Вы находитесь на странице: 1из 23

1 System Procedural Design

2 Input/Output and Interface Design

3 System Architecture Design


Applied .NET Framework Programming

If you use the .NET Framework, your code targets the common language runtime (CLR), which affects your decision about a programming language. The common language runtime is just what its name says it is: A runtime that is usable by different and varied programming languages. The features of the CLR are available to any and all programming languages that target it-period. If the runtime uses exceptions to report errors, then all languages get errors reported via exceptions. If the runtime allows you to create a thread, then any language can create a thread. In fact, at runtime, the CLR has no idea which programming language the developer used for the source code. You may develop your code in any programming language you desire as long as the compiler you use to compile your code targets the CLR. Microsoft is creating several language compilers that target the runtime: C++ with managed extensions, C# (pronounced C sharp), Visual Basic.NET, JScript, Java, and an intermediate language (IL) Assembler. In addition to Microsoft, there are several other companies creating compilers that produce code that targets the CLR. At this writing, I am aware of compilers for Alice, APL, COBOL, Component Pascal, Eiffel, FORTRAN, Haskell, Mercury, ML, Mondrian, Oberon, Perl, Python, RPG, Scheme, and Smalltalk.

4 Implementation & Coding


Single Vs Multi-user, GUI Vs Non GUI

In the single user environment, the whole system is used by only a single person of the organization. The person who is using that system will have to look for all the procedures which are held within the organization. And managing all the activities by a single hand is a very-difficult task. While if Multi User environment is there then the user of the system will be more than one. Different people can handle different task to perform .This kind of system will reduce work load and can give better results. In Property Listing India we have provided multi user environment. Any person can have access to the system up to some extent which is decided by the administrator. Thus, in our project it is ideal to have multi user environment rater than to have single user environment.

Standards Used for Coding


We have used the serial number and group classification codes. Coding scheme must have the following properties. Concise A coding scheme must be concise. In other words, the number of digits/characters used in a code must be minimal to reduce storage space of the code and retrieval efficiency. Expandable It should be expandable, that is it must allow new items to be added easily. Meaningful It should be meaningful and convey to a user some information about the characteristics of the item to enable quick recognition and identification of the item. Comprehensive It should be comprehensive. In other words, it should include the characteristics relevant to all the related activities where the item will be involved. Precise It should be precise. I.e. the scheme should produce unique, unambiguous code. Comments The comments describe the function of every line, the significance of every data structure, the input to every function, the output from the function and the data manipulation within the function. Thus, the code is well documented.

Naming convention The naming of the function, variables, etc. is done according to the convention mentioned in the Naming Convention Section Controls Form Textbox Label Combo Box Examples frmFormName txtTextBoxName lblLabelName cmbComboBoxName

List Box Command Button Radio Button Check Box Picture Box Data Grid Menu Menu Item Tab Control

lstListBoxName cmdCommandButtonName radRadioButtonName chkCheckBoxName picPictureBoxName dgrDataGridName mnuMenuName mnuMenuItemName tabTabControName

SECURITY FEATURES
Login Pages Should Be Encrypted: The number of times i have seen web sites that only use ssl (with https: url schemes) after user authentication is accomplished is really dismaying. encrypting the session after login may be useful like locking the barn door so the horses dont get out but failing to encrypt logins is a bit like leaving the key in the lock when youre done locking the barn door. Even if youre login form posts to an encrypted resource, in many cases this can be circumvented by a malicious security cracker who crafts his own login form to access the same resource and give him access to sensitive data. Data validation should be done server-side: Many web forms include some JavaScript data validation. if this validation includes anything meant to provide improved security, that validation means almost nothing. a malicious security cracker can craft a form of his own that accesses the resource at the other end of the web pages form action that doesnt include any validation at all. worse yet, many cases of javascript form validation can be circumvented simply by deactivating javascript in the browser or using a web browser that doesnt support javascript at all. in some cases, ive even seen login pages where the password validation is done client-side which either exposes the passwords to the end user via the ability to view page source or, at best, allows the end user to alter the form so that it always reports successful validation. dont let your web site security be a victim of client-side data validation. server-side validation does not fall prey to the

