<Q-Patterns的简单例子>
NAME
Password Management
名称:密码管理
INTENT
The most general and common approach to authenticate a system or user is asking for a Password. Password authentication can be at different levels like user level, group level etc or at different stages like Operating System authentication, Application authentication etc.
目的:密码验证管理的通常方法。密码验证可以在不同层次实现,比如用户层次,组层次等等,又或者在不同的阶段来实现,好像操作系统的,应用系统等等
QUESTIONS
If you are using Password authentication anywhere in your
spec/design/code/test you may ask following questions:
问题集
如果你正在用密码验证机制,你可能在需求/设计/编码/测试阶段问以下问题:
Administration
1. Can administrator reset the password?
2. Can administrator's password be reset?
3. What happens If the administrator forgets his password (any
default password is given or reinstallation would take place)?
4. Can administrator set the default password?
5. Can another administrator reset an administrator's password?
6. Can an administrator read the password of a user?
管理:
1 管理员是否可以重置密码?
2 管理员的密码是否可以被重置?
3 管理员忘记密码该如何处理? (是否提供缺省密码或者需要重新安装系统)
4 管理员是否能设置缺省密码?
5 不同管理员之间是否可以相互修改密码?
6 管理员是否可以查看用户密码?
Usage
1. What's the maximum and minimum length of password?
2. Can we enter numbers in password?
3. Can blank password be used?
4. Where are passwords stored?
5. What is the default password (If any)?
6. Can one customize the default password?
7. Can Special characters (like #,$,ç,è,Þ,ß) be used in password?
8. How is password change affected? Is original password required before change password is allowed?
9. Is Confirm password used?
10. Is `Save Password' facility is there on the screen (so that user may not need to enter password every time she logs in)?
使用:
1 密码的最长/短是多少个字符?
2 密码是否可以包含数字?
3 是否支持空密码?
4 密码存储在什么地方?
5 缺省密码是什么?
6 用户是否可以设置缺省密码?
7 密码是否可以包含特殊字符?
8 密码修改的影响是什么?修改密码时是否需要提供旧密码?
9 是否需要确认密码(输入两次)?
10 是否可以提供保存密码功能,这样用户就无需每次输入密码?
UI
11. Is password shown as stars (at the time of entering the password, at the time of changing or resetting the password etc.)?
12. How many stars are shown for a password
• When it is being entered?
• When it is to be changed? (Note: Do not show same number of
stars as the number of characters.)
UI界面
11 密码是否被显示成星号 (登陆时和密码修改时)?
12 显示多少个星号?
Security
1. How are passwords stored? Are they encrypted before storing? If yes what is the encryption algorithm used?
2. Whether the password is case sensitive or not?
3. Whether the password can be cut and pasted?
4. Can a previously used password be used again? If `Yes' then after how many changes?
5. Is there any expiry time for the password? What happens after the date if user does not change the password during that period?
6. Is there any policy to count the number of password validations in succession (e.g.. If user enters wrong password 4 times then she is not able to enter password again in succession).
7. If application creates logs of all activities, then the logs of password are created or not?
8. If logs of password are being made then the password is stored in encrypted form or not?
安全:
1 密码如何保存,是否先加密后再保存,机密机制是什么?
2 密码是否大小写敏感?
3 密码是否允许剪切和粘贴?
4 之前用过的密码是否可以被重用,如果可以,是在修改多少次之后?
5 密码是否有失效期,如果有,密码实效后会怎样?
6 是否有密码验证的错误输入的次数的规则?
7 如果有系统日志,是否会有密码日志?
8 日志里存储加密的还是原始密码?
Performance
1. Whether password is made up of single-byte characters (even if multi-byte character set is being used in the application).
2. How much time will it take to authenticate the user after the submission of password?
3. What is the maximum space required to store a password? Will all the passwords require same space irrespective of size?
4. If wrong password is given, how much time will it take to give the error message?
5. How many users can be authenticated at the same time?
性能:
1 密码是使用单字节还是多字节?
2 验证密码需要多长时间?
3 密码的最大存储空间是多少?是否所有密码使用相同大小的存储空间?
4 如果输入错误密码,多长时间会给出错误提示
5 同时间可以验证多少个用户?
Example: Various login screens and mechanisms (web based mail systems, console based login etc.)
示例:很多的登陆界面和机制(比如网页邮件系统,控制台登陆等)
Associated patterns: Access Rights, Error messages
相关的模式:权限控制,错误消息
Specialization: Say, login for any particular web based mail system.
You can prune the question list to suite your needs, add more
questions to the specialized list OR enhance the parent Q-Pattern.
