Sixth month at IFS

During this period of 4 weeks we were able to complete implementing most of the required functionalities of the system which includes authentication, security, error handling framework. By the end of this period we were able to start the testing and bug fixing phase of the project. By doing that I was able to gather some knowledge on web application security and as well sharpen my knowledge about ASP.Net, C# and PLSQL.

I studied about the Global.asax file which is used to establish global objects that a web application uses. It can be used to handle events for the session and application objects. The authentication mechanism is implemented in the Session_Start event of that file. The security mechanism has been implemented to get the currently logged in user to the Corpnet from the LDAP (Lightweight Directory Access Protocol) directory, and then to get the User Role using the LDAP user. I used Admin tool of IFS Applications to configure the user roles to the users of the system.

We changed all the SQL queries in the DAL in order to prevent the SQL injection. SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application, which occurrs when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used, or user input must be carefully escaped or filtered. I made an DataServiceBase class method which accepts SQL statement as a string and the parameters as a string array, which binds the parameters later to the SQL statement.

We changed the sql queries in the data access layer to use the views rather than using the tables because it will enable restrict the privileges to different views for different users. Also we changed the sql statements in the DAL to get the appowner of the views. We can prevent the views being accessed by making restrictions on access to particular user roles.

During this time period we tested the system and fixed some errors. We discussed about the required privileges and noted down the privileges which should be corrected. I solved a problem of going into a page of another user role by typing the URL. Also the problem of going back after logging out was solved by me. We solved some problems regarding Exam section, Results section and Certification section. We created a new method in the DataServiceBase class in order to run a plsql procedure without checking the privileges which was then used to execute procedures without checking the privileges.

We made the error handling in the User Interface layer, in order to prevent unhandled exceptions being thrown. We made the code to throw the TrnexmExceptions from the business logic layer, after catching the exceptions which are thrown by the data access layer, in order to give user friendly error messages. To prevent the security threats by sending parameters in the querystring, we removed the query string variables. The solutions were to use the session variables with the Server.Transfer method.

Apart from those things I had to help the other trainees, who were asked to test our system, in order to get them familiarized with the system and the database tables. I explained them the functionality of the system. Especially we had to test the new publish of the site with the link http://cmbdevtech1/ with the Devtec database.

Fifth month at IFS

During the fifth month we were engaged in working with the project, F1 Certification System, which was on main focus to make the site published so that it is available for others to access. While doing that I was able to improve my knowledge on the usage of CVS, Oracle databases, PL/SQL Packages, procedures, ASP.NET and C# language.

During the first week of the 4 weeks’ period I studied about creating the custom error pages. I added a page not found error page and a default error page for all the other errors. During this week we had a meeting with the project manager mainly regarding the User Interfaces of the system and we were asked to finish the current tasks by the end of the week to have a release of the system. I did some changes to the functionality as some changes were done such as removing the ExamLocation class, using the pass mark for an exam, and using the date time for the start and end time for an exam, etc. During this week we had a meeting with a User Interface expert in the company, and we did several changes to the User Interfaces according to the suggestions made by her. By the end of this week we added the questions to the question bank, created sample exams, and added questions to those exams in order to make the testing of the system much easier.

During the next week we published the website in order to make that available for the other employees to test the system. The host used was the Cmbrnd81. When trying to publish it gave an error while publishing even though it was built successfully, that forced us to manually copy the file to the server. But I could solve that problem later. After publishing the site there was in need to come up with a precise article on the system, its functionalities and how to test the system. There we mentioned about the importance of the system, main goals to be fulfilled by the system and how to test the system. I created the database dump file using the current database tables of the system. During this week I could solve several problems such as updating exam data after inserting and updating exam data many times.

During the third week of the 4 weeks’ period we had a meeting with the project manager, during which we discussed about the matter of grouping the similar questions and creation of certificates. Then we had to change the trnexm_exam_qestion_tab to group the questions and I created the functionality of getting randomly selected questions for an exam without getting 2 questions from a group. I made the functionality to update the question data after inserting them and update more than one time when updating the question data. We deployed the Trnexm_Certificate_tab and its related api and apy in order to use the LicenseType class and I changed several queris in CertificateDataService class in order to retrieve the description of the LicenseType class relavent to a Certificate.

During the 4th week we read about the Oracle Access Management, as we have to use that for the user authentication of our system. Also we tested the site which we have uploaded to the server for its functionality. During this week we were able to start the Integration task of the F1 Certification System with existing IFS components like GPD, LCS and IFS-BIZ. We had to create the functionality to transfer all the information of exams exist to GPD and IFSBIZ as Competency Element, to send the successfully passed certificate information to the GPD and IFSBIZ as PersLicenseProfile, and to transfer all the successfully completed exams information to the GPD and IFSBIZ as Competency Element.