shortcomings of client-side validation because a malicious security cracker must already have gained access to the server to be able to compromise it. Manage your web site via encrypted connections: Using unencrypted connections (or even connections using only weak encryption), such as unencrypted ftp or http for web site or web server management, opens you up to man-in-the-middle attacks and login/password sniffing. always use encrypted protocols such as ssh to access secure resources, using verifiably secure tools such as openssh. once someone has intercepted your login and password information, that person can do anything you could have done. Use strong, cross-platform compatible encryption: Believe it or not, ssl is not the top-of-the-line technology for web site encryption any longer. Look into tls, which stands for transport layer security the successor to secure socket layer encryption. Make sure any encryption solution you choose doesnt unnecessarily limit your user base, the way proprietary platform-specific technologies might, as this can lead to resistance to use of secure encryption for web site access. The same principles also apply to back-end management, where crossplatform-compatible strong encryption such as ssh is usually preferable to platform-specific, weaker encryption tools such as windows remote desktop. Connect from a secured network: Avoid connecting from networks with unknown or uncertain security characteristics or from those with known poor security such as open wireless access points in coffee shops. this is especially important whenever you must log in to the server or web site for administrative purposes or otherwise access secure resources. if you must access the web site or web server when connected to an unsecured network, use a secure proxy so that your connection to the secure resource comes from a proxy on a secured network. in previous articles, i have addressed how to set up a quick and easy secure proxy using either an openssh secure proxy or a putty secure proxy. Dont share login credentials: Shared login credentials can cause a number of problems for security. This applies not only to you, the webmaster or web server administrator, but to people with login credentials for the web site as well clients should not share login credentials either. the more login credentials are shared, the more they tend to get shared openly, even with people who shouldnt have access to the system. the more they are shared, the more difficult it is to establish an audit trail to help track down the source of a problem.

the more they are shared, the greater the number of people affected when logins need to be changed due to a security breach or threat. Prefer key-based authentication over password authentication: Password authentication is more easily cracked than cryptographic key-based authentication. the purpose of a password is to make it easier to remember the login credentials needed to access a secure resource but if you use key-based authentication and only copy the key to predefined, authorized systems (or better yet, to separate media kept apart from the authorized system until its needed), you will use a stronger authentication credential thats more difficult to crack. Maintain a secure workstation: If you connect to a secure resource from a client system that you cant guarantee with complete confidence is secure, you cannot guarantee someone isnt listening in on everything youre doing. key loggers, compromised network encryption clients, and other tricks of the malicious security crackers trade can all allow someone unauthorized access to sensitive data regardless of all the secured networks, encrypted communications, and other networking protections you employ. integrity auditing may be the only way to be sure, with any certainty, that your workstation has not been compromised. Use redundancy to protect the web site: Backups and server failover can help maintain maximum uptime. while failover systems can reduce outages due to server crashes (perhaps because of ddos attacks) and server shutdowns (perhaps because the server was hijacked by a malicious security cracker) to mere hiccups in service, that isnt the only value to redundancy. the duplicate servers used in failover plans also maintain an up-to-date duplication of server configuration so you dont have to rebuild your server from scratch in case of disaster. backups ensure that client data isnt lost and that you wont hesitate to wipe out sensitive data on a compromised system if you fear that data may fall into the wrong hands. of course, failover and backup solutions must be secured as well, and they should be tested regularly to ensure that if and when they are needed, they wont let you down.

CODING STANDARDS
protected void btnlogin_Click(object sender, EventArgs e) { //string Enc = Encrypt(txtpass.Text.Trim()); //dtper = daper.GetDataforLogIn(txtname.Text,Enc); con.Open(); string p="select * from tblEmployeePersonalDetails"; cmd =new SqlCommand(p,con); dr=cmd.ExecuteReader(); while(dr.Read()) { if (txtname.Text==dr["strName"].ToString() && txtpass.Text==dr["strEmpPassword"].ToString()) { //drper = (dspersonal.tblEmployeePersonalDetailsRow)dtper.Rows[0]; //dtcom = dacom.GetDataByPK(drper.intEmpId); Session["intEmpId"] = dr["intEmpId"].ToString(); ; Session["strName"] = dr["strName"].ToString(); dtcom = dacom.GetDataByPK(Convert.ToInt32(Session["intEmpId"])); if (dtcom != null && dtcom.Rows.Count > 0) { drcom = (dscompany.tblEmployeeCompanyDetailsRow)dtcom.Rows[0]; Session["intRoleId"] = drcom.intRoleId; Session["post"] = drcom.charEmpPost; Session["department"] = drcom.intDeptId; //FormsAuthentication.RedirectFromLoginPage(txtname.Text.Trim(), false); FormsAuthentication.SetAuthCookie(txtname.Text.Trim(), false); if (Convert.ToInt32(Session["intRoleId"]) == 5) { Response.Redirect("Admin/home.aspx"); } else { Response.Redirect("~/User/userhome.aspx"); }} else { Label l1 = new Label(); l1.Text = "You are not registered in company "; }} else { lblmsg.Text = "User Name And Password Doesn't Match"; }} con.Close(); }

