Consider the example of adding a commenting feature to an e-commerce site. The nominal case is the user writing a comment and submitting it. After admin approval, comment should be displayed on product page. Steps:
- User writes comment
- User presses submit button
- A message saying "comment will be visible after admin approval" is shown to user
- Comment is saved to database for admin approval
- Admin reviews and approves comment
- When product page is loaded, approved comments are shown
Additional considerations:
- If the user is not logged in, they must login. If the user has no account, they must create an account. After login / account creation, they should be redirected back to same product page with "comment will be visible after admin approval" message. Do not show that message for normal product page loads.
- After pressing submit button, user might want to edit or delete the comment.
- Although admin approval prevents spam, a malicious user could still:
- Send large text, overloading the database
- Send a large number of comments in a short time, overloading the server (DoS)
- Do SQL injection
- Do Cross-Site Scripting (XSS)
In addition to usability, performance, low resource usage and maintainability, these details make up most of software engineering work.
No comments:
Post a Comment