Fourth month at IFS

During the fourth month we were engaged in working with the project, F1 Certification System, which was on main focus to get the coding up to the standards while retaining the functionality. While doing that I was able to improve my knowledge on the usage of CVS, Oracle databases, PL/SQL Packages, procedures, ASP.NET and C# language.

During the past duration we were able to complete most of the important tasks related to the project. As the main task we engaged in restructuring of the project code following proper architecture (three tier architecture) and proper folder structure. According to the guidance given we created three separate layers called UI (User Interface) Layer, Business Logic Layer, Data Access Layer and within each and every layer we maintained a proper folder structure to improve overall system maintainability. We added three new projects to the solution apart from the web site project called ‘IFS.Applications.Trnexm.UI’. They were ‘IFS.Applications.Trnexm.Business’ which was to represent the business logic code of the project, ‘IFS.Applications.Trnexm.Common’ which was to represent the common codes for all the Logical Units, and ‘IFS.Applications.Trnexm.DataAccessLayer’ which was to represent the database accessing code files of the Web Application. UI Layer is to handle the presentation logic (logic of presenting data to the client) of the system, Business Logic Layer is to handle the business logic (logic of retrieving data from the data-tier and placing it into business components and, conversely the reverse logic) and finally Data Access Layer is to handle all the physical storage accesses.

Due to the integration task in between F1 certification System and Training Administration system (Trnadm), we were needed to modify the design drawn using rational rose, redeploy set of missing tables, and to drop set of unnecessary tables which are going to extract information from existing IFS components. Trnadm (Training Administration) is the system which is already being used by the IFS to manage the details regarding the employees and their training programs. Our task is to get the necessary data from the trnadm system (about users, cources, etc.) and add the exam functionality to that system.

I especially looked in to handling the tasks related to exam functionality. I moved the methods in the UI layer to the newly created classes in the Business Logic layer. And I also created the DAL classes and implemented the methods in order to use by the Business Logic classes. By the end of this time period I was able to get the functionality of exams working. That are inserting and updating exams, adding and removing questions from exams, doing an exam, viewing the results of an exam. The tasks which were allocated to the other group members were to create the user registration functionality, create the certification functionality, and to make the question bank functionality.

Third month at IFS

During the thid month we were engaged in working with the project, F1 Certification System, which was on main focus to get the coding up to the standards while retaining the functionality. While doing that I was able to improve my knowledge on the usage of CVS, Oracle databases, PL/SQL Packages, procedures, ASP.NET and C# language.

During the past duration we were able to complete most of the important tasks related to the project. As the main task we engaged in restructuring of the project code following proper architecture (three tier architecture) and proper folder structure. According to the guidance given we created three separate layers called UI (User Interface) Layer, Business Logic Layer, Data Access Layer and within each and every layer we maintained a proper folder structure to improve overall system maintainability. We added three new projects to the solution apart from the web site project called ‘IFS.Applications.Trnexm.UI’. They were ‘IFS.Applications.Trnexm.Business’ which was to represent the business logic code of the project, ‘IFS.Applications.Trnexm.Common’ which was to represent the common codes for all the Logical Units, and ‘IFS.Applications.Trnexm.DataAccessLayer’ which was to represent the database accessing code files of the Web Application. UI Layer is to handle the presentation logic (logic of presenting data to the client) of the system, Business Logic Layer is to handle the business logic (logic of retrieving data from the data-tier and placing it into business components and, conversely the reverse logic) and finally Data Access Layer is to handle all the physical storage accesses.

Due to the integration task in between F1 certification System and Training Administration system (Trnadm), we were needed to modify the design drawn using rational rose, redeploy set of missing tables, and to drop set of unnecessary tables which are going to extract information from existing IFS components. Trnadm (Training Administration) is the system which is already being used by the IFS to manage the details regarding the employees and their training programs. Our task is to get the necessary data from the trnadm system (about users, cources, etc.) and add the exam functionality to that system.

I especially looked in to handling the tasks related to exam functionality. I moved the methods in the UI layer to the newly created classes in the Business Logic layer. And I also created the DAL classes and implemented the methods in order to use by the Business Logic classes. By the end of this time period I was able to get the functionality of exams working. That are inserting and updating exams, adding and removing questions from exams, doing an exam, viewing the results of an exam. The tasks which were allocated to the other group members were to create the user registration functionality, create the certification functionality, and to make the question bank functionality.

