'A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation'...
Introductory Information Abstract
I
Declaration
II
Acknowledgements
III
Word Count
IV
Table of Contents
V
Abstract This paper investigates the tailored solution to a voluntary organisation's problems regarding the storage, security and monitoring of their documents. The current solution entails members of staff navigating to the company's server and accessing the documents directly, using only Windows New Technology File System (NTFS) permissions for security; this has caused numerous issues including staff being able to access documents they should not be able to, staff not being able to access documents that they should be able to, staff deleting and moving documents, and the management team not being able to track document access. The project's objectives are to develop a browser based solution that allows users the correct level of access to documents within a secure system. This access is also logged so that high level users, such as the management team, can view the activity of any shared document and administer their staffs' levels of access so that document access is controlled. The system must also work with the current infrastructure, be an initially free and on-going solution, and adhere to laws pertaining to data storage. Various options are investigated including cloud storage and database storage. The final solution consists of users being able to access documents that are stored and secured using NTFS. However, the documents are only available via a browser based interface, which is implemented using a scripting language and backed by a database (which are open source and free for commercial use). Therefore there is no navigation to, and direct access of, the documents without using the system's interface. This fulfils the objectives by controlling user access and enabling the management team to both administer the system and track document use.
I
Declaration
II
Acknowledgements I would like to thank Dr Richard Gunstone for his continual assistance and guidance throughout the project. I would also like to thanks Mrs Emily Chuang-Neesham for her unwavering support and understanding.
III
Word Count The word count, excluding appendices, is 12776.
IV
Table of Contents Chapter 1 - Introduction 1.1 Chapter Overview 1.2 The Importance of File Level Security 1.3 About the Client 1.4 The Current Infrastructure 1.5 Involvement with the Client 1.6 The Current Problem 1.7 Objectives 1.8 Proposed Solution 1.9 What Can Be Learned From This Project 1.10 Project Roadmap 1.11 Chapter Summary
1 1 1 1 2 2 2 3 3 3 3
Chapter 2 - Assessing Feasibility, Requirements and Risk 2.1 Chapter Overview 2.2 Feasibility Study 2.3 Requirements Analysis 2.3.1 Eliciting Requirements 2.3.2 Categorising Requirements 2.3.3 Requirement Reiteration and Prioritization 2.4 Risk Analysis 2.5 Chapter Summary
4 4 4 5 5 6 7 7
Chapter 3 - Project Planning and Methodology 3.1 Chapter Overview 3.2 The Need for a Methodology 3.3 Project Criteria 3.4 Chosen Methodology and Model 3.5 Other Similar Models 3.6 Project Plan 3.7 Chapter Summary
8 8 8 8 10 10 12
Chapter 4 - Literature and Technology Review 4.1 Chapter Overview 4.2 OS Filesystems 4.2.1 Windows NTFS Permissions 4.2.2 Linux FHS 4.3 3rd Party Tools 4.4 Remote Storage 4.5 Database Use within the System 4.5.1 NoSQL 4.5.2 OODB and RDBMS 4.6 Database Use for Storing Office Documents 4.7 Languages and Development Tools 4.7.1 Scripting or Programming Language 4.7.2 Languages Used 4.7.3 Development Tools 4.8 Chapter Summary
13 13 13 13 13 14 14 14 14 15 15 15 16 16 17
V
Chapter 5 - Designing, Building and Testing the Artefact 5.1 Chapter Overview 5.2 Testing Methods 5.3 Iteration 1 Design and Build 5.3.1 Replicated / Virtual Environment 5.3.2 Securing the Server 5.3.3 Ascertaining the PC Name 5.3.4 Single Sign-on for User Login 5.3.5 The Use of Cookies 5.3.6 Database Modelling 5.3.7 Accessing, Modifying and Adding Documents 5.3.8 Document Management 5.3.9 PHP Page Map 5.4 Iteration 1 Testing 5.4.1 Compatibility 5.4.2 Unit 5.4.3 Functional 5.4.4 Issues Identified by Tests and Rectified 5.5 Iteration 2 Design and Build 5.5.1 Document Access Using the System 5.5.2 Legal Implications of Monitoring User Activity 5.5.3 System Interface Design 5.5.3.1 Accessibility 5.5.3.2 Human Computer Interaction 5.6 Iteration 2 Testing 5.6.1 Compatibility 5.6.2 Unit 5.6.3 Functional 5.6.4 Issues Identified by Tests and Rectified 5.7 Iteration 3 Design and Build 5.7.1 User Management 5.7.2 Sign Sign-on for Management Administration 5.7.3 Browser Compatibility 5.8 Iteration 3 Testing 5.8.1 Compatibility 5.8.2 Unit 5.8.3 Functional 5.8.4 Issues Identified by Tests and Rectified 5.9 Chapter Summary
18 18 19 19 19 19 20 20 20 21 22 22 22 22 23 23 23 24 24 24 24 26 26 26 26 26 26 27 27 27 28 28 28 28 28 29 29 29
Chapter 6 - Project Evaluation 6.1 Objectives and Requirements 6.2 The Project Process 6.3 The Artefact and Other solutions 6.4 What Has Been Learned from the Project? 6.5 Future of the Artefact 6.5.1 Issues with the System 6.5.2 Developer Improvements 6.5.3 Client Improvements 6.6 Project Conclusion
30 30 31 31 31 31 32 32 33
V
Referencing and Bibliography
34
Appendices Appendix A Appendix B Appendix C Appendix D Appendix E Appendix F Appendix G Appendix H Appendix I Appendix J Appendix K Appendix L Appendix M Appendix N Appendix O Appendix P Appendix Q Appendix R Appendix S
44 46 48 49 59 62 63 69 76 78 88 89 91 92 93 95 96 100 101
Additional Factors That Can Affect File Access Feasibility Report Eliciting Requirements Snow Cards Risk Analysis Table Justification for the Chosen Methodology and Model Further Literature and Technology Review Investigations Artefact Build Diary Virtual Domain and SVS Document Library Installation Guide SVS Document Library User Guide for Staff and Management Entity Relationship Diagram & Database Create Scripts PHP Page Map Iteration 1 & 2 Unit Testing Examples Legal Implications of Monitoring User Activity Adherence to Accessibility Guidelines HCI for Artefact Design and Build Project Proposal Plagiarism Report Ethics Research Check List
V
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Chapter 1 - Introduction 1.1 Chapter Overview This chapter begins with a discussion of the importance of file level security within businesses. Then details of the client’s business and their current IT infrastructure are used to give context to the problem. The problem itself is then discussed with a dissection of the current solution and the issues that this is causing the business and why. The client’s overarching objectives for a solution are listed and a brief view of how these will be resolved in the proposed solution. Furthermore we discuss what can be learned by all parties throughout the process of this project. Finally, there is a roadmap that briefly points to contents and aims of each forthcoming chapter. 1.2 The Importance of File Level Security File level security on a corporate Local Area Network (LAN) can sometimes be given a lower priority by companies in comparison to other types of IT security, for example network access or website security. This may be because there are solutions for this built into most Operating Systems (OS) such as Windows' New Technology File System (NTFS) or Linux's Filesystem Hierarchy Standard (FHS), or because companies are not aware of the current implications (legal, ethical or otherwise) of incorrectly configured file security. Often it is done using LAN security such as Virtual LANs (VLANS) or different resources are kept on different servers. Sometimes companies are not even aware that there is a security issue/breach. Whatever the reason, inefficient file level security can cost a business time, money, damage to reputation or even legal issues. With this project the author hopes to highlight the issues that can be caused by reliance on and erroneous configuration of using only an OSs inbuilt file level security system. The result of this project will be a piece of software that secures documents, simplifies the security process and tracks their use. 1.3 About the Client The client is Southampton Voluntary Services (SVS) based in Southampton, Hampshire. They are an umbrella body for local voluntary and community groups working in Southampton and provide a wide range of services including specialist support, advice and training to their membership (Southampton Voluntary Services 2013). SVS also provide and promote information to individuals and organisations on volunteering in the city. They have 50 employees or volunteers in their charge and work across two sites; some are permanent whilst others are temporary. The charity/volunteering sector which they are part of does not have recognised bespoke software as is apparent in other industries. Instead they utilise more mainstream software but are eligible for discounted licenses (Charity Express Ware 2013). The company that are currently SVS's contracted technical support are called Healthcare Computing Limited (HCL). They can resolve IT issues relating to daily operational needs but other work to resolve an on-going issue would be outside the bounds of the contract and therefore chargeable. Therefore HCL will modify NTFS folder and file permissions as and when required for daily document use, but will not review the overall folder hierarchy or create bespoke software to alleviate on-going issues. 1.4 The Current Infrastructure As the aforementioned discounted licenses allow use of mainstream software but at less cost, SVS have maximised their use of this and applied it to all solutions. They use Windows Server John Neesham
Page 1 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
2008 Standard R2 (SP1) as the OS on their single server, Windows XP (SP3) as the OS on their 40 workstations, and Microsoft Office (2003) for their email, text, presentation and spread sheet document solutions. This extends to their current solution for file level security which is Windows NTFS permissions. Therefore any solution to a problem would need to fit in with the current infrastructure and also be initially and permanently Free Of Charge (FOC). 1.5 Involvement With The client The author worked as Service Desk Engineer within the Technical Support department of Healthcare Computing Limited (HCL) for five years. Throughout this time SVS were a client of HCL and therefore the author is familiar with their IT infrastructure, staff and management team. The author is also aware of reoccurring issues that SVS have, which is what led to the idea for this project; a more permanent solution rather than repeated short-term successful solutions. 1.6 The Current Problem As previously stated, the current solution uses NTFS permissions to secure documents. These documents are categorised as personal (e.g. created by a user and only for their use), shared for all (e.g. word document templates and company logo headed paper) or restricted to a specific set of users (e.g. private information pertaining to clients' Criminal Records Bureau (CRB) checks or company records including financial information). Members of staff have two mapped drives on their desktops that link directly to the file shares on the local server. One (mapped as ‘H’) links to each member of staff’s personal documents folder, whilst the second (mapped as ‘G’) links to the shared and restricted folder areas; the permitted level of access from Deny to Full Control depends on the user and is set by the management team. Staff can use these mapped drives or navigate to the server then through the folder hierarchy to their chosen file. This may seem like a viable file security solution for a company of this size if correctly implemented. However, problems are manifesting themselves in the following ways: · Staff are able to access/modify/move/delete files that they should not be able to · Staff are not being able to access/modify/move/delete files that they should be able to · Staff are able to modify NTFS permissions of shared and restricted documents · The management team are not being able to track file access/modification/movement/deletion or NTFS permission changes to see when the changes were made and by who From experience of technical support with SVS, discussions with the management team and research into file security in a Windows domain environment, many reasons have been ascertained as to why this is happening. NTFS permissions alone are complex but combined with other factors that can affect file access they can be even more so. Please see Appendix A for a list of additional factors that can affect file access for SVS. The SVS management team, staff and HCL technical support are not always aware of the pitfalls when trying to rectify document access problems by modifying NTFS permissions and have previously inadvertently caused further issues when trying to resolve only one. 1.7 Objectives Following is a list of high level requirements, otherwise known as objectives: · The system shall provide secure document storage · The system needs to work within the current SVS IT infrastructure and be FOC · Staff will use a browser based interface to access documents that they are authorized to by the management team. John Neesham
Page 2 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
·
The interface will be simple and intuitive to use, with a familiar layout and include company branding · Staff will not be able to bypass the system and access documents directly · Document access will be logged and can be viewed by the management team in a secure area · The management team will be able to manage staff authentication to the system, without the need to contact technical support · Documents storage will be legally compliant Within the requirements analysis section each objective has been broken down into interlinking requirements. 1.8 Proposed Solution The proposed solution takes into account the context of the business, problems of the current solution, broad objectives and specific requirements. The solution is a system with a browser based interface, backed by a database. Users will be able to create, access and modify their authorized personal, shared or restricted documents. The management team will be able access a secured area that allows them to reset users' passwords and view logs of document activity. The system will provide SVS with an initial and on-going FOC solution to their secure document access issue. 1.9 What Can Be Learned From This Project The author will gain a deeper understanding of the interactions between PHP, MySQL, Windows file security and command line applications such as icalcs.exe in a domain environment as well as gaining further knowledge and understanding of them individually. The author will also learn about working on a solution within an environment with nonpermeable constraints such as delivering a system that works within the current infrastructure, is delivered FOC using FOC development software, within a tight schedule, fulfilling specific requirements and is directly answerable to the company's Deputy Chief Executive. SVS may learn about the legal aspects of data storage, specifically laws relating to data protection. They may also become aware of current unknown security lapses. Additionally they could learn what is capable FOC in their current environment as a by-product of our meetings and user tests. 1.10 Roadmap Chapter 1 has fully defined the problem within the context of the business, listed the project’s objectives, given a brief overview of the proposed solution and detailed what could be learned from the project. Chapters 2 & 3 investigate the artefact’s requirements in detail and plan the project process. Chapter 4 reviews relevant work in other areas and details methods and tools used to design the solution. Chapter 5 details the construction of the artefact that solves the problem. Chapter 6 evaluates the solution and success of the project overall by comparing it to other relevant work and the against the success criteria; then possible future work is suggested.
1.11 Chapter Summary Now that the importance of file level security is known, the affect that it is having on SVS, their objectives for a solution and a brief overview of the proposed solution, we can start to plan, research, design, build and implement that solution.
John Neesham
Page 3 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Chapter 2 - Assessing Feasibility, Requirements and Risk 2.1 Chapter Overview This chapter has three sections; the Feasibility Study & Report, Requirements Analysis and Risk Analysis. The Feasibility Study produces a Feasibility Report. This is presented to the decision makers (SVS management team) at this early stage in order for them to decide whether to proceed with the project or not. The purpose of the Requirements Analysis process is to determine and document stakeholders' needs and expectations for a new system in a formal manner. Risks are problems that might occur in the project; this can be managed proactively using Risk Analysis in order to lessen the likelihood of project failure. Therefore by the end of the chapter it is known if the project is going ahead, the requirements of the artefact are known and documented and a contingency plan concerning risks is formulated and documented. 2.2 Feasibility Study Feasibility studies were carried out prior to the system development process in order to find out if the new system is worth implementing. They took into consideration factors that include budget, schedule, integration with the existing system and weather the proposed system met the required objectives at that stage. Sommerville (2011, p.37) states that Feasibility Studies should be quick and cheap and the results gained are documented as a Feasibility Report and used by decision makers as to whether to go ahead or not. Information can be obtained from various sources including managers and end users, and also by various methods including structured or unstructured interviews and observation of work patterns. To obtain the information required unstructured interviews and also observed work patterns were used; the interviewees (sources) were SVS employees Phil Lee (Deputy Chief Executive), Vicky Smith (Senior Administrator) and Auran Sood (End User). Bryce's (2013) Elements of a Good Feasibility Study was followed to construct the Feasibility Report in Appendix B. As this was done at an early stage, more detailed information and analysis in areas such as requirements analysis, analysis of current solution and alternative solutions and can be found in sections 2.3, 1.6 and 3 respectively. As a by-product and a pre-cursor to Chapter 3, it was discovered that many Agile methodologies state that this report is a waste of time (Bryce, 2013), therefore by including it the project may be leaning toward a Plan Driven methodology at this time. 2.3 Requirements Analysis The requirements analysis / engineering process was performed after the decision maker has allowed the project to proceed following the Feasibility Report, but before a methodology has been decided or any prototyping. The process benefits all parties in the following ways: · · ·
It is an early opportunity for two way communication and the client knows that the developer is listening to them so are more inclined to feel included in the process The resulting documentation can be used and referred to by all parties, can protect against miscommunication and records the details and source of each requirement request (IEEE Computer Society 1998) The developer can understand more about the SVS domain, where the system will be implemented
John Neesham
Page 4 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
·
The developer can talk to different sources within SVS to get more perspectives on the system's requirements
Additionally, from a financial view the importance is stressed by 8-15% of company budget for the project being taken by requirements analysis. Also, the cost of correcting requirements errors later on in the project is 100 times more than a simple error at the same stage (Kotonya and Sommerville 1998). Initially the author interacted with the identified stakeholders and the requirements were elicited. Secondly the requirements were categorised and formally documented, then finally they were reiterated with the client for clarity and prioritization. This three part process is discussed in more detail in the following three sections. 2.3.1 Eliciting Requirements Gathering requirements was the first step in the requirements analysis process and, as requirements form the basis of the system, was done with consideration. This process, including the methods discussed and used, can be seen in Appendix C Eliciting Requirements. 2.3.2 Categorising Requirements Once the requirements are gathered they were then categorised as either Functional Requirements (FR) or Non-Functional Requirements (NFR). FRs captures the behaviour, capabilities and functions that the system must be able to perform. These can be high level or detailed and must be understood by all parties. NFRs capture the specific, precise and quantifiable constraints and qualities of a system. Examples could be availability, portability, scalability of a system or concerning its interface and design. Kotonya and Sommerville (1998) use a tree model to sub-categorise NFRs into product, organisational and external, and then further subcategorise these again for a total of 14 NFR categories. This method was not chosen as it is very wordy and a requirement would need to be categorised (FR or NFR), sub-categorised (product, organisational, external) then subcategorised again (performance, space, accounting, etc...). It was decided that Atomic Requirements Shell (AKA "Snow Card") within the Volere Requirements Specification (Robertson and Robertson 2000) would be used. This uses a single card for each unique requirement. Each requirement is classified into FR or NFR and NFRs are sub-categorised further using an easily identifiable acronym such as LFR for Look and Feel Requirement. Robertson and Robertson (2006, p.242) states that each snow card also allows for individual requirements (Requirement Number field) to be documented (Description field), measurable/quantifiable (Fit Criterion field), linked to other associated requirements (Dependencies field), explain the rationale behind the requirements (Rationale field), trace who initiated the requirement (Originator field) and prioritize the requirement (Customer Satisfaction, Customer Dissatisfaction and Priority fields). The completed Snow Cards can be seen in Appendix D. This also enabled complex requirements such as 'Staff will be able to create, access and modify their own documents' to be decomposed into several more simple ones such as 'Staff will be able to create their own documents' that can be implemented individually.
John Neesham
Page 5 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
There were other fields that were omitted due to them being unsuitable for the project. These include Business Event Number, conflicts (there were no conflicting requirements) and supporting materials. Additionally the whole Volere Requirements Specification Template was not used as was not inkeeping with the Agile methodology side of the project plan; there was no need for this heavy documentation prior to coding, as used with purely Plan-driven methodologies. This approach fulfils most criteria listed in IEEE Standard 1233 (1998, p.13) as it states that requirements should be categorized by their identification, priority, criticality, feasibility, risk, source, and type. Identification, priority, criticality and source are covered by the Volere method, whilst feasibility is covered 2.2 and risk in 2.4. Some the types listed such as Safety, Environmental conditions and transportability were not relevant to the system so FR and NFR sub categories within the Volere method were chosen. The Volere method also fulfilled the IEEE Standard 1233 definition of a well formed document (1998, p.10) as each snow card contains a function within the system that will solve the related client requirement and can be tested. 2.3.3 Requirement Reiteration and Prioritization MoSCoW methodology was initially considered as a means of prioritizing already categorized requirements. It was originally used in Rapid Application Development and is now used in DSDM and other agile methodologies (Coley 2012). The prioritization is done under the Must have, Should have, Could have and Won't have headings. However, MoSCoW was not used as Volere requirements shell has inbuilt numerical prioritization of requirements, ascertained by the customer satisfaction and dissatisfaction fields, that was considered to be more precise. Once the Snow Cards were written up they were discussed again with the SVS management team. The requirements were found to not be in need of adjustment but the prioritization was not clearly stated. SVS were therefore asked to given numeric values to the Customer Satisfaction and Customer Dissatisfaction fields and this was used to calculate a high, medium and low value to the Priority field. These values will be used to implement the requirements at each evolutionary system prototype respectively (i.e. iteration 1 implemented high priority requirements, iteration 2 implemented medium priority requirements and iteration 3 implemented low priority requirements). These results are summarised below. High priority: · R1 The system will provide secure document storage · R2,3,4 The system will allow staff to create, read/access/update their own documents · R5,6,7 Staff will be able to create/read/update documents that are shared with all members of staff · R8,9,10 Authorized staff will be able to create/read/update restricted documents that can be accessed by other authorized users only · R11 Document access will be logged and can be accessed by the management team (Phil Lee & Victoria Smith) only · R18 System access and level of access will be protected using a unique username and password for each user · R19 The system must work on the platforms within the current infrastructure
John Neesham
Page 6 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Medium priority: · R12 Staff will not be able to bypass the system and access documents directly · R14 The system needs to be legally compliant regarding data laws · R15 The system must use company branding and colour scheme · R16 The system will use a familiar interface with a common layout · R17 The navigation system will be simple and intuitive to use Low priority: · R13 The management team will be able to manage system access authentication without the need to contact technical support · R20 The system must work across different versions of Internet Explorer (IE) 2.4 Risk Analysis Schwalbe defines Project Risks as 'problems that might occur on the project and how they might impede project success' (2002, p.425). The management of these risks are done in a proactive way and as a type of contingency planning. Lock argues that Risk Analysis is important because, if not done, can potentially cause effects on the project ranging from trivial inconvenience to disaster (2003, p.573). The process is to identify the risk, quantify the risk, develop a mitigation strategy, and then finally reassess the risk. Schmidt (2001) agrees that risk identification is the first step in the process, but argues that this is difficult due to no formal and validated list of common risk factors; therefore he created one called the Risk Factor List. This list was used to identify risks in this project. Each Risk Event was uniquely identified (e.g. Risk07) and listed. Each risk event is given a rank of low, medium or high for both its likelihood to happen and the potential harm this could do to the project. The risk rating, before any mitigation strategy is developed, is calculated by using the two aforementioned values with a probability/impact matrix (Burke 2006, p.261; Schwalbe 2002, p.439). The resulting pre-mitigation rating value was also used to prioritize the risk events. A mitigation strategy is then developed to decrease the likelihood of the risk occurring and the harm to the project if it does. The pre-mitigation rating is then reassessed using the now developed mitigation strategy. This creates a post-mitigation low, medium or high value. The Risk Analysis Table is used to list the preceding points in a concise orderly manner. This project's table is a modification of Burke's (2006, p262) Work Breakdown Structure (WBS) table. It includes the risk id, risk event, likelihood, and potential harm to project, pre-mitigation rating, mitigation and post mitigation rating. Please view the complete table in Appendix E. The table can be reviewed periodically and risk events reprioritised if deemed necessary.
