Assignment 2 of 1644 in BTEC course well got Pass, Merit, Distinction from teacher. This is a good document to refer for your assignment. I hope you can get Pass, Merit, Distinction after you refered my document. Good luck to you
INTRODUCTION
In our previous report, we discussed fundamental concepts of cloud computing Today, we will implement a web application in the cloud based on the solutions provided earlier This project utilizes Node.js for the application and MongoDB as the database, and it will be deployed on the internet using Heroku.
DESIGN
Overview Function
We have chosen cloud computing, after clearly analyzing the needs of businesses as well as the benefits that cloud computing brings Implementation will be detailed in this report
Web Application has the several function that are:
Add/Update/Delete/View/Search Product
Add/Update/Delete/View/Search Category
Add/Update/Delete/View/Search Supplier
This is the first interface when using the website It will show product and a navbar for menu list of function
The product listing screen features a comprehensive table displaying all item attributes Each entry includes three functional icons: an eye icon for viewing individual products, a pen icon for updating details, and a trash icon for deletion Additionally, there are dedicated interfaces for managing categories and suppliers.
Clicking the pen icon in the product list opens an interface where product information is displayed, allowing users to make updates according to their needs This feature is accessible to both categories and suppliers.
Clicking the trash icon in the product list prompts a confirmation view If the user selects "OK," the product will be permanently deleted from the system This deletion functionality is accessible for both categories and suppliers.
Code implement and deploy process
I use Visual Studio Code because:
It is very light in weight and takes very little time to start
Support many other programming different include a lot of extensions, open source
Many shortcuts are available to make the job easy
Visual Studio Code support terminal command for Heroku CLI and Git CLI
In this project, I will utilize the Express framework, a lightweight and adaptable Node.js web application framework Express offers a robust set of features, making it ideal for developing both web and mobile applications.
Creating a powerful API is quick and easy with Express, which offers a rich set of HTTP utility methods and middleware This framework enhances basic web application features while maintaining the familiarity of Node.js functionalities you appreciate.
Github will help me manage and share source with other members of the project team It also helps in storing and also backing up source code
In this project, I will use mongodb as my database because:
It’s support online database, which you need only are create a mongodb account and mongo atlas then get connection link
Document-oriented storage - Data is stored as JSON-style documents
In the final stage, I will deploy the project online using Heroku, a cloud computing platform that operates under the Platform as a Service (PaaS) model Heroku is highly scalable and suitable for companies of all sizes Additionally, it prioritizes security with a dedicated technical team available 24/7 to ensure robust protection for deployed applications.
2.1 Config framework express on the env
Express is a framework of nodejs, therefore the first thing which we need to do is download and install nodejs
After finish the first stage, we need to create project and user terminal command to install express with Node package manager: npm install express
2.2 Config and connect with mongodb
The next step is to connect to the database, and for this project, we will utilize MongoDB Atlas, which is more suitable than setting up MongoDB locally To proceed, we need to create a MongoDB Atlas account.
Figure 13: Create New Cluster in MongoDB Atlas
Step 2: In the recent cluster, click to the Network access and set the new privacy for the connect ip address
Figure 14: Add IP Access List
Step 3: Back to cluster tab and click to the collection Click to the create database
Step 4: Choose the created cluster and click connect to get the connection string You need to replace the password with you current password
Step 5: Connect to database with noSQLBooster Click to File->Quick Connect and paste the connection string to url
Figure 17: NoSQLBooster connect with mongodb
2.3 Config git and upload file to github
During web application development, I need to use Github to manage source and deploy it in heroku to test For each project, I will create one repository to manage
After created a repository, I will use command to sync the current project with git
Figure 19: Sync folder with repository
Then each time I want to sync my code, I can use some command are:
You can find the source code in your repository in github if upload successful
Figure 21: Git repository after push
2.4 Deploy code on Heroku server
To deploy a project to Heroku, it is essential to configure certain settings beforehand Begin by using the terminal in Visual Studio Code to create a package.json file by executing the npm init command.
When starting your project, ensure you use the `npm init` command in the root or main file of your project If necessary, you can also update the root or main file in the package.json configuration.
Beside, you web application will be public in the internet so we need to change that PORT to process.env.PORT to app.listen
Figure 23: Setup app.listen and PORT
In the next stage, i will register a new account and click to the create new app button in heroku homepage
Figure 24: Create Herroku Web Application
Because my web application is written with nodejs So we need to add Nodejs buildpack for our app in heroku
In last stage, we have 2 main ways to deploy our project in heroku
Choose connect to github and connect your repository
Use Heroku CLI (you need to install it before) Heroku also provide some guide to use heroku CLI for deploy your project
Figure 26: Documentation for using heroku
After push or connect successful to your project You can click "open app" and see your project
Figure 27: Heroku Web In Internet
Difficulties which one can face during the development process
Developing and implementing this project presented numerous challenges; however, through research and learning, I found effective solutions In this section, I will outline the difficulties I faced and the strategies I employed to overcome them.
