Technical Documentation

Database
Ibrahem Saker & 22034825

I. SYSTEM AND USER REQUIREMENTS

With all the data available in the database system, Nitrogen Gym can provide personalized workouts and track
members' progress over time. Additionally, the system can recommend equipment and classes to members
based on their fitness goals.
Several rules and restrictions should be considered when building the Nitrogen Cloud Database System:

Backup Requirement: The system must include a backup mechanism to ensure data safety and recovery in
case of any unforeseen incidents.

Password Security: The system should employ password protection to ensure the security and confidentiality
of member data.

Internet Service Provider Check: The system needs to verify the internet service provider's reliability to
ensure smooth network connections and reduce disruptions.

Unique Email Constraint: Members cannot be registered with the same email address to maintain data
integrity and avoid duplication.

Class Schedule and Duration: No class should be reserved without specifying its schedule and duration.

Default Nationality: If a member does not provide their nationality, the system should fill it with the default
value of "Jordanian."

- Security Mechanisms and Password Implementation:

Implementing security mechanisms is crucial for the protection of the Nitrogen Gym cloud database system.
Here are the securities implemented to ensure the security of the system:

1. Access Control: Set up user accounts with appropriate access levels and privileges. Assign different roles to
employees, suppliers, and customers to restrict access to sensitive data.

2. Password Policy: Enforce a strong password policy to prevent unauthorized access. Require users to create
passwords that meet specific complexity requirements, such as a minimum length, a combination of letters,
numbers, and special characters.

3. Encryption: Implement encryption mechanisms to safeguard sensitive data, both in transit and at rest. Use
SSL/TLS protocols for secure communication between the database and clients.
4. Regular Updates and Patching: Stay up-to-date with the latest security patches and updates for your
database management system. Apply patches promptly to address any known vulnerabilities.

5. Network Security: Implement network security measures, such as firewalls and intrusion detection systems,
to monitor and control network traffic. Restrict access to the database from specific IP addresses or ranges.

6. Backup and Recovery: Set up regular backup procedures to ensure data integrity and availability. Store
backups in secure locations, preferably in multiple locations for redundancy. Test the backup and recovery
process to verify its effectiveness.

7. Auditing and Logging: Enable auditing and logging features to track and monitor database activities. Keep
logs of user actions, failed login attempts, and other security-related events for future analysis and investigation.

8. Two-Factor Authentication (2FA): Implement 2FA for user authentication, adding an extra layer of
security. Users will need to provide a second form of verification, such as a unique code generated by an
authentication app, in addition to their password.

- Data Backup and Recovery:

Data backup is essential to protect against data loss and ensure business continuity. Here's how I can implement
data backup and recovery for the Nitrogen Gym cloud database system:

1. Backup Strategy: Develop a backup strategy that determines the frequency of backups, retention periods,
and the types of backups to be performed. Consider full backups, incremental backups, or a combination of both
based on the database size and update frequency.

2. Backup Storage: Choose a reliable and secure storage solution for your backups. Cloud storage services like
Amazon S3 or Azure Blob Storage are commonly used for storing backups offsite. Ensure that the storage
location provides durability and redundancy to safeguard against data loss.

3. Automated Backup Jobs: Set up automated backup jobs to execute regular backups according to the defined
backup strategy. Use the backup tools provided by your chosen database management system or use third-party
backup solutions that integrate with your DBMS.

4. Testing Backup Integrity: Regularly test the integrity of your backups to ensure they are valid and can be
successfully restored. Perform test restores on a separate environment to verify the backup files and validate the
recovery process.

5. Recovery Procedures: Document the step-by-step recovery procedures to follow in case of data loss or
system failure. Include instructions on how to restore the database from backups and any additional steps
required to bring the system back online.

6. Monitoring and Alerting: Implement monitoring and alerting mechanisms to notify administrators of
backup failures or any anomalies in the backup process. Proactive monitoring helps identify issues early and
allows for timely resolution.
7. Offsite Backup Storage: Store backup copies in an offsite location to protect against physical disasters or
data center failures. This ensures that even in the event of a catastrophic incident at the primary data center, the
backups remain safe and accessible.

8. Disaster Recovery Plan: Develop a comprehensive disaster recovery plan that outlines the steps to recover
the entire system in the event of a major disruption. This plan should include backup and recovery procedures,
hardware and software requirements, and communication protocols.