2.4 Chapter Summary The Feasibility Report was presented to the decision makers who decided that the project should go ahead. The requirements were gathered, clarified, prioritized, and then finally documented; these will act as a list of all features of the artefact and a measure of project success. The project risks were identified and a mitigation strategy applied to each as a form of contingency planning. Therefore the project planning could the go ahead.
John Neesham
Page 7 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Chapter 3 - Project Planning and Methodology 3.1 Chapter Overview This chapter initially discusses the need for a methodology, then followed by the chosen Methodology and Model (based on the project criteria), the justification for this choice and a discussion of other similar models. With this decided it can be included in a project plan that will show the planned order of work as milestones that can be used to measure project progress. 3.2 The Need for a Methodology Avison and Fitzgerald define a methodology as: “a collection of procedures, techniques, tools, and documentation aids which will help the systems developers in their efforts to implement a new information system...and help them plan, manage, control, and evaluate information systems projects” (2006, p.24).
Sommerville argues that without a methodology's fundamental process activities of specification, development, validation and evolution (2011, p.29) a project can be over budget, not be on schedule, not thoroughly tested and/or not meet the stakeholders' requirements. Aken (2008) also argues the incorrect choice or application of a methodology is a factor in project failure. Therefore the use, choice and application of a methodology are critical to the project. 3.3 Project Criteria When developing the project solution the methodology was chosen based on the following project criteria rather than requirements: 1. Set time to finish (cut-off date) with measurable progress (milestones) 2. SVS were willing to work with me in order to produce the required system but were difficult to meet up with as too busy 3. No mock-ups were available in the meeting with SVS so they wanted to see something early on 4. All requirements were collected prior to starting 5. SVS were not concerned with documentation, just intuitive use 6. Software is security critical so the artefact needed to be iteratively tested before the final version 3.4 Chosen Methodology and Model Methodologies are categorised as either Plan-Driven (e.g. Software Development Life Cycle (SDLC)/Waterfall, Cleanroom) or Agile (e.g. XP, Scrum, Agile Unified Process), but some have attempted to develop a hybrid such as Boehm's Spiral development model. The project criteria leans toward both Plan-Driven and Agile methodologies; for example the lack of concern with documentation and request for an early prototype point toward an Agile methodology being adopted, but a set cut-off date and awareness of all requirements at outset lean more toward Plan-Driven. With this in mind the methodology chosen was the Plan-Driven Traditional Waterfall but with modifications that enable the Agile concepts such of early prototyping, no need for thorough upfront documentation and also iterative design, building and testing. The model is called the ‘Incremental Waterfall Model’ and can be seen in Figure 3.1.
John Neesham
Page 8 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Figure 3.1 – The Incremental Waterfall Model The requirements were gathered and prioritized (2.3), and then the model uses these to design, build and test the artefact a follows: John Neesham
Page 9 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
· ·
· ·
High requirements are separated off and these are used to design the first prototype. This is built and then presented/tested with the client. They give feedback and this feedback is added to the medium priority requirements The next iteration process starts. This builds on the existing prototype by incrementally adding functionality based on the first prototype feedback and medium requirements (this is evolutionary prototyping, not throwaway prototyping). This second iteration of the software is then tested with the client The cycle is repeated for the final time by starting with the second prototype feedback and low priority requirements, then final testing The deployment and integration into SVS infrastructure is done, if SVS state that they want to implement the artefact at this stage
The full justification for the chosen methodology and model can be seen in Appendix F. 3.5 Other Similar Models There are similar models to this in existence but each is slightly different and often has different names such as Incremental Model (Sikder 2009; Expert Program Management 2011), Incremental SDLC Model (Berra year unknown; Root Infocomm LTD 2011) or Phased Development Model (Masud year unknown). There are also other iterative models used to address the shortcomings of the traditional Waterfall model such as the Spiral model and Rapid Application Development (RAD) model; however the fundamental difference between those and the Incremental Waterfall Model is that they have an unlimited number of iterations from 1>N, whilst the Incremental Waterfall Model is fixed at three. In addition to this the Avison and Fitzgerald argue that the Spiral model is difficult to manage and control and is better for larger projects (2006, p.122) so was not used, whilst the RAD, like models that incorporate Agile techniques, are used for programming teams (Konstantinou year unkown). 3.6 Project Plan The project must also have an overall plan from start to completion, which includes the artefact design, built and test process stated above within. Figure 3.2 shows the project schedule expressed as a timeline of all project activities that must be completed. These act as milestones to check progress against also. Some, such as ‘Meetings with Client’ and ‘Requirements Analysis Section’, have already been completed. Those marked in orange show the parts of the plan that are specific to the artefact’s design, build and test process. As stated in the penultimate milestone, each section or milestone will be written up at the time and collated toward the end of the project process.
John Neesham
Page 10 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Figure 3.2 – The project schedule, expressed as a timeline John Neesham
Page 11 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
3.7 Chapter Summary The project’s Methodology and Model have been established, and the overall schedule documented. These will guide the processes of both the overall project and the artefact itself, and the schedule’s milestones can be used to measure progress.
John Neesham
Page 12 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Chapter 4 - Literature and Technology Review 4. 1 Chapter Overview This chapter analyses current relevant solutions, techniques and technologies that could be imported to the solution to resolve the problem (1.6). As the current solutions were analysed they were either dismissed or some parts are considered, and this progressively aided the design of the solution. Solutions analysed include inbuilt filesystem security, third party tools, remote storage, databases (Object Oriented, NoSQL and Relational), Binary Large Objects, scripting/programming languages and development tools. The research and investigations were thorough and therefore generated a large amount of information and analysis. Therefore sections that were not imported in any way into the solution were moved to the appendices; this is noted at various points throughout the chapter. 4.2 OS File Systems Within OSs there are inbuilt filesystems that if used correctly can securely store files, including office documents. Two common server OSs filesystems are Windows' NTFS and Linux's Filesystem Hierarchical Standard (FHS). 4.2.1 Windows NTFS Permissions Windows NTFS permissions, if configured correctly, ensure that only authorised users can access documents and only to the correct level. These are built in to the Windows OS from Windows NT (both server and client) onwards. Advantages of using NTFS for securing SVS's office documents are that it can achieve complex, fine grained and robust file access security at folder and file level (Wang 2012), it affects users regardless of the PC where they have logged in and making changes to the upper levels of the hierarchy can cascade down (be inherited) therefore lessening administration. Additionally, SVS already have the infrastructure in place and are familiar with its use. This fulfils the requirements of being FOC and having a familiar and easy to navigation interface. The disadvantages are their complexity and what factors can have an effect (see Appendix A), their decentralised nature and only having a date created and last modified for tracking. In addition to this is the unarguable point that this is the current solution and has proven to be unsuccessful, hence the need for this project. For these reasons a simple re-do of the NTFS permissions will not be performed as history has proven that there will be forthcoming problems pertaining to this. However, the problems only arise as NTFS permissions are misunderstood and users are accessing and modifying them directly. If the permissions were configured at outset and access was indirect, for example via an interface, then the robust security that they offer could be utilised. 4.2.2 Linux FHS Linux FHS was investigated but was not imported as part of the solution. The investigation can be seen in Appendix G Section 1. 4.3 3rd Party Tools Various 3rd party tools were investigated but were not imported as part of the solution. The investigation can be seen in Appendix G Section 2.
John Neesham
Page 13 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
4.4 Remote Storage This section encompasses solutions that store documents remotely. This includes a Secure File Transfer Protocol (SFTP) solution and Cloud solutions such as Microsoft Office 365, WebDAV and PERMIS. However, after investigating each subject in turn, none were imported as part of the solution. The investigation of these can be seen in Appendix G Section 3. 4.5 Database Use within the System Databases can be used in the system, but will only be part of the solution. They are not accessed directly and are used in conjunction with a user interface, enabling user interaction such as logging onto the system. Information such as authentication credentials (username/password), document use logs and a user's level of access need to be stored; storing such information in an array is possible but a database is ideal due to its robust and dynamic nature. Many types of database exist including NoSQL, Object Oriented (OODBMS) and Relational (RDBMS). 4.5.1 NoSQL NoSQL, created in 1998, is an acronym for Not Only SQL and co-exists with SQL for mass data storage. It scales out to interconnect large data sources such as those used in social media sites. There are many variants of NoSQL including Amazon's Dynamo, Facebook's Cassandra (open source), CouchDB (open source) and Google's BigTable (Perdue 2013). The advantages of NoSQL are that it has quick performance on mass data, is easy to expand (Jing et al. 2011) and already has cloud solutions (Burtica et al. 2012). Disadvantages are that is does not support SQL (Jing et al. 2011), the aforementioned variants all use different querying mechanisms (Perdue 2013) and it does not conform to ACID (Atomic, Consistent, Isolated, Durable) (Tudorica and Bucur 2011). It will not be used in the system as it was designed for Big Data and not for our smaller scale needs, is still in its early stages and may not be open source depending on variant chosen. Additionally, cloud solutions have previously been discussed and dismissed. 4.5.2 OODB and RDBMS OODBMS offer a tight coupling of programming languages with database systems and Batory (Prabhakaran et al. 1990) argues are the future of databases. As there is no clear separating line (as there is with a language connecting to a database) the benefits that are inherent to OOP languages are available to OODBMS such as encapsulation, code reuse and also generalisation/specialisation/inheritance, overriding/overloading/polymorphism; this can allow for increased security and less code required (Atkinson et al. 1989). Advantages include data models are based on real world objects, new objects are easily added (compared to adding a RDBMS entity which could require an ERD redesign) and OODBMS's can be quicker as only one language is used throughout; this also stops disparity between object structure and table structure (impedance mismatch) (2004, p.844). Additionally there is an open source OO database engine that can be used in Java and .NET (Db4objects 2013).
John Neesham
Page 14 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
There are many stand-alone disadvantages to using an OODBMS and some from comparisons to RDBMS. RDBMS have been used since the 1970's and as such are widespread, stable and more supported. OODBMS are comparatively new (1980s) and have less standardisation, even with the querying language Object Query Language (OQL) that Connolly and Begg state is the most predominant (2010, p.897). Connolloy and Begg also argue that RDBMSs are less complex to use and implement, and work quickly on smaller datasets (2010, p.852). OODBMS is overly complicated for a database of this size and a system of this scope. OODBMS's have known security flaws whilst RDBMS has been used long enough to have been secured. As mentioned above there is an open source software for OODBMS but RDBMSs have many including 'Oracle SQL 11g lite'. In addition to this a further reason for not using OODBMS is the authors knowledge gap on the important development procedure of UML design, OODBMS normalisation which is different to RDBMS normalisation (Lee 1995), the OO querying language QQL and not enough detailed use of OOP languages; the author has a previous learning, understanding and use of UML and Java but not enough to fulfil the requirements needed. This may appear to be using a database system that is convenient to the author but if the author took the required time to study UML, OODB normalisation, QQL and OOP to the level required then there is a very real possibility that the finished software could be over schedule and not fulfil functionality and security requirements. A RDBMS will be used as it is stable, supported, uses standard SQL dialects, is less complex, simpler to implement, secure and within the author's ascertainable skill range within the permitted time. These will assist with completing the system on time with requirements fulfilled. 4.6 Database Use for Storing Office Documents In relation to storage of the Microsoft Office documents themselves using a DB there were two options discussed, but neither was imported as part of the solution. These are discussed in Appendix G Section 4. Taking this and previous findings into account, the system at this stage will store information pertaining to users, document use logs and user's level of document access and more in a RDBMS, but Office Documents themselves within the filesystem, possibly using NTFS permissions. 4.7 Languages and Tools 4.7.1 Scripting or Programming Language A programming or scripting language is required to create a user interface, connect to the database and access Microsoft Office documents that are stored in the filesystem (so documents cannot be accessed by end users directly). Scripting language such as Ruby, Perl and PHP use interpreters to translate source code as they go, whilst programming languages such as C, C++ and Java use compilers to translate source code into binary that is understood by the CPU. Scripting and programming languages can be used separately or together and Ousterhout argues in his 1998, but still relevant paper, which one(s) chosen should depend on the application in hand. If the application is broad, has a GUI and evolving functions then a scripting language is John Neesham
Page 15 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
best, but if complex algorithms, large datasets and well defined functions are required then a programming language is best. Advantages specific to this project of scripting over programming languages include quicker build speed due to less lines of code required for the same result (Loui 2008), easier debugging, ties with RAD (used within the Incremental Waterfall model), have better choices to build GUI applications (Perl has 139 colours whilst Java has 13) and there is no client side software required which uses the existing infrastructure. The advancement in hardware technology has led to scripting languages no longer being a performance concern, again using SVS's current infrastructure without a hardware increase. The Java client software can also be deleted or updated which can affect functionality. Even though Object Oriented Programming has benefits such as code reuse and inheritance for cutting down time, taking into account the advantages to the project previously listed, a scripting language will be used. 4.7.2 Languages Used For the scripting language PHP Hypertext Pre-processor (PHP) was chosen as it was open source, contains library functions that connect to the database, can be used to create the XHTML user interface and also contains functions that aid file retrieval and NTFS permission changes. It is a server side scripting language and therefore cannot be turned off (as for example JavaScript can) and can be made more secure by tweaking settings such as turning off 'register_globals'. Sensitive data, for example passwords, can be encrypted using one of PHP's hashing functions such as MD5. The library of functions can be used to reduce Lines Of Code (LOC) and as code re-use; both save time and input. MySQL was chosen as it works well with PHP in dynamic websites and a development environment (Xiaosheng 2010) and is also open source. 4.7.3 Development Tools Different packages can facilitate the required software development environment including WAMP and XAMPP. XAMPP was chosen as it includes Apache Server, as PHP is a server side scripting language, and MySQL in one package. It also includes the PHPMyAdmin interface that provides a developer friendly GUI. Cacls/icacls.exe is a Windows command line utility that can modify NTFS permissions. Also, Windows command line commands can be run within PHP. Therefore NTFS permissions can be modified using PHP (using cacls/icacls.exe, within the command line, within PHP). This takes away the manual elements where users have navigated directly to documents with only Windows authentication for security. The system enables a second layer of authentication and more importantly to SVS there is now traceability/culpability. Also, direct access and therefore end user control is lessened. NTFS will still partially be used for security but permissions will be set at outset and as documents are not accessed directly, cannot be changed by end users.
John Neesham
Page 16 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
4.8 Chapter Summary Having looked at the current options available, the following configuration will be used to build the system: · PHP will be used to generate XHTML pages, connect to the database and perform scripting functions · Cascading Style Sheets (CSS) will be used for presentation and formatting of PHP generated XHTML documents · MySQL will be used to store data pertaining to authentication credentials, document use logs and users' level of access · Microsoft Office documents will be stored in the Windows server filesystem and only accessible by the proposed system interface, rather than directly as in the current solution. The file access/security will be maintained using NTFS permissions that are controlled using cacls/icacls.exe (within PHP files in the system) · XAMPP and PHPMyAdmin within are used for the development environment and, if the artefact is successful, by the company in the final rolled out commercial system
John Neesham
Page 17 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Chapter 5 - Designing, Building and Testing the Artefact 5.1 Chapter Overview This chapter starts with a discussion on the testing methods used and why. It is then split into three sections; these are for each iteration of the Incremental Waterfall Model discussed in 3.3 which covers the design, build and test of the artefact at each stage. The first iteration is concerned with implementing functionality regarding system security, document access, document monitoring and also compatibility. These are high priority requirements detailed in R1-11, R18 & R19 in 2.3.3. The second iteration is concerned with stopping staff bypassing the artefact to access documents directly, legal ramifications of data storage and users’ document monitoring, and also the interface in terms of ‘look and feel’, navigation and familiarity. These are medium priority requirements detailed in R12 & R14-17 in 2.3.3. The third iteration is concerned with the management team being able to manage the artefact without technical support and also browser compatibility. These are low priority requirements detailed in R13 & R14 in 2.3.3. The Build Diary can be seen in Appendix H and details the system build process; it may be a little unpolished but records the genuine evolutionary process of building the artefact, making/rectifying mistakes, looking for solutions, changes of mind, and more. To familiarise the reader with the working artefact, it is recommended that the artefact is installed at this stage by following the Installation Guide (detailed in Appendix I) and also reading the User Guide (detailed in Appendix J). 5.2 Testing Methods Hambling (2007, p.14) defines Software Testing is a 'systematic exploration of a component or system with the main aim of finding or reporting defects'. If defects can be found and then rectified the software will be of a higher quality and can this can be used to evaluate the success of the artefact in meeting the client's needs. Software testing was used in this project at three stages, listed in the Incremental Waterfall Model in chapter 3/methodology. As previously mentioned, each iteration reflects the prioritised requirements of the client; the artefact was designed and built to meet these, then tested at each iteration and finally rectified before moving on the next lower priority set of requirements. Testing was done early and throughout as it is much cheaper to fix an identified defect at an early stage rather than fixing that same defect at a later stage (Agile Modelling 2012). Compatibility, Unit and a method of Functional testing were employed. These different types of tests were used as they are testing for different errors, explained below. Kaner et al. (1993, p.56) state that Compatibility Testing checks that one product works with another product and my compatibility checks were for my artefact within the existing environment. A virtualised domain that replicates the SVS IT infrastructure was used as a sandbox to develop the artefact; therefore compatibility testing was performed throughout, as the system was essentially being built in SVS's environment and any issues were apparent as the build process progressed. This also has the benefit of any user testing being performed in a familiar environment. Unit testing is a type of White Box testing that tests programming code / modules in isolation, by the programmer, and are rectified as they occur. These units are then linked and form the John Neesham
Page 18 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
complete application. Examples of these in each iterative stage are discussed but not all were recorded, as Hambling states is often the case (2007, p.40). Functional testing is a Black Box testing technique. This tests if the requirements ascertained during the requirements analysis process were implemented and working in the artefact. This usually involves testers rather than users, but in this project there is only a developer and users; therefore this part of the testing was performed with users rather than testers. The author's experience of technical support with the client and other companies influenced the decision to test with users directly as many issues or suggestions can arise when the end user gives their perspective; therefore this leans a little toward usability testing too. Additionally, testing if the requirements are present and work correctly is a good measure of success. Other relevant types of testing such as Regression, Load/Performance and Beta were not used due to time constraints. 5.3 Iteration 1 Design and Build 5.3.1 Replicated / Virtual Environment A near replica of the SVS IT infrastructure was created using virtualisation. The server, workstations, operating systems, hardware, network addressing and domain were replicated in a virtual environment using an instance of VMWare Player for each separate network node. This was done to ensure that the artefact would work fully in their environment, aided compatibility testing and would be easier to implement in the live environment if the system were to eventually be used by SVS. This satisfies R19. 5.3.2 Securing the Server To ensure that the server itself was secure, direct access to XAMPP pages, PHPMyAdmin and the root SQL server were blocked from network access with separate usernames (un) and passwords (pw). Incoming port 80 needed to be opened on the server so that workstations could access the PHP pages, but was only opened for the 192.168.1.x/24 range. For a more detailed list of security measures, please see Appendix I. 5.3.3 Ascertaining the PC Name Ascertaining the PC name of workstations logged on in order to track their document use PHP has a function (‘gethostbyadd’) that gets the IP address of PCs using the site. Therefore, as using a LAN, the IP address can be mapped to a PC name and the PC name is then known. Various ways to do this mapping were investigated. The first was to have a batch file that ran an 'nbtstat -a 192.168.1.1 (server address)' command then opened the login page; this was decided against as it required local administrator rights and was deemed a security risk. Secondly Windows Management Instrumentation Command-line (WMIC) was considered but was decided against as it also required local administrator rights and the modification of Remote Procedure Call (RPC) settings. The technique chosen was to use Windows Internet Naming Service (WINS), which is already present in the form of Domain Name System (DNS) in the SVS infrastructure; as a PC joins the network then the PC name is automatically added to the Domain Controller's (DC) cache (viewable by the entering 'nbtstat -c' in the command line on the DC). Therefore the function returns a PC name, not an IP address (see Figure 5.1)
John Neesham
Page 19 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Figure 5.1 shows the code that checks if the client’s IP address was returned 5.3.4 Single Sign on Users log onto the artefact using the same un/pw that allows them domain access; without this they cannot gain access to the system. This also assists with document use tracking. In order for this to work, PHP Lightweight Directory Access protocol (LDAP) functions were required; these can only be used if the 'extension=php_ldap.dll' line in the php.ini file is uncommented (PHP 2013a). This code allows the login page (login.php and logintest.php) to have several outcomes when a user is trying to authenticate, ranging from their details are correct but they have not been added to the system yet, to successful login where cookies for username, PC name and access level are set and form the basis of document use tracking. This satisfies part of R18. 5.3.5 The Use of Cookies Cookies are used throughout the site. These are some of their uses: · To set the user's access level (the value is taken from the database) · Add/remove the presence of navigation bar tabs giving access to authorised areas · Stop direct access to unauthorised areas (if cookies are not set or at the wrong level for the page then users are ousted to the login page or home page respectively) · To aid with tracking 5.3.6 Database Modelling During 4.4 & 4.5 using a MySQL DB to store information pertaining to the user, their document use, instead of arrays was discussed. As the coding stage developed it was found that this is the limit that a DB needs to be used for in this system. Using directories to store files and access them with PHP functions proved to be a more successful and streamline method to dynamically store documents, without the need for paths within a DB field pointing to the location of the files; this technique lessened the need to consult a DB each time files were accessed/modified and lessened the associated overhead. The user information stored in the DB includes their username and access level: · Access level 1 enables users to access the system, Your Documents and Shared Documents · Access level 2 additionally enables users to access Restricted Documents · Access level 3 additionally enables users to access the Management Area The document information stored in the DB includes the current status (checked out or in), date & time (My SQL 2013), location, user and pc. The DB is relational and normalised to the third normal form. The Entity Relationship Diagram (ERD) and associated scripts can be seen in Appendix K.