5 Testing
Test Strategy As we were working with 2 team members it was very difficult to check the work done as no individual was assigned for that particular work. Moreover checking the work done was very important to reduce risk factor. Checking was being ultimately handled by Testing but interim checking was required. Right from starting we planned to adopt one technique called Assessment by Rotation to adopt. Work that is done by one member was assessed by other for some time and again revolved for other level check. This technique proved to be very much helpful as it came out with innovative ideas reduces errors to very low level. Testing Methods Stress Testing Stress testing is to test the system for emergent properties such as performance and reliability. Performance tests have to be designed to ensure that the system can process its intended load. Here, we checked out the multi-user capability of our system. Performance Testing Performance testing is designed to test the runtime performance of the system within the context of the system. These tests were performed as module level as well as system level. Individual modules were tested for required performance. In performance testing we counted the processing time and response from the server with respect to request. We also checked out the total-execution time, which takes 10 to 15 minutes for 6 to 10 queries. Black-box Testing We have tested our functions of component to check the specification of our components. We selected input set to test the components like in query process we gave the different kinds of inputs to examine there output. We test software with sequences that have only a single value.

Interface Testing Interface testing is integral part of Integration testing. Therefore we checked for the

Interface misuse Interface misunderstanding We examined the code to be tested and explicitly list each call to an external component. In the system, standards tests for GUIs have been performed, which are as follows. Testing the screen control for its position and size. The position and related labels for all controls were checked. Name of the form in system is given appropriately. All menu functions and sub functions were verified for correctness. Validation for all inputs were done Each menu functions were tested, whether it invokes the corresponding functionality properly. Pull down controls was verified for proper functionality. Whether the non-editable text control is disabling and it was also verified that it doesnt exceed the maximum allowed length. Whether the system prompts the user with appropriate message as and when invalid information is entered. All required fields arent left blank Grouping information is displayed appropriately Following testing principals which are used.

All tests should be traceable to customers requirement. Tests should planned long before testing begins. Testing should begin in small and progressed towards testing in the large. Exhausting testing is not possible. To be most effective testing should be conducted by an independent third party.

TEST PLAN Any system, to be successful, must be thoroughly tested, and well managed test plan should be prepared before actual testing is being performed. has been developed and need to be tested in a manner that can reduce occurring of defects as low as possible. Following are the activities we planned to test the system.

This system is indeed an evolutionary system so every unit of the system is continuously under testing phase. One test activity Basis Path Testing that will try to cover all paths in the system. This activity identifies all paths who provides different functionality of the system, and also other paths to reach at that functionality. Other testing activity is Control Structure Testing, which will test each and every conditions with positive and negative data combination. This testing activity will also perform Data Floe Testing in which it will be tested how the data re following the system. And will also check whether the data entered from one procedure, is reflected whenever it requires or not. All conditions will be tested with Boundary Value Analysis where different input will be given to test whether the system is functioning with boundary values or not. Along with the boundary value analysis, the system is also tested with Range Value Tested where editable values will be tested with ranges of values. The system is begin tested in Unit Testing manner where at the completion of one unit that is tested thoroughly with above mentioned testing activities. The integration testing will also be performed to ensure that the integrated unit is working properly with other units or not.

9.2 MODULE OF TESTING Analyze and check system representation such as the requirement document, diagrams and the program source code. They may be applied at all stages of the process. design

Unit Testing

Module Testing

Sub-system Testing

System Testing

Acceptance Testing

There are different Models of testing. On the basis of testing methods there are two types of testing : 1. White-box testing. 2. Black-box testing

1).WHITE-BOX TESTING White-box testing some times called glass-box testing, is a test case design method that users the control structure of the procedural design to drive the test case. Logical errors and incorrect assumption are inversely proportional to the probability that a program will be executed. Errors tend to creep into our work we design and implement function, condition or control that is out of the mainstream tends to be well understood. We often believe that a logical path is not likely to be executed when in fact it may be executed on a regular basis. The logical flow of a program times counter intuitive.

2). BLACK-BOX TESTING: For our project periodically we have tested our software using black-box testing. Thinking as a client we have evaluated the software for its easy going and convenience.

Unit Testing: During the programming stages each and every form, modules and class treated unit has been put into the test data. Every modules is tested independently. The steps are follows: 1. Manually code is tested like spelling checks, logic and errors. 2. Once the manual checking is over the complication has been done. Syntactical errors if any have to be corrected. 3. After the clean complication the program, some dummy data, as specification, has been used for testing of the module to see if it works as specified. Integration Testing After our individuals modules were tested out we go the integrated to create a complete system. This integration process involves building the system and testing the resultant system for problems that arise from component interaction.

