Object-Oriented Systems: End of Module Reflection

The module focussed on the use of object-oriented design and its implementation in information systems. We covered system failures, the reasons for their occurrences, system design using UML diagrams, the principles of object-oriented design, such as inheritance, polymorphism, encapsulation, and how these principles are implemented in Python.

My first takeaway from the initial discussions around system failure concerned the importance of testing. Though many of the specific incidents discussed by my peers on the forum had been caused by malicious use, a number of the incidents involved database and software failure which could have been prevented with better design. Comprehensive testing of applications, including unit testing, functional testing, and integration testing can help identify potential weaknesses in a system and prevent system failure, loss of service and the negative financial impact of such incidents.

Though I had seen class diagrams and entity relationship diagrams before this module, this was still a steep learning curve for me. I found the lucidchart software reasonably user-friendly and got to grips with the different styles of diagram pretty quickly. I found the sequence diagrams particularly useful as they forced me to look at the processes and flows that the software required, and also helped me identify the lines of communication required between the different objects.

I found it particularly challenging to come up with comprehensive, detailed and accurate class diagrams from the requirements. I think such diagrams can provide a good structural overview of an existing object-oriented system. In my professional life, I find detailed class diagrams very informative, and an effective way to get to grips with the architecture and make-up of an already existing system. However, I am unconvinced of their use as a detailed planning tool for systems that have yet to be implemented.

For example, in my "Marketplace" application, the final implementation differs significantly from the diagrams I produced in the planning stage. Planning a system in its entirety before writing a single line of code (the waterfall methodology) did not yield benefits proportional to the work involved. Producing accurate blueprints of a system would require a lot more communication and clarification with the stakeholders, and might still result in designs that would be modified during the implementation as problems were discovered.

I currently work in an agile development environment where building a minimum viable product and then iterating on it, with consistent repeated feedback from the product team, is the norm. Now, having tried the waterfall method, I appreciate more why many software development teams these days are moving to a more agile project management framework.

Having said that, drawing an initial high-level less detailed diagram before implementation, then revisiting the diagram after the initial implementation to fill in the details so future developers can get an overview of the project, seems to me to be a productive way of using UML diagrams.

I had some foundational knowledge of Python before the start of this module. I had also done a couple of courses in Object-Oriented Programming using Java, but I had not really looked into using Python strictly as an object-oriented language. I found the implementation of the classes pretty straightforward but Python, without using external libraries, lacks some of the important components of the OOP paradigm, like interfaces for example, which allow for loosely coupled code and reduced dependencies. This led to some initial confusion on my part about how I was to implement my design. Python does, however, allow multiple inheritance which effectively lessens the need for interfaces. This led to my implementation diverging from my design at the very early stages.

This was only my second time using the Flask framework, and I found that when I was unsure of how to do something, I could get most of what I needed from the documentation. This was a good confidence boost for me, because when I started coding in April 2020, most documentation seemed impenetrably dense, and I generally ended up watching videos on Youtube to get a grasp of new concepts. Going forwards, I will definitely be less reluctant to search in the documentation for what I need.

The most important lesson I learnt from the development of the project was the effectiveness of test-driven development. I decided to experiment with TDD for this project as I had never used this approach before. Writing the unit tests for my classes before implementing them was a complete reversal of how I had previously developed. The idea behind TDD is that, first, you write a suite of tests which test for the desired behaviour of your classes BEFORE writing any of the classes themselves. I found that this really helped me be specific about what I expected the class and its methods to be able to do. After I had a set of tests, I could then code the class and its methods gaining immediate feedback on the accuracy and efficacy of my code.

There were, of course, a couple of issues with this approach, as a test will only check what it is designed to. In a couple of cases my tests didn't cover edge cases effectively and despite having a passing set of tests, I still ended up with anumber of bugs at run-time.

One of the aspects of software design and implementation I realise that I need to work on is security. The web application I coded had a number of security flaws, and was particularly susceptible to attack by SQL injection. From the sign-in page, it was possible to gain access directly into the database by entering the string '' OR 1=1 --. There are not only issues with my implementation, but also with the design. Application security is something that needs to be considered in the design phase, as well as by the coder implementing the design.

As a result, I intend to spend some time learning how to avoid or prevent SQL injection attacks using Python. For a small university project like this, it was not a major issue, but in real life professional development situations, the security of your database and code base is of the utmost importance.