John Neesham
Page 20 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
5.3.7 Accessing, Modifying and Adding Documents Documents are stored in directories on the server, protected by NTFS, and not directly accessible by the user but only via the system. This follows on from arguments made in chapters 1 & 4 that NTFS is a secure and viable solution but only if not accessed directly by the end user, management team or technical support staff. Within the system each user has access to their own documents (Your Documents) and shared documents (Shared Documents). If the user has access level 2 then they also have access to sensitive documents (Restricted Documents); this is discussed further in manage users section. Each set of documents (e.g. Your Documents, Shared Documents) is stored within a single directory in an undisclosed location on the server. Via the interface/system the user can view (PHP 2013b: Stackoverflow 2013a: Stackoverflow 2013b) then download and upload documents to this location but never know where they are downloading from (PHP 2013c); this is one of the 'indirect access' designs used for security. A single directory was used, rather than allowing users to create directories within their directory, as this has caused problems historically (discussed in Appendix A). The NTFS permissions are set on the server and local library folders and files take on those parent permissions when moved (Yildirimoglu 2009). When a document is downloaded (to the user's Local Library folder on the desktop that is only accessible by that user and the domain administrator) a copy is left on the server; this was done in case the document is accidentally deleted, the PC malfunctions or the Local Area Network (LAN) goes down and therefore the user can keep accessing and working on the document. When uploaded again the local copy is deleted (using the PHP ‘unlink’ function) and original server copy is overwritten. In addition to this, if the document is Shared or Restricted, rather than in Your Documents, a line is added to the database document table detailing on who downloaded/uploaded it, from which pc, the date and time, weather it was checked in or out and weather it was Shared or Restricted. Reasons for this are: · Management document logging · To ensure a document cannot be checked out again if it is downloaded already. Details of who logged it out and on which PC are listed onscreen to the user who is trying to check it out · The only user who can return the document is the user that checked it out, from the same PC and back to the same area (e.g. Shared). · This allows one copy of the document to be checked out (stopping the Lost Update issue). Documents with apostrophes are not accepted as they cause issues with DB inserts; this can be rectified with the PHP ‘str_replace’ function but there are many scripts involving a document download/upload, there would be slightly different document names in the directory and in the Document DB table, and this was seen as a cleaner less problematic way of doing it. Code has been created to catch errors relating to a different user and/or different PC uploading documents, returning a document to a different area than it was borrowed from (e.g. borrowed from Shared but returned to Restricted), incorrect management configuration of the Local Library folder (i.e. the server cannot access the Local Library folder in order to upload and unlink), apostrophes, trying to check out documents that are currently checked out and duplicate document names. Each error stops the download/upload and displays an understandable onscreen message; this assists with the robustness of the system, informing the user and document versioning. Adding a document can be done by clicking the 'add a document to the library' button on the homepage and following the onscreen instructions. These features ensure R1-10 are met and assist with R11 & R18. It was felt that these measures struck a central balance between Confidentiality, Integrity and Availability in the CIA security triad (Summers and Tickner year unknown). John Neesham
Page 21 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Examples include: · Confidentiality - A users documents stored within the Your Documents area are available only for that user. · Integrity - Only authorised users can borrow, modify and return documents; therefore the contents can only be changed by authorised users and integrity is maintained. · Availability - a user’s own document stored within Your Documents available to that user at any one time. Shared and Restricted documents are available at any time also (if access to that area is authorised), providing they have not already been borrowed by another user. 5.3.8 Document Management As mentioned in 5.3.7 when a document is successfully checked out/in it adds a row to the document DB table. Aside from the aforementioned reasons for this, it is also so that the management team can monitor or investigate its activity. The Manage Documents page enables the management team (access level 3) to search for documents and then view their activity (Stackoverflow 2013c); this can be the current activity, last five activities or all previous activities. There is not an option for searching by user as this could be construed as monitoring the users activity (rather than document activity) and could be legally cumbersome (5.5.2). Although deleting was not discussed as a requirement with the client, it was included in order to maintain system efficiency. Within the further document details page there is a delete button that will delete the document but not the logs pertaining to it; it simply adds a row with a status of deleted. Also the document cannot be deleted if the document is currently checked out; this was to stop the document being resurrected by the user checking it back in and therefore possibly confusing the log system. This fulfils R11. 5.3.9 PHP Page Map This can be seen in Appendix L. At this stage many of the pages were empty (e.g. User Management) and was just used to test functionality but ended up being the finished version of the map. Figure 5.3 shows the look of ‘searchrestdocs.php’ at the stage.
Figure 5.3 shows the look of ‘searchrestdocs.php’ at the stage 5.4 Iteration 1 Testing 5.4.1 Compatibility This worked in the replicated virtualised environment (R19). However there was some 'requirement creep' after testing as the management team announced that they may be moving to Windows7 OS as support for Windows XP SP3 is being withdrawn by Microsoft. This was not part of the project requirements but was relatively quick and non-problematic to resolve by installing a Windows7 VM, changing the settings as before (Appendix I Section 3 in the User Guide) and successfully adding it to the domain. For the browser the inbuilt IE8 in 'Browser Mode: IE7' was used. There were no additional issues to the current XP workstation setup.
John Neesham
Page 22 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
5.4.2 Unit There were too many examples to list here of modules that issues were checked and resolved; they are therefore included in Appendix M. 5.4.3 Functional Users performing the tests were Management Team members Phil Lee and Vicky Smith and members of staff Julie Marron, Louise Evans and Rowena Singh. The later three were chosen simply as they were end users, in a near room and were free for an hour; this is a known as Hallway testing and is a type of usability testing. Different tests were issued by myself to different members of staff and reflected the high level requirements. Examples include: · Asking users to borrow a document, modify it, then return it (R3,4,6,7,9 & 10) · Asking users to log into the system (R18) · Asking users to create a new document and add it to the library (R2,5 & 8) · Asking users with level 1 access to try to access level 2 documents (R1) · Asking the management team to locate a chosen document's activities (R11) 5.4.4 Issues Identified by Tests and Rectified · There were several issues with users feeling 'unclear' about trying to borrow, return or create a document. The users were given a quick demonstration and they could then borrow and return documents to all areas they had access to. The conclusion made was that the system was not intuitive enough to use without instruction. A User Guide (Appendix J) was created to resolve this. · The management team queried why the activity regarding Your Documents was not logged, as it was with Shared and Restricted. They were informed that this could have legal implications, even with a login agreement message in place (5.5.2) · Phil Lee noticed that if you knew the full path to the document, including the extension, then you could access the document directly but only if you had NTFS permissions to do so; for example by entering '\\svr\svs\svs document library\shared\doc1.txt' into the run box, the document would open up outside of the application. This was actually an error the developers part as when configuring the workstation VM, local administrator rights had been left on; once these were removed this was no longer possible and this change did not affect functionality. · Following a successful logon a welcome message was coded to appear stating the users name, PC and access level but the Management Team wanted this to appear on all pages. This was changed in iteration 2 to appear in the watermark on all pages. · The Management Area was originally named the Admin Area but Vicky Smith wanted this renamed to deter curious access level 1 and 2 users. This was changed to the 'Management Area' as requested. · There were many comments about the basic look of the system. The users were informed that this iteration's purpose was to provide functionality and little effort was made for display, but that would be one of the focuses of iteration 2.
John Neesham
Page 23 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
5.5 Iteration 2 Design and Build 5.5.1 Document Access Using the System The documents are stored within directories on the server. The directories are protected using NTFS permissions and the documents within take on the permissions of these parent folders. The only way to access the documents is via the system, which cannot be bypassed so there is no direct access to the documents (R12). Users do not have rights to browse to the server shared folders, and in the case of rights being accidentally given there are two high level directories ('SVS' and 'SVS Document Library') that are used to block navigation to the lower level User, Shared and Restricted directories; therefore you cannot navigate to documents either. Direct access to the document library system is blocked by un/pw for XAMPP, SQL DB and the server itself (detailed further in Appendix I). The management team (level 3 users) also cannot directly modify NTFS permissions and need to do this via the interface (discussed further in 5.5.3). 5.5.2 Legal Implications of Monitoring User Activity Details on the legal implications of SVS using the artefact and the steps taken to safeguard them are discussed in Appendix N. 5.5.3 System Interface Design Rather than creating an interface design from scratch, a template was chosen and merged with the functional code detailed in 5.3, as this seemed a more efficient use of time. The template was selected from Open Source Web Design (OSWD) (WebTom 2013) and can be seen prior to integration with my system in Figure 5.4.
Figure 5.4 – Shows original template, prior to integration with the system
John Neesham
Page 24 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
It was chosen as there were parts that fit the system’s needs (e.g. watermark, header, navigation bar, footer) and unwanted other parts that could easily be removed (e.g. sidebar menu and text advertisements area). The template code was then streamlined by removing unrequired HTML and excess CSS. The header logo was added and colours changed to fulfil the company's requirement to use their logo, branding and colour scheme (R15). These were ascertained by investigating the company's existing website (http://www.southamptonvs.org.uk/), which can be seen in Figure 5.5. This will also assist with R16.
Figure 5.5 – Shows the SVS website with colour scheme and company branding Following this, recoding, tables, buttons, scrollbars (quackit.com 2013), commenting, indenting, general tidying and XHTML validation (W3C 2012) was done for each page within the system. Although this is browser based, rather than web based, the author still considered XHTML validation beneficial as it produces neater, more uniform code that is easier to understand and add to. Some of these features can be seen in Figure 5.6
John Neesham
Page 25 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Figure 5.6 – Shows the functionality code merged with the modified template and the use of buttons, table and scrollbar 5.5.3.1 Accessibility Accessibility was also considered. The steps taken to ensure that the artefact meets all minimum and some intermediate and advanced accessibility guidelines are documented in Appendix O. 5.5.3.2 Human Computer Interaction (HCI) HCI is the study of relationships between users and the computer systems they use to perform their various tasks; Faulkner argues that the success of the system can depend on this (2002, p.9). The changes made in the design and build process regarding HCI are discussed in Appendix P. 5.6 Iteration 2 Testing 5.6.1 Compatibility This works with IE7 on Windows XP and Windows7 (IE8 in 'Browser Mode: IE7') PCs in the replicated virtualised environment (R19). 5.6.2 Unit There were too many examples to list here of modules that issues were checked and resolved; they are therefore included in Appendix M. 5.6.3 Functional Users performing the tests were Management Team members Phil Lee and Vicky Smith, and member of staff Auran Sood. John Neesham
Page 26 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Different tests were issued by myself to different members of staff and reflected the medium level requirements. Examples include: · Asking users and members of the management team to try and access documents directly, bypassing the system (12) · Asking users if they understood the 'consent' popup message (R14) · Asking users to navigate around the system and asses it's familiarity and simplicity (R16 & R17) 5.6.4 Issues identified by tests and rectified · This was very much as 'look and feel' exercise and was therefore hard to quantify, but the users reported being positive about the interface additions on this iteration of the artefact · The management team asked for a favicon to be included, so a red book icon was added · The users queried the functionality of the Log Out button as it appeared to them to just be a hyperlink to the homepage; it was explained that it was but this also included clearing the cookies and therefore the user was no longer authenticated 5.7 Iteration 3 Design and Build 5.7.1 User Management The Manage Users section allows the management team (access level 3) to add a new user, change a user's access level and/or delete a user. It also has information on how to reset a user's password. The Add User section details the current AD users and those who have been added to the system. It allows you to add a new user who is currently in AD but not in the system yet and catches errors relating to duplicate names and blank input boxes. The Change User Access Level or Delete User section allows you to increase or decrease a user’s access level or delete that user from the system and catches errors such as inputting a new access level outside of the 1-3 remit. This whole section heavily uses command line inputs, command line application icacls.exe (Windows Server 2012), PHP functions and DB scripts, as these examples show: · Add a new user checks if the user exists, adds them to the DB, creates a new Your Documents directory & secures NTFS access only for them, adds an ACE to the ACL of Shared documents directory for that username and then returns a successful message · Changing user level to access level 3 modifies the database, adds an ace to the ACL of Restricted documents for that username (this is because you may have been promoted directly from level 1 to 3) and then returns a successful message · Deleting a user removes the user from the DB and their log files (using MySQL's ondelete cascade), the Restricted Documents ACL (in case they were an access level 2 user), the Shared Documents ACL, deletes the users Your Documents directory and all documents within and returns a successful message. This is shown in Figure 5.7.
John Neesham
Page 27 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Figure 5.7 – The deleteuser.php script deletes all traces of a user from the system including log files pertaining to them Once again users (in this case members of the management team) do not know where users' directories are located and what NTFS permissions they have, but are able to manage them successfully but in an indirect way. This fulfils R18 and assists with R1. 5.7.2 Single Sign On For the user to access the system the un/pw details are checked against AD and then cookies are set; this forms the authentication process. Therefore this is a single sign on as the same un/pw for Windows is used for system access. This makes password resets easier as you can just reset the password in AD, which the management team are familiar with (R13). 5.7.3 Browser Compatibility SVS currently use IE7 which this system has been designed for, but three separate CSS file have been created so that the system also works with IE8 & 9 (R20). 5.8 Iteration 3 Testing 5.8.1 Compatibility Using the artefact in the replicated virtualised environment (R19) with IE7, 8 & 9 worked fine, but looked a little different (e.g. button shading) in each version of IE. 5.8.2 Unit · Ensuring that following a successful login, logintest.php sets 3 cookies · Ensuring when a user is added, removed or their access level changed that the DB and ACL in Users, Shared or Restricted directories do change accordingly · If the user already exists in the system but you try to add them again, is the error caught and the correct message displayed John Neesham
Page 28 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
· · ·
If you try to change the user level to a character or integer outside of the 1-3 remit, is the error caught and the correct message displayed The correct CSS file is used depending on version of IE used (R20) If a user is added to the DB, do they appear in the middle list in addusermain.php
5.8.3 Functional As this iteration’s testing is predominantly for the Manage Users area, then only Management Team members Phil Lee and Vicky Smith were present. Different tests were issued to the management team and reflected the low level requirements. Examples include: · Adding a user to the system (R13) · Deleting a user from the system (R13) · Changing a user's access level (R13) 5.8.4 Issues Identified by Tests and Rectified · This was a clear testing session with no user queries or errors with no explanation of how to perform tasks was required. Therefore a conclusion was reached that this part of the system was usable and intuitive · There were a few requests regarding adding or changing areas within the artefact, but these referred to sections within previous iterations and were not mentioned at the appropriate time (i.e. after those iteration's functional test sessions). This was therefore discussed these with the client and ones with an agreed solution were added to the evaluation section. Examples were the inclusion of a breadcrumb trail (iteration 2) and a change of layout in the contents section of the homepage (iteration 2)
5.9 Chapter Summary This chapter discussed the artefact’s design, build and test process at each iteration. During each test process, errors were identified and rectified. The artefact is complete for the purposes of the project.
John Neesham
Page 29 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Chapter 6 - Project Evaluation 6.1. Objectives and Requirements As stated in 1.7, the overarching objectives were broken down into requirements. These in turn were gathered, clarified, prioritized and documented (in Appendix D) so expectations of the artefact between developer and client were clear. The prioritized requirements were designed and built into the artefact in each iteration of the Incremental Waterfall Model. User (function) testing specific to each requirement was performed and the user gave feedback also. As errors were identified and resolved and SVS signed off the current artefact version at each stage, and therefore meeting requirements, it can be concluded that the artefact was successful. 6.2. The Project Process The schedule and Incremental Waterfall Model formed the base of the project process with risk analysis helping to limit potential problems. The schedule (3.6) was correct in terms of time allotted to each section and this was used to measure progress and not over run on any one section, but was not performed in the order stated. For example the local prototyping of the artefact was performed quite early on, as the developer had not done any software development work recently and also wanted to test PHP directory functions prior to a full scale-up. The Incremental Waterfall Model was followed strictly and worked well. The only issue with the timing of the artefact’s design, build and test was that it over ran by one week in the tasks prior to starting and therefore worked the hours allotted to 6 weeks into 5 weeks. Some of the risks identified in the Risk Analysis Table (Appendix E) did happen and therefore the mitigation was applied. Risk01 occurred with 5.8.4 and 5.4.1; this shows the importance of Requirements Analysis. Risk05 occurred many times thorough developer (unit) and user (function) testing; this shows that the Incremental Waterfall Model was practically useful as it was the right balance of Plan-Driven and Agile methodologies and was therefore a solid base but also flexible when needed. The feasibility report (2.2) proved to provide the decision makers with the information needed to make the correct decision to continue. The Agile technique of Timeboxing proved a viable technique as the artefact development process ran to plan; in addition to this, functionality was only a little compromised. When comparing the project proposal (Appendix Q) to the actual project process and final artefact, there are some parts kept the same whilst others differed. The details of the problem/list of issues caused are the same and have not been expanded upon by the client. The overall objectives of the artefact and structure that will resolve specific problems are mostly unchanged. The changes are the idea of document storage using a DB being changed to document storage within the filesystem, and MoSCoW prioritisation was mentioned in the project proposal but decided against in the actual project process. Regarding the project plan, the list of tasks was similar but the actual project had a few inclusions such as Requirements Analysis and Risk Analysis. The order in which tasks were carried out was also different and the time allotted to each was changed in the actual project plan.
