Relational Databases Sql, Unified Modeling Language, Cross Site Scripting, Design Pattern
The key terms of this chapter include Design Principle, Design Pattern, Language, Injection, Data, Site Script, Password, Encryption, Html.
What is the difference between Design Principles and Design Patterns?
Design principles – well-proven, higher-level abstractions, language-independent
Design patterns – lower level, more specific, language-dependent
Design Patterns
proven reusable soln (prescription) to a commonly occurring problem
Name all design patterns discussed in class
DAO Design Pattern
Dependency Injection Pattern
MVC Pattern
DAO Design Pattern
Decoupling database (persistence) and rest of application
– adding a layer of abstraction (Data Access Object)
Business Object –Uses–> DAO –Encapsulates–>Data Source
Observer
behavioral design pattern – subscription mech to notify multiple objects about any events happening that the object is observing
– get notified when state changed
Subject = object being watched
ex: Action/Event interface
SQl Injection
Insert malicious sql code into sql query through web app user input
– break database
Solution to SQL injection
User PrepareStatement and PrepareStatement.setString
setString sanitizes input before inserting to sql query
Cross-site Scripting (XSS)
Injection attack
inserting html code into user input
loading malicious script inserted into html
How to safely store credentials
Store representation of credentials instead of actual value
Encryption or hashing
Encryption
scrambling text using a key (private key)
encrypted msg –private key–> decrypted msg
Not good for storing credentials – two-way function
Hashing
better way of storing credentials
one-way function
– scrambles plain text –> fix-sized msg digest (hashed message)
stores hash
– hash code does not reveal a password
fixed algorithm to produce hash – always produce same hash with same password
Dictionary attack
attacker has commonly used passwords and the corresponding hash
given hash —> can look up dictionary –> password
polymorphism
refer to different types of similar objects (undergrads, grads) as one type (students)
useful for lists
Object-Oriented Analysis and Design (OOAD)
Analysis – problem modeling
Design – solution modeling
Implementation
Unified Modeling Language (UML)
Used for OOAD
Class Diagram
– updated for each iteration
– overview of software system
What makes a design good?
High cohesion (focused) & low coupling (loose dependency)
@beforeClass
runs only once before all the tests
OkHttp
for functional testing of RESTful API
What is the purpose of cookies?
save state since RESTful is stateless
– session management: logging in, shopping carts
– personalization
– tracking
Continuous Delivery
frequently deploy changes of software functionalities to clients
automated deployments
build pipeline
steps to move development to production
Continuous Integration
integrate changes to a repository (on Github) to deployment (Heroku) frequently (mult times a day)