- Security Mechanisms and Password Protection:

Ensuring the security of the Nitrogen Gym cloud database system is crucial to safeguard sensitive member
information and protect against unauthorized access. Here's how I can implement security mechanisms and
password protection:

1. User Authentication: Implement a robust user authentication system that requires users to provide valid
credentials (username and password) to access the database system. Use secure hashing algorithms like bcrypt
or SHA-256 to store passwords securely.

2. Role-Based Access Control: Define different roles (such as admin, employee, and member) with varying
levels of privileges. Assign appropriate permissions to each role to control access to specific database tables and
operations.

3. Secure Socket Layer (SSL) Encryption: Enable SSL encryption for secure communication between the
database server and client applications. SSL ensures that data transmitted over the network is encrypted,
preventing unauthorized interception and eavesdropping.

4. Parameterized Queries: Use parameterized queries or prepared statements to prevent SQL injection attacks.
This technique ensures that user input is properly sanitized and treated as data rather than executable code.

5. Auditing and Logging: Implement auditing and logging mechanisms to track user activities and system
events. Log important events such as login attempts, data modifications, and access control changes. Regularly
review logs to detect any suspicious or unauthorized activities.

6. Regular Security Updates: Keep the DBMS and operating system up to date with the latest security patches
and updates. This helps protect against known vulnerabilities and ensures that the system benefits from the
latest security improvements.

7. Password Policies: Enforce strong password policies for user accounts. Require passwords to meet specific
complexity requirements (e.g., minimum length, inclusion of uppercase, lowercase, numeric, and special
characters) and enforce regular password changes.

8. Two-Factor Authentication (2FA): Implement 2FA as an additional layer of security. Require users to
provide a second form of authentication, such as a one-time password (OTP) sent to their registered mobile
device, along with their username and password.

9. Database Firewall: Deploy a database firewall to monitor and filter incoming traffic to the database system.
The firewall can block suspicious or unauthorized access attempts and help mitigate potential security threats.
10. Data Masking: Implement data masking techniques to protect sensitive data. Masking involves replacing
sensitive information with fictitious or partially anonymized values, allowing authorized users to perform their
tasks without directly accessing sensitive data.

- Data Backup and Recovery:

To ensure the integrity and availability of data in the Nitrogen Gym cloud database system, it's important to
establish a reliable backup and recovery strategy. This helps safeguard against data loss due to hardware
failures, software errors, or other unforeseen circumstances. Here's how I can implement data backup and
recovery:

1. Regular Data Backups: Schedule regular backups of the database to create copies of the data at specific
intervals. This can be done using automated backup tools provided by the cloud hosting provider or through
manual backup procedures.

2. Full and Incremental Backups: Perform both full and incremental backups. Full backups capture the entire
database, while incremental backups only store changes made since the last backup. This helps optimize storage
space and reduces backup and recovery time.

3. Offsite Storage: Store backup copies of the database in an offsite location or in a different geographical
region to mitigate the risk of data loss in the event of a disaster or physical damage to the primary data center.

4. Backup Encryption: Encrypt backup files to ensure the confidentiality of the data during storage and
transmission. This prevents unauthorized access to sensitive information if backup files are compromised.

5. Backup Testing and Verification: Regularly test the backup and recovery process to ensure the integrity of
the backups and verify that data can be successfully restored. Perform test restores on a separate environment to
minimize disruptions to the live system.

6. Recovery Point Objective (RPO) and Recovery Time Objective (RTO): Define RPO and RTO metrics to
determine the maximum acceptable amount of data loss and the desired time frame for recovery in the event of
a disaster. This helps prioritize backup and recovery efforts and sets expectations for data restoration.

7. Disaster Recovery Plan: Develop a comprehensive disaster recovery plan that outlines the step-by-step
procedures to be followed in the event of a system failure, data loss, or any other catastrophic event. This plan
should include roles and responsibilities, communication protocols, and the necessary resources for recovery.

8. Automated Backup Monitoring: Implement monitoring systems that regularly check the status of backups
and alert administrators of any failures or issues. This ensures proactive detection of backup failures and
enables prompt corrective actions.

9. Documented Backup Procedures: Document the backup and recovery procedures, including the backup
schedule, storage locations, encryption keys, and restoration steps. This documentation serves as a reference for
system administrators and helps maintain consistency in backup practices.

