Software Engineering for Internet Applications - Student Community

More documents

Recommendations

Info

page. Your strategy must be able to handle at least the followingcases:• production of a site administrator's page containing allcontent going back a selectable number of days, withadministration links next to each item without the page scripthaving any dependence on any module's data model• production of a user-level page showing new content sitewide• a centralized email alert system in which a user gets anightly summary combining new content from multiplemodules• How useful do you think the voice interface that you justtried will be?• What extra information should we make available via voice?• What are the most crucial tasks that users would like to beable to accomplish from a standard phone using only touchtones and voice?10.14 Mobile versus Voice ApplicationsMobile text browsers and VoiceXML each have strengths andweaknesses and are therefore appropriate for different applications --or for different parts of the same application.7.9 Protecting Users from Each Other's HTMLFundamentally the job of the server behind an online community is totake text from User A and display it to User B. Unfortunately, there isa security risk inherent in this activity. Suppose that User A ismalicious and includes tags such as in a comment body?When User B visits the page containing this comment suddenlyJavaScript may be executing on his machine, downloadingobjectionable images from various locations around the Internet,playing music, popping up new windows, and ultimately forcing theuser's browser to visit a page of User A's choosing.The most obvious solution would seem to be disallowing all HTMLtags. Any uploaded text is scanned for the characters < and > and, ifthose are present, the posting is rejected with an explanation. Thiswouldn't work out that well in a site for mathematicians! Maybe theyneed to use greater-than and less-than signs in their postings.The beginnings of a workable solution is a procedure, perhapsnamed something such as quoteHTML that takes a user-uploadedtext string and performs the following conversions:Mobile Browserrequires browser-enhancedtelephonesuser-input with uncomfortablekeypadsworks well in noisy environmentsyou need to develop versions ofyour software for a variety ofmobile gatewaysworks well for displaying long listsof informationuser can enter arbitraryinformationVoiceXMLcan be used with anyphonespeech or keypad inputhard to use in noisyenvironmentsyou only need to developone version of yoursoftwareworks poorly for givingthe user long lists ofinformationuser can only saypredefined phrases• < characters to <.• > characters to >.• & characters to &.If your page scripts call this procedure any time they are writing useruploadedcontent out to a browser, no browser will ever interpretuser-uploaded data as an HTML tag.One way to take advantage of the best of mobile and voice interfaceswill be to develop multi-modal applications like the GPRS airlinereservation system in the last chapter. A number of groups areactively developing specifications for multi-modal applications,including the Speech Application Language Tags (SALT) Forum(http://www.saltforum.org/).152197
Consider that if you're authenticating users over the phone thecontributions that might be most interesting are any new responsesto questions asked by that user.10.11 Exercise 6: Content Approval/Rejection byTelephoneMany Web sites have user-created content that must be approved byan administrator or moderator before it becomes live on the site.Examples are the product reviews at amazon.com, articlesubmissions at slashdot.org, and bulletin board postings in amoderated forum.Typically you'd open your Web browser, log in, and go to an adminpage from which you can approve, reject, or edit submissions.But it sure would be nice to approve and reject submissions with yourcellphone when you're out walking the dog. (Editing is harder to do byphone, but it's less common anyway, so it can wait until you're backat your desk.)Create some simple voice-accessible admin pages. Since the typicalusername/password authentication is so tedious, you might want tomake them accessible with just a numeric pin. Note that it isn't idealin general to protect a set of pages with just one pin because thatmakes it harder to delegate/revoke admin privileges later, but it willdo for this exercise.10.12 Exercise 7: Implement Some Real ServicesDepending on the complexity of the services you came up with inExercise 2, implement one or two or three of them. If you implementmore than one, you may wish to create a voice service menu as theentry point for all your voice users.That works great for fields such as first_names, last_name,street_address, subject summary lines, etc., where there is novalue to having an HTML tag. For some longer documents obtainedfrom users, however, it might be nice to enable them to use arestricted set of HTML tags such as B, I, EM, P, BR, UL, LI, etc. Ifyou're going to store HTML in the database once and serve it backout thousands of times per day it is better to check for legal tags atupload time. The problem with checking for disallowed tags such asSCRIPT, DIV, and FONT is that HTML keeps getting extended in dejure and de facto ways. Unless you want the responsibility of keepingcurrent with all of the ways in which new HTML tags can makebrowsers behave it may be better to check for approved tags. Eitherway you'll want the allowed or disallowed tags list to be kept in aneasy-to-modify configuration file. Further you probably want toperform a bit of validation on the use of allowed tags such as B or I. Auser who makes a mistake and forgets to close one of these tagsmight render 100 comments underneath in an unusual font style.7.10 