it in a parallel module so it won’t do any harm to show you a little SQL now The Offending SQL select * from Users where EMail = '" & EMail & "' and UserPassword = '" & Password & "'" With the following account [email protected] password123 This concatenates to … select * from Users where EMail = '[email protected]' and UserPassword = 'password123' The Injection Attack select * from Users where EMail = '" & EMail & "' and UserPassword = '" & Password & "'" With the following “account” hi' or '1'='1 This concatenates to … select * from Users where EMail = 'hi' or '1'='1' and UserPassword = 'hi' or '1'='1' How it Works The single speech mark has terminated the string early Since 1 always equals 1 we return all of the records There are more than zero records so it logs the user in as the first account The first user on any system is often the administrator This is not a lesson on SQL injection attacks it does server to illustrate the vulnerabilities of poor architecture Maintenance DVD Swap Shop built on Access Not the best choice for an internet application Change to another database e.g. SQL Server DVD.MDB becomes DVD.MDF The Problem Web page 1 Database Name Web page 2 Database Name Conduit Class Database Web page 3 Database Name Web page 4 Database Name 100 page site with ten references to the database per page = 1000 changes to the code! Scalability How many of you have FaceBook or Twitter on your phone? How would we modify the DVD swap shop so there is a phone app that does the same? Re-design the pages However what do we do about the functionality? Compare the Following Pages Other Issues to Think About Dealing with International Markets Dealing with Different Computer Platforms Dealing with International Markets Amazon Search Dealing with Different Computer Platforms Mobile Apps - Apple/Android/WinMo 7 & 8 Tablet computers e.g. iOS / Windows 8/ Android Windows Computers Linux machines Servers running Apache / IIS What is the technology that makes it possible to support such a range of platforms? Simple Three Tier Architecture Presentation (Interface) Middle Tier Business Logic (Objects/Classes) Data Layer Database Some Benfits The interface has no knowledge of the structure of the database Middle tier handles communication of data Database may be switched with no impact on interface All functionality in the middle tier This means we may bolt on many different interfaces Multiple Interfaces Single System Presentation (Interface) Web browser Middle Tier Business Logic (Objects/Classes) Data Layer Database Presentation (Interface) Mobile phone app The big plus here is that if we change the functionality of the middle tier, any applications that are built on it instantly benefit. Life is Never that Simple! Module Road Map Assignment 1 Road Map Claims for Credit One interesting aspect of this module is that you have the facility of claiming credit for work that is not complete. If I were you I would make a start ASAP on creating parts of the system and then claiming credits for them from your tutor. This will help you in two ways 1. You may start obtaining your module marks 2. You may get feedback on work even if it is half baked