子类:web mail系统的登陆
可以修剪questions来满足自己的需要,比如增加更多的问题或者你也可以对父类进行增强
NAME
Password Management
名称:密码管理
INTENT
The most general and common approach to authenticate a system or user is asking for a Password. Password authentication can be at different levels like user level, group level etc or at different stages like Operating System authentication, Application authentication etc.
目的:密码验证管理的通常方法。密码验证可以在不同层次实现,比如用户层次,组层次等等,又或者在不同的阶段来实现,好像操作系统的,应用系统等等
QUESTIONS
If you are using Password authentication anywhere in your
spec/design/code/test you may ask following questions:
问题集
如果你正在用密码验证机制,你可能在需求/设计/编码/测试阶段问以下问题:
Administration
1. Can administrator reset the password?
2. Can administrator's password be reset?
3. What happens If the administrator forgets his password (any
default password is given or reinstallation would take place)?
4. Can administrator set the default password?
5. Can another administrator reset an administrator's password?
6. Can an administrator read the password of a user?
管理:
1 管理员是否可以重置密码?
2 管理员的密码是否可以被重置?
3 管理员忘记密码该如何处理? (是否提供缺省密码或者需要重新安装系统)
4 管理员是否能设置缺省密码?
5 不同管理员之间是否可以相互修改密码?
6 管理员是否可以查看用户密码?
Usage
1. What's the maximum and minimum length of password?
2. Can we enter numbers in password?
3. Can blank password be used?
4. Where are passwords stored?
5. What is the default password (If any)?
6. Can one customize the default password?
7. Can Special characters (like #,$,ç,è,Þ,ß) be used in password?
8. How is password change affected? Is original password required before change password is allowed?
9. Is Confirm password used?
10. Is `Save Password' facility is there on the screen (so that user may not need to enter password every time she logs in)?
使用:
1 密码的最长/短是多少个字符?
2 密码是否可以包含数字?
3 是否支持空密码?
4 密码存储在什么地方?
5 缺省密码是什么?
6 用户是否可以设置缺省密码?
7 密码是否可以包含特殊字符?
8 密码修改的影响是什么?修改密码时是否需要提供旧密码?
9 是否需要确认密码(输入两次)?
10 是否可以提供保存密码功能,这样用户就无需每次输入密码?
UI
11. Is password shown as stars (at the time of entering the password, at the time of changing or resetting the password etc.)?
12. How many stars are shown for a password
• When it is being entered?
• When it is to be changed? (Note: Do not show same number of
stars as the number of characters.)
UI界面
11 密码是否被显示成星号 (登陆时和密码修改时)?
12 显示多少个星号?
Security
1. How are passwords stored? Are they encrypted before storing? If yes what is the encryption algorithm used?
2. Whether the password is case sensitive or not?
3. Whether the password can be cut and pasted?
4. Can a previously used password be used again? If `Yes' then after how many changes?
5. Is there any expiry time for the password? What happens after the date if user does not change the password during that period?
6. Is there any policy to count the number of password validations in succession (e.g.. If user enters wrong password 4 times then she is not able to enter password again in succession).
7. If application creates logs of all activities, then the logs of password are created or not?
8. If logs of password are being made then the password is stored in encrypted form or not?
安全:
1 密码如何保存,是否先加密后再保存,机密机制是什么?
2 密码是否大小写敏感?
3 密码是否允许剪切和粘贴?
4 之前用过的密码是否可以被重用,如果可以,是在修改多少次之后?
5 密码是否有失效期,如果有,密码实效后会怎样?
6 是否有密码验证的错误输入的次数的规则?
7 如果有系统日志,是否会有密码日志?
8 日志里存储加密的还是原始密码?
Performance
1. Whether password is made up of single-byte characters (even if multi-byte character set is being used in the application).
2. How much time will it take to authenticate the user after the submission of password?
3. What is the maximum space required to store a password? Will all the passwords require same space irrespective of size?
4. If wrong password is given, how much time will it take to give the error message?
5. How many users can be authenticated at the same time?
性能:
1 密码是使用单字节还是多字节?
2 验证密码需要多长时间?
3 密码的最大存储空间是多少?是否所有密码使用相同大小的存储空间?
4 如果输入错误密码,多长时间会给出错误提示
5 同时间可以验证多少个用户?
Example: Various login screens and mechanisms (web based mail systems, console based login etc.)
示例:很多的登陆界面和机制(比如网页邮件系统,控制台登陆等)
Associated patterns: Access Rights, Error messages
相关的模式:权限控制,错误消息
Specialization: Say, login for any particular web based mail system.
You can prune the question list to suite your needs, add more
questions to the specialized list OR enhance the parent Q-Pattern.
子类:web mail系统的登陆
可以修剪questions来满足自己的需要,比如增加更多的问题或者你也可以对父类进行增强
扫一扫
1004
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