As a first-time user of Node.js, I encountered several challenges during development due to the multitude of frameworks available, such as Express, NestJs, SailJs, and KoaJs, each with its own pros and cons This diversity made it difficult to select the appropriate framework for my project Additionally, after settling on a framework, I had to choose a suitable view engine One advantage of Node.js being an open-source platform is its rich community resources, unlike closed platforms like ASP or Java Spring However, this leads to inconsistencies in library naming, complicating the search for tutorial articles For instance, I mistakenly installed the wrong library due to forgetting the exact name of Handlebars, which resulted in bugs that required me to uninstall and reinstall the correct library The unique syntax of each library further added to my confusion when trying to understand their functions.
I encountered challenges while working with the view engine, as it differs from combining server-side and client-side code in a single file The source code is organized in a structure similar to MVC, which made it difficult to transfer data between my views and routes during the initial stages of development.
When working with data in JavaScript, I encountered numerous errors related to asynchronous processing Unlike other server-side languages, JavaScript has a strict approach to handling asynchronous operations, making it easy to make mistakes with improper callback functions.
To address the challenges I faced, I began by thoroughly re-learning Node.js, focusing on its fundamental keywords and operating principles After analyzing the advantages and disadvantages, I selected Express as the framework for my project and opted for the Handlebars (hbs) view engine due to its user-friendly syntax and widespread usage, making it easy to find information Given the inconsistencies in library naming within Node.js, I relied on the official documentation and articles on the Node.js homepage Additionally, when consulting tutorials on forums, I ensured clarity on which library I was using; for instance, with the Handlebars view engine, I encountered two libraries: hbs and handlebars Despite their similarities, including support for a single view engine, compilation, and helper registration, I decided to consistently use one library throughout the article.
For asynchronous handling, I opted for using async functions and await instead of traditional callback functions This approach utilizes a special syntax that simplifies working with Promises, allowing the structure of an asynchronous handler to closely resemble that of a synchronous handler By employing async/await, the program remains clear and coherent, even when multiple requests are made.
2 Debugging a) Difficulties when i start to write code, all code are written in the one file is server.js it make debug become more hard but easier to get error When the software is too functional, route naming will easily be duplicated When a bug occurs, it's very hard to find the module which is related to the bug In addition, passing data between the views and routes also sometimes leads to errors and makes it difficult to detect the cause Because, the cause may be database or form b) Solution
To address the issue, I utilized the router function in Express, allowing me to separate the app.js file into multiple routes with distinct features This approach enables overlapping route names across different routers, simplifying the bug-finding process When an error occurs in a function, I can easily identify the specific router and route associated with the issue.
Figure 30: Create Router In Express
The application is organized into three main routers: the product router, category router, and supplier router The product router manages all functions related to products, including updating, deleting, and adding items Similarly, the category and supplier routers handle their respective functionalities.
Figure 31: Embed Router In Main file
Beside, i have to use try catch and console.log in debugging It helps me catch all the possible exeception
I can also check the data if it can send from form
3) Deploying a) Database: I spent a lot of time connecting to the database In the first time i tried to connect to database, it got a lot of errors and I don't know what it means There is many other guide for that problem I have tried many of them but are not successful
Solution: I have connected according to documentation in the mongodb homepage, in addition I use asynchronous handling in database connection to ensure stability
Figure 34: Connection to database code
MongoDB is a NoSQL database, which can complicate the execution of nested queries across multiple tables This challenge arises when I need to retrieve specific category and supplier information related to a product.
When adding a product to a database, I utilize the category and supplier fields as identifiers to prevent duplication With a relational database, I can use JOIN operations to connect different tables for each record There are libraries available that facilitate this process with MongoDB; however, they may undermine some of the advantages that MongoDB offers compared to other database management systems.
When executing a product query, I retrieve the category and supplier ID fields, followed by two additional queries on separate collections, achieving results similar to a nested query without the need for extra libraries, thus maintaining data flexibility Additionally, I encountered challenges with Git, particularly when the GitHub GUI repositories failed to sync with the online repositories, and I found using Git in the console difficult due to my inability to recall all the necessary commands.
To resolve the issue, I researched the problem on forums such as Stack Overflow and discovered that the Git GUI only displays repositories located in the GitHub directory As a result, I now create new repositories within that specific directory Additionally, I have learned the command line commands, which I found to be manageable, and have since transitioned from using the GUI to the command line for my Git operations.