John Neesham
Page 30 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
6.3. The Artefact and Other Solutions Chapter 4 analysed the current solutions available and discussed the inclusion/exclusion of these. As the artefact is now complete it was contrasted with these solutions. The inclusion of NTFS has proven reliable and secure but, as argued in 4.1.2, only if it is not directly accessed/modified. The exclusion of 3rd party tools (4.2) has proven to be the correct decision as it was felt that they were not practical for hierarchical file structures and a domain environment. Remote storage tools (4.3) on the whole were excellent but all needed WAN connectivity and/or were not FOC, whilst using a DB for document storage (4.5) was considered over complex for the task at hand. Using the artefact as a solution worked well as it was designed, built and tailored specifically for SVS's issues by a technician that had knowledge of the company and their procedures, regular experience of the issues and an understanding of the tools and technologies chosen to create the solution. It is felt that the unrequired parts of chapter 4's investigation were not chosen and that the required parts were carefully chosen and included in the solution, thus creating a solution that mixes the most relevant technologies, techniques and tools for the identified problem. 6.4. What Has Been Learned from the Project? The following has been learned during the course of this project: · The importance of documented Requirements Analysis as, without this, requirement creep could have caused the project to run over schedule · Both SVS and the author have learned more about the legal aspects of data storage · Working with Virtual Machines · A new and/or deeper understanding of a variety of current technologies that were investigated and discussed in chapter 4 · New concepts were encountered such as Plan-Driven and Agile Methodologies, Feasibility Study/Report and Risk Analysis · Software Testing was a new topic that had to be learned, a method chosen and then employed · Developing a system with an initial and on-going FOC solution that works within an existing infrastructure with no ‘wiggle room’ · Deeper understanding of PHP, SQL, CMD Line, ICACLS, LAN networks and domains · The importance of sticking to a schedule · How charity and voluntary organisations work as a business and the less expensive Windows licensing they can use 6.5. Future of the Artefact There are several ideas on how the project could be extended or artefact improved, if time allowed. These have been split into sections that are detailed below: 6.5.1 Issues with the System These were issues that were noticed during the development process or unit testing but, as Timeboxing was employed and the time for that iteration had passed, could not be rectified at that stage: · If a user does not log off (just closes browser with x) then bypasses the login page (which is possible as they will have cookies set) they can avoid logging in again. This is not a security issues or an audit issue, but just worth a mention · If a user selects a document in shared or restricted areas to download (by searching for then clicking on it) but then just cancels or opens, rather than saving, the document is recorded as downloaded/checked out. Therefore the document will not have been John Neesham
Page 31 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
·
·
·
·
downloaded but cannot be accessed either as the system will report that that user current has it. This would be rectified by using a PHP exec function that utilises a Command Line ‘copy’ script If a user logs onto Windows as one user then SVS Document Library as another user this can cause problems with tracking. They will be able to download a doc still, but not upload a document as it has been coded this to be blocked and display an information message (e.g. in shareduploader.php). However, this should not be a problem as all users have unique domain un/pw’s (no generic or shared ones), therefore they should only know their own credentials If you download a document from Your Documents, you can then add it to restricted documents or shared docs. This is ok in itself as it will be treat as a new document to the system within those areas. However, there may then be multiple versions of your doc floating around (one in Your Documents and another in shared or restricted). This was caused by Your Documents activities not being recorded and not in the DB (therefore cannot check 'area' of doc you are trying to upload to restricted documents area against the DB) Only users with access level 3 can delete Shared and Restricted docs. There is currently no way for any user (at any level) to delete Your Documents. In a further iteration a feature would be included that allowed users to delete their own documents or those they had access to; this would be tracked, as shared and restricted document activities are If the password box is left blank on the login.php page, the logintest.php page displays the appropriate output information message, but the CSS does not correctly display the frame
6.5.2 Developer Improvements These are afterthoughts, by the developer that were noted after the artefact completion but before completing the report, that at felt improve the artefact: · · · ·
Comment and validate CSS Code reuse was bad for some pages. This could have lessened LOC rather than big if/else. A good example of this is in fileauditresults.PHP The artefact should work in the Mozilla Firefox browser The artefact should work in IE10
6.5.3 Client Improvements These are improvements that the client wanted made to the artefact. They were connected to iteration 1 and 2, but mentioned after iteration 3 function testing and therefore, due to Timeboxing, the requirements analysis process and the Incremental Waterfall model, could not be done within the project timescale. These could be done as a forth iteration, prior to implemented, if SVS were to adopt the artefact within their IT system: · Move 'add a document' button that is currently on the homepage to the navigation bar · The five buttons should on the homepage should be a ‘grid’ pattern rather than vertically ordered · When the Log Out button is pressed, a message should appear reminding users which documents they have borrowed but not returned (i.e. those still in the Local Library folder) · A message to appear at login to let users know that they can work on the documents locally from their Local Library within being logged onto the system still · A breadcrumb trail just below the navigation bar John Neesham
Page 32 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
6.6 Project Conclusion The project objectives were to create a browser based system that securely stores documents, is FOC, integrates into the existing IT infrastructure and can be administered by the client. This was achieved within the allotted timeframe, as it evidenced by the testing/feedback process, and therefore the project and artefact can be considered a success.
John Neesham
Page 33 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Referencing and Bibliography Agile Modelling, 2012. Examining the Agile Cost of Change Curve. Ambysoft. Available from: http://www.agilemodeling.com/essays/costOfChange.htm [Accessed 14 February 2013]. Aken, A., 2008. CHUNK: An Agile Approach to the Software Development Life Cycle. Journal of Internet Commerce, 7(3). Available from: http://www.tandfonline.com/doi/abs/10.1080/15332860802250385 [Accessed 8 February 2013]. Atkinson, M., Bancilhon, F., DeWitt, D., Dittrich, K., Maier, D. and Zdonik, S., 1989. The ObjectOriented Database System Manifesto. In: Proceedings of the First International Conference on Deductive and Object-Oriented Databases, December 1989, Kyoto, Japan. Available from: http://www.cs.cmu.edu/afs/cs.cmu.edu/user/clamen/OODBMS/Manifesto/ [Accessed 4 February 2013]. Anne, S.K., 2012. What is a sticky Bit and how to set it in Linux? The Linux Juggernaut. Available form: http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.ddi.doc/ddi 164.htm [Accessed 25 January 2013]. Antony, A., 2013. LDAP issue, ldap_bind invalid dn syntax. Stack Exchange. Available from: http://stackoverflow.com/questions/13487225/LDAP-issue-LDAP-bind-invalid-dn-syntax [Accessed 18 March 2013]. Avison, D.E., and Fitzgerald, G., 2006. Information systems development: methodologies, techniques and tools. London: McGraw-Hill Education. [Accessed 8 February 2013]. Berra, Y., Year Known. Software Development Life Cycle (SDLC). Chicago: DePaul University Available from: http://condor.depaul.edu/jpetlick/extra/394/Session2.ppt#256,1,Software Development Life Cycle (SDLC) [Accessed 14 February 2013]. Biliris, A., 1992. An efficient database storage structure for large dynamic objects. In: 8th International Conference on Data Engineering, 2-3 February 1992, MA, USA. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=213180 [Accessed 28 January 2013]. Boehm, B. and Turner, R., 2004. Balancing agility and discipline: evaluating and integrating agile and plan-driven methods. In: 26th International Conference on Software Engineering, ICSE 2004, 23-28 May 2004, CA, USA. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1317503 [Accessed 10 February 2013]. Brinkmann, M., 2011. NTFS Permissions Tools. Ghacks.net. Available from: http://www.ghacks.net/2011/05/24/NTFS-permissions-tools/ [Accessed 27 January 2013]. Bryce, T., 2013. The Elements of a Good Feasibility Study. Project Smart. Available from: http://www.projectsmart.co.uk/elements-of-a-good-feasibility-study.html [Accessed 20 February 2013]. Burke, R., 2006. Project management: planning and control techniques. 5th ed. Ringwood: Burke. [Accessed 17 February 2013]. John Neesham
Page 34 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Burns, R., 1998. Version Management and Recoverability for Large Object Data. In: 1998 Proceedings International Workshop on Multi-Media Database Management Systems, 5-7 August California, USA. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=709474 [Accessed 5 February 2013]. Burtica, R., Mocanu, E.M., Andreica, M.I., and Tapus, N., 2012. Practical application and evaluation of no-SQL databases in Cloud Computing. In: IEEE International Systems Conference, SysCon 2012, 19-22 March 2012, Bucharest, Romania. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6189510 [Accessed 4 February 2013]. Chadwick, D.W., and Otenko, A., 2002. Future Generation Computer Systems: The PERMIS X.509 Role Based Privilege Management Infrastructure. University of Salford. Available from: http://sec.cs.kent.ac.uk/download/FutureGenCompSyst.pdf [Accessed 30 January 2013]. Changgui, L.I. and Zhiping, L.V., 2010. A Method to Store and Access a Folder in a Database. In: 2010 International Conference on Intelligent System Design and Engineering Application, 13-14 October 2010 Hunan, China. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5743132 [Accessed 5 February 2013]. Charity Express Ware, 2013. I’m a Charity. Cloud Software Solutions. Available from: http://www.charityexpressware.co.uk/ [Accessed 21 January 2013]. Civil, R., 2008. How IT works. Microsft Corporation and CMP Media. Available from: http://technet.microsoft.com/en-gb/magazine/2006.01.howitworksntfs.aspx [Accessed 22 January 2013]. Coley, P., 2012. MoSCoW Prioritisation. Coley Consulting. Available from: http://www.coleyconsulting.co.uk/moscow.htm [Accessed 27 February 2013]. Connolly, T.M., Begg, C.E., 2010. Database systems: a practical approach to design, implementation, and management. London: Addison-Wesley. [Accessed 4 February 2013]. Coulin, C., and Sahraoui, A., 2008. A Meta-Model Based Guided Approach to Collaborative Requirements Elicitation. France: Ecole Polytechnique ParisTech. Available from: www.cesames.net/fichier.php?id=288 [Accessed 26 February 2013]. Date, C.J., 2004. An introduction to database systems. 8th ed. Boston: Pearson/Addison Wesley. [Accessed 4 February 2013]. Davis, N., Holloway, P., II and Hale, John, 2004. SILT: integrated logging management for security-enhanced Linux. In: Proceedings from the 5th Annual IEEE SMC on Information Assurance Workshop, 10-11 June 2004, Tulsa, USA. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1437831 [Accessed 27 February 2013]. Db4objects, 2013. Open source object database engine. Versant Corp. Available from: http://www.db4o.com/?src=ODBMS-downloa [Accessed 26 January 2013].
John Neesham
Page 35 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Dewan, H. and Hansdah, R.C., 2011. A Survey of Cloud Storage Facilities. In: IEEE World Congress on Services, SERVICES 2011, 4-9 July 2011, Bangalore, India. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6012718 [Accessed 24 January 2013]. Dix, A.J., 2004. Human-computer interaction. 3rd ed. Harlow: Pearson. [Accessed 11 April 2013]. Expert Program Management, 2011. Software Development Life Cycles. Available from: http://www.expertprogrammanagement.com/2011/05/software-development-life-cycles-sdlc/ [Accessed 14 February 2013]. Faulkner, C., 2002. The essence of human-computer interaction. Harlow: Prentice Hall. [Accessed 11 April 2013]. File Zilla, 2012. File Zilla: The free FTP solution. AOE media. Available from: http://filezillaproject.org/ [Accessed 28 January 2013]. Firouz-Abadi, M. and Ghassem-Aghaei, N., 2013. A Model for Making NTFS Permissions Setting More Usable. EBSCO. Available from: http://connection.ebscohost.com/c/articles/78237558/model-making-ntfs-permissions-settingmore-usable [Accessed 25 January 2013]. Glenn, W., and Northrup, T., 2006. Supporting Users and Troubleshooting a Microsoft Windows XP Operating System. 2nd ed. Washington: Microsoft Press. [Accessed 23 January 2013]. Goguen, Joseph A. and Linde, C., 1993. Techniques for requirements elicitation. In: Proceedings of IEEE International Symposium on Requirements Engineering, 4-6 January 1993, Oxford, UK. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=324822 [Accessed 20 February 2013]. Gunda, S.G., 2008. Requirements Engineering: Elicitation Techniques. Sweden: University West. Available from: hv.diva-portal.org/smash/get/diva2:215169/FULLTEXT01 [Accessed 26 February 2013]. Hadar, I. and Sherman, S., 2012. Agile vs. plan-driven perceptions of software architecture. In: 5th International Workshop on Cooperative and Human Aspects of Software Engineering, CHASE 2012, 22 June 2012, Haifa, Israel. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6223022 [Accessed 8 February 2013]. Hambling, B., British Computer Society, and Morgan, P., 2007. Software testing: an ISEB foundation. Swindon: British Computer Society. [Accessed 8 April 2013]. Healthcare Computing, 2013. Healthcare Computing. Available from: http://www.healthcarecomputing.co.uk/ [Accessed 20 January 2013]. HFS. 2013. HTTP File Server. Earth globe copyright Planetary Visions. Available from: http://www.rejetto.com/hfs/ [Accessed 30 January 2013]. Holme, D., and Thomas, O., 2006. Managing and Maintaining a Microsoft Windows Server 2003 Environment. 2nd ed. Washington: Microsoft Press. [Accessed 23 January 2013]. John Neesham
Page 36 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
IBM Corporation, 2005. IBM Informix Database Design and Implementation Guide. IBM. Available from: http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.ddi.doc/ddi 164.htm [Accessed 24 January 2013]. IEEE Computer Society, 1996. IEEE Guide for Developing System Requirements Specifications. USA: Institute of Electrical and Electronics Engineers. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=502838 [Accessed 15 February 2013]. Ipswitch MOVEit Support, 2013. Web Interface – Folders – Overview. Ipswitch,. Available from: https://moveitsupport.ipswitch.com/moveit/doc/en/MOVEitDMZ_WebInterface_Folders_O verview.htm [Accessed 28 January 2013]. Jackson, M., 1995. Problems and requirements: software development. In: Proceedings of the Second IEEE International Symposium on Requirements Engineering, 27-29 March 1995, London, UK. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=512540 [Accessed 16 February 2013]. Jalote, P., Palit, A., Kurien, P., and Peethamber, V.T., 2002. Timeboxing: A Process Model for Interactive Software Development. Bangalore: Infosys Technologies. Available from: http://www.iiitd.edu.in/~jalote/papers/Timeboxing.pdf [Accessed 15 February 2013]. Jing H., Haihong, E., Guan L., and Jian D., 2011. Survey on NoSQL database. In: 6th International Conference on Pervasive Computing and Applications, ICPCA 2011, 26-28 October 2011, Beijing, China. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6106531 [Accessed 2 February 2013]. Kaner, C., Nguyen, H.Q., and Falk, J.L., 1993. Testing computer software. 2nd ed. New York: Van Nostrand Reinhold. [Accessed 8 April 2013]. Khan, K.A., Amin, M., Afridi, A.K., and Shehzad, W., 2011. SELinux in and out. In: IEEE 3rd International Conference on Communication Software and Networks, ICCSN 2011, 27-29 May 2011, Peshawar, Pakistan. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6014064 [Accessed 23 January 2013]. Konstantinou, P., Year Known. Rapid Application Development. University of Houston-Clear. Available from: https://mis.uhcl.edu/ROB/Course/SAD/Student%20Papers/RAD%20PAPER.doc [9 February 2013]. Kotonya, G., and Sommerville, I., 1998. Requirements engineering: processes and techniques. Chichiltern: John Wiley. [Accessed 15 February 2013]. Lee, B.S., 1995. Normalization in OODB Design. ACM SIGMOD Record, 24(3),23-27. Available from: http://www.cems.uvm.edu/~bslee/homepage/papers/ODB_normalization_SIGMODRecord9 5.pdf [Accessed 6 February 2013]. Lock, D., 2003. Project management. Aldershot: Gower. [Accessed 17 February 2013]. John Neesham
Page 37 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Loui, R.P., 2008. In Praise of Scripting: Real Programming Pragmatism. Computer, 41(7), 22-26. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=4563874 [Accessed 5 February 2013]. Manage Engine, 2013. Active Directory NTFS Reports: Managing NTFS through Report Generation. Zoho Corporation Pvt. Available from: http://www.manageengine.com/products/admanager/active-directory-ntfs-reports.html [Accessed 27 January 2013]. Massey, V., and Satao, K.J., 2012. Evolving a New Software Development Life Cycle Model (SDLC) incorporated with Release Management. International Journal of Engineering and Advanced Technology, 1(4), 25-31. Available from: http://www.ijeat.org/attachments/File/V1Issue4/D0240031412.pdf [Accessed 10 February 2013]. Masud, S., Year Unknown. Information Systems Analysis and Design: Approaches to System Development. Saudi Arabia: Najran University. Available from: http://www.nu.edu.sa/userfiles/sralmasud/approachesSDLC.pdf [Accessed 11 March 2013]. McDowell, S., 2012. Waterfall vs. Incremental Model. Video. Available from: http://www.youtube.com/watch?v=luOidy7xuUw [Accessed 14 February 2013]. MetaVis Technologies, 2013. Security Manager for SharePoint. MetaVis Technologies. Available from: http://www.metavistech.com/product/security-manager-sharepoint [Accessed 31 January 2013]. Microsoft, 2012. Microsoft Office 365: User accounts and permissions. Microsoft. Available from: http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff637608.aspx [Accessed 31 January 2013]. My SQL, 2013. The DATE, DATETIME, and TIMESTAMP types. Oracle Corporation. Available from: http://dev.mysql.com/doc/refman/5.1/en/datetime.html [Accessed 4 April 2013]. Network Working Group. 2007. HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV). The IETF Trust. Available from: http://www.ietf.org/rfc/rfc4918.txt [Accessed 29 January 2013]. New Softwares.net, 2013. Folder Lock. New Softwares.net. Available from: http://www.newsoftwares.net/folderlock/ [Accessed 27 January 2013]. Nicolae, B., Antoniu, G., and Bouge, L., 2010. BlobSeer: Efficient data management for dataintensive applications distributed at large-scale. In: IEEE International Symposium on Parallel and Distributed Processing, Workshops and Phd Forum, IPDPSW 2010, 19-23 April 2010, Rennes, France. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5470802 [Accessed 28 January 2013]. Nielsen, J., 2000. Designing Web usability: secrets of an information architect. Indianapolis, Ind.: New Riders. [Accessed 11 April 2013]. Ousterhout, J.K., 1998. Scripting: Higher Level Programming for the 21st Century. IEEE Computer. Available from: http://www.tcl.tk/doc/scripting.html [Accessed 6 February 2013].
John Neesham
Page 38 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Pacheco, C. and Garcia, I., 2008. Stakeholder Identification Methods in Software Requirements: Empirical Findings Derived from a Systematic Review. In: 3rd International Conference on Software Engineering Advances, ICSEA 2008, 26-31 October 2008, Mixteca, Huajuapan de Leon. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=4668148 [Accessed 19 February 2013]. Perdue, T., 2013. NoSQL: An Overview of NoSQL Databases. About.com New Tech. Available from: http://newtech.about.com/od/databasemanagement/a/Nosql.htm [Accessed 6 February 2013]. PERMIS. 2002. About Permis. Available from: http://www.permis.org/index.html [Accessed 29 January 2013]. PERMIS, 2006. Welcome to the PERMIS web site. Available from: http://sec.cs.kent.ac.uk/permis/index.shtml [Accessed 29 January 2013]. PHP, 2013a. LDAP installation. The PHP Group. Available from: http://us2.php.net/manual/en/ldap.installation.php [Accessed 17 March 2013]. PHP, 2013b. PCRE Functions: perg_grep. The PHP Group. Available from: http://www.php.net/manual/en/function.preg-grep.php [Accessed 17 March 2013]. PHP, 2013c. PHP: readfile. The PHP Group. Available from: http://php.net/manual/en/function.readfile.php [Accessed 19 March 2013]. PHP, 2013d. PHP, LDAP Functions. The PHP Group. Available from: http://php.net/manual/en/function.ldap-search.php [Accessed 15 March 2013]. Prabhakaran, N., Baru, C.K., Batory, D.S., Hsiao D.K., Jagadish, H.V., Pu, C., and Navathe, S., 1990. The outstanding problem for today’s database technology. In: International Conference on Databases, Parallel Architectures and Their Applications, PARBASE-90, 7-9 March 1990, Miami, FL. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=77151 [Accessed 29 January 2013]. Preece, J., 1994. Human-computer interaction. Workingham: Addison-Wesley. [Accessed 11 April 2013]. quackit.com, 2013. Vertical Scroll. Quackit.com. Available from: http://www.quackit.com/html/codes/vertical_scroll.cfm [Accessed 12 April 2013]. Robertson, J., and Robertson, S., 2000. Requirements Specification Template. London: Atlantic Systems Guild. Available from: http://www.st.cs.unisaarland.de/edu/se/2009/slides/volere_specification_template_v6.pdf [Accessed 16 February 2013]. Robertson, S., and Robertson, J., 2006. Mastering the requirements process. London: Addison-Wesley. [Accessed 16 February 2013]. Roots Infocomm Ltd, 2011. Software Development Life Cycle. Available from: http://rootsitservices.com/CustomPages/sdlifecycle.aspx [Accessed 13 February 2013].