Performance Testing Performance testing is designed to test the runtime performance of the system within the context of the system. These tests were performed as module level as well as system level. Individual modules were tested for required performance.

Condition Testing Performance testing is a test case design method that exercise the logical conditions.

Interface Testing Interface sting is integral part of integration. We examined the code to be tested and explicitly list each call to an external component. In the system standards tests for GUIs have been performed, which are as follows: The position and related labels for all controls were checked. Validation for all inputs were done. Pull down controls was verified for proper functionality. Whether the non-editable text controls disabling and it was also verified that it doesnt exceed the maximum allowed length.

CONTENT TESTING: Errors in WebApp content can be as trivial as minor typographical error as incorrect information, improper organization or validation of intellectual property laws. Content Testing attempt to uncover this and many other problems before the user encounter them.

Content Testing Objectives: There are three types of objectives.

To uncover syntactic errors in text-based documents, graphical representation and other media. To uncover semantic errors in any content object represented as navigation occurs, and To find errors in organization or structure of content that is presented to the end-user

DATABASE TESTING: Modern Web Application does much more than present static content objects. In many application domains, WebApps interface with sophisticated database management system and build dynamic content object that are created in real time using the data acquired from a database. Database Testing for WebApps is complicated by a variety of factor. 1) The original client side request for information is rarely presented in form that can be input to a database management system. 2) The may be remote to the server that houses the webApps. properly formatted for subsequent transmittal to the client. WebApps Server and

3) RAW data acquired from the database must be transmitted to the 4) The dynamic content objects must be transmitted to the client in a to the end user. form that can be displayed

In figure testing should be ensure that 1. valid information is passed between the client and server from the interface layer

Client layer-user interface

Server layer- WebApp

Server layerData transformation

Server layer - data Management

Database layer data access

[Layers of interaction] 2. The WebApps process script correctly and properly extract or formats user data. 3. Queries are passed to a data management layer that Communicates with database access routines.

4. User data are passed correctly to a server side data transformation function that format appropriate queries

INTERFACE TESTING Interface design model is reviewed to ensure that generic quality criteria established for all user interfaces have been achieved and that application specific interface design issue has been properly addressed.

Interface testing strategy: The overall strategy for interface testing is to (1) Uncover error related to specific Interface mechanisms (2) uncover errors in the way the interface implements the semantics of navigation, WebApp functionality, or content display. to accomplish this strategy, a number of objectives must be achieved: Interface futures are tested to ensure that design rules, aesthetics, and related visual content are available for the user without error. Individual interface mechanisms are tested in a manner that is alogous to unit testing For example, tests are designed to exercise all forms, client-side scripting, dynamic HTML. Testing Interface Mechanisms:When a user interacts with a WebApp, the interaction occurs through one or more interface mechanisms. Links: - Each link is tested to ensure that the proper content object or function is reached . The Web engineer builds a list of all links associated with interface layout.and then executes each individually. Forms: - At a microscopic level, tests are performed to ensure that (1) (2) (3) (4) (5) Labels correctly identified fields within the form and that mandatory fields are identified visually for the user. The server receives all information content within the form and their no data are lost in the transmission between client and server. Appropriate defaults are used when the user does not select from a pull down menu or set of buttons. Browser function dont corrupt data enter in a form. Scripts that perform error checking on data entered work Properly and provide meaningful error message.

Client side scripting:Black box tests are conducted to uncover any error in processing As the script is executed.These tests are coupled with forms testing because script input is often derived from data provided as part of forms processing Dynamic HTML:-

Each Web page that contain dynamic HTML is executed to ensure that the dynamic display is correct. In addition a compatibility test should be conducted to ensure that the dynamic HTML is work properly in the environmental configuration that support the WebApps.

Application specific interface mechanisms:-Test conforms to a checklist of functionality and features that are defined by the interface mechanism. Boundary test minimum and maximum number of item that can be placed in to shopping chart. Test to determine persistence of shopping chart contents. Test to determine whether the WebApp can be record shopping chart content at some future date.

USABLITY TESTING:Usability test may be designed by Web engineering team. (1) (2) Define a set of usability testing categories and identify goal for each. Design test that will enable each goal to be evaluated.

(3) Select participants who will conduct test. (4) Instrument participants interaction with WebApp while testing is conducted. 5)Develop a mechanism for assessing the usability of the WebApp.

