Twitter - Quiz Tutors
Design Pattern & Database - Computer Science. Facebook - Quiz Tutors

Relational Databases Sql, Unified Modeling Language, Cross Site Scripting, Design Pattern

The key terms of this chapter include Design Principle, Design Pattern, Language, Injection, Data, Site Script, Password, Encryption, Html.


What is the difference between Design Principles and Design Patterns?

Design principles – well-proven, higher-level abstractions, language-independent
Design patterns – lower level, more specific, language-dependent


Design Patterns

proven reusable soln (prescription) to a commonly occurring problem


Name all design patterns discussed in class

DAO Design Pattern
Dependency Injection Pattern
MVC Pattern


DAO Design Pattern

Decoupling database (persistence) and rest of application
– adding a layer of abstraction (Data Access Object)
Business Object –Uses–> DAO –Encapsulates–>Data Source


Observer

behavioral design pattern – subscription mech to notify multiple objects about any events happening that the object is observing
– get notified when state changed
Subject = object being watched
ex: Action/Event interface


SQl Injection

Insert malicious sql code into sql query through web app user input
– break database


Solution to SQL injection

User PrepareStatement and PrepareStatement.setString
setString sanitizes input before inserting to sql query


Cross-site Scripting (XSS)

Injection attack
inserting html code into user input
loading malicious script inserted into html


How to safely store credentials

Store representation of credentials instead of actual value
Encryption or hashing


Encryption

scrambling text using a key (private key)
encrypted msg –private key–> decrypted msg
Not good for storing credentials – two-way function


Hashing

better way of storing credentials
one-way function
– scrambles plain text –> fix-sized msg digest (hashed message)
stores hash
– hash code does not reveal a password
fixed algorithm to produce hash – always produce same hash with same password


Dictionary attack

attacker has commonly used passwords and the corresponding hash
given hash —> can look up dictionary –> password


polymorphism

refer to different types of similar objects (undergrads, grads) as one type (students)
useful for lists


Object-Oriented Analysis and Design (OOAD)

Analysis – problem modeling
Design – solution modeling
Implementation


Unified Modeling Language (UML)

Used for OOAD
Class Diagram
– updated for each iteration
– overview of software system


What makes a design good?

High cohesion (focused) & low coupling (loose dependency)


@beforeClass

runs only once before all the tests


OkHttp

for functional testing of RESTful API


What is the purpose of cookies?

save state since RESTful is stateless
– session management: logging in, shopping carts
– personalization
– tracking


Continuous Delivery

frequently deploy changes of software functionalities to clients
automated deployments


build pipeline

steps to move development to production


Continuous Integration

integrate changes to a repository (on Github) to deployment (Heroku) frequently (mult times a day)


Homepage