team 21 adviser: tien nguyen client: ecpe and tony...

ECpE Student DatabaseTeam 21

Adviser: Tien Nguyen Client: ECpE and Tony Moore

Team: Steven Murray Justin Sliekers Nathan Staley Mike Walsh

Problem Statement

Faculty and staff in ECpE department need a better way to recommend students for opportunities Problem stems from a lack of data

Resolve with a new database of student info and opportunity infoAlso includes a web-based front end for ease of use for data entry/retrieval

Functional Requirements1. All users of the product will have a valid Iowa State NetID.2. All users of the product shall be associated with the ECpE

Department.3. The product shall allow advisers to query all available

student information.4. The product shall run on a Engineering Computer Support

Group managed server.5. The product shall provide a user friendly method for data

entry and retrieval.6. The product shall allow multiple users to be on at the

same time.

Non-functional Requirements1. The cost of this product shall not exceed $500.2. The product shall prevent a student from viewing another

student’s information. 3. The database shall not exceed the storage size of the

provided server. 4. The product shall be accessible through ISU servers on

the web. 5. Users must Authenticate with ISU before logging in to the

server. 6. The product shall not block user activity during network

actions. 7. The product shall work on IE, as well as the other major

browsers.

Current Plan

Conceptual Sketch

Conecpt breakdown:

Model - communication module, data interaction

View - display module Controller - page abstraction module, permission enforcement

Detailed Design

Test PlanDatabase

Load testingNetwork stress testingSecurity testing

Browser

Support for multiple browsersFunctionality testing across browsersVisual testing across browser

Permission Enforcement

Unknown userFunctionality access control

Communication Sample

Module Interfaceconstruct( name, leftPos, topPos, posType ) - variable initialization and sets the structure of the module. - checks user permission at framework level, so individual pages dont need to rewrite permissions check. doInit( request ) - used to get the default html for the module, what should be seen then first loading the specific page. - Returns an array of arrays, each with the form [divID] = html refresh( request ) - handles processing logic for page events, and database interaction as needed. - Returns an array of arrays, each with the form [divID] = html

SecurityPubcookie: - Used by various secure sites on ISU (CyMail, ASW, etc) - .htaccess files force authentication before running server code. - sets $_SERVER["REMOTE_USER"] to the ISU NetID of the logged in user. This variable is never set by client provided information, so it cannot be faked.

Privacy: - Database interaction relies on prepared queries to avoid SQL Injection attacks. - Content mapped to User ID derived from authentication. - Data Saved in server session to avoid having to send sensitive information to client.

Plan For Rest of SemesterDatabase

Finish implementationTest security and network capabilities

Web InterfaceMultiple browser support testingStudent componentsAdministrator components

SecurityData security

ApprovalClient and Student acceptanceReceive student feedback

Questions

?