SECURITY
Some issue of Cloud computing platform
Outsourcing to the public cloud can lead to a loss of control over IT management, as configurations and operations are handled by external teams This arrangement often results in lower security levels, as data is stored in shared locations, making it less secure compared to other cloud models (Nayyar, 2019) To mitigate these risks, organizations should consider implementing robust security measures and exploring alternative cloud solutions that offer greater control and data protection.
Choose from reputable providers who have a clear policy and commitment to ensuring the security of your information and your interests
Private clouds impose stringent access restrictions, which can hinder employees from securely connecting to necessary applications, data, or files while working remotely (Nayyar, 2019) To address these challenges, companies must implement robust solutions that facilitate secure remote access to their private cloud resources.
Use VPN, VPN has two main advatange in this case
Cost-effectively provide employees, wherever they are, with a secure connection to both the company’s cloud and data center-based applications and data
Authenticate users and ensure comprehensive, consistent security without having to purchase expensive hardware or networking equipment, or add IT complexity
Hybrid cloud integrates both public and private cloud environments, bringing forth challenges associated with each type Additionally, careful consideration of technology and optimization is essential for effective implementation.
A thorough assessment of the system's size and usage is essential for developing an effective model Based on the system's scale, it is crucial to evaluate both security and technical elements to prevent potential technical errors and security issues.
Security issues and solution in cloud computing enviroment
Cloud-based environments facilitate seamless data sharing, allowing users to access information directly from the public Internet These platforms enable easy collaboration through direct email invitations or by providing public links to the stored data (Team, 2020).
While the ease of data sharing in the cloud is a significant advantage, it also raises serious concerns about data loss and leakage, with 69 percent of organizations identifying this as their primary cloud security issue The use of shared connections and public cloud-based archives can expose sensitive information to unauthorized users, as unique resources exist online for locating these unsecured cloud installations (Team, 2020).
To protect the organization's data from threats such as illegal discovery and loss, it is essential to implement a comprehensive data security solution This solution must fulfill key requirements to ensure robust data protection and security.
Data classification and standardization requirements
Requirements for the ability to monitor, detect and prevent unauthorized transmission of data outside of the organization
Requirements for effective operation of the solution set
Effective security measures can be rendered ineffective if an attacker gains direct access to the system, allowing them to circumvent most security protocols and third-party services such as Cloudflare Additionally, criminals pose a threat to the physical servers in the cloud environment, potentially causing significant harm (Aslan, 2012).
To ensure the security of cloud data, it is crucial for the Cloud Service Provider (CSP) to secure the physical location of their data centers, preventing unauthorized access to customer data Implementing robust security policies, including the presence of system guards or supervisors, is essential Additionally, advanced security measures such as fingerprint scanning, keycard access, and biometric scans should be utilized to restrict entry to sensitive areas within the data center.
When a Cloud Service Provider (CSP) goes out of business or is acquired, it poses a risk to organizations due to potential malicious insiders who may exploit sensitive data from their Cloud Service Customers (CSCs).
To mitigate the risk of hiring malicious workers by a Cloud Service Provider (CSP), it is essential to implement strict legal restrictions in employee contracts and conduct thorough reviews of the CSP Additionally, establishing a comprehensive security breach notification process is crucial Users should collaborate closely with the new distributor's representative to clarify contractual terms and prepare necessary forms to ensure data security (Hein, 2019).
4 Risks of Compliance and Audit
Legal threats encompass risks arising from insufficient jurisdictional information, alterations in jurisdictional details, unlawful contract provisions, and ongoing legal disputes Depending on the venue, Cloud Service Providers (CSPs) may be legally obligated to disclose confidential information to the government upon request (Worlanyo, 2015).
In addressing legal challenges, both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) must prioritize their legal and regulatory obligations, ensuring these responsibilities are clearly defined in contracts CSPs should also maintain robust security and data protection capabilities to prevent any adverse impact on their services This article will explore various strategies employed across four key areas to mitigate security risks, followed by a detailed examination of essential techniques for ensuring data security (Worlanyo, 2015).
The risks associated with Cloud Service Providers (CSPs) in the public cloud include hardware failures, technology issues, and service-related challenges Key concerns involve resource sharing and isolation problems due to the multi-tenancy nature of public clouds, as well as risks linked to changing CSPs, particularly regarding data portability To mitigate these risks, it is advisable for CSPs to conduct regular maintenance and audits of their infrastructure.
Virtualized trust protection emphasizes defense and integrity through a structured DHT-based overlay network hierarchy The lowest layer focuses on accumulating reputations and identifying colluders, while the top layer addresses similar attacks Credibility aggregation at this level relies on multiple sources to verify connections, and probing colluders involves testing associations with known malicious sources.