The following test categories and objective illustrate establish testing: Interactivity- Are interaction mechanism easy to understand and use?

Layout- Are navigation mechanism, content and function place in a manner that allows the user to find them quickly?

Readability- Is text well written and under stable?

Aesthetics- Do layout color, typeface, and related characteristics lead to ease of use ?

Display Characteristics- Does the WebApp make optimal use of screen size and resolution?

Time Sensitivity- Can important features, functions and content be used in a timely manner?

Accessibility- Is the WebApp accessible to people who have Disabilities?

COMPATIBILITY TESTING:WebApps must operate within environment that differs from one another. Different computer, display device, OS, browser and network connection speed can have significant on WebApp operation. Different browser some time produced slightly different results, regardless of the degree of HTML standardization within the WebApps. The Web Engineering team derives a series of compatibility, validation tests, derived from existing interface tests, navigation tests, performance tests and security tests.

Test Cases:(1) Invalid User Test Case:If the username and password is not valid, means that the person who is trying to access the website is not authenticated so system will give the message that unauthicated user. Solution Solution of this case is that user is not aware about the login criteria so the person needs to create its account to the website and it may be there mistake in the typing so it needs to retype the username and password.

(2) Invalid Inforamtion entered on search page. Test Case:If the any user enters invalid information on the search page an message is generated or on asking user to enter the corect type. Solution

Solution of this case is that user is not aware about the Type of data to be search or it may be persons mistake in the searching so it needs to research the information.

(3) Invalid Inforamtion entered on seller page Test Case:If the name enters invalid information an error message is generated on asking user to enter the corect type.

Solution

Solution of this case is that user is not aware about the Type of data to be entered or it may be persons mistake in the typing so it needs to retype the information.

(4) Invalid Inforamtion entered on buyer page. Test Case:If the name enters invalid information an error message is generated on asking user to enter the correct type. Solution Solution of this case is that user is not aware about the Type of data to be entered or it may be persons mistake in the typing so it needs to retype the information.

(5) Error in data base connectivity Test Case:If there is any problem connecting to the database user will be asked to browse and search for the data base and establish the bridge . Solution Solution of this case is that user has to first establish the connectivity with the database and then run the project.

(6) Error loding the module Test Case:This problem may arise if the browser does not have the write support . Solution Solution is to first check the browser supports for module

6 Screen shots and User manual 7 Limitation and Future Enhancement Limitation
Following are the limitations of our project. We are using centralized approach to implement database. So an efficient database should be provided to us necessarily. .Net platform is mandatory; we can not make it out without .Net. IE 9.0 or higher version of browser is compulsory.

Future Enhancement

The system is much flexible and extensible; hence further enhancements, if needed, can be developed and it can be integrated with the existing one very easily.

Correctness:
Although we have included only little fundamental tools as an entry-level system, the system is correct.

Reliability:
System is reliable to a greater extent.

Maintainability:
As the system is developed as a system of tool the system is maintainable.

Portability:
The system can be transformed from one hardware configuration to another.

Error tolerance:
The system can tolerate with errors that occurs.

8 Conclusion and Discussion:Conclusion


The main purpose as mentioned in the first chapter is to provide support to the student/faculty member and to provide response to his/her interested features. We have included as many features as we can to make the product viable and usable. According to personal viewpoint we are successful to a large extent. Projects requirements are fulfilled up to satisfactory levels. This tells that we are very much successful. And our proposed system is online and real time based on Internet, which is very much ahead of the current existing system so, user of the system would like to use this application.

We have followed all the rules and regulations and coding standards so that in future the enhancement or maintenance will be easy for the management committee. Application is developed with reusability so can be used with other systems without too many changes to this application.And the beauty of this product is that at regular interval the reviews of the completed work was done and after taking reviews the suggestions were given so accordingly we have changed our system and now we have the perfect one. So we can say that our product is now on cloud 9 according to our own point of view. Now we are at the end of the project. At the end, we want to mention that we have heartily worked for it and hope that our system users would be satisfied to high levels. It would be our great pleasure to distribute this product.

Discussion
Below cited is the list of Enhancement that might take place in future. Mobile Interface: In future user may be able to perform all the operation through mobile device. RFID: Radio Frequency Identifier is a one type of chip that is attached to the each book will help the student in finding the exact location of the book in the library Help Resources: In future we can incorporate tutorial topics in our Online library management System module from which user can get help. Alert mail: Member will get alert mail before 2 days of returning date of a particular book which he gas issued Reservation:Member can reserve particular book in advance.