Software Engineering and Design Artifact

Description

The artifact I selected or this category is the final project for my CS-360: Mobile Arch. and Programming course. The project involved designing and building an Android application intended for warehouse inventory tracking. The development lifecycle followed multiple milestones including planning, wireframing, and implementation. The initial version of the application features user registration and login capabilities supported by a local SQLite database.

The planned enhancement is to upgrade the authentication mechanism to securely handle user credentials. The original implementation stored passwords in plain text within the database, which poses significant security risks. The enhancement will involve implementing salted password hashing to ensure that passwords are not stored in a retrievable format. Whenever a user goes to log in, the application will hash the entered password with a unique salt and compare it to the stored salted hash.

Justification For Inclusion

This artifact represents a complete software development lifecycle (SDLC), from conceptualization and design to coding and testing. Which is why I think it fits here as the first enhancement. It showcases my key competencies in mobile development, databse integration, UI design, and session management. Most notably, this artifact had room for enhancement in its security practices.

Course Outcomes and Enhancement Alignment

This artifact aligns with the course outcomes of my Capstone.
Specifically, it addresses:

• Design and develop software solutions following modern development practices.
• Incorporate security and privacy principles into software design and implementation.
• Refractor and enhance existing code for maintainability.

Reflection on the Enhancement Process

Enhancing this artifact provided a valuable opportunity to deepen my understanding of applied cryptography, especially within a mobile context. While I’ve worked with password hashing and salting in the past, integrating these practices into a real-world Android application helped solidify my practical skills in this area. I used my knowledge of appropriate hashing algorithms and chose to implement SHA-256 with Base64-encoded salts for simplicity and compatibility with Android Studio’s built in Java libraries. This removes the need for external libraries and bundles, increasing the overall scope of the application.

One of the main challenges I faced was designing the enhancement in a way that integrated smoothly into the existing database schema. This required altering the SQLite table structure to include a salt column. This is a bit awkward because android studio’s onCreate method only is called when the database is first created. My approach to alleviating this was to add a method to drop the table, and freshly generate a new one if the table version was older. Additionally, I had to ensure that the hashing and verification logic was clear, reusable, and testable. This is why I took the approach of isolating the cryptographic functionality into a separate class, allowing me to develop unit tests inside of a Java Applet if needed.

Overall this experience taught me the importance of building secure software from the ground up and reinforced the value of writing modular, maintainable code. It also emphasized how thoughtful design decisions early in development, such as planning for secure credential storage, can lead to more robust and maintainable applications.