This chapter in the Software Development An Open Source Approach discusses about User Interface. In software development the user interface is how the user interacts with the software. A good user interface usually will be measured on the interfaces completeness, language, navigability, simplicity, feedback and recovery, data integrity, client-server integrity, security and finally documentation. These guidelines will ensure that the user has a decent experience using the software.
Moving on, the chapter discusses MVC pattern, Model-View-Controller pattern. The MVC pattern helps developers conceptualize the different UI components and also achieve the eight principles of good user interface. The model component contains the application logic, the view component is what the user actually sees and interacts with, and the controller component handles user inputs to update the model and view accordingly.
The last thing discussed in the chapter is security at the user interface level. Due to the nature of user interfaces interacting with users, it mainly deals with user inputs. There are four different types of security concerns. These are enforcing levels of user access, password encryption, protecting against SQL injection attacks, and protecting against cross-site scripting attacks. As we mentioned before, setting permissions for users and user access is important so that malicious users can not compromise the software; it would also maintain the needed boundaries in a software environment so that users cannot interfere with the important functionalities of the software. Password encryption is another important practice since many developers tend to store unencrypted passwords in their database where if the server or database is compromised then all users will also be compromised due to storing plain text passwords in the database; encryption protects user passwords from being leaked even if the server or database is compromised. SQL injections attacks are attacks where the malicious user can manipulate the inputs to gain access to the database or server. Finally, XSS attacks or cross-site scripting attacks, where a malicious user may write code to get the user to leave the original web application or web site to an infected site where the user can be compromised.
For the RMH Homebase password recovery, the user could answer security question set up during registration, or simply reset their password if they have access to their phone or email. This allows for the user to have complete control, and also minimal interference for the site administrators.