A Framework for the View Layer
The client is well pleased with the interface your team has developed for Home Town bank, but they are worried about the many recent attacks and attempts to break into web sites by organized crime and every day hackers. They have heard a lot about how these criminals compromise sites through the use of session hijacking and cross site scripting attacks. They want to know if there site will be secure. Your team has been asked to respond to their concerns and to implement what ever is necessary to prevent such attacks on the bank.
In addition, your company’s executive management is concerned about the length of time taken to develop web sites such as home town banks’. It is becoming more and more difficulty to compete while still maintaining the current profit margins. Management would like your team to develop and an architectural framework that will allow the team to be more productive and lower the cost of development.
Deliverables
Return and Report
How can the items listed below help you implement a viable solution for Home Town Bank?
- What is Session Hijacking and what steps can be taken to protect against such attacks?
- What is Cross Site Scripting and what steps can be taken to protect against such attacks?
- What problem does the Front Control pattern address? Be able to draw and explain the Front Controller pattern? How can it help make a web site more secure?
- What is reflection? How do you dynamically load a class and instantiate an object of a class in Java.
- What problem does the Application Controller pattern address? Be able to draw and explain the Application Controller pattern? How can it help make a web site more modular?
Team design and implementation
- Update the Login sequence diagram to use FrontController and ApplicationController patterns to control the View layer. Show all classes that you will be using in the sequence diagram.
- Implement the sequence diagram for the Login sequence diagram.
Individual design and implementation
- Use the Front Control and Application Control patterns and update the sequence diagram for the use case you implemented in the previous case.
- Implement the sequence diagram for the use case using the sequence diagram the Front Control and Application Control patterns.
Suggested Resources
- Session Hijacking attacks
- Cross Site Scripting attacks
- Cross Site Scripting Prevention Cheat Sheet
- Model 2 Architecture
- What is reflection?
- Understanding Class. forName
- Java Reflection example
- Front Controller pattern
- Application Controller pattern
- Generic Front Controller and Application Controller sequence diagram
