This project is read-only.

Architecture and Design Frame

- J.D. Meier, Alex Homer, Jason Taylor, Prashant Bansode, Lonnie Wall, Rob Boucher Jr, Akshay Bogawat
Area Key issues
Authentication and Authorization Lack of authentication across trust boundaries
Lack of authorization across trust boundaries
Granular or improper authorization
Caching Caching data that is volatile
Caching sensitive data
Incorrect choice of caching store
Communication Incorrect choice of transport protocol
Chatty communication across physical and process boundaries
Failure to protect sensitive data
Composition Cooperating application modules coupled by dependencies making development, testing, and maintenance more difficult
Dependency changes between modules, forcing code recompilation and module redeployment
Difficulties in dynamic UI layout and update due to hard-coded dependencies
Difficulty in dynamic module loading due to hard-coded dependencies
Concurrency and Transactions Not protecting concurrent access to static data
Deadlocks caused by improper locking
Not choosing the correct data concurrency model
Long-running transactions that hold locks on data
Using exclusive locks when not required
Configuration Management Lack of or incorrect configuration information
Not securing sensitive configuration information
Unrestricted access to configuration information
Coupling and Cohesion Incorrect grouping of functionality
No clear separation of concerns
Tight coupling across layers
Data Access Per-user authentication and authorization when not required
Chatty calls to the database
Business logic mixed with data access code
Exception Management Failing to an unstable state
Revealing sensitive information to the end user
Using exceptions to control application flow
Not logging sufficient details about the exception
Layering Incorrect grouping of components within a layer
Not following layering and dependency rules
Not considering the physical distribution of layers
Logging and Instrumentation Lack of logging and instrumentation
Logging and instrumentation that is too fine-grained
Not making logging and instrumentation an option that is configurable at run time
Not suppressing and handling logging failures
Not logging business-critical functionality
State Management Using an incorrect state store
Not considering serialization requirements
Not persisting state when required
Structure Choosing the incorrect structure for your scenario
Creating an overly complex structure when not required
Not considering deployment scenarios
User Experience Not following published guidelines
Not considering accessibility
Creating overloaded interfaces with unrelated functionality
Validation Lack of validation across trust boundaries
Failure to validate for range, type, format, and length
Not reusing validation logic
Workflow Not considering management requirements
Choosing an incorrect workflow pattern
Not considering exception states and how to handle them

Last edited Jan 31, 2009 at 1:19 AM by prashantbansode, version 1


No comments yet.