A Framework for the View Layer
The client is well pleased with the interface your team has developed for Home Town bank, but they are worried about the many recent attacks and attempts to break into web sites by organized crime and every day hackers. They have heard a lot about how these criminals compromise sites through the use of session hijacking and cross site scripting attacks. They want to know if there site will be secure. Your team has been asked to respond to their concerns and to implement what ever is necessary to prevent such attacks on the bank.
In addition, your company’s executive management is concerned about the length of time taken to develop web sites such as home town banks’. It is becoming more and more difficulty to compete while still maintaining the current profit margins. Management would like your team to develop and an architectural framework that will allow the team to be more productive and lower the cost of development.
Return and Report
How can the items listed below help you implement a viable solution for Home Town Bank?
- What is Session Hijacking and what steps can be taken to protect against such attacks?
- What is Cross Site Scripting and what steps can be taken to protect against such attacks?
- What problem does the Front Control pattern address? Be able to draw and explain the Front Controller pattern? How can it help make a web site more secure?
- What is reflection? How do you dynamically load a class and instantiate an object of a class in Java.
- What problem does the Application Controller pattern address? Be able to draw and explain the Application Controller pattern? How can it help make a web site more modular?
Design
Update your sequence diagrams to use FrontController and ApplicationController patterns to control the View layer. Use the TinySession and TinySessionManager classes to implement a client’s session and to authenticate a user to the session. Show all classes that you will be using in the sequence diagram.
Implementation
Implement the Front Control and Application Control patterns for each of the assigned use cases. Modified the tiny sessions manager classes such that only a single instance of the TinySessionManager class gets created for your application. Replace the use of the HttpSession class with the tiny session manager to implement the client’s session and to authenticate a user.
