开发者

Design: where to put Manager options?

问答 作者:

I have a music store program, where there is a test class, a Clerk class (who deals with input), a Stocker class (who assigns availability and price of CDs), Storehouse (which has all available CDs), and then CDs (which have a price and name). I want to add an option to have a manager add CDs by inputting a security code. What I was thinking of doing was this: when the Clerk asks for someone's order (which CDs they want), you can enter the S开发者_开发百科tring "password" which will allow you to input a String, which the Storehouse will check is eligible, and only then will a manager be able to add CDs. To give a rough idea of the code:

public class CounterPerson(){
...
    System.out.println("Hello. Indicate how many CDs you want");
    System.out.println("You can also type password to add parts. ");
    System.out.println("Here is what is available. ");
    System.out.println(storeHouse);
    String security = new String();
    if(in.next().equals("password")){
        System.out.println("Now type the password: ");
        security = in.next();
        StoreHouse.addCD(security);
    }
    else{

And then in the StoreHouse class:

public void addCD(String security){
if(checkSecure(security)){
System.out.println("You can add CDs now. Specify a name and quantity");
...
}
else{
System.out.println("You are not authorized.");
}
}

private boolean check(String security){
boolean secure = false;
if(security.equals("blahblah123"){ secure = true };
return secure;
}

My question: is this good (secure) design? If not, how so?

EDIT: In case this isn't clear, the Stockhouse is accessed by the Stocker class also (that's where he gets the CDs from)

It is NEVER a good idea to depend on hard-coded constants to verify security. In this case, "blahblah123" wouldn't be too hard to reverse-engineer from your compiled classes.

You should think what are the requirements of your system, and how "secure" do you need it to be. Should every user have his own password? Is there a common password that everyone uses? Do you want to log the user doing the operations? If you need to distinguish between the users, how are the accounts created? You'll probably need an administration "console" to do that, and have the passwords encrypted in your database, for instance.

You can get some best-practices for doing so in several articles, and even here in SOverflow.

Sorry to leave you with more questions than answers ;)

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9