- Design and implement the user log in and registration proportion of my application.
Risks: The main risk are to do with authentication. My application needs to only allow users from a particular company access to the app and prevent the accessibility of casual users and this will breach many data protection legislation that is present today.
Before creating the log in and registration views and operations in code, I needed to identify how I was going to enable a select number of users to log into the application. Essentially, I need to either a user is a genuine employee of the company using my system or not. Therefore, to design my application in this manner, I decided that the best way to authenticate an employee is to use the same primary key attribute that would identify them in the company that they work for. The unique attribute I chose was an unique employee number. This number would take the place of a username.
Each employee would also create a password associate with their account. However, the problem that arises is how each user creates a password. In general, most applications or web applications need the user to be logged in to their account in order to modify any information relating to the user's profile. To overcome this issue, I designed a registration program that allowed users to input their employee number and email into the correct text boxes. The app would check the user's employee number against the numbers currently in the database. If the user was permitted to continue, a "mailto"
operation would execute on submission. This would cause the user's phone to open a mail related application where the user could see a generated temporary password that they could use to log in to the app. However, after further tests, I found that a user could easy select a non related mail application to open and share their password and username with unauthorized users. As a result, currently only a log in element exists in the application. Yet, I plan to explore the possibility of being able to send a direct email to registering users using android in a future iteration.
In this iteration I successfully was able to create a log in element in my application that authenticates users based on their employee number and a password. The registration factor of the app will be completed in a later iteration.
No comments:
Post a Comment