Secure virtualization is essential for cloud service providers (CSPs) to protect guest virtual machines and distributed computing middleware using an Advanced Cloud Protection System (ACPS) Monitoring the behavior of cloud components through logging and periodic checks of executable system files enhances security A robust trust model is necessary for interoperability, with distinct domains for providers and users, each supported by a dedicated trust agent Additionally, an independent confidence agent should collect security information to ensure integrity Implementing diverse trust strategies is crucial for both service providers and clients to maintain a secure environment.
How an organisation should protect their data
1 Using reputable and quality Cloud Server service
Cloud technology is evolving rapidly, with enhanced security measures in place to protect data Despite these advancements, hackers are employing increasingly sophisticated methods, prompting IT professionals and businesses to adopt the latest security technologies and software Utilizing reputable Cloud Server services is crucial for timely detection and resolution of vulnerabilities, ensuring the safety of data stored in the Cloud.
For example: when a new updated version, there are so many hackers will try to break its security system Therefore, the software will always need to have updated patches
Selecting a reliable cloud server provider is essential for ensuring data security Trustworthy providers implement robust security measures that protect your information effectively Additionally, it's crucial for your IT team to stay updated on the latest security practices to safeguard against potential network threats targeting cloud servers.
In this project, I selected Heroku as the service provider, which received a commendable score of 8.7 out of 10 based on 136 reviews from TrustRadius (2020), highlighting its strong reputation in the cloud service industry.
Figure 35: Heroku Platform Reviews (trustradius.com, 2020)
In addition, there are many large and small businesses choosing heroku such as Toyota, Citrix, Westfield, Yesware,
Data encryption serves as the final line of defense for businesses against external threats, akin to a thief being unable to access a safe even after breaking in In the cloud, data encryption involves transforming or encoding information before it is transferred to cloud storage (Olufohunsi, 2019) Cloud service providers typically offer various encryption services, from secure connections to limited encryption of sensitive data, along with encryption keys for decryption when necessary Major vendors like Microsoft Azure, Amazon Web Services (AWS), and Salesforce provide these encryption services However, relying solely on the cloud service provider's encryption can pose risks, especially if the "encryption key" is stored alongside the data To enhance data security, businesses should implement a Bring Your Own Key (BYOK) strategy, ensuring optimal protection for their sensitive information.
Office 365, a popular cloud application by Microsoft, enhances employee mobility by enabling access to essential tools like MS Outlook, Word, Excel, and PowerPoint from anywhere To bolster data security, Gemalto's BYOK solutions, including SafeNet ProtectApp and SafeNet KeySecure, provide organizations with complete control over their encrypted cloud data while facilitating efficient encryption key management across various platforms, including Azure, AWS, Google Cloud, and Salesforce.
4 Protect data from client side
Despite implementing various data protection measures, risks can still arise from everyday client-side activities There are two primary scenarios to consider: accessing the cloud via a corporate computer and accessing it through a personal device Security vulnerabilities often stem from software, particularly web browsers In the first scenario, employing security measures such as antivirus software and utilizing open-source operating systems like Linux can enhance protection Conversely, in the second scenario, different strategies must be adopted, including preventing SQL injection and cross-site scripting (XSS) attacks to safeguard sensitive information.
For example: I will provide one of the instances that led to sql injection attack when doing the lookup The (vulnerable) lookup code looks like this:
Figure 36: JS Injection Query String
The code in question can lead to a scenario where a query retrieves the entire user list by using a condition that always evaluates to true For instance, by passing a string like '|| 'a' = 'a', the query transforms into `this.username == '' || 'a' == 'a'`, which invariably returns true and thus yields all results This type of JavaScript injection poses significant risks, as it can compromise the integrity of the enterprise's database in various ways.
Besides, the data entry also needs to be validated strictly according to the business rules Protecting business data will include ensuring integrity and integrity of data
Many businesses underestimate the critical need for data backup and recovery plans, leaving them vulnerable to various risks such as operating system failures, software glitches, hardware corruption, and cyberattacks These threats can result in the loss or damage of vital corporate information, including customer data, emails, financial documents, and contracts Consequently, it is essential for businesses to regularly back up their data online However, storing backups on cloud servers can increase exposure to attacks, necessitating the implementation of robust security measures to protect these backups effectively.
SUMMARY
Through this project, I gained significant insights into cloud computing, covering essential concepts such as high-performance computing, networking, and cloud architecture I also had the opportunity to work with cutting-edge technologies like Express.js and MongoDB My final product utilized cloud computing principles and was successfully deployed on the Heroku platform as a PaaS model Additionally, I addressed various challenges encountered during cloud development, including security issues, which are discussed in the article.
My website: https://asm2-gch18888.herokuapp.com/
My Source Code: https://github.com/LuxuryFi/Cloud/tree/master/MiniProject