John Neesham
Page 39 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Schmidt, R., Lyytinen, K., Keil, M., and Cule, P., 2001. Identifying Software Project Risks: An International Delphi Study. Journal of Management Information Systems, 17(4), 5-36. Available from: www.sukkarieh.net/shared/NJIT/schmidt.pdf [Accessed 28 February 2013]. Schwalbe, K., 2002. Information technology project management. London: Course Technology. [Accessed 17 February 2013]. Sears, R., Ingen, C.V., and Gray, J., 2006. To BLOB or Not To BLOB: Large Object Storage in a Database or a File system. Microsoft Research. Available from: http://research.microsoft.com/apps/pubs/?id=64525 [Accessed 5 February 2013]. Shapiro, M., and Miller, E., 1999. Managing Databases with Binary Large Objects. In: the Proceedings of the 16th IEEE Mass Storage System Symposium, March 1999. San Diego, California. Available from: http://users.soe.ucsc.edu/~elm/Papers/mss99.pdf [Accessed 5 February 2013]. Siddiqui, S. 2002. Linux security. Indianapolis, Ind.: Premier Press. Available from: http://site.ebrary.com/lib/bournemouth/docDetail.action?docID=10064356 [Accessed 26 January 2013]. Sikder, F., 2009. Software Development Life Cycle (SDLC) Incremental Model. Available from: http://faisalsikder.wordpress.com/2009/12/19/software-development-life-cyclesdlcincremental-model/ [Accessed 15 February 2013]. Skendzic, A. and Kovacic, B., 2012. Microsoft Office 365 – cloud in business environment. In: Proceedings of the 35th International Convention, MIPRO 2012, 21-25 May 2012, Gospic, Croatia. Available from: http://ieeexplore.ieee.org//xpl/articleDetails.jsp?tp=&arnumber=6240878&url=http://ieeexpl ore.ieee.org/xpls/abs_all.jsp?arnumber=6240878 [Accessed 23 January 2013]. Software.informer, 2013. Publisher’s description for NTFS permissions. Informer Technologies.. Available from: http://ncs-z-tools-he-aclview.software.informer.com/ [Accessed 27 January 2013]. Sommerville, I., 2011. Software engineering. 9th ed. London: Pearson. [Accessed 15 February 2013]. Sourceforge, 2012. NonVisual Desktop Access. Dice Holdings. Available from: http://sourceforge.net/projects/nvda/files/releases/2012.3.1/nvda_2012.3.1.exe/download [Accessed 14 April 2013]. Southampton Voluntary Services. 2013. Available from: http://www.southamptonvs.org.uk/ [Accessed 21 January 2013]. Stackoverflow, 2013a. PHP Undefined Index. Stack Exchange Inc. Available from: http://stackoverflow.com/questions/4842759/php-undefined-index [Accessed 17 March 2013]. Stackoverflow, 2013b. Ignore hidden files with PHP. Stack Exchange Inc. Available from: http://stackoverflow.com/questions/5478263/ignore-hidden-files-with-php [Accessed 17 March 2013].
John Neesham
Page 40 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Stackoverflow, 2013c. MySQL correlated subquery ordered by date&time. Stack Exchange. Available from: http://stackoverflow.com/questions/15864458/mysql-correlated-subquery-ordered-bydatetime [Accessed 8 April 2013]. Stancu-Mara, S., Baumann, P., and Marinov, V., 2008. A Comparative Benchmark of Large Objects in Relational Databases. Jacobs University. Available from: http://www.faculty.jacobsuniversity.de/pbaumann/iu-bremen.de_pbaumann/Papers/blob-report.pdf [Accessed 5 February 2013]. Stein, G., and Whitehead, J., 2000. DAV Frequently Asked Questions. WebDAV Resources. Available from: http://www.webdav.org/other/faq.html#Q1 [Accessed 30 January 2013]. Summers, A., and Tickner, C., Year Unknown. CIA and Security Analysis. London: Imperial College. Available from: http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm [Accessed 25 April 2013]. Swain, M., Anderson, J.A., Korrapati, R., and Swain, N. K., 5-7 April 2002. Database programming using Java. In: Proceedings IEEE SoutheastCon 2002, Columbia, USA. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=995590 [Accessed 1 February 2013]. SwissDisk, 2013. Secure Online Storage, Sync and Backup. SwissDisk. Available from: http://www.swissdisk.com/ [Accessed 29 January 2013]. Thompson, A., 2005. Business Feasibility Study Outline. Perth: Murdoch University. Available from: http://bestentrepreneur.murdoch.edu.au/Business_Feasibility_Study_Outline.pdf [Accessed 20 February 2013]. Tudorica, B.G., and Bucur, C., 2011. A comparison between several NoSQL databases with comments and notes. In: 10th Roedunet International Conference, RoEduNet 2011, 23-25 June 2011, Ploiesti, Romania. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5993686 [Accessed 4 February 2013]. Turk, D., France, R., and Rumpe, B., Year Unknown. Limitations of Agile Software Process. Germany: Munich University of Technology. Available from: http://www4.in.tum.de/publ/papers/XP02.Limitations.pdf [Accessed 9 February 2013]. Ullman, L., 2012. PHP and MySQL for Dynamic Web Sites. 4th ed. Berkeley: Peachpit Press. [Accessed 12 March 2013]. W3C, 2012. Markup Validation Service. W3C. Available from: http://validator.w3.org/#validate_by_input [Accessed 18 April 2013]. W3C, 2013. Checklist of Checkpoints for Web Content Accessibility Guidelines 1.0. W3C. Available from: http://www.w3.org/TR/WCAG10/full-checklist.html [Accessed 14 April 2013]. W3schools.com, 2013. Browser Display Statistics. Refsnes Data. Available from: http://www.w3schools.com/browsers/browsers_display.asp [Accessed 19 April 2013].
John Neesham
Page 41 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Wang, H., 2012. Research on the Security of NTFS. In: 2012 2nd International Conference on Applied Robotics for the Power Industry (CARPI), 11-13 September 2012, Zurich, Switzerland. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6356405&contentType=Confe rence+Publications&pageNumber%3D132911 [Accessed 24 January 2013]. WAT-C, 2008. Overview of the Web Accessibility Tools Consortium (WAT-C). Web Accessibility Tools Consortium. Available from: http://www.wat-c.org/ [Accessed 14 April 2013]. WebTom, 2013. Favourite Designs. Open Source Web Design. Available from: http://www.oswd.org/design/preview/id/3565 [Accessed 9 April 2013]. Weigert, T. and Weil, F., 2006. Practical experiences in using model-driven engineering to develop trustworthy computing systems. In: IEEE International Conferences on Sensor Networks, Ubiquitous and Trustworthy Computing, 5-7 June 2006, Schaumburg, IL. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1636178 [Accessed 14 February 2013]. Welling, L., and Thomson, L., 2012. PHP and MySQL Web Development. 4th ed. Boston: AddisonWesley. [Accessed 12 March 2013]. Whitehead, J., 2005. WebDAV: Versatile Collaboration Multiprotocol. IEEE Computer Society. Available from: http://users.soe.ucsc.edu/~ejw/papers/dav-ic-2005-final.pdf [Accessed 30 January 2013]. Whitehead, J.E., and Wiggins, M., 1998. WebDAV: IETF Standard for Collaborative Authroing on the Web. IEEE Internet Computing, 2(5), 34-40. Available from: http://www.citeulike.org/user/lueo/article/416372 [Accessed 30 January 2013]. Windows Server, 2003. Conflicts Between User Rights and Permissions. Microsoft. Available from: http://technet.microsoft.com/enus/library/cc783530(v=ws.10).aspx#w2k3tr_randp_how_xgvr [Accessed 22 January 2013]. Windows Server, 2012. Icacls (applied to Windows Server 2008): displays or modifies discretionary access control lists (DACLs) on specified files and applies stored DACLs to files in specified directories. Microsoft. Available from: http://technet.microsoft.com/en-us/library/cc753525(v=ws.10).aspx [Accessed 17 March 2013]. Xiaosheng Y., and Cai Y., 2010. Design and Implementation of the Website Based on PHP & MYSQL. In: International Conference on E-Product E-Service and E-Entertainment, ICEEE 2010, 7-9 November 2010, Yichang, China. Available from: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5661595 [Accessed 4 February 2013]. Yildirimoglu, M., 2009. NTFS Inheritance Rule Change. Penton Media. Available from: http://windowsitpro.com/security/NTFS-inheritance-rule-change [Accessed 16 March 2013].
John Neesham
Page 42 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Legal Materials legislation.gov.uk., 2013. Data Protection Act 1998. UK Government. Available from: http://www.legislation.gov.uk/ukpga/1998/29/data.pdf [Accessed 15 April 2013].
John Neesham
Page 43 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix A - Additional Factors That Can Affect File Access Further to discussions in 1.6, following is a list of additional factors that can affect a user’s file access and an administrator’s ability to control that access. Discretionary Access Control List The Discretionary Access Control List (DACL) contains, for each object, which users have access (user and/or group) and what level of access the have (from Deny up to Full Control). The levels of access are well known but can be viewed at http://osr507doc.sco.com/en/ASUSystemG/asusystemT.setspcaccperm.html if required. However, although well-known they are also often misunderstood which has led to files unknowingly be given too open access. For example Full Control permission was given as the management team wanted unrestricted shared documents to be opened and modified by all members of staff, but this allowed users to read, write, run executables, modify contents, delete the file, move the file, assign other users permissions and even take ownership of the file; the Modify permission would have been sufficient. In addition to this, Glenn and Northrup (2006, p.5-24) highlight that the aforementioned Deny to Full Control scope is an amalgamation of Special Permissions that are even larger in scope. User Accounts and Groups The user account and groups that the account is part of can affect access. Groups can be created (such as accounts or marketing) or built in to Windows (such as Administrator, Power User or Replicator). For example, if you only have read access to a file but are part of the Replicators group then you can read the contents and view the properties of that file but also copy the file. (Civil 2008). Inheritance Files are set to inherit the permissions from parent folders by default (the 'include inheritable permissions from this parents object' box is checked). Sometimes these folders have inherited their permission from a parent folder also, and so on. Inheritance has caused SVS to implement cascading changes that were only meant for the contents of one folder. Effective Permissions This is the real permission taken from a culmination of permission sources; these are file permission set to user (DACL), file permission set to group (User Accounts and Groups) and inherited permissions (Inheritance). The highest permission from these sources is given, but a Deny overrules an Allow and Inheritance. This adds to the complexity of securing a file with the correct level of access Move vs. Copy If a file is moved within the same NTFS volume (SVS have two volumes) then the permissions directly assigned to that file will stay the same but the inheritance permissions will be that of the new parent folder. All other permutations of move/copy to the same/different NTFS volume result in no change of permissions to the file Share Level Security This has three levels of security (read, change, full control) and was superseded by, but can be used in conjunction with, NTFS permissions. Holme and Thomas (2006, p.6-8) highlight the process where the least restrictive of Share Level and NTFS permissions are calculated separately, and then the most restrictive of both results is the correct permissions. This only applies to folders. Again this adds to the complexity. John Neesham
Page 44 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Rights vs. Permissions Rights are what a user has a right to do on the system rather than which folders/files he can view and to what level. An example is the right to change the system clock. Sometimes a right and permission conflict with each other. For example, a user may only have the permission to read a file but his user account is in an Organisational Unit (OU) which has the right to backup files. Backing up requires being able to copy a file, but the user only has the permission to read. Rights take precedence over permissions, so the user would be able to back up the file (Windows Server 2003).
John Neesham
Page 45 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix B - Feasibility Report 1. Project Scope SVS has on-going issues with document storage and security. Members of staff can sometimes access documents that they should not be able to and conversely sometimes not access documents that they should be able to. Documents have also been deleted and members of the management team have not been able to trace how and when these were deleted. SVS would like a solution in the form of a software build that both secures and traces document access. This has historically affected all members of staff. 2. The Current Analysis The current solution uses folders on the local server as a storage mechanism for their Microsoft Office documents. End Users access the desired folders by either navigating directly or via mapped drives. The security is controlled using New Technology File System (NTFS) permissions. As a storage and security method for a company of 40 employees this is a viable current solution. However, the complex nature of NTFS permissions and other factors that affect access make this a difficult way to administer security. For example, the company only want read&write or no access to most documents but NFTS have granularity from Deny to Full Control. Also inheritance, Group Policy and other factors can affect access. The current method of tracing is by looking at the created, accessed and modified dates properties on the files themselves. This does not give information on the last user to access the document or help if they deleted the document. Therefore regarding traceability, the current solution is not fulfilling needs. 3. Requirements High Level Requirements: The system shall provide secure document storage with a browser based interface Document access will be logged and can be viewed by the management team only Staff will not be able to bypass the system and access documents directly Needs to work with current infrastructure The solution and all software within will be (FOC) 4. The Approach Browser based web style intuitive interface to list and link to documents; also to block direct access to documents. Secure document storage using combination of NTFS permissions and a SQL DB. Unique user login to facilitate filtering of document access and traceability. I will use XAMPP as contains PHP and MySQL, both of which are free for development and commercial use. The DB will also hold user authentication details, as well as details on traced document use. C and other OOP could be used but there is a knowledge gap with these and therefore may go over schedule. If built with java then java version/updates can affect functionality. MySSQL as a DB language is built into free apps that are good for development like PhpMyAdmin. PHP and MySql are well known to be used together browser based apps such as websites and are robust.
John Neesham
Page 46 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
5. Evaluation There is no financial outlay for development. The solution supplied and software used within are free for commercial use. However, this will cost the company time in terms of meetings, responding to emails, usability testing, staff training and possible downtime during implementation/integration. The first meeting with the SVS company management was 25/1/2013, there will be user testing on at least one occasion and there will be a final demonstration before the project deadline of 3/5/2013. If the company wish to implement my solution there will be downtime also. Other solutions for the front end language may also be FOC but might incur charges for technical support. Solutions for the DB such as PostGRE SQL may not be free for commercial use. 6. Review After meeting with the SVS management team and discussing my proposed skeleton solution and to the ascertained requirements, they have concurred that this is a viable solution as all the aforementioned high level requirements can be met with the proposed solution detailed in 1.7 and 1.8. The confirmation was by email, rather than a signature.
John Neesham
Page 47 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix C - Eliciting Requirements Requirements are related to the goals, constraints, and features for a proposed system (Coulin and Sahraoui 2008). The various elicitation methods considered are discussed below: 1. Closed Interview A closed interview was not chosen as it might have influenced the outcome with closed questions, there were three chosen sources so each would need to be interviewed separately, and it was difficult to decide the boundaries and organisational procedures as sources answers may be kept short and not expanded upon (Gunda 2008). 2. Questionnaire Questionnaires were not used due to the time constraints of creating one and waiting for results, and also because SVS was not open to this due to disruption of staff. 3. Group sessions This could include Joint Application Development (JAD), structured workshops, brainstorming or others. This method was not used as it required too much staff time and would impact on company productivity. 4. Ethnography This type of social analysis was not used as it was deemed more efficient to try less involved and inexpensive methods first before moving up to this if required (Goguen and Linde 1993). 5. Open interview and Explanatory Observations It was initially decided to use an open interview with three stakeholders. The stakeholders were carefully identified based on attributes such as influence on project, IT level and current system knowledge as this can have an impact on software requirements quality (Pacheco and Garcia 2008) and getting more perspectives was likely to cover more requirements initially and possibly lessen requirement creep. The stakeholders were Phil Lee (deputy chief exec), Victoria Smith (senior administrator) and Auran Sood (adult learning skills development worker / end user). An open interview was conducted and requirements gathered via three way discussions between the stakeholders. The predominant end user was Auran Sood who at time had difficulty expressing her use of the current system; an example would be that she would talk about mapping files to a 'G' folder, but later the author discovered this to be a mapped drive on users' desktops that was mapped to a shared area on the server and labelled 'G'. It was then decided to use the social analysis of Explanatory observations which entailed Auran Sood using the existing system as usual then explaining what she doing at each point.
