When you realize that you do at the beginning of the project a lightweight, simple idea turned out to be completely wrong, you have spent six months on this project. Now you need to address these issues, in order for this system to continue to run it, you find that you use on this project energies far beyond your expectations, if you start to do the right way, this would not have happened thing.
Today, I want to tell you is a common mistake, a problem will bring you endless words, it is "User".
This word has two fundamental errors:
1, "User" is almost never a good description of your needs is.
2, "User" will lead to a fundamental design security flaws.
"User" is a vague concept, the use of more accurate term is almost always play better results.
You do not have users
In the beginning, a software system without any user really exist. At first glance "User" is a good description, but you will realize that you want a little business logic is actually much more complex than that.
I will use three examples from an extreme situation.
Ticket booking system is not "User"
I have written to access to airline reservation system control logic, the following is only a small part of the demand:
- Passengers can use the code to view the scheduled recording reservation information through the website.
- Buyers after a four-digit credit card number can be modified by booking information on the site.
- Travel agents can view and modify their reservation.
- Airline check-in staff can view and modify subscription information based on roles and airlines, which requires passengers to provide identification information.
Not enumerated. Some basic concepts related to human beings "Passenger", "agent" (website but also seen as a proxy) and "buyers." "User" The concept of no use, and I would not use the word in a number of requests, for example, we request must include documents of passengers and agents, rather than the user's documents.
Unix is not "User"
We look at an example of not the same. Unix (these days are called POSIX) users, they can log on and execute the code. This looks pretty good, right? Our in-depth look.
If we were all as "User", then we will have:
- Use graphical interface terminal or a registered person
- Such as email or web server service system will run in "User" identity, such as nginx can be run httpd user.
- On the server there is often more than a shared administrator account for SSH login (for example, Amazon's virtual machine Ubuntu default SSH account is 'ubuntu')
- root, and other identity above all different.
The above four are virtually different concepts, but they are in the POSIX "User". While we will see, these concepts are called "User" can cause a lot of security problems.
In operation, the user model because POSIX boundary exists, we can not even find a way to say "only let Alice and Bob through this account login."
SaaS service provider does not "User"
Jeremy Green recently SaaS application in the user model in https://twitter.com/jagthedrummer/status/1037812206602252291 posting on Twitter, the first time it reminded me to write this article, his basic point is that SaaS service It is almost always:
- An organization to pay a service fee.
- One or more people together to use this service.
If you start thinking of these people as a user, you will fall into a world of pain. You can not build a team model, you can not set up as a model at the same time people paid, and then you will begin to transform your system. In the case of SaaS now you learned a lesson, take a look at your life.
But this is only one of many examples: the concept of "User" is too vague. If you begin to doubt "User" is the word, eventually you may find that you really only need two concepts: Team (for organizational relationships and payments) and members (people who actually use the service).
"User" is a security issue
"User" The word is not only the business logic of the problem, it also led to a series of security problems. "User" The word is so vague that it from the root of two concepts merged:
- A person.
- They representation in software.
To illustrate this, assume that you are visiting a ill-intentioned websites, images on its servers led to your browser out of memory. Remote site control of your browser, and begin to upload your files to his service. Why is it doing this?
Because the system is based on the identity of the user's browser running, it is considered the same as your human identity, in fact, you are different. You as a "User", do not want to upload files. But the account system is also "User", the ability to upload a file, if the browser is running under your account, all his actions will be deemed to be your intention, that is to say you let it do so, in fact, No.
This is known as Confused Deputy problems. If you use the "User" is the word to describe two fundamentally different things, then the problem is more likely to become part of your design.
The value of the pre-design
Spend less effort to deal with the same problem is the key to become a high-yield programmers. The use of vague concepts such as "User" to organize your software, will spend a lot of time and effort to solve the problems occur in the future. One up on the start coding appears to be highly productive, the opposite is true.
The next time you start a new software project, please spend a few hours in advance to determine the terms and concepts you: although you still will not do it exactly right, but you will do better. The future will thank you for all the work you are doing prevention of waste.