Here’s an **in-depth note** on the topic **Application Design and Development – Application Development and Mobile**, from your **DBMS (Database Management Systems)** course, Module 35 of the IIT Madras B.Sc. program:

---

## 📘 **In-Depth Notes – DBMS**

### **Module 35: Application Design and Development – Application Development and Mobile**

---

### 🔷 1. **Overview**

This module connects **databases** with **application development** and explores both **web** and **mobile app development** from the perspective of database-backed applications.

It highlights:

* Rapid Application Development (RAD)
* Application performance and security
* Mobile vs. Web application development

---

### 🔷 2. **Rapid Application Development (RAD)**

#### 🧩 What is RAD?

* **Agile-based development model** focused on **quick iterations**.
* Alternative to traditional **Waterfall model**.
* Involves continuous customer feedback → *“customer-in-the-loop”* development.

#### 🔁 RAD Process Cycle:

1. **Business Modeling**

   * Understand what the business wants.
   * Define goals, workflows, user interactions.

2. **Data Modeling**

   * Define data entities, relationships, attributes.
   * Identify constraints and structure using ER diagrams or similar.

3. **Process Modeling**

   * Design workflows (e.g., buying from e-commerce: browse → cart → payment → track).
   * Map business logic to process flows.

4. **Testing & Turnover**

   * Prototyping + iterative feedback loop.
   * Continuous testing + refinement until final delivery.

#### ⚙️ Tools and Frameworks Supporting RAD:

* **Flask** (Python-based, lightweight)
* **Visual Studio** (Drag & drop UI design)
* **Java Server Faces (JSF)**: Component-based UI framework.
* **Ruby on Rails**: Auto-CRUD generation from schema.
* **Google App Engine, AWS Elastic Beanstalk, Microsoft Azure**
* **ASP.NET (Proprietary)**: With Visual Studio’s RAD features

---

### 🔷 3. **Performance Issues in Applications**

#### 💡 Key Bottleneck: Server Load

Millions of users → simultaneous DB requests → overload.

#### ✅ Optimization Techniques:

##### 1. **Caching**

* Store **previously computed results** or **HTML content** for repeated use.
* Avoid recomputation or repeated DB queries.

Types of caching:

* **Connection Pooling**: Reuse JDBC/DB connections instead of reconnecting each time.
* **Query Result Caching**: Cache common DB query results.
* **HTML Caching**: Serve full HTML pages directly for repeated requests.
* **Client-Side Web Proxy Caching**: Local network proxy holds copies of common requests.

##### 2. **Challenges**

* Cache invalidation: Cached results become *“dirty”* after data updates.
* Must use proper **TTL (time-to-live)** strategies or smart invalidation.

---

### 🔷 4. **Security in Application Development**

#### 🔐 Key Areas of Concern:

##### 1. **SQL Injection**

* Attackers manipulate input to change query logic.
* Solution: Use **prepared statements** with parameter binding.

##### 2. **Password Storage**

* **Never store passwords in plaintext** in code or scripts.
* Always **encrypt passwords** and secure credential storage.

##### 3. **Access Control**

* Restrict **DB access by IP addresses** (firewall rules).
* Protect source files (e.g., backup files like `.bak`, `.tmp` can leak sensitive code).

##### 4. **Authentication**

* Passwords alone are weak. Use:

  * **2-Factor Authentication (2FA)** – e.g., password + OTP
  * **Biometric** (fingerprint, facial recognition)
  * **TOTP devices** (time-based one-time password generators)

##### 5. **Authorization**

* SQL supports **table- or column-level access** only.
* But often you need **row-level** control (e.g., student sees only own grades).
* Workaround:

  * Manually filter by user ID in queries or application logic.
  * Use **application-level** logic for fine-grained access.

##### 6. **Audit Trails**

* Maintain logs of all actions (especially sensitive ones).
* Useful for:

  * **Security breach detection**
  * **Post-mortem analysis**
  * **Legal/audit purposes**

---

### 🔷 5. **Mobile Applications vs Web Applications**

#### 📱 Mobile Apps

* Native apps downloaded onto smartphones/tablets.
* Platform-dependent:

  * **Android**: Java/Kotlin, C/C++
  * **iOS**: Objective-C, Swift

#### 🌐 Mobile Web Apps

* Browser-based, responsive design for mobile screens.
* Touch-based UI, smaller screens, limited resources.

#### 💡 Mobile App Features:

* Local storage/cache for offline use (e.g., Google Maps offline mode).
* Access to hardware features: accelerometer, gyroscope, GPS, camera, etc.
* Gesture and sensor-based navigation (e.g., swipe, tilt, tap).

---

### 🔷 6. **Challenges in Mobile App Development**

| Area                  | Consideration                                                     |
| --------------------- | ----------------------------------------------------------------- |
| **UI Design**         | Must suit various screen sizes and touch interaction              |
| **Memory & Power**    | Optimized code needed due to resource limits                      |
| **Bandwidth**         | Data-efficient interaction with server                            |
| **Cross-Platform**    | Separate apps for iOS and Android or use hybrid frameworks        |
| **Local & Remote DB** | Use local storage for frequent data, remote DB for large datasets |

---

### 🔷 7. **Typical Mobile App Architecture**

Three-tier design (same as web but adapted):

1. **Presentation Layer (UI/UX)**

   * Optimized for mobile interactions

2. **Business Logic Layer (Facade/Workflow)**

   * Manages entities, validation, and process flows

3. **Data Access Layer**

   * Split into:

     * **Local DB** (e.g., SQLite) for fast offline access
     * **Remote DB** (server backend) for heavy data

---

### ✅ **Learning Outcomes Recap**

* Explored **Rapid Application Development (RAD)** and agile principles.
* Understood **performance optimization** using **caching** and **connection pooling**.
* Learned about **security best practices** in web and mobile apps.
* Compared **web** and **mobile** app development — their **architectures**, **differences**, and **platform dependencies**.
* Grasped the **importance of authentication, authorization**, and **audit logging** in secure applications.