Exercise 3Document your team's approach to preventing one user fromattacking other users with malicious HTML. Your documentation ofthis infrastructure should include procedure names and examples ofhow those procedures are to be used.7.11 Time and MotionAll of the exercises in this chapter are intended to be done by theteam as a whole. A team that takes the assignment seriously shouldspend about 3 hours together agreeing to and documentingstandards. They then might decide to rework some of their older codeto conform to these standards, which could take another 5 or 10programmer-hours. The second step is optional though by the end ofcourse we would expect all the projects to be internally consistent.10.13 Exercise 8: Client SignoffAs with mobile browser interfaces, a voice interface is tough for mostpeople to think about until they've actually used one. Try to sit downwith your client face-to-face and observe them going through all thenooks and crannies of your VoiceXML interface. If that isn't practical,email your client explicit instructions and then follow up with a phonecall.Write down the client's answers to the following questions:196153
Page 1 and 2:
SoftwareEngineering forInternetAppl
Page 3 and 4:
Signature: ________________________
Page 5 and 6:
end-users. We use every opportunity
Page 7 and 8:
• availability of magnet content
Page 9 and 10:
• we want to see if a student is
Page 11 and 12:
you supply English-language queries
Page 13 and 14:
What to do during lecturesWe try to
Page 15 and 16:
The one-term cram courseWhen teachi
Page 17 and 18:
332• spend a term learning how to
Page 19 and 20:
Once we've taught students how to b
Page 21 and 22:
has permission to perform each task
Page 23 and 24:
UDDIUnixcustomer's credit card. If
Page 25 and 26:
thousands of concurrent users. This
Page 27 and 28:
OraclePerlnamed XYZ" without the pr
Page 29 and 30:
LDAPLinuxbits per color, a vastly s
Page 31 and 32:
FilterFirewallFlat-fileGIF318functi
Page 33 and 34:
when there is an educational dimens
Page 35 and 36:
system. The authors of the core pro
Page 37 and 38:
Sign-OffsTry to schedule comprehens
Page 39 and 40:
scheduling goals that both you and
Page 41 and 42:
Client Tenure In Job (new, mid-term
Page 43 and 44:
ReferencesEngagement ManagementSQL*
Page 45 and 46:
Decision-makers often bring senior
Page 47 and 48:
presentation to a panel of outsider
Page 49 and 50:
300always been written by programme
Page 51 and 52:
17.3 Professionalism in the Softwar
Page 53 and 54:
Try to make sure that your audience
Page 55 and 56:
Chapter 17WriteupIf I am not for my
Page 57 and 58:
Suppose that an RDBMS failure were
Page 59 and 60:
analysis programs analyzing standar
Page 61 and 62:
at 9 hours 11 minutes 59 seconds pa
Page 63 and 64:
found" will result in an access log
Page 65 and 66:
15.18 Time and MotionThe team shoul
Page 67 and 68:
select 227, 891, 'algorithm', curre
Page 69 and 70:
create table km_object_views (objec
Page 71 and 72:
• object-create• object-display
Page 73 and 74:
The trees chapter of SQL for Web Ne
Page 75 and 76:
);274-- ordering within a form, low
Page 77 and 78:
and start the high-level document f
Page 79 and 80:
Example Ontology 2: FlyingWe want a
Page 81 and 82:
systems. What would a knowledge man
Page 83 and 84:
spreadsheet". Other users can comme
Page 85 and 86:
Chapter 15Metadata (and Automatic C
Page 87 and 88:
{site url}{site description}en-usCo
Page 89 and 90:
drawing on the intermodule API that
Page 91 and 92:
At this point you have something of
Page 93 and 94:
• description• URL for a photo
Page 95 and 96:
Here's a raw SOAP request/response
Page 97 and 98:
Chapter 14Distributed Computing wit
Page 99 and 100:
conduct programmer job interviews h
Page 101 and 102: Most admin pages can be excluded fr
Page 103 and 104: content that should distinguish one
Page 105 and 106: Chapter 13Planning ReduxA lot has c
Page 107 and 108: the Internet-specific problem of no
Page 109 and 110: wouldn't see these dirty tricks unl
Page 111 and 112: 12.8 Exercise 4: Big BrotherGeneral
Page 113 and 114: than one call to contains in the sa
Page 115 and 116: A third argument against the split
Page 117 and 118: way 1 1/16One might argue that this
Page 119 and 120: absquatulate 612bedizen 36, 9211cry
Page 121 and 122: What if the user typed multiple wor
Page 123 and 124: Chapter 12S E A R C HRecall from th
Page 125 and 126: long as it is much easier to remove
Page 127 and 128: features that are helpful? What fea
Page 129 and 130: made it in 1938)? Upon reflection,
Page 131 and 132: environment, we identify users by t
Page 133 and 134: those updates by no more than 1 min
Page 135 and 136: Balancer and mod_backhand, a load b
Page 137 and 138: translation had elapsed--the site w
Page 139 and 140: It seems reasonable to expect that
Page 141 and 142: 11.1.5 Transport-Layer EncryptionWh
Page 143 and 144: such as ticket bookings would colla
Page 145 and 146: give their site a unique look and f
Page 147 and 148: It isn't challenging to throw hardw
Page 149 and 150: Chapter 11Scaling GracefullyLet's l
Page 151: 10.15 Beyond VoiceXML: Conversation
Page 155 and 156: In this example, we:194• ask the
Page 157 and 158: As in any XML document, every openi
Page 159 and 160: (http://www.voicegenie.com). These
Page 161 and 162: Chapter 10Voice (VoiceXML)questions
Page 163 and 164: 9.15 MoreStandards information:•
Page 165 and 166: 9.14 The FutureIn most countries th
Page 167 and 168: 9.10 Exercise 7: Build a Pulse Page
Page 169 and 170: 9.6 Keypad HyperlinksLet's look at
Page 171 and 172: text/xml,application/xml,applicatio
Page 173 and 174: Protocol (IP) routing, a standard H
show all

Software Engineering for Internet Applications - Student Community

Create successful ePaper yourself

Delete template?

Save as template?