Please enable JavaScript.
Coggle requires JavaScript to display documents.
IA3 Portfolio - Part 1 - Coggle Diagram
IA3 Portfolio - Part 1
Users
Jake - who is a studfent at the college already has friends who he knows enjoys certain activites. He wants a platform to be created where he can recognise the activities currently happenign at the school, and to be able to use this platform to discuss with friends about coordinating their attendance to these activities
Jordan who is a new student to the college seeeks to connect with other students. He wants a platform which allows him to find students with similar interests to him, and to be able to connect with them through the same platform, without having to contact them externally through email or such
Michael who is an old boy of the college seeks to be able to contact friends despite not enrolled in the school anymore. He wants to be able to access the schools local systems using an external email address, and to be able to contact friends who he had at school on this platform
Security
Threats
SQL Injection through various API request will allow mailicous parties to gain access to as much information from the database as wanted, without being able to do so, or be able to modify the data
Being able to access the data through just using the website, even though one is not authorised. This poses a threat as it means those who should not being seeing the site can obtain private data
Similar to SQL, data corruption and insertion is a threat, as it allows users to modify the database causing irrepairable damage without having to forfeit all user data that is currently stored
Physical threats include nautral events occuring to stop the connection of the local server to the internet, or physical theft of the local server which is hosting the database, and stealing the data from the database in this fashion
Measures
Authentication systems can be used to ensure that only users who are given access to the site are able to use the data on it. This can be done through either a login system, or through a digital authentication system such as google digital certificates
Hashing/encrypting any information that is stored or transmitted will stop users from having a use for information that they steal, and will stop it from being dangerous if information is breached
Keeping regular backups of the database will ensure that even if data is corrupted, it will not be beyond repair, and it can be recovered from a certain backup point that is decided by the web app creator
Determining systems which allow the data to be stored externally, rather than on a local device to implement security from the servers hosting the data, and to also implement physical security through the use of external systems
DEX System Tools
API Architecture
-
RESTful
-
-
REST is much more lleightweight, and compatible with all data formats and HTML verbs
Data Format
-
XML
-
XML is a much more complex system, using tags making it harder to break down into usable componenets
DBSM
SQLite3
This is a much lighter package, which can support very small databases in a single file, perfect for a prototype
SQL is suceptible to a lot of cybersecurity attacks and is limitted in the data types which it can store
mySQL
Due to it's external nature it can support very large databases as well as having built in security as it is not hosted on local servers, and must be secure to protect buyers data
Its architecture makes it very hard to run alongside a small server such as the one created, and it cannot be condesned into a single file, which is optimal for the server interface being made
Server Interface
Flask
Is a lighweight WGSI framework built deliberatey for quick testing and prototyping proof of concepts
Flask is a much newer service than Django and suits itself to many of the more modern standards of coding than Django does, as well as having much more common updates
Django
Django is a full stack development option which forces developers to take an extensive amount of time to create full products, rather than smaller prototypic proofs of concept
Whilst outdated, Django has a much more comprehensive library of components that can be used in order to make web pages dynamic and tailored for a beneficial user experience
Data Exchange Components
User interface is what the user actually sees, it is the coded component that is usually considered to be the "front end" as it is what users interact with, without being able to see the proccesses occuring behind the interface
The server interface will be the coded components that typically are referred to as the "back end". This included all the python functions which allow API reuqests to be made and their edat displayed, as well as other helpful files, such as CSS and Javascript
The data interface is the method that is used to allow data to travel between the server interface and the user interface, and in this case is considered to be the API, which takes from the database, accessed via the server interface, transferring data to the user interface
Data Exchange Elements
The data consumer system is the element of the system which will request data, and have data received, essentially this is the user component of the system, as it is the user who will make these requests using their user interface
The data provider system is what actually takes a data request and will search the database to send the data back to the data consumer system. It is typically considered to be the API as it is what transmits data between the server interface and the user interface
Problem
Problem Statement
Students at the school must be able to connect with each other. This can include connection through synonymously enjoyed activities, or through engaging with information regarding certain events at the school
This must be built into a data excahnge solution, which allows a user to gather data from a local database and have it ported back to them efficiently through a user interface
Security risks within the problem must be accounted for and adequatley mitigated, or planned to be mitigated, so that the private data stored within is not lost
The three users must be considered and all their needs met when creating the application, as it stipulates certain searches which must be possible within the DEX
-
All data must be transmitted by making use of an SQLite3 database, as this is the most efficient for a small prototype such as this, it does not need to be fully functional
Proposed Solution
An API must be created to allow certain users such as the old boy to access the application despite having left the school and no longer having access to the schools sysytems
The solution should be created with Python as this gives the easiest option the create a server interface, whilst creating an interface in the same language that interacts with SQL
The API, and user interactble python file should be built within two seperate environments, to allow external users to make use of the API
Data Storage
The activities table will be able to store all information regarding activities for the users, comprised of an activityName and an ID. This will hold non-sensitive data, and will be able to be called by the prototype
The students table is what holds some of the most sensitive data. As well as including information on a students name and their curreent status at school, it also includes information on person email addresses, phone numbers, and addresses. This is what can also be called upon in the final prototype. It also contains one foreing key called loginID which will link it to the login table
The activites/students table is what combines the seperate activites and the students tables. It allows students to select that they enjoy more than one activity without the creation of unnormalised data, involving duplicate records, and NULL fields