Second month at IFS

The training at IFS within these 4 weeks was mainly about correcting the errors of the project and getting used to the code. While doing that I was able to learn many new things such as using CVS, using the Oracle databases. Except from those I also learnt a lot about ASP.Net and C#.

About the project
During the last week of October a meeting was to discuss about the project plan in which the responsibilities were assigned to each of the group members. Then we started studying the code behind of the course management system and analyzed the functionality of the system. Then during the next week we prepared a Software Requirements Specification which included functional and non functional requirements. And also we started fixing the errors of the system while getting familiar with the code of the system. By the end of the next week we were able to correct many of the errors. Then during the next week we set up the working environment for the project. We installed Oracle server database in the cmbts6 server. Then we installed CVS server and created a repository for the project files.

Things learnt
• CVS – Concurrent Versioning System is used to manage and synchronize the code files which are updated simultaneously by many persons. I learnt how to install the CVS server and do the necessary configurations such as creating a repository. Also learnt how to install the CVS client and about using the CVS when editing the code files.
• Oracle Databases – I learnt about installing Oracle database server to the server and creating the table spaces and database instances. Also we created the necessary user accounts and created user roles. Also learnt about creating the tables, procedures, functions and packages, and using them inside the C# code.
• ASP.Net – While correcting the errors of the system I was able to get a good knowledge about the ASP.Net. Especially learnt about using session variables, using Cascading Style Sheets, creating a Frameset, using Repeater control and Data List control, using the Object Data Sources, using Validation controls and many more.
• C# – I learnt about creating applications which can insert, update and remove data to Oracle database using Plsql procedures. Also learnt how to upload files to a database, using processes to run applications, using DataReaders, DataSets and DataAdapters, etc.
• IFS applications – during this month I was able to learn more about using the Design tool of IFS applications. We analyzed the cat file (class diagrams) and modified them using the Rational Rose. Then used Design tool to create the cre files and upg files which are used to generate the database tables.

The next 4 weeks period will be allocated to get the new functionality of the system after getting it up to the standards. We will have to gather requirements, create an error handling framework, change the GUI, do the integration, and implement security of the system.

First Month at IFS

Thought of sharing the things what we did at IFS during the first Month. I’ll try to make it as brief as possible.

About the project…
During the first week we have been given a project which was to develop a Training Course Management System. It is an external project and the deadline was set at middle of January. The system consists of two parts; Training evaluation section and Online exam section. To proceed with the project we need to have a good knowledge about the .Net Framework, C#, ASP, AJAX toolkit, PL-SQL (As IFS uses Oracle as their database), and UML designing using Rational Rose. So a series of sessions was held, and it continues until now. There is also another project. But the demo is not yet given. So We don’t know much about it yet.

Things we learnt…
During the training sessions we learnt many new things. At the beginning I was a bit worried, because not starting actual work of the project directly. But now I know the value of a proper training. Those sessions were full of quite good exercises which take so much time to finish. We learnt about,
• PL-SQL - which provides the Procedural Language Extension to the Structured Query Language; it goes in par with the Oracle databases which is used at IFS.
• UML designing using Rational Rose – IFS uses Rational Rose to model their class diagrams. And they use the model file (.mdl) created using Rational Rose to generate the basic code segments.
• IFS applications – IFS has a set of their own applications, which are used to handle the software development stuff easily and efficiently. So we learnt about the Design Tool which is used to convert the class diagram into the PL-SQL and language specific codes.
• C# language – As the .NET framework and C# will be the main language of future IFS windows clients we were able to have some good sessions in C# language. Today also we are having another C# session.
• Apart from that mean time I learnt using AJAX toolkit and a bit of ASP.NET.

Our day to day life at IFS…
We are at the 8th floor of IFS building which has 9 floors. It is the training floor. At IFS all the people should be called by their names, as in most of the companies. And we wear casual dress. Our day starts at 8 a.m. and finishes at 5 (but at most occasions we leave close to 5.30). During the day at around 10.30 we get the morning tea break ( free Nescafe also available). Tea should be prepared by our selves. Then around at 12.30 we get our lunch which we get free of charge. Lunch consists of different menus everyday and the dessert. At IFS employees get the lunch break full 1 hour, even some play cards at that time (caram also possible). Then around at 3.45 we get the evening tea break.( we normally take only about 15 mntz of tea break each) After finishing the day’s work we leave around at 5.15-5.30. After the end of day we play badminton. All the people are really friendly at IFS and I admire the friendly environment of its which makes me feel like home.