John Neesham
Page 48 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix D - Snow Cards Requirement #: R1
Requirements type: FR
Description: The system will provide secure document storage Rationale: Documents will only be able to be accessed by the correct authorized staff Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: An Office document can be opened by the authorized user(s) and access will be denied to other users Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: All requirements that have relate to accessing documents History: 25 January 2013
Requirement #: R2
Requirements type: FR
Description: The system will allow staff to create their own documents Rationale: Staff will need to create new Office documents as part of their daily work Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: An Office document can be created by a member of staff Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R3, R4 History: 25 January 2013
John Neesham
Page 49 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R3
Requirements type: FR
Description: The system will allow staff to read/access documents that they have created Rationale: Once a document has been created by a member of staff then they will need to be able to read/access it as part of their daily work Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: An Office document that was created by a member of staff can be read/accessed afterwards Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R2, R4 History: 25 January 2013
Requirement #: R4
Requirements type: FR
Description: The system will allow staff to update documents that they have created Rationale: Once a document has been created by a member of staff then they may need to update it as part of their daily work Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: An Office document that was created by a member of staff can be updated at a later time Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R2, R3 History: 25 January 2013
John Neesham
Page 50 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R5
Requirements type: FR
Description: Staff will be able to create documents that are shared with all members of staff Rationale: Staff will need to be able to create documents that other members of staff can access as part of their daily work Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: Staff can create an Office document and this will be able to be accessed by all other users Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R6, R7 History: 25 January 2013
Requirement #: R6
Requirements type: FR
Description: Staff will be able to read documents that have been shared by other members of staff Rationale: Staff will need to be able to access documents that have created and shared by other members of staff as part of their daily work Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: Staff can access an Office document that was created by another member of staff and shared Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R5, R7 History: 25 January 2013
John Neesham
Page 51 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R7
Requirements type: FR
Description: Staff will be able to update documents that have been shared by other members of staff Rationale: Staff will need to be able to update documents that were created and shared by other members of staff as part of their daily work Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: Staff can update an Office document that was created and shared by another member of staff Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R5, R6 History: 25 January 2013
Requirement #: R8
Requirements type: FR
Description: Authorized staff will be able to create restricted documents that can be accessed by other authorized users only Rationale: Some documents have restricted access due to their sensitive nature. These documents can only be created and accessed by authorized users. Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: A restricted document will be created by an authorized user then can be accessed by another authorized user only Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R9, R10 History: 25 January 2013
John Neesham
Page 52 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R9
Requirements type: FR
Description: Restricted documents can be read by authorized users only Rationale: Some documents have restricted access due to their sensitive nature. These documents can only be read/accessed by authorized users. Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: A restricted document will be accessed by an authorized user and denied to other users Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R8, R10 History: 25 January 2013
Requirement #: R10
Requirements type: FR
Description: Restricted documents can be updated by authorized users only Rationale: Some documents have restricted access due to their sensitive nature. These documents can only be updated by authorized users. Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: A restricted document will be updated by an authorized user and access denied to other users Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R8, R9 History: 25 January 2013
John Neesham
Page 53 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R11
Requirements type: FR
Description: Document access will be logged and can be accessed by the management team (Phil Lee & Victoria Smith) only Rationale: Part of the original issue was that documents were being modified or deleted and the management team did not know by who and when; this requirements aims to address this. Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: The management team will be able to view the user and time of document access via a password protected area. Customer Satisfaction: 4
Customer Dissatisfaction: 4
Priority: High Dependencies: R18 History: 25 January 2013
Requirement #: R12
Requirements type: FR
Description: Staff will not be able to bypass the system and access documents directly Rationale: This will force staff to use the system rather than reverting to back to the previous problematic way of accessing documents. This will also assist with document use logging (discussed in R11) as staff will need to authenticate with the system and from there their use can be traced. Originator: Phil Lee (Deputy Chief Executive) & Victoria Smith (Senior Administrator) Fit Criterion: This will be tested during the second iteration/prototype’s testing phase Customer Satisfaction: 4
Customer Dissatisfaction: 3
Priority: Meduim Dependencies: History: 25 January 2013
John Neesham
Page 54 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R13
Requirements type: FR
Description: The management team will be able to manage system access authentication without the need to contact technical support Rationale: If a member of staff forgets their password then a member of the management team should be able to reset it for them, rather than having to contact technical support. This will save SVS time and possibly money, depending on the terms of their technical support contract Originator: Phil Lee (Deputy Chief Executive), Victoria Smith (Senior Administrator) & Auran Sood (Adult and Learning Skills Development Worker / End User) Fit Criterion: The system will have an interface within the management team area that enables members of the management team to reset a member of staff’s password Customer Satisfaction: 2
Customer Dissatisfaction: 2
Priority: Low Dependencies: History: 25 January 2013
Requirement #: R14
Requirements type: FR
Description: The system needs to be legally compliant regarding data laws Rationale: Monitoring staff access to documents can be fraught with legal complexity, so the system must not succumb to data laws pertaining to this Originator: Phil Lee & Victoria Smith Fit Criterion: The system will display a message for users at each login stating that their document access records will be fully visible to the management team and partially visible to other members of staff Customer Satisfaction: 2
Customer Dissatisfaction: 3
Priority: Medium Dependencies: History: 25 January 2013
John Neesham
Page 55 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R15
Requirements type: LFR
Description: The system must use company branding and colour scheme Rationale: This is to enforce an official image of the system to members of staff and also to assist with HCI as the look and feel will be familiar to members of staff that use the existing website Originator: Phil Lee & Victoria Smith Fit Criterion: This requirement will be fulfilled by using the look and feel of the existing website (www.southamptonvs.org.uk/) regarding colour and the company logo Customer Satisfaction: 3
Customer Dissatisfaction: 4
Priority: Medium Dependencies: R16 History: 25 January 2013
Requirement #: R16
Requirements type: LFR
Description: The system will use a familiar interface with a common layout Rationale: This will enable members of staff to become accustomed and comfortable with the new system more quickly Originator: Phil Lee & Victoria Smith Fit Criterion: This is difficult to measure success/failure so end user opinion will be used Customer Satisfaction: 3
Customer Dissatisfaction: 2
Priority: Medium Dependencies: R15 History: 25 January 2013
John Neesham
Page 56 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R17
Requirements type: UR
Description: The navigation system will be simple and intuitive to use Rationale: This will help end users learn the system more quickly and with little or less training Originator: Phil Lee & Victoria Smith Fit Criterion: The testing section of the dissertation will include usability tests at each iteration/prototype. These tests may include simple tasks such as logging in and accessing a user’s own document; the level and need for instruction can be used to measure R17’s success Customer Satisfaction: 3
Customer Dissatisfaction: 2
Priority: Medium Dependencies: History: 25 January 2013
Requirement #: R18
Requirements type: SR
Description: System access and level of access will be protected using a unique username and password for each user Rationale: This protects access to a user’s documents, shared documents and restricted documents, and also aids Originator: Phil Lee & Victoria Smith Fit Criterion: All users will be required to login before accessing the system Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: R11 & All requirements that relate to accessing documents History: 25 January 2013
John Neesham
Page 57 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Requirement #: R19
Requirements type: PTR
Description: The system must work on the platforms within the current infrastructure Rationale: SVS currently use Windows XP SP3 as the OS for workstations/end users and Windows Server 2008 Standard R2 SP1 as the OS for the server Originator: Phil Lee & Victoria Smith Fit Criterion: The system will be built on virtual machines used to replicate the SVS environment and then, if deemed satisfactory by the management team, will be implemented in the live environment Customer Satisfaction: 5
Customer Dissatisfaction: 5
Priority: High Dependencies: History: 25 January 2013
Requirement #: R20
Requirements type: IOR
Description: The system must work across different versions of Internet Explorer (IE) Rationale: The current browser used is IE7 SP3 and the interface will be designed for this. However, some of the management team use a later version and the site may upgrade OS to Windows 7 in which case they will most likely be using IE8 or 9 Originator: Phil Lee & Victoria Smith Fit Criterion: This will be built and tested to work on the IE 7, 8 & 9 Customer Satisfaction: 2
Customer Dissatisfaction: 2
Priority: Low Dependencies: History: 25 January 2013
John Neesham
Page 58 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix E - Risk Analysis Table Risk Event
Likelihood Potential PreHarm To Mitigation Project Rating
Mitigation
Risk01 Failure to manage the stakeholders expectations leading to Differing expectations of the Artifact
Medium
High
High
Thorough requirements analysis and on-going interactions through testing and discussions after each iteration of the Incremental Waterfall Methodology will be done to keep the stakeholders' expectations monitored and met
Low
Risk02 The client's requirements are misunderstood leading to unclear expectations of the artifact
Medium
High
High
A Feasibility Study, Requirements Analysis and discussion after each iteration of the Incremental Waterfall Methodology will be performed to ensure the requirements are transparent
Low
Risk03 The technical architecture employed is not stable leading to unstable software
Medium
High
High
A MySQL database with PHP browser interface will be employed as this is a commonly used coupling and stable architecture
Low
Risk04 Data loss is incurred due to failure of storage Hardware
Medium
High
High
Data will be backed up to an external HDD daily and then replicated to a cloud weekly using Dropbox
Low
John Neesham
PostMitigation Rating
Page 59 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Risk Event
Likelihood Potential PreHarm To Mitigation Project Rating
Mitigation
Risk05 Coding bugs present in the artifact lead to the production of sub-optimal software
Medium
High
High
Development and usability testing will be done after each iteration of the Incremental Waterfall Methodology to test for bugs at regular intervals
Medium
Risk06 The client has Creeping requirements leading to project delays
Medium
Medium
Medium
Allotted time for creeping requirements has been factored in after each interaction of the Incremental Waterfall Methodology
Low
Risk07 There is a lack of an effective development methodology leading to unclear recognition of project progress
Medium
Medium
Medium
The Incremental Waterfall Methodology is defined, discussed and represented diagrammatically
Low
Risk08 The project has little or Inadequate planning leading to possible delays and unclear assessment of progress
Low
Medium
Medium
The Incremental Waterfall Methodology has identifiable milestones and the project can use these to check progress
Low
John Neesham
PostMitigation Rating
Page 60 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Risk Event
Likelihood Potential PreHarm To Mitigation Project Rating
Mitigation
Risk09 The number of organizational units increases leading to communication problems between client and developer
Low
Medium
Medium
The contacts are Phil Lee and Victoria Smith and they will act as a conduit for all other stakeholders so that only they are directly involved
Low
Risk10 Inexperience in the programming/ scripting language leads to the project being delivered late
Low
Low
Low
Perusing the developers previous projects, reading recommended books and tutorial sites will refresh and consolidate understanding of PHP and SQL
Low
John Neesham
PostMitigation Rating
Page 61 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix F - Justification for the Chosen Methodology and Model The model balances the rigid structure and straight line delivery of Plan-Driven methodology with the adaptability, frequent feedback and evolutionary aspects of an Agile methodology which Boehm and Turner (2004) argue both need to be considered for projects. Problems that are inherent to Plan-Driven methodologies are counterbalanced by the implementation of Agile features and vice-versa The waterfall features of the model such as a solid structure help to keep to schedule and measure progress by checking the current status against the plan (Massey and Satao). SVS’s requirements were also clear at outset so were incorporated into the initial plan; any changes or increased requirements can be managed via feedback at any of the three iteration stages. This helped keep the project within schedule and requirements tracked. A further reason for not choosing a purely Agile model was that these are designed for a programming team rather than an individual, but the Waterfall model can be worked on by individuals, as this project was. When Agile is used this can deviate from the original plan too much so the waterfall structured features helped this to reign in. The project is relatively short and cannot afford to deviate from the original plan too much. Agile methods do not design for change because any change can be effectively handled by refactoring the code (Turk et al. year unknown). Apart from on-going support, it is planned that the final iteration to be the last iterative recoding done. Due to the presence of iterations work can start on a prototype quickly and not have to create documentation beforehand as would be done if using a traditional Waterfall only. This will allow the first prototype to be presented as the client requested. In addition to this the client asked for an intuitive system rather than documentation on its use, as the company has 45 staff members working on 35 pc's and therefore training sessions and/or learning from documentation would be difficult to arrange. Regarding fixing coding issues, this is cheaper and quicker to do during earlier testing than once the system is finished (Weigert and Weil 2006). There is no financial cost but this will help the project with time costs as the iterations should show any issues sooner rather than later. The inflexibility that the Waterfall model can have is counterbalanced by the Agile features of the model including incremental prototyping, testing and feedback. Again, this will help the project be loose enough to accommodate change brought about by the results of testing and feedback but still rigid enough to stay on schedule. The time required after the client testing at each iteration has been factored in as a type of contingency planning. The agile feature of Timeboxing was employed. This means that each iteration is in its own stage where time and resources are fixed and functionality is variable. Once the time is over it is passed on, with whatever functionality achieved, to the next stage. This was used in the model as the project is more likely to stay on schedule (Jalote et al. 2002) and the project's time (16 weeks) and resources (one developer) are fixed so therefore the variable must be functionality.
John Neesham
Page 62 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix G - Further Literature and Technology Review Investigations 1. Linux FHS FHS is used for structured hierarchical storage of OS files, user files and more; its use will only be discussed regarding user files. As with NTFS, each object has an ACL that lists the users (primary group), groups (secondary group) then all other users (world) that have access and what level of access the have (none, read, write, execute, or combination). These are well known but can been seen at http://linuxcommand.org/lts0070.php if required. Siddiqui highlights that the combination of these affects access, level of access and ability to move and delete files (2002 p.37-40). These permissions can be set/changed using the 'umask' and 'chmod' commands, using either symbolic or numeric notation. The file owner can be changed using the 'chown' command. Inheritance from parent folders can also be controlled by using the 'R' switch (Recursion) with commands. As with NTFS permissions, this can affects access and level of access. The 'sticky bit' is a flag of ownership set to folders using the 'chmod' command that stops deletion of a folder and its contents by other users, even though they have the write permission (Anne 2012). If set this can affect access and levels of access. Security Enhanced Linux (SELinux) is a Mandatory Access Control (MAC) system that adds another layer of security on top of the aforementioned ACL; it has been integrated into the Linux kernel from version 2.6 onwards (Khan et al. 2011). It enforces rules based on a centralised, defined security policies and only comes into play if access to files via the ACL has been authorised already; requests are checked against an Access Vector (AV) cache and outcomes are only deny or allow. It is mainly used for OS files and processes (e.g. HTTPD), but can be tailored to file access as, for example, access to the word application can be blocked at MAC level. File access denials are recorded in a SELinux log file, which is a part of what SVS were looking for in tracking file use. However this can be cumbersome, so a tool called SILT has been created to take the SELinux generated events and present them in an easy to view and configure interface (Davis et al. 2004). This will ease administration burden. The advantages to choosing Linux to secure documents are that Linux is open source so fits SVS's requirement for a FOC solution, SELinux is secure and more centralised than the current solution, the ability to view and configure logged access attempts via the SILT tool could facilitate SVS's requirement for file/user activity logging, and the hierarchical structure in which the files are stored may feel familiar to the management team and therefore assist with HCI. The disadvantages are numerous. The factors that affect file access and level of access are discussed above and include ACL permissions, inheritance, sticky bit status and SELinux MAC policies. Linux is open source but popular distros such as Suse and Red Hat are commercial products. The current server OS is Windows so either an additional server would need to be purchased and configured to use SAMBA as a bridge between the Windows DC and Linux file store, or a HDD partition would need to be added or virtual machine added to the existing server; this may cost in terms of dual boot software, virtual machine software, downtime and additional hardware to ensure acceptable performance. Linux will not be used as it does not fulfil the requirements of a FOC initial and on-going solution. There will also be issues with Linux server support (and SAMBA if used) as the John Neesham
Page 63 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
management will not familiar with its use and there is a knowledge gap with the technical support team so troubleshooting could be difficult. 2. 3rd party tools Commercial and free tools exist for that can be used in the current infrastructure. They can be used to present the current NTFS permissions in a more clear way, change the permissions, evaluate the current level of security or secure folders with an encrypted password. Secure Folder and Folder Lock (New Softwares 2013) both protect selected folders with Advanced Encryption Standard (AES) passwords. Although these are secure and Folder Lock is FOC they will not be used as they only work to folder level not file level, they are designed for home PCs not a domain environment and as such are unpractical for the current hierarchy, and remembering or all users having the same password would be difficult and not meet the traceability requirement. AD Manager Plus (free edition) is a FOC product that allows you to view a report on the current security of the infrastructure (Machine Engine 2013). Although as a product on its own it does not fulfil any SVS requirement, it could be used to highlight unknown security issues such as a user who has access to a folder or subfolder that they should not be able to. NTFS Permission Tool (Brinkmann 2011) and ACLView (Software Informer 2013) are both FOC tools that allow you to view the current infrastructure's permissions in a friendlier interface and change them from there. Although these products offer clarity, a user friendly interface and are FOC, they will not be used as cascading changes to the hierarchy are still possible due to inheritance and there is no technical support for these products. Fuzzy Access Control Setting Advisor (FACSA) is a model for making NTFS permissions settings more useable (Firouz-Abadi and Ghassem-Aghae 2013). The user enters user information, the file path and how important it is to them that the file is secure, and based on these the system displays effective permissions along with a percentage of certainty; the user can accept this and the changes will be automatically applied or not continue. Tests show that this is quicker and more accurate than just using Windows. This will not be used as the required level of security should be either fulfilled or not, and not a percentage or estimate. To conclude, from the above options, AD Manager Plus may be used on the security infrastructure to check for security flaws, or when the system is implemented to see if NTFS permissions are as expected. 3. Remote Solutions 3.1 SFTP MoveIT has a commercial solution that uses a web interface to SFTP files to and from a managed server. The interface has a similar look and feel to Windows directory hierarchy including inheritance options and folder security is similar to Windows share permissions (Ipswitch Move IT Support 2013). However as it is not FOC, confusion could arise with versioning due to there being a copy and move option, and the sometimes lengthy time it takes to transfer a file, it will not be used. Open source FTP products are available, such as Filezilla (FileZilla 2012), but will not be used for the same reasons. 3.2 Cloud Computing Cloud computing, and some of its current incarnations, will be discussed below. Each will be discussed in turn but evaluation will be left to the end of the cloud computing section. John Neesham
Page 64 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
3.2.1 Microsoft Office 365 Microsoft Office 365 is Microsoft’s flagship cloud computing product and will be used as an example of a large cloud computing commercial product. Storage areas known as 'team sites' are similar to Microsoft's SharePoint Server (storage of documents in a database, with a GUI front end), but online rather than locally. This Infrastructure-as-a-Service (IAAS) contains the ability to upload, download, access, modify, copy, move and delete office documents with version control. They can be downloaded and worked on locally or in online versions of Microsoft Office packages using Software-as-a-Service (SAAS), although these are stripped down versions of the local applications with missing functionality such as no margin option in Word or no sum option in Excel (Skendzic and Kovacic 2012).Administrators allow team site access by assignment of licenses to users. Document access and level of access is affected by User, predefined Groups (such as members, owners, tenant_user, visitor and website designer) and custom Groups can also be created; this is analogous to the idea of an object's DACL. Levels of access (full control, design, contribute, read, view only) are analogous to the idea of NTFS permission levels. Inheritance of permissions from parent folder is also set by default (Microsoft 2012). Also third party tools such as Security Manager for SharePoint (Metavis Technologies 2013) can make the administration of access easier. 3.2.2 WebDAV Web-based Distributed Authoring and Versioning (WebDAV) is 'a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers' (Stein and Whitehead 2000). The original intent of the web was to be able to view and edit, rather than just view, but viewing became more predominant as the web evolved. WebDAV's development is overseen by an Internet Engineering Task Force (IEFT) group and documented in Request For Change (RFC) 4918 (Network Working Group 2007). Microsoft, Netscape, Xerox, IBM and Novell have all assisted in WebDAV's development; it is currently used in Outlook Express, Word, Acrobat and Dreamweaver software and is the most popular network file system protocol for use across the WAN (Whitehead 2005). File modification with WebDAV builds on top of the existing HTTP protocol by URL Munging (adding commands at the end the URL), using POST in the message body and the inclusion of new methods in the header (Whitehead and Wiggins 1998). These methods include PROPPATCH, LOCK/UNLOCK (the overwrite protection mechanism and versioning) and ACL (writes the ACL on the resource). Regarding servers, Apache HTTP server uses WebDAV extensions, whilst Linux uses modules. For clients, MacOSX supports WebDAV natively, whilst Windows uses the 'web folders' feature (since Windows 98) or more recently WebDAV Mini Redirector as client software. There are also free applications that employ WebDAV including Swissdisk (Swissdisk 2013). Therefore WebDAV can edit and manage files on a remote server, but also has version control and security features (ACL). It is not open source but is a standard so is free to implement. 3.2.3 PERMIS PrivilEge and Role Management Infrastructure Standards Validation (PERMIS) is an authorisation system that compliments your existing authorisation system (PERMIS 2006). It is not a standalone cloud computing solution but a tool that integrates with your existing system. It secures authentication (confirms the user) and authorisation (level of access/role) across the WAN, using Public key Infrastructure (PKI) / Certificates Authorities (CA) (PERMIS 2002). The Sources of Authority (SoA) set the policies for their resources, which users can access and to what level. PERMIS is FOC and can be installed with Apache, Shibboleth and Python, and there is an Application Programming Interface (API) written in C language and Java (Chadwick and Otenko 2002).
John Neesham
Page 65 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Other FOC solutions are available, such as HTTP File Server (HFS) (HFS 2013), but as overall solutions do not offer more than has been previously discussed within other options. 3.3 Cloud Computing Evaluation The advantages of cloud based storage are many. Access to the cloud storage system, whether it is Microsoft Office 365 or others, is password protected which satisfies R1 and R12. Reduced CAPEX and OPEX are real business benefits. There is automation of administration tools such as HDD clean up or defragmentation and environment needs such as UPS, air conditioning and server housing are taken away. Accessing anywhere and anytime is possible to aid with collaborating teams or teleworking. In the case of MS Office 365, all users work on the same version of the software and do not need to upgrade as this will be done for them. Fine grained permission levels for files and folders can be achieved, so R2-R10 are met. File version control is also included. Other benefits such as being easier to scale up and customisable interfaces are byproducts of using cloud computing. Disadvantages include lack of control and flexibility (although this could be considered an advantage as it fulfils R12), company data being stored by an external company, reliant on WAN connectivity, WebDAV and PERMIS are FOC whilst MS Office 365 is only free for a 90 day trial period. All forms of cloud computing investigated were not employed as a standalone solution or within the solution for the following reasons. Firstly Microsoft Office 365 will be initially free due to a 90 day trial but will then be chargeable thereafter, so will fail the FOC requirement. The included features such as website and video chat are not required but will be included in the price. The effective permissions of file access and level of access are as complex as NTFS and include user, groups and inheritance; therefore we may end up with the same types of administration problems as the current solution. Apart from cost, this seems to be overkill as a solution. The other cloud solutions that are FOC have no technical support, only forums. PERMIS is only in the testing stage at present. Both PERMIS and WebDAV are not complete standalone solutions, but need additional server or client software or need to be integrated into existing server software to function. More importantly there are non-product specific reasons for not using a cloud solution. The interface is not guaranteed to be simple to use and intuitive (R16 & R17). It will certainly not have company branding and colour scheme (R15). Throughout the search there were no products found that could track or log document use (R11). There is an invited risk by storing the documents remotely as you are entirely reliant on an internet connection. Also the latency could decrease productivity. Remote access is an unrequested benefit but not listed in the requirements and may not be used as the branch/satellite site has two part time workers and there are currently no teleworkers. In addition there are intrinsic security risks when transferring data outside of the LAN. Following on from the arguments in the preceding sections, at this stage it was decided on a locally implemented software solution that may make use of NTFS permissions that exist in the current infrastructure but will have no direct access by staff.
