-1

I am trying to create UML Class Diagram for this problem: So, user is prompted to enter a password. It's a 9 digit number. System receives passwords and checks if it's correct or not by looking into database which has correct password stored inside. If the password is correct, System needs to show message "Correct". Otherwise, message "Error" is shown. If the user enters wrong password more than 5 times in a row, then System stops showing messages.

I have 4 classes here, right? User, System, Database, Counter

  ┌─────────────────────────┬
  │  User                   │
  ├─────────────────────────┬
  │- pass: int              |
  ├─────────────────────────┼
  |+ EnterPass()            | 
  ├─────────────────────────┼
          | *
          |
          |
          |
          |
          | 1
  ┌─────────────────────────┬
  │  System                 │
  ├─────────────────────────┬
  │                         |
  ├─────────────────────────┼
  |+ CheckPass()            |
  |+ ShowSuccess()          | 
  |+ ShowError()            |
  |+ ShowNothing()          |
  |+ ChangeCategory()       |
  ├─────────────────────────┼
          | 1
          |
          |
          |
          |
          | 1
  ┌─────────────────────────┬
  │  Database               │
  ├─────────────────────────┬
  │- CorrectPass: int       |
  ├─────────────────────────┼
  |+ ValidatePass(): bool   |
  |+ Increment1()           | 
  ├─────────────────────────┼
          | 1
          |
          |
          |
          |
          | 1
  ┌─────────────────────────┬
  │  Counter                │
  ├─────────────────────────┬
  │- CounterState: int      |
  ├─────────────────────────┼
  |+ increment()            |
  |+ GetState(): int        | 
  ├─────────────────────────┼

Can someone tell me if this is correct? I am not quite sure if I should connect Counter and System somehow? Is there anything I should add?

Tim Denali
  • 45
  • 3
  • 2
    It is not good security to save a password, it is better to save a hashed version of it. Use a function such as PBKDF2, bcrypt or script, they use a salt, a hash and an iteration count. Then on password check run the user supplied password through the same process and compare the hashes. – zaph Apr 03 '16 at 15:02

2 Answers2

1

You generally do not want to model this much detail because you'll wind up with a stale, inert model. Users and counters are more of a concern for OOP, and are akin to modeling the sand and clay that make up the bricks to make a house. Who cares about that level of detail? Instead, you're better off modeling the problem domain, which is utterly absent here.

You could model the system architecture, which would identify the components, responsibilities, and interactions. You might evolve your System and Database into an architecture.

Is your model correct UML? Sure, but it's not particularly useful.

BTW, when you see one to one multiplicity, that is almost always a red flag.

Jim L.
  • 6,177
  • 3
  • 21
  • 47
0

This is not really a good design. Database and Counter should not be classes. The first for its complexity and the second because of its simplicity. Instead of using System for the password check, make this one Authentication. What you call System will be a conglomerate of many other classes besides Authentication. The counter will just be a private attribute inside Authentication.

Now to your Database. Here it probably represents the users which the system allows. So call this class User and assign it whatever properties a user has (name, encrypted password, last login, etc.). Mapping this to a real database is subject of a later design phase where you make those classes persistent by implementing some persistence interface.

qwerty_so
  • 35,448
  • 8
  • 62
  • 86
  • Maybe this will make it a bit more clearer. Database contains only a single password. It's a 9 digit number, and all of the users need to enter the same password in order to see Success message. I'm not sure if I figured you out correctly, but should I create only 3 classes? User, Autentification and Database? Am I right? Could you please be more detailed? – Tim Denali Apr 03 '16 at 14:32
  • Well, that does make even less sense. A class which contains a single password is no class at all. You should probably go an learn a bit about OOD before going on here. – qwerty_so Apr 03 '16 at 15:47