SoftwareSecurity2012/Group 7/Wanted Documentation

Uit Werkplaats
Ga naar: navigatie, zoeken

(You mention sensible - but quite generic documentation below. Note that for your set of security requirements in specific, what would be really useful is some description of the access control policy that is meant to be implemented, and which actors and which actions this concerns: ie. what are the different categories of users, what are the different types of functionality, and who is allowed to do what. Note that this is what you now effectively have to guess in your verdict (eg that only mods and admin can delete posts, etc))

The problem with this project is that a lot of useful documentation is missing.
It would have been helpful if several UML(Unified Modeling Language) documents where available.

  • Class diagrams for each architecture layer
  • Use case diagram
  • Sequence diagram
  • Activity diagram
  • Component diagram for overal architecture.
  • Entity Relation Diagram (ERD)

With these documents it would have been easier to create a global picture of the fluxbb application.
We searched the Internet for these models and we found an Entity Relation Diagram available.
This diagram was made by a fan of Fluxbb but unfortunately, it is only partially complete.

Here you can see the partially completed Entity Relation Diagram.


FluxBB ERD.png


As you can see, the columns of each table are missing. The database structure is partially visible in the Entity Relation Diagram.
This would have provided some insight into how database tables relate to each other and also provided an overall view of the data containment structures that are present.

A Use Case diagram would have also been useful in combination with designated use-case descriptions and see how they relate to each other.
These would have revealed all the functionality present in fluxbb, such as: "Posting,Editing Categories,Adding forum,etc".

A Sequence diagram might have been useful for thorough analysis, following the entities where communication is being performed.

Activity diagrams are nice for an overview how certain processes interact with each other.

A Component diagram gives you an grand overview of the entire application structure.