IS480 Team wiki: 2013T2 JavaChips MidTerm Wiki
Home | Finals | Mid Terms | Our Team | Project Overview | Project Management | Project Documentation | Technical Documentation |
Project Progress Status Summary
Our project has 10 iterations in total. We are in the midst of our 7th iteration.
Functions Completed:
- Add, Delete, Edit Story
- Location-based notifications
- Geo-caching
- Gamification
Functions remaining:
- Custom trail generation
- Social Media Integration
Other than our functions remaining, we still have a User Acceptance Test (UAT) to complete before the Final Presentation. We have conducted 2 User Testings to date.
In general, we’ve been on task for most of the iterations. We did face a challenge in as our client is very strict on the security standards that the back-end of the app should have. As such, we took a longer time than expected to complete tasks as we weren’t familiar with implementing effective security protocols. We needed more time to figure that out, which was in addition to the functionalities listed above. That would have to be the most major challenge we will face.
Project Highlights
Strict security requirements for back-end
After the acceptance of the project, our client wanted us to implement the system with strict security standards to protect his server from cyber attacks. As none of the team members were familiar with implementing security in PHP, this took up a bulk of the time and effort in Iteration 5 in December. However, we managed to seek the right help to accomplish this task on the website and also the team adapted our project management approaches to make up for the lost time. We're still in the midst of enhancing the security aspect of the codes for the mobile app.
Project Management
Project Metrics
Project Status:
Schedule Metric
For our project, we are usually on time, with a slight delay of 2 days per iteration on average. This gives us a score of within 90%- 110%, thus no additional action needs to be taken.
Effort Metric
Bug Metric
Risk Metric
Technical Complexity
1st Technical Complexity
A Cross Site Request Forgery (CSRF) Attack.
It happens when a session logged in user performed unwanted action or unintentionally runs a malicious script in the form without their knowledge. This attack can be performed over the GET or POST requests.
To prevent this CSRF attack, every form will need to have a unique key/token identifier.
- The token will be generated from the server side and sent to the form(as shown in the diagram).
- When the form receives the token, it will be part of the values that will be send over to the server.
- Server side receives the values with the token and will check the token values.
- If the token is the same as the generated token, it will be send for procession.
- If there is a mismatch in the token values, it would not be processed.
In addition, we had to deal with the issue of preventing SQL injections. Malicious SQL statements are inserted into an entry field for execution. Attackers could send statement that are able to cause problem in the database. eg.("drop table...").
Therefore to tackle the issue, we use prepared statements and bind the values to it. By using prepared statements and binding the values, it will take the values as the content of the parameters and not part of the statement.
2nd Technical Complexity
We are faced with a travelling salesman problem. The user will have 2 options to select to decide on his/her custom trail, time and distance. To resolve the issue of creating a trail for the user based on these options, we use the Nearest Neighbor Algorithm.
- So given a set of places, we would first be choosing the starting place as well as its next nearest place, which is P2.
- P1 and P2 will then be marked as visited (as indicated by the change of color in the slide), and we will compare the visited places with the places that have not been visited. Therefore, the next nearest location would be nearest to either P1 or P2. In this case the next nearest location is between P1 and P3.
- P3 will then be inserted after P1 at position 2. The next nearest place would then be between P3 and P4.
- P4 will then be added in between P3 and P2. Then subsequently all the other places would be covered.
- Finally we will have an approximate and pretty accurate solution to the shortest path, and we will add P1 back to the last place in the trail if the user wishes to go back.
Intermediate Deliverables
Stage | Specification | Modules |
---|---|---|
Project Management | Minutes | Meeting Minutes |
Metrics | Schedule metric, Bug metric, Effort metric, Risk Metric ,Change Log, Product Backlog | |
Requirements | Storyboard | Storyboard ,Jalan Jalan Requirements |
Design | Priority Diagram | Priority Circle |
Analysis | Use Case | Use Case |
Example | Screen shots | |
Design | Class Diagram | |
ER Diagram | ER Diagram | |
System Architecture | System Achitecture | |
Testing | UT1 and UT 2 | UT instructions and results |
Deployment
Website: JalanJalan Website
Presentation
Reflection
Team reflection: We learn that communication is very important between the client and the team. It is vital to keep the client regularly updated about the project progress, and I learnt how to negotiate with the client about prioritizing the changes requested by the client. Trust among member's is particularly important when we do not have experience in certain fields, for example managing the security aspect of Android. Our biggest takeaways include handing the practical aspect of security in coding, something we have no exposure to before, as well as working with a real client and dealing with the changes he requested along the way.