- Security Mechanisms and Password Protection:

Ensuring the security of the Nitrogen Gym cloud database system is crucial to protect sensitive member
information and prevent unauthorized access. Implementing robust security mechanisms and enforcing strong
password protection are essential components of a secure system. Here's how I can address security concerns:

1. Access Control: Implement strict access controls to limit database access to authorized personnel only.
Create user accounts with appropriate privileges and roles, granting access based on the principle of least
privilege. Regularly review and update access permissions as needed.

2. Secure Authentication: Enforce secure authentication mechanisms, such as username/password

authentication or multi-factor authentication (MFA). Require strong passwords that include a combination of
alphanumeric characters, symbols, and minimum length requirements. Hash and salt passwords to protect
against unauthorized access.

3. Role-Based Security: Define roles and responsibilities within the database system and assign them to users
based on their job functions. This ensures that each user has the appropriate level of access and limits their
privileges to only necessary actions.

4. Encryption: Employ encryption techniques to protect sensitive data both at rest and in transit. Use SSL/TLS
protocols to secure data communication between the application and the database. Additionally, consider
encrypting data stored in the database itself to provide an extra layer of protection against unauthorized access.

5. Parameterized Queries: Use parameterized queries or prepared statements to prevent SQL injection attacks.
This helps sanitize user input and ensures that malicious code cannot be injected into database queries.

6. Audit Trail: Implement an audit trail mechanism to track and log user activities within the database system.
This includes capturing information such as login attempts, data modifications, and access requests. Regularly
review and monitor the audit logs to detect any suspicious or unauthorized activities.

7. Regular Security Updates: Keep the database management system and associated software up to date with
the latest security patches and updates. Regularly monitor security advisories and apply patches promptly to
address any known vulnerabilities.

8. Password Encryption and Storage: Store user passwords securely by using strong encryption algorithms,
such as bcrypt or Argon2. Avoid storing passwords in plain text or using weak hashing techniques. It's
recommended to use salted hashes to further enhance password security.

9. Firewall and Network Security: Implement a firewall to control incoming and outgoing network traffic.
Restrict access to the database server from unauthorized IP addresses. Regularly monitor network traffic and
configure intrusion detection and prevention systems (IDS/IPS) to detect and block suspicious activities.

- Data Backup and Recovery:

Data backup is a critical aspect of maintaining the integrity and availability of the Nitrogen Gym cloud database
system. It ensures that in the event of data loss or system failures, the information can be recovered and restored
to its previous state. Here's how I can address data backup and recovery:
1. Regular Backup Strategy: Implement a regular backup strategy to create copies of the database at defined
intervals. This can be done daily, weekly, or based on the frequency of data updates. Choose a suitable backup
method, such as full backups or incremental backups, depending on the size and complexity of the database.

2. Offsite Storage: Store backup data in an offsite location to protect against physical disasters or on-site
incidents that could lead to data loss. Cloud storage solutions, such as Amazon S3 or Azure Blob Storage,
provide reliable and secure offsite storage options for backup data.

3. Automated Backup Process: Set up automated backup processes to ensure consistency and reduce the risk
of human error. Use scripting or backup tools provided by the DBMS to schedule and execute backups without
manual intervention.

4. Backup Verification: Regularly verify the integrity and completeness of backup files. Perform test restores
to ensure that backups can be successfully restored in case of data loss. Regularly validate backup processes to
identify any potential issues or gaps in the backup strategy.

5. Disaster Recovery Plan: Develop a comprehensive disaster recovery plan that outlines the steps to be taken
in the event of a system failure or data loss. This plan should include procedures for restoring the database from
backups, configuring the system, and resuming normal operations.

6. Backup Retention Policy: Define a backup retention policy that specifies how long backup files should be
retained. Consider regulatory requirements and business needs when determining the retention period.
Regularly review and adjust the policy as necessary.

7. Documented Recovery Procedures: Document step-by-step procedures for restoring the database from
backups. Include information on the required software, configurations, and any dependencies or prerequisites.
This documentation will serve as a guide during the recovery process and ensure consistency in recovery
operations.

8. Monitoring and Alerting: Implement monitoring tools to track the status of backup processes and receive
alerts in case of failures or anomalies. Monitor backup success rates, storage capacity, and any errors or
warnings related to backup operations.