John Neesham
Page 66 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
4. Database Use for Storing Office Documents The first option is the traditional method of populating RDBMS fields with the location/path of where the document is actually stored; this will be outside of the database and within the filesystem. The second is to transform the data within the document into binary and store this as binary within the actual database field; this is known as a Binary Large Object (BLOB) and can store any data that a programme can generate including image, video, audio, word processed documents and spread sheet documents (IBM Corporation 2005). 4.1 Complexity and Efficiency The complexity of coding required for converting, inserting and retrieving Office Document data in BLOB form (sometimes using PHP and SQL scripts but may also need programming languages such as C/C++) outreaches that required to access a database field containing a file path; although conversion can be done via an application (Nicolae et al. 2010). In fact entire folder/file hierarchies can be stored directly in a database using BLOB, stream and serialization technologies (Changgui and Zhiping 2010). With BLOBs all data is stored in one place and as binary so it would be difficult to bypass the system and access documents directly (R12). However, RDBMSs can relax integrity and consistency with data stored as BLOBs as users may wish to access data concurrently, therefore choosing availability over security (Burns 1998). BLOB sizes are only limited by the data type used by the RDBMS; for example MySQL has tinyBLOB up to longBLOB with maximum sizes of 255 up to 4294967295 characters respectively. New data types such as varbinarymax have a 2GB storage limit. BLOBs also allocate space in whole disc pages, so small blobs can waste space, but this can be resolved by storing BLOBs in a series of variable size segments on contiguous disc blocks (Biliris 1992), which improves storage efficiency when using BLOBs. Database support for BLOBs is not universal, but all major filesystems can house office documents. This will limit the choice of RDBMS used. Databases can use the = operator to identify identical documents by data, whilst filesystems are still reliant on looking for duplicate names. This will help with the system as in the shared document area user may be simultaneously working on one document, so cannot assist with version control. 4.2 Performance Conventional wisdom states that small objects (256k or less) are stored in a database as BLOBs but those over 1Mb are stored in the filesystem and linked to by the database, and that the performance of each reflects this. If you ignore the grey area between these two figures, this has proven to be correct when the data is first stored. However, due to fragmentation over time and there being no defragmentation process for BLOBs, data as small as 256k starts to perform with the same efficiency over time if stored as a BLOB or within the filesystem. Therefore with large and small data, storage within a filesystem gives better performance (to blob or not to blob pdf). Filesystems append or truncate files if data is added or removed at the end of the file, but if in the middle of the file it simply overwrites which is inefficient. All data, including those of BLOB data type, is always overwritten by RDBMSs in all circumstances, making it comparatively perform less well.
John Neesham
Page 67 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
To improve BLOB performance a list of measures has been employed including the hybrid of storing data as BLOBs but external to the database in the filesystem, BLOB compression (Burns 1998), writing BLOBs as chunks rather than one continual stream (Biliris 1992) and archiving common query responses (Shapiro and Miller 1999). Storing documents in the filesystem has been chosen over storage in BLOBs. There are many workarounds for the lower performance of BLOBs (compression, cache responses, chunking, external BLOB storage, etc...) and also improvements in BLOB size, but although BLOBs are a legitimate data type the RDBMS is being used to store types of data that it was simply not originally intended to (image, video, office documents, etc...). BLOBs are an overly complex way to store Office Documents and the number of workarounds for performance and the process for retrieval reflect this.
John Neesham
Page 68 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix H - Artefact Build Diary TUES 12 MAR Installed Oracle VM Virtualbox from https://www.virtualbox.org/wiki/Downloads (open source). This had BSOD on install. Downloaded again, installed and followed stop code suggestions but happened again. Installed VMWarePlayer. This is only for developer use, so if SVS implement this system they will need to install manually as this is not for commercial use and therefore VM clone cannot be imported. Built server VM using Windows Server 2008 R2 x64 (standard version for 180 day trial). If not activated then can rearm every 10 days. WEDS 13 MAR Created domain (SVS.VAC.com) and dc (SVR) Created users in ad: generaluser1 generaluser2 restricteduser1 restricteduser2 managementuser1 managementuser2 All passwords are Chiltern321 to be changed at first login to Chiltern123 Set IP to 192.168.1.1 and SM of 255.255.255.0 - static THURS 14 MAR Installed and tested XAMPP and Notepad++ on server Secured localhost and local network access by adding un/pw to XAMPP pages, root SQL user and PHPMyAdmin Un is administrator / root and pw is Chiltern123 Installed 1st XP client (Windows XP1) Set IP to 192.168.1.2 and SM of 255.255.255.0 - static Joined to domain SVS-VAC Added firewall 80 and 443 incoming ports rules to allow access Tested and can access PHP files on server, from the client FRI 15 MAR Can get name of remote pc (client) if i use batch file first (this will be used to track file use to the pc) Batch file will include the above part and link to login page and maybe more. Need to be local administrator to run batchfile as it contains nbtstat; therefore users can also change pc name. This is a threat to security so will use GP to block access (although this can be circumvented as local administrator can remove all registry keys on local keys that relate to this GP). Gave up on getting logged in username of remote pc (client) into an html form on login page or pulling it in and just asking for a password. This is complex as PHP and other languages see the server as the client and keep giving the username on the server, rather than the ones on the client. Can get JS to do this locally but errors each way i do, across the network Tried WMIC /NODE: "workstation_name" COMPUTERSYSTEM GET USERNAME - very good as i could use within PHP but being blocked with access and RPC errors (decided against this as a security risk). John Neesham
Page 69 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Decided to just have warning message on login screen that say 'make sure you login to the SVS doc library with the same username as you are logged onto windows with'. If they cannot remember then button can link to JS file that displays logged on un in alert box. This worked locally on server and clients but not across network (stored on server but accessed by client) due to 'automation cannot create object'. May not use, use locally or go back to fix it to work across the network. MON 18 MAR Needed to change Apache and PHP configuration to get LDAP functions to work in PHP Non authenticated LDAP access from PHP have been disabled since windows server 2003 Working code used was modified from: http://PHP.net/manual/en/function.LDAP-search.PHP (PHP 2013d) http://stackoverflow.com/questions/13487225/LDAP-issue-LDAP-bind-invalid-dn-syntax (Antony 2013) TUES 19 MAR Created and tested login page and landing page No need for section in management interface to reset users’ passwords, as this can be done through 'ad for users and computers' WED 20 MAR Created SVS DB and User table Created interface so management can see ad users, SVS doc lib users, and add users from ad to SVS doc lib Working on login page / landing page so that it can give 5 outcomes - pw box empty message, win un/pw not correct message, win un/pw correct but not been added to SVS doc lib system message, problem returning pc name so start again or successful login THURS 21 MAR Cleared excess PHP scripts Tested 5 outcomes for choosing un and entering pw at login.PHP page Set cookies for successful login on logintest.PHP page Coded to check cookie is set, to be included on all pages apart from above two Did skeleton layout of authenticatedlandingpage.PHP Coded deletecookies.PHP page in preparation for logout button Added code to remove all cookies when homepage/login.PHP is opened FRI 22 MAR Did changeuserlevel.PHP with error/success messages appearing on manageusers.PHP, at anchor. Did deleteuser.PHP with success message appearing on manageusers.PHP, at anchor. Did adduserlevel.PHP with error/success messages appearing on manageusers.PHP, at anchor. Dor authenticatedlandingpage did 3xcookie confirmation, button layout, access blocking based on access cookie level SUN 24 MAR Did skeleton for management.PHP page with links to manageusers.PHP and fileaudit.PHP Did authentication for all completed PHP files (using 2 x cookie IF tests)
John Neesham
Page 70 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
MON 25 MAR Figured out why generaluser1 on xp2 cannot access \tester doc on server but other permutations can Shared docs ul (just need picking list to choose doc from local library) Sometimes errors on uplink when trying to ul an empty doc. just need to open doc and enter something, save, then try again. Local library folder needs to have the following perms to work: disinherit perms from parent folder itself shared to everyone with full control folder itself has full control to Administrator (SVS-vac\administrator) folder itself has modify for current domain users (eg. generaluser2) - these block network access from other pcs on domain files within have above perms automatically as inheriting - this is ok but will need to change on ul, or change target folder perms File ul to shared folder on server complete (level 2 shared access) If moved, the file will change perms to ones of the new parent folder. this is new to server 2008 (Yildirimoglu 2009 ) Tues 26 MAR Did file dl output scandir to screen with post button to push var (doc name) to action screen. (PHP 2013c) User does not know where its coming from again this takes on perms of parent when moved, which is good for you. so dont need cACLs for this bit - can just ul/dl to folder and it is secured under their inherited perms WEDS 27 MAR Using xp3 as gu1 Gu1 has local admin Could not ping from server Wins set to 1.1 in ipconfig/all and within network settings Wins left as default / top option Print/file sharing not turned on (+ DO turn it on as needed for unlink when uploading) Messenger service disabled Lowered local admin rights for all users from admin to power user. tested and working still. THURS 28 MAR Did unlink for dl shared docs from server + tested Did if set cookies test for all shared area Coded the PHP ICACLs.exe script so that it adds a folder in the right path (called the user's name) then adds their name to ACL with modify perms; then integrated this in with adduser.PHP (when added they have a level 1 account within the DB (system login) and a folder created under /Users on the server). Server needs to be logged in as Administrator at all times Local admin is not used, so now users cannot browse to other users docs on same local pc to manipulate/move cookies over their local profile then type in URL past the login point to gain unauthorised access that would be traced back to other user. Need to be local admin when initially setting up (for firewall exclusions, sharing xxx local library folder ...)
John Neesham
Page 71 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
FRI 29 MAR Did add user on manageusers.PHP page. This adds a user to the DB/system and also creates a folder under /users on the server, with modify perms for that users added to the ACL (then to all subfolders/files within) Changed interface pages so that users can dl/ul docs from user/yourdocs and restricted/restricteddocs; also secured with 2xif cookies Security Note: -users can ul/dl docs to server if they have access to that part of the system (SVS doc library system), even if they do not have correct NTFS perms on folder/doc itself; this is stopped by cookies blocking access to parts of the system. this means that users cannot get access to docs that they should not be able to. However, if a user knows the entire path to the document including extension (eg. \\svr\SVS\SVS document library\shared\doc1.txt) then if not locked down with the correct NTFS perms they can bypass the system and access the doc directly; that is why NTFS perms are used on top of cookies for security. Note1 - the user can still bypass the system but only if they know the exact path including extension and also have the correct NTFS perms. *This issue was stopped by removing Local Admin Rights* Note2 - users cannot navigate to find the path as 'SVS' and 'SVS document library' folders act as blocks to stop navigation Altered the manageusers/changeuser scripts to include change access levels properly. when changed to 1 it changes DB/system access and removes users name from restricted docs ACL (inc dirs+files within) when changed to 2 or 3 it changes the db/system access and adds the users name to the restricted docs ACL (including dirs+files within) SUN 31 MAR Altered changeuserlevel script to add/rem name to /shared and /restricted folders ACL on server + to alter access level DB field Altered deletuser to remove un from /shared and /restricted folders ACL on server, to delete un folder under /user on server + to remove row from 'user' table in db Did Not do warning box if deleting (warn that all files belonging to that user will be deleted if you continue) MON 1 APR Did 'if exists' check on file ul - doesn't ul and displays message and resolution guide if either wrongly logged in or wrongly named/shared folder. Did user password reset box on management area screen - pops up an alert box with guidance to reset user pw on ad, then will pull through to SVS doc lib system also (single sign on) Stopped unlink when dl'ing yourdocs, shared and restricted docs from server - keeps copy on server too so always has copy that's backed up in case client accidentally deletes or pc malfunction. Changes made by client will be applied to server version on upload, as it overwrites. This will be tightened up later with DB check, so that doc can only be dl'd by one user at a time this will stop multiple versions of the same document and the lost update syndrome. TUES 2 APR Included search feature in yoursdocs, shared & restricted areas. this ignores certain characters such as . and .. so that a folder's hidden files do not show. Search by doc name. If search with no search text then just returns all docs. Is local to each area (yourdocs, shared, restricted) so that
John Neesham
Page 72 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
you cannot see another's yourdocs and if only a level one user (yourdocs & shared) searches then they cannot see restricted docs. you can click on each to dl to your local library. Created second DB table (document) to aid with tracking document use. ERD modelling / DB use is less than i originally though as documents are stored on folders and files and are accessed using arrays. A DB is not required for this. CREATE TABLE document (row INTEGER (5) NOT NULL, username VARCHAR (25) NOT NULL, document_name VARCHAR (200) NOT NULL, area VARCHAR (20) NOT NULL, pcname VARCHAR (20) NOT NULL, datetime DATETIME NOT NULL, status VARCHAR (15) NOT NULL, Primary Key (row), Foreign Key (username) references user (username) ON DELETE CASCADE ON UPDATE CASCADE ); Have chosen to remove rows relating to userA in documents table if userA is deleted from the user table. This is because that user is no longer part of the system and information pertaining to them should no longer be available. therefore when user is deleted their name is taken from the ACL of restricted folder (if present) & shared folder, their folder on the server under /user is deleted including all contents, and the tracking information is also deleted; any information regarding their file use within the system should be garnered before deleting their system account. WED 3 APR Decided not to audit user's 'your docs' movements. this is because they can only be accessed by each individual user, so users will know of their movements, other users will not be waiting for any of their docs as they are specific to the user, and the management team being able to monitor personal document use may be considered unethical. Will only do shared and restricted. Changed scripts on ul and dl of shared and restricted documents so that if a file is uploaded or downloaded a row is added to the DB that records the username, document name, area (shared or restricted), pc name, date & time and also changes the status to Checkout Out (if downloading) or Checked In (if uploading) (MySQL 2013). Filenames containing apostrophes have been blocked from being added to the SVS document library, as MySQL insert queries have problems with this. The ‘str_replace’ function could have been used but would need to be used across a number of ul and dl scripts, so i thought a much cleaner way would be to block all filenames on ul with a message explaining why and how to rectify THU 4 APR Modified dl code to check with DB so that if userA tries to dl a doc that userB has dl'd but not returned yet then they cannot dl and get a message that says who has it on what pc. This stops multiple copies being dl'd / lost update problem. Did this for shared and restricted areas. Modified ul code to check for duplicate names (if trying to add new doc to the library) and if a user checked out a doc to a pc then (A) only they can check it in/return it, (B) only from the same pc and (C) only back to the same area that it was borrowed from.
John Neesham
Page 73 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
SUN 7 APR Did fileaudit.PHP page and can get last result/activity for each unique doc - for both 'all' and 'search' results (Stackoverflow 2013c). Doc was chosen as search term rather than username for legal reasons MON 8 APR Did fileauditresults.PHP page. This takes chosen doc from fileaudit.PHP and then displays many details (columns) for last 5 rows (box checked) or all rows (box unchecked) Did an 'add document' button on the homepage; this gives step by step instructions on how to add a document to the library Did onload message in authenticatedlandingpage.PHP page. This lets correctly authenticated user know that their doc use will be monitored by the management team and also that other users may be able to see which docs they are currently borrowing; with this knowledge they can then decide whether to continue or not. This is to legally safeguard the management team and other users (no unknown tracking and/or singling out). TUE 9 APR All JS is now in external script and functions are called in. This will help with XHTML validation. Authenticatedlandingpage.PHP (homepage) has 'user accept' popup on initial login but not afterwards Got 'webtom brown' html/CSS template from www.oswd.com; modified it so that it fits my layout needs and reflects the colours/logo/branding stated in the requirements WED 10 APR Merged template with authenticated landing page Removed excess CSS Recoded, reordered, commented, indented - tested and working still XHTML validated This can be the template for other pages THU 11 APR Used scrollbar for results Did XHTML validation, recoding, tables, buttons, scrollbars, commenting, indenting, and tidying for pages: logintest authenticatedlandingpage yourdocuments yourdoCSSearch yourdocsdl yourdocumentsul yourdocsuploader FRI 12 APR Did XHTML validation, recoding, tables, buttons, scrollbars, commenting, indenting, and tidying for pages: login sharedarea shareddocsearch shareddl sharedul John Neesham
Page 74 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
shareduploader restricteddocuments searchrestdocs restricteddocsdl restricteddocumentsul restdocuploader SUN 14 APR Did XHTML validation, recoding, tables, buttons, scrollbars, commenting, indenting, and tidying for Management Area. MON 15 APR Did and tested deldoc.php page Did XHTML validation, recoding, tables, buttons, scrollbars, commenting, indenting, and tidying for pages: managedocuments furtherdocdetails del doc Only docs that are not checked out and have not already been deleted can be deleted (removes doc from dir and adds DB row in document table with status set as deleted) Did parts of manageuser section inc: manageusers changeuserlevel deleteuser Most of changedelusermain TUE 16 APR Did XHTML validation, recoding, tables, buttons, scrollbars, commenting, indenting, tidying Finished all pages then tested them for functionality and display WED 17 APR Started adding and modifying different CSS files for different browser use THU 18 APR Finished adding and modifying different CSS files for different browser use; works in IE 7, 8 & 9. It may work in IE10 but having difficulty installing it on Windows7 VM. Tested and working with NVDA screen reader. Passes most colour blindness and contrast tests using Colour Contrast Analyser tool.
John Neesham
Page 75 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix I - Virtual Domain and SVS Document Library Installation Guide 1. Install VMWare Player VMWare player is used to create virtual machines that will exist in the domain. Please download and install from http://vmware-player.en.softonic.com/download.
2. Create Server and Install System 2.1. Build Server VM Download the ISO for Windows Server 2008 R2 x64 (standard version with 180 day trial) from http://technet.microsoft.com/en-us/evalcenter/dd459137.aspx. This can be done without a license but must be rearmed every 10 days by following these instructions (http://support.microsoft.com/kb/948472). Build the VM with 60GB+ HDD space and 4GB RAM. 2.2. Configure the Server · Change the computer name to ‘SVR’ · Change the network settings to static addressing with an IP address of 192.168.1.1/24 and set WINS to the same address · Change the administrator password to ‘Chiltern123’ · Install AD domain services via the Initial Configuration wizard. In the run box enter ‘DCPromo’ and follow the wizard to set the FQDN of root domain to ‘SVS-VAC.com’, set the forest functional level to ‘Windows Server 2008 R2’, set Directory Restore Mode administrator password to ‘Chiltern123’. Finally, add a new container called ‘SVS Users’ directly under ‘SVS-VAC.com’ in AD for Users and Computers · Install WINS via the Initial Configuration Tasks wizard; select Add Features then WINS · Add an exception to the firewall to allow incoming http/port 80 connections, but only from the 192.168.1.x/24 range 2.3. Create Storage Folders · Add a folder directly under the C drive called ‘SVS’. Within the share tab, share it to Everyone with full control. Within the security tab, disinherit the permissions from parent folder and configure so that the only ACE’s in the ACL are Administrator and Administrators, then give both full control · Add a folder directly under the SVS folder called ‘SVS Document Library’. Within the security tab, disinherit the permissions from parent folder and configure so that the one ACE’s in the ACL are Administrator and Administrators, then give both full control · Add a folder called ‘Restricted’ directly under the ‘SVS Document Library’. The permissions will be automatically set from the parent folder so that the only ACE’s in the ACL are Administrator and Administrators, then give both full control · Add a folder called ‘Shared’ directly under the ‘SVS Document Library’. The permissions will be automatically set from the parent folder so that the only ACE’s in the ACL are Administrator and Administrators, then give both full control · Add a folder called ‘Users’ directly under the ‘SVS Document Library’. The permissions will be automatically set from the parent folder so that the only ACE’s in the ACL are Administrator and Administrators, then give both full control 2.4. Install, Configure and Secure XAMPP · Download XAMPP from http://www.apachefriends.org/en/xampp-windows.html · Install XAMPP following instructions from http://www.edukatr.com/14-mins-to-startyour-own-xampp-server-on-windows-2008-server-r2/ · Secure XAMPP by following instructions from http://www.apachefriends.org/en/xampp-windows.html#1221. XAMPP pages and John Neesham
Page 76 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
· · · · · ·
·
PHPMyAdmin should have username 'administrator' and password 'Chiltern123' . Root SQL Server should have username 'root' and password 'Chiltern123' The php.ini file needs to be changed in order to allow PHP LDAP functions. In the php.ini file you need to uncomment (remove #) from line 'extension=php_ldap.dll' (PHP 2013d) Reboot the server, log on as administrator, then start Apache and MySQL services from the XAMPP control panel Access PHPMyAdmin (http://192.168.1.1/phpmyadmin) Add a database called SVS Within SVS database, click SQL tab Copy contents of 'DB Create Script.txt' file from the CD at back of the dissertation, and paste them into this window then press go; this has created the tables and also a starter level 3 account called 'managementuser' which you can use to login to the system when finished in order to create accounts Copy the contents of the 'htdocs' folder from the CD at the back of the dissertation and paste into the C:\xampp\htdocs folder on the server
3. Create Clients and Configure for System Access 3.1. Build Client VM The client pc should be Windows XP Pro XP3. The VM should be built with 40GB+ HDD space and 1GB RAM 3.2. Configure the Client · Change the network setting to a free static IP address in the 192.168.1.x/24 range · Add WINS address of 192.168.1.1 and leave NetBIOS setting at default (top radio button) · Add exception to the firewall for ‘File and Print Sharing’ · Do not configure Default Gateway or DNS · Change the PC name to identify it in the building (e.g. Reception) · Add PC to the ‘SVS-VAC’ domain then reboot 3.3. Configure for system access · Logon to domain as a user in AD · Once logged in, give the user local Administrator rights and reboot · Add a desktop shortcut to 'http://192.168.1.1/login.php' named 'SVS Document Library' · Add a folder to the desktop named the user's username then Local Library (e.g. 'JSmith Local Library'), then do the following to securely share the folder: · 1. Right click -> properties -> sharing tab. Choose 'share this folder', Choose ‘permissions’, Click the 'full control' box, Click apply and ok · 2. Choose the 'security' tab. Click advanced, Deselect the 'inherit from parent...' checkbox so that there is no tick, Select copy from popup box, Click apply and ok, Highlight 'system' ACE buy clicking on it, Click remove, Click apply and ok · Demote the user from Local Administrator to Standard/Power user, then reboot · Repeat this on as many PCs as you would like to access the SVS Document Library
John Neesham
Page 77 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix J - SVS Document Library User Guide for Staff and Management Contents Page Applies to Both Staff and Management 1. Accessing the System 2. Home Page Applies to Staff 3. Borrowing Documents 4. Returning Documents Applies to Management 5. Management Area 6. Manage Users 6.1. Change Access Level or Delete User 6.2. Add a New User to the System 7. Manage Documents 8. Delete Documents
John Neesham
Page 78 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
1. Accessing the System On your desktop there will be two icons that relate to the SVS Document Library:
Firstly there is the Local Library, which is where documents that are borrowed are stored. This will be labelled as your Windows login name followed by ‘Local Library’. In the above example it is labelled ‘managementuser Local Library’. Secondly there is the SVS Document Library, which you double click on to access the Login page. The Login page can be seen here:
You need to pick your Windows username and enter your password. These should both be the same as you logged onto this pc with.
