Thursday, April 26, 2018

Chapter 8

The focus of chapter 8 of Software Development: An Open Source Approach is on the user interface.  The chapter stresses the Model View Controller (MVC). In this pattern, the software is split into three parts: the model, the view, and the controller. The model is the part of the program that contains the actual logic and operations that the program carries out. The view is part of the software that the user sees and interacts with. The controller connects the two domains and makes sure models and views are not communicating directly with each other.

UI security was another focus of chapter 8. While there are many ways a UI can be insecure, SQL injection was mentioned as the most common form of a threat. SQL injection is when a malicious user is able to insert SQL code into input and it is run by the program. This means the developer must be careful to limit what can be input  by users.

8.1a
The use of a default password is incredibly insecure. The program should force the user to create a password on the spot. There should be no period of time where the default password is in use. Many users would simply put it off and use the weak default password. The password should be long and contain different types of characters. This makes it considerably more difficult for the password to be guessed.

8.1b
The most common way I have seen to recover a password is through email. The program or service has the user's email address. The user can request an email be sent to them when they forget their password. The password change is done through a channel only the user has access to.

No comments:

Post a Comment