9. Disaster Recovery Testing: Periodically perform disaster recovery tests to validate the effectiveness of the
backup and recovery procedures. Simulate different failure scenarios and verify that the system can be fully
restored within acceptable recovery time objectives (RTO) and recovery point objectives (RPO).
II. ENTITY RELATIONSHIP DIAGRAM

III. RELATIONAL SCHEMA

 IV. QUERIES
- SQL Queries and Reporting:

The Nitrogen Gym cloud database system contains a wealth of data that can be used to generate useful
information and insights. By querying the database, you can extract specific data sets and generate reports to
fulfill various reporting requirements. Here are some SQL queries that can be performed on the Nitrogen Gym
database system:

1. Retrieve members' classes schedule, class duration, and class name, ordered by class name in descending
order:

This query retrieves the class name, class schedule, and class duration for each member. The results are ordered
by class name in descending order.

2. Retrieve all members' information (member id, first name, last name, age) assigned to the Yoga class:
This query retrieves the member ID, first name, last name, and age for all members assigned to the Yoga class.

3. Retrieve the number of members registered in the Zumba class with the class duration time:

This query counts the number of members registered in the Zumba class and groups them by class duration. It
provides information on the member count for each class duration.

V. INTERFACE DESIGN
- Tables and Data:

1. Classes:
2. Equipment:

3. Members:

VI. FLOWCHART DIAGRAM

Start

[User Interface] --> (Add Member)

| |

V |

[Database] <-----

V
 [User Interface] --> (Update Member)

| |

V |

[Database] <-----

[User Interface] --> (Delete Member)

| |

V |

[Database] <-----

[User Interface] --> (Add Equipment)

| |

V |

[Database] <-----

[User Interface] --> (Update Equipment)

| |

V |
 [Database] <-----

[User Interface] --> (Delete Equipment)

| |

V |

[Database] <-----

[User Interface] --> (Add Class)

| |

V |

[Database] <-----

[User Interface] --> (Update Class)

| |

V |

[Database] <-----

V
 [User Interface] --> (Delete Class)

| |

V |

[Database] <-----

[User Interface] --> (Retrieve Member's Schedule, Class Duration, and Class Name)

| |

V |

[Database] <-----

[User Interface] --> (Retrieve Members Assigned to Yoga Class)

| |

V |

[Database] <-----

[User Interface] --> (Retrieve Number of Members Registered in Zumba Class)

| |

V |

[Database] <-----

End

VII. TEST PLANS AND TEST RESULTS

Test the insertion of a new member:

Input: Member details (e.g., first name, last name, age, email)
Action: Insert the member into the "members" table
Expected Result: Member is successfully added to the database
Test the retrieval of members' class schedule, duration, and name:

Action: Retrieve members' class schedule, duration, and name from the database and order them by class name
in descending order
Expected Result: List of members' class schedule, duration, and name displayed in descending order based on
class name
Test the retrieval of members' information assigned to Yoga Class:

Action: Retrieve members' information (e.g., member ID, first name, last name, age) who are assigned to the
Yoga class
Expected Result: List of members' information assigned to the Yoga class displayed
Test the retrieval of the number of members registered in the Zumba class with class duration time:

Action: Retrieve the count of members registered in the Zumba class along with the class duration
Expected Result: Number of members registered in the Zumba class and the duration of the class displayed
Test the deletion of a member:

Input: Member ID
Action: Delete the member with the specified ID from the "members" table
Expected Result: Member is successfully deleted from the database
Test Case 1: Insert a new member
Input:

INSERT INTO members (first_name, last_name, age, email) VALUES ('John', 'Smith', 35,
'john.smith@example.com')

Expected Result: Member is successfully added to the "members" table

Test Case 2: Retrieve members' class schedule, duration, and name

Input:

SELECT class_schedule, class_duration, class_name FROM classes ORDER BY class_name DESC

Expected Result: List of members' class schedule, duration, and name displayed in descending order based on
class name

Test Case 3: Retrieve members' information assigned to Yoga Class

Input:
SELECT member_id, first_name, last_name, age FROM members WHERE member_id IN (SELECT
member_id FROM classes WHERE class_name = 'Yoga')

Expected Result: List of members' information assigned to the Yoga class displayed

Test Case 4: Retrieve the number of members registered in the Zumba class with class duration time
Input:

SELECT COUNT(*) AS total_members, class_duration FROM members JOIN classes ON

members.member_id = classes.member_id WHERE classes.class_name = 'Zumba' GROUP BY class_duration

Expected Result: Number of members registered in the Zumba class and the duration of the class displayed

Test Case 5: Delete a member

Input:

DELETE FROM members WHERE member_id = 3

Expected Result: Member with ID 3 is successfully deleted from the "members" table