team 21 adviser: tien nguyen client: ecpe and tony...
TRANSCRIPT
ECpE Student DatabaseTeam 21
Adviser: Tien Nguyen Client: ECpE and Tony Moore
Team: Steven Murray Justin Sliekers Nathan Staley Mike Walsh
Problem Statement
Faculty and staff in ECpE department need a better way to recommend students for opportunities Problem stems from a lack of data
Resolve with a new database of student info and opportunity infoAlso includes a web-based front end for ease of use for data entry/retrieval
Functional Requirements1. All users of the product will have a valid Iowa State NetID.2. All users of the product shall be associated with the ECpE
Department.3. The product shall allow advisers to query all available
student information.4. The product shall run on a Engineering Computer Support
Group managed server.5. The product shall provide a user friendly method for data
entry and retrieval.6. The product shall allow multiple users to be on at the
same time.
Non-functional Requirements1. The cost of this product shall not exceed $500.2. The product shall prevent a student from viewing another
student’s information. 3. The database shall not exceed the storage size of the
provided server. 4. The product shall be accessible through ISU servers on
the web. 5. Users must Authenticate with ISU before logging in to the
server. 6. The product shall not block user activity during network
actions. 7. The product shall work on IE, as well as the other major
browsers.
Current Plan
Conceptual Sketch
Conecpt breakdown:
Model - communication module, data interaction
View - display module Controller - page abstraction module, permission enforcement
Detailed Design
Test PlanDatabase
Load testingNetwork stress testingSecurity testing
Browser
Support for multiple browsersFunctionality testing across browsersVisual testing across browser
Permission Enforcement
Unknown userFunctionality access control
Communication Sample
Module Interfaceconstruct( name, leftPos, topPos, posType ) - variable initialization and sets the structure of the module. - checks user permission at framework level, so individual pages dont need to rewrite permissions check. doInit( request ) - used to get the default html for the module, what should be seen then first loading the specific page. - Returns an array of arrays, each with the form [divID] = html refresh( request ) - handles processing logic for page events, and database interaction as needed. - Returns an array of arrays, each with the form [divID] = html
SecurityPubcookie: - Used by various secure sites on ISU (CyMail, ASW, etc) - .htaccess files force authentication before running server code. - sets $_SERVER["REMOTE_USER"] to the ISU NetID of the logged in user. This variable is never set by client provided information, so it cannot be faked.
Privacy: - Database interaction relies on prepared queries to avoid SQL Injection attacks. - Content mapped to User ID derived from authentication. - Data Saved in server session to avoid having to send sensitive information to client.
Plan For Rest of SemesterDatabase
Finish implementationTest security and network capabilities
Web InterfaceMultiple browser support testingStudent componentsAdministrator components
SecurityData security
ApprovalClient and Student acceptanceReceive student feedback
Questions
?