HeaderSIS.jpg

IS480 Team wiki: 2013T2 JavaChips MidTerm Wiki

From IS480
Jump to navigation Jump to search

Javachips3m3.jpg

Home Finals Mid Terms Our Team Project Overview Project Management Project Documentation Technical Documentation


Project Progress Status Summary

Our project has 10 iterations in total. We are in the midst of our 7th iteration.

Functions Completed:

  • Add, Delete, Edit Story
  • Location-based notifications
  • Geo-caching
  • Gamification

Functions remaining:

  • Custom trail generation
  • Social Media Integration

Other than our functions remaining, we still have a User Acceptance Test (UAT) to complete before the Final Presentation. We have conducted 2 User Testings to date.
In general, we’ve been on task for most of the iterations. We did face a challenge in as our client is very strict on the security standards that the back-end of the app should have. As such, we took a longer time than expected to complete tasks as we weren’t familiar with implementing effective security protocols. We needed more time to figure that out, which was in addition to the functionalities listed above. That would have to be the most major challenge we will face.

Project Highlights

Strict security requirements for back-end
After the acceptance of the project, our client wanted us to implement the system with strict security standards to protect his server from cyber attacks. As none of the team members were familiar with implementing security in PHP, this took up a bulk of the time and effort in Iteration 5 in December. However, we managed to seek the right help to accomplish this task on the website and also the team adapted our project management approaches to make up for the lost time. We're still in the midst of enhancing the security aspect of the codes for the mobile app.

Project Management

Project Metrics

Project Status:

Jalan Project Status.png

Jalan Project Schedule1.png

Jalan Project Schedule2.png

Schedule Metric

JalanJalan Schedule Metric.png

For our project, we are usually on time, with a slight delay of 2 days per iteration on average. This gives us a score of within 90%- 110%, thus no additional action needs to be taken.

Effort Metric

JalanJalan Effort Metric.png

Bug Metric

JalanJalan Bug Metric.png

Risk Metric

JalanJalan Risk Metric.png

Technical Complexity

1st Technical Complexity

A Cross Site Request Forgery (CSRF) Attack.
It happens when a session logged in user performed unwanted action or unintentionally runs a malicious script in the form without their knowledge. This attack can be performed over the GET or POST requests.
To prevent this CSRF attack, every form will need to have a unique key/token identifier.

  1. The token will be generated from the server side and sent to the form(as shown in the diagram).
  2. When the form receives the token, it will be part of the values that will be send over to the server.
  3. Server side receives the values with the token and will check the token values.
  4. If the token is the same as the generated token, it will be send for procession.
  5. If there is a mismatch in the token values, it would not be processed.


Jalan ComplexSecurity1.jpg


In addition, we had to deal with the issue of preventing SQL injections. Malicious SQL statements are inserted into an entry field for execution. Attackers could send statement that are able to cause problem in the database. eg.("drop table...").
Therefore to tackle the issue, we use prepared statements and bind the values to it. By using prepared statements and binding the values, it will take the values as the content of the parameters and not part of the statement.

Jalan ComplexSecurity2.jpg




2nd Technical Complexity

We are faced with a travelling salesman problem. The user will have 2 options to select to decide on his/her custom trail, time and distance. To resolve the issue of creating a trail for the user based on these options, we use the Nearest Neighbor Algorithm.


Jalan Complex1.png


Jalan ComplexPic1.pngJalan ComplexPic2.pngJalan ComplexPic3.png
Jalan ComplexPic4.pngJalan ComplexPic5.pngJalan ComplexPic6.png
Jalan ComplexPic7.pngJalan ComplexPic8.png


  1. So given a set of places, we would first be choosing the starting place as well as its next nearest place, which is P2.
  2. P1 and P2 will then be marked as visited (as indicated by the change of color in the slide), and we will compare the visited places with the places that have not been visited. Therefore, the next nearest location would be nearest to either P1 or P2. In this case the next nearest location is between P1 and P3.
  3. P3 will then be inserted after P1 at position 2. The next nearest place would then be between P3 and P4.
  4. P4 will then be added in between P3 and P2. Then subsequently all the other places would be covered.
  5. Finally we will have an approximate and pretty accurate solution to the shortest path, and we will add P1 back to the last place in the trail if the user wishes to go back.

Intermediate Deliverables

Stage Specification Modules
Project Management Minutes Meeting Minutes
Metrics Schedule metric, Bug metric, Effort metric, Risk Metric ,Change Log, Product Backlog
Requirements Storyboard Storyboard ,Jalan Jalan Requirements
Design Priority Diagram Priority Circle
Analysis Use Case Use Case
Example Screen shots

Jalan Jalan App Screenshot & Walk-through

Design Class Diagram

Class Diagram

ER Diagram ER Diagram
System Architecture System Achitecture
Testing UT1 and UT 2 UT instructions and results

Deployment

Website: JalanJalan Website

Presentation

File:Jalanmidterms.pdf

Reflection

Team reflection: We learn that communication is very important between the client and the team. It is vital to keep the client regularly updated about the project progress, and I learnt how to negotiate with the client about prioritizing the changes requested by the client. Trust among member's is particularly important when we do not have experience in certain fields, for example managing the security aspect of Android. Our biggest takeaways include handing the practical aspect of security in coding, something we have no exposure to before, as well as working with a real client and dealing with the changes he requested along the way.