John Neesham
Page 79 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
2. Home Page The first you login to the system each day a message will appear. If you agree with the conditions then press OK; if not then close the window. The message can be seen here:
All pages including the homepage list your Login name, PC name and Access Level. The access level is used to determine which areas you can and cannot go within the system and is reflected in the navigation tabs that are present. This can be seen in the two screen shots below:
John Neesham
Page 80 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
3. Borrowing Documents Documents can be borrowed from the Your Documents and Shared Documents areas. If you have Access Level 2 then they can also be borrowed from the Restricted Documents area. The Your Documents area will be used in this example. From any page click on the Your Documents tab and this will take you to the page below:
From here click on the ‘Borrow a document from Your Documents’ button. This will take you through to the following page:
If you simply click on the ‘Search for Your Document’ button it will display a list of all your documents, as you can see above. If you enter a search term then it will return those results only. To borrow the chosen document, firstly click on the ‘Borrow Document’ button as shown above. Then select Save (not Open or Close), save the document to your Local Library folder
John Neesham
Page 81 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
(without renaming it), and finally Close. These actions are shown in the following three screen shots respectively:
John Neesham
Page 82 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
The document is now in your Local Library and can be viewed and modified from there, without the need to access the system until you return it.
4. Returning Documents To return a document click on the ‘Return a Document to Your Documents’ button within the Your Documents area. Then navigate to the document within your secure Local Library desktop folder, click open, then click the ‘Return Document’ button.
John Neesham
Page 83 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
5. Management Area The Management Area is accessible by clicking the Management Area red tab and is only available to Access Level 3 users:
6. Manage Users Click on the Manage Users button to access these choices:
6A. Change Access Level or Delete User Clicking the appropriate choice takes you through to a screen that a lists all the current users by username and their Access Level. To change their Access Level enter the new Access Level you would like them to have, between 1-3, and then click the ‘Change Level’ button. To delete a user just click the ‘Delete User’ button that corresponds to that user. Please be aware that this will remove all traces of the user; this includes their SVS Document Library account, their access to the Shared and Restricted areas (if applicable), their Your Documents John Neesham
Page 84 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
area and all documents within and also the logs relating to their document use. The screen will look similar to this:
6.2. Add a New User to the System To access this area click on the ‘Add User’ button from the Manage Users area. The screen will look similar to this:
The user must be in Active Directory (on the domain, listed top), but not already added to the system (listed middle). You then add their username at the bottom and also complete the First Name and Last Name boxes and then click the ‘Add User’ button. The user will be created with Access Level 1 by default.
John Neesham
Page 85 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
7. Manage Documents To access the Manage Documents area just click on the appropriate button within the Management Area. This will take you to a screen similar to this:
You can either return all documents by clicking the ‘Show Current Status…’ button or search using the input box and ‘Search for Shared…’ button. Either will return results listing the document name and current status. From there you can either retrieve all activity for the chosen document or just the last five activities. If you were to click on the ‘View Further Document Details’ button for the ‘restdoc55.txt’ file listed above then it would open the page below:
You can then view the same document with more detail and more history including which user checked out/in the document, which pc they were using, to which area the document belongs and the date and time this was done. John Neesham
Page 86 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
8. Delete Documents Using the same ‘rest55doc.txt’ document as an example, you can navigate to the screen above using the same method and then press the ‘Delete…’ button as shown here:
This will delete the document but keep the activity log listed above pertaining to it, so if you revisit this document after the deletion it will look similar to this:
Please note that only documents that are currently Checked In can be deleted. This is to stop the document being deleted from the area on the server then added again by the user who has a Checked Out copy, as this may cause confusion for the above tracking system.
John Neesham
Page 87 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix K - Entity Relationship Diagram & Database Create Scripts
CREATE TABLE user (username VARCHAR (25) NOT NULL, fname VARCHAR (20) NOT NULL, lname VARCHAR (20) NOT NULL, accesslevel INTEGER (1) NOT NULL, Primary key (username) ); CREATE TABLE document (row INTEGER (5) NOT NULL, username VARCHAR (25) NOT NULL, document_name VARCHAR (200) NOT NULL, area VARCHAR (20) NOT NULL, pcname VARCHAR (20) NOT NULL, datetime DATETIME NOT NULL, status VARCHAR (15) NOT NULL, Primary Key (row), Foreign Key (username) references user (username) ON DELETE CASCADE ON UPDATE CASCADE );
John Neesham
Page 88 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix L - PHP Page Map For Users:
John Neesham
Page 89 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
For Management:
John Neesham
Page 90 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix M - Iteration 1 & 2 Unit Testing Examples Iteration 1: · Cookies are set on all pages after and including the authenticatedlandingpage.php (home page). This includes ousting users without accounts and users without sufficient access levels to the login.php and authenticatedlandingpage.php respectively (R1). · Users added/removed to/from the AD where appearing/disappearing from the login.php drop down list (R18). · Logging in correctly, logging in incorrectly, logging in with a blank password and logging in correctly with Windows account but not a system account would give the four different correct outcomes (R18) · Returning a document that was borrowed from one area (e.g. Shared) and returned to another is (e.g. Restricted) blocks the return and gives the appropriate onscreen message · Documents borrowed/returned appear/disappear to/from the relevant folders on the server (R3,4,6,7,9,10) · Newly created documents can be uploaded or not with the correct message displayed such as 'duplicate name', 'no apostrophes' or 'successfully added' (R2, 5 & 8). · Correctly borrowed/returned Shared or Restricted documents are triggering correct entries in the Document DB table (R11) · On first load of the shareddocssearch.php page there is no error onscreen as the search box will be empty · A Shared or Restricted document that a user is trying to borrow is not already Checked Out · JavaScript alerts appeared onscreen at the right time with the right message · The NetBIOS table (nbtstat-c) on the server was populating when a client PC was booted / joined the domain · Cookies were cleared when login.php page loads · The list of files displayed, for example on the shareddocsearch.php page, does not include the directory’s hidden files (. and ..) · If a user is trying to borrow a document that is already checked out, then this is blocked with an onscreen message stating the correct username and PC name of the borrower · An informative error message is displayed if a user tries to return a document with no path (i.e. just clicks the Return button with nothing in the input box in restrciteddocumentsul.php for example) · NTFS permissions were correct on documents and changed to reflect parent directory when moved between server and Local Library Iteration 2: · Ensuring the links in the navigation bar showed up for the user, depending on their access level, based on cookies (R17) · Each page was XHTML validated · Making sure that the 'consent' popup appeared on the homepage after login but not again (R14) · Scrollbars are only present when too many results appeared than could fit on the page · Tested all links and linking buttons · Ensured that the screen reader worked for the application and local library desktop folder (R17) · Colours matched those of the SVS website exactly (R15) John Neesham
Page 91 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix N - Legal Implications of Monitoring User Activity The activity (borrowing and returning) of Shared and Restricted documents is logged within the system and these logs can be accessed by the management team (access level 3 users). The logged information identifies the user by username and their PC by PC name/IP address; this is considered Personal Data by the Data Protection Act (DPA) 1998 (Legislation.gov.uk 2013) as it is personally identifiable information. To circumvent this issue a message appears each time the user initially logs on informing them of this and also that other users are made aware that you have borrowed a document if they try to borrow the same document too. This message is helpful in meeting the requirements of Principle 1 of the DPA and is present to legally safeguard the management team and other users (R14). With this knowledge users can continue or close the system. Additionally the search tool on the managedocuments.php page only allows a search by document, not by username; this was to prevent the singling out of a specific user. At this stage there is no specific retention policy other than when the user leaves the company and are removed from the system, all their document activity logs are removed too (see Appendix K).
John Neesham
Page 92 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix O - Adherence to Accessibility Guidelines The Web Content Accessibility Guidelines 1.0 (WCAG) checklist (W3C 2013) was consulted and changes made to make the system fulfil the minimum priority 1 checkpoint, but also large parts of priority 2 and 3. Some examples are as follows: Priority 1 1.1. Alt used on SVS logo, which is the only image on the system 2.1. Buttons are usable and readable with or without colour 6.1. HTML Documents can be read without style sheets 5.1. Row and column headers are identified, for example in furtherdocdetails.php Priority 2 3.3. CSS was used throughout 6.5. Dynamic content is accessible throughout 13.1 Each link's content is clearly identified throughout 13.4 Navigation mechanisms are used and labelled consistently throughout 10.2 Forms such as 'document search' are used and labelled correctly Priority 3 14.3 Presentation style is consistent across all pages 13.7 Different types of searches are available. For example, enter search term or just click box when empty for all results in search shareddocs.php In addition to the officially categorised criteria above, these were also considered: · The keyboard (tab, arrows, return) can be used without the mouse for all navigation. · The system has been tested with NVDA screen reader (Sourceforge 2012) and works very well. It not only reads out the contents of the page and what you are hovering over, but also objects outside of the system so that the list of currently borrowed documents in the user's desktop Local Library are also read out. · Colour Contrast Analyser (Wat-c 2008) was used to ensure that the difference in contrast between the background and foreground colours is enough (luminosity) to not be problematic for users with colour blindness. The results of these tests can be seen in Figures O1 and O2. There is one area that this fails on; this is the background results table and can be seen in shareddocsearch.php. However, the contents can be clearly seen and is only used for visual tidiness, rather than any functionality.
Figure O1 – Results of Colour Contrast Analysers Tool Tests
John Neesham
Page 93 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Figure O2 – Results of Colour Contrast Analysers Tool Tests ·
The system displays well when screen resolution is low, like 800x600 which can be seen in Figure O3, or higher such as 1024x768+ which are used by the majority of pcs (W3schools.com 2013).
Figure O3 – The System when displayed with 800x600 screen resolution
John Neesham
Page 94 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix P - HCI for Artefact Design and Build HCI was used throughout the design and build process, especially when choosing and modifying the web template, which Preece states will produce a usable functional system (1994 ,p.14). Nielson's Designing Web Usability (Nielsen 2000) and Scheneiderman's 8 golden rules of interface design (Dix 2004, p.282) were consulted regularly and examples of how this has affected my artefact can be seen in these two lists respectively: Nielson’s Designing Web Usability: · The page layout should be 50% for content and 20% for destination pages/links (2000, p.22) · Users can go directly to homepage from anywhere (2000, p.27) · Response times should be less than 1 second between pages (2000, p.42) · Links describe where they are going, rather than clickable 'click here' text (2000, p.55) · simplicity is most important, so users are drawn to content (2000, p.97) · Three main rules are be succinct, make the page easy to scan and split pages with hypertext links if too much information on one page (2000, p.101). This can be seen on any page. Scheneiderman's 8 Golden Rules of Interface Design (Dix 2004): · 1. Strive for consistency. The watermark, header, navigation bar links, footer, colours, buttons, and scrollbars are the same throughout the system. The Keep It Simple Stupid (KISS) method was used to keep consistency throughout and avoid too many differences which can lead to unnecessary complexity · 3. Offer informative feedback. Buttons such as 'add a document to the library' and 'reset user passwords' give feedback and directions when pressed · 5. Offer error prevention and simple error handling. An example of this is if you try to return a document with no path specific or to the wrong area, an informative message appears with instructions on how to prevent this · 7. Support internal locus of control. The informative labelling of links and buttons means that affordance and perceived affordance are closely linked and adding to transparency for the user; all of which make the user feel in control · 8. Reduce Short Term Memory (STM). Areas you may current be visiting are easily labelled and will only be a maximum of two levels up from the first levels in the navigation bar. Therefore STM is not a concern as you know where you are and can return there within two clicks.
John Neesham
Page 95 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix Q - Project Proposal A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation John Neesham BSc (Hons) Computing
[email protected] Supervisor: Dr Richard Gunstone Introduction Southampton Voluntary Services (SVS) is the umbrella body for local voluntary and community groups working in Southampton (Smith, 2011). They store information pertaining to clients, company records including financial information, Criminal Records Bureau (CRB) checks and other sensitive and non-sensitive documents on a local server. These are Microsoft Office documents and are secured using New Technology File System (NTFS) permissions (Microsoft, 2005). Members of staff have two mapped drives on their desktops that link directly to the file shares on the local server. One (mapped as ‘H’) is for each member of staff’s personal drive which includes files that they have created or saved and are only relevant and accessible to them. The second (mapped as ‘G’) contains documents that are accessed by all members of staff; the level of access from Deny to Full Control depends on the user. Problem Details The problems that have arisen from using this method of file storage are caused by incorrect NTFS permissions set to the file and have manifested themselves for the company in the following ways: · Staff being able to access/modify/move/delete files that they should not be able to · Staff not being able to access/modify/move/delete files that they should be able to · Management not being able to track file use to see when the changes are made and by who Known possible causes of the changes made to the NTFS file permissions are as follows: · Deliberate changes by staff/management/technical support · Moving vs. Copying within the same or different HDD partitions (can keep its own permissions or receive those of a parent in the hierarchy) (Microsoft, 2013) · The Organisational Unit in which the file resides · Accidental changes made to the file by making changes higher up in the hierarchy that have unknowingly cascaded down · The use of Windows Share Level permissions (Microsoft, 2008) Aims and Objectives of the Project I discussed these issues with representatives of the company (IT Lead –Victoria Smith, Deputy Chief Executive – Phil Lee) and also did some research. As a solution to the aforementioned problems my overall aim will be to build a piece of software that secures the documents, they are not directly accessed, only authorised staff can access them at the correct level and the documents’ recent use can be tracked. This aim will be achieved by implementing the following objectives:
John Neesham
Page 96 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
· · · ·
Install a database on a local server. This will be used to store documents, user accounts and assist with tracking Build a web style interface for staff to use in order to gain access to the database, and therefore their documents. Once access is gained then the member of staff will only have the correct level of access to documents that they have the authority to Build a web style interface for the management team to use in order to audit/track file use. There will also be a facility to perform basic management tasks, for example resetting user passwords Block direct access to the files by members of staff
Beneficiaries of the Project The staff and management (and indirectly their clients) will be the beneficiaries of the project. Project Artefact The artefact will be in the form a piece of software that will be given to the Phil Lee and Victoria Smith from the SVS management team Relation of the Project to my Degree Title Outcomes This relates to my degree title of Computing as it involves building a system and I will be critically evaluating various computing technologies and practices used as I investigate the solution further. These will include scripting languages such as PHP Hypertext Pre-processor (PHP) and Structured Query Language (SQL), design methodologies such as MoSCoW prioritisation (Haughey, 2013) and also file security methods such as Windows’ New Technology File System (NTFS) permissions and Linux Filesystem (Jones, 2007). My research will include books, internet and journals. I feel that with the research involved, evaluating my findings and then implementing a solution by building the actual artefact itself to solve the complex problem discussed in the introduction, this will take the allotted 600 hours to complete and be honours worthy. Problems Solved by the Project This artefact will allow: · · · · · · · · ·
Users to be able to access the documents they are authorised to and also have the correct level of access to those documents Users to not be able to see documents that are not authorized to access by the SVS management team Secure storage of documents (no direct access) Users to not change the NTFS file permissions of a document either accidentally or purposefully Users to not move documents The management team to be able to change the user(s) who can access documents more easily than complex NTFS permissions The management team to be able to monitor a documents previous use by staff The management team to be able to manage some basic tasks within the artefact such as user password resets, therefore not being reliant on technical support for this The company to be more legally compliant with the data that they store
John Neesham
Page 97 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Project Plan W/C Monday 21 January Final meeting with client to clarify the final requirements of the artefact First meeting with project supervisor Start researching the various ways that the artefact can be implemented W/C Monday 28 January Continue researching the various ways that the artefact can be implemented W/C Monday 4 February Decide which way to implement the artefact Write up findings by critically analysing results of the aforementioned research W/C Monday 11 February Research software development process/analysis (e.g. Spiral model, MoSCoW) and decide which one to implement Write up findings by critically analysing results of the aforementioned research W/C Monday 18 February Start prototyping the artefact Build database, populate with some test data and test W/C Monday 25 February Research HCI for implementation during interface build W/C Monday 4 March Build first staff interface, test and debug W/C Monday 18 March Build second staff interface, test and debug W/C Monday 25 March Build management interface, test and debug W/C Monday 1 April Re-test ‘finished’ artefact Beta test with the client W/C Monday 8 April Make any necessary changes following beta testing, such as further debugging and interface tweaks If there are no or few changes then use this week to get ahead or catch up W/C Monday 15 April Evaluation of personal development and final artefact Write up Evaluation of personal development and final artefact W/C Monday 22 April Final write up and referencing (this should have been done as you go so should just be covers, cd, formatting, pasting, etc…) John Neesham
Page 98 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
W/C Monday 29 April Final checking of dissertation (e.g. spelling/grammar, word count, etc…) Binding and submission Project Proposal Referencing and Bibliography Haughey, D., 2013. MoSCoW Method. UK: Project Smart. Available from: http://www.projectsmart.co.uk/contact-us.html [Last accessed 22 Jan 2013] Jones, M.T., 2007. Anatomy of the Linux file system. New York: DeveloperWorks. Available from: http://www.ibm.com/developerworks/aboutdw/contacts.html [Last accessed 22 Jan 2013] Microsoft, 2005. NTFS Permissions. USA: 2005. Available from: http://technet.microsoft.com/en-us/library/cc784990(v=ws.10).aspx [Last accessed 22 Jan 2013] Microsoft, 2008. NTFS Permissions, Part 2. USA: 2008. Available from: http://technet.microsoft.com/en-gb/magazine/2006.01.howitworksntfs.aspx [Last accessed 22 Jan 2013] Microsoft, 2013. How permissions are handled when you copy and move files and folders. USA: 2013. Available from: http://support.microsoft.com/kb/310316 [Last accessed 22 Jan 2013] Smith, V., 2011. Southampton Voluntary Services. Southampton: HCL LTD Available from: http://www.southamptonvs.org.uk/ [Last accessed 22 Jan 2013]
John Neesham
Page 99 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix R - Plagiarism Report The ‘TurnItIn’ tool reports a 9% similarity.
John Neesham
Page 100 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
Appendix S - Ethics Research Checklist
John Neesham
Page 101 of 102
A Browser Based Application that Secures and Tracks Shared Resources for a Voluntary Organisation
John Neesham
Page 102 of 102
