What makes a good user interface?
- Completeness:
- Language
- Simplicity
- Navigability
- Feedback and recovery
- Data integrity
- Client-server integrity
- Security
- Documentation
8.1.1 The Model-View-Controller Pattern
Separates user interface into three distinct conceptual components:
- The application's body (the model)
- Contains the session-specific representation of the data (state) of the system during user-system interactions: active variables and database tables
- The user interface presentation (the view)
- Typically a collection of user interface forms, including graphics, text, and various widgets that enable information to be easily transmitted by the controller between the user and the model: HTML and PHP
- The user input/output and navigational functionality (the controller)
- Receives user input via the view and initiates a response by making transformations on the data in the underlying model
- Maintains SESSION, GET, and POST information; verifies user input; and updates other appropriate model elements.
8.1.2 Sessions, Query Strings, and Global Variables
Each individual user who logs in to the system initiates a unique session
8.1.3 Ensuring Security at the User Interface
8.1.3.1 Enforcing Levels of User Access
A user only has access to the functions and data to which he/she is entitled
8.1.3.2 Password Encryption
Store password data in an encrypted form (md5) to ensure that it is safe if the database is accessed outside the application
8.1.3.3 SQL Injection Attacks
Prevent this exploit by filtering user input
8.1.3.4 Cross-Site Scripting Attacks
Filter external sources
8.2 Working with Code
Explained through examples. Reading the sections helps more than an outline
8.3 Adding New Features: User Interface Impact
This section is important for exercise 8.1.
No comments:
Post a Comment