Chris Weilacker

Kirk Kosinski
Patrick Cao
OJ Alcaraz
CST 363
GEO Elves
2/28/2020

Project Part 2
After reviewing the project requirements, the GEO Elves have come up with a database
schema and Java Web Servlets for the new confidential online drug store chain being
developed by a FAANG company. The prototype application that needs to be integrated with a
registration system and login page, to be designed and implemented by the Security
Engineering team, is available at:
http://54.190.148.55/CST-363/

Schema Design

The database schema we have come up with should meet all the requirements given to
us except for the following:
● We did not force recently added doctors to have at least one patient, though the design
does connect a prescription in such a way that a patient and a doctor must be connected
in order for a prescription to be issued.
● When a pharmaceutical company is deleted from the database the current schema does
not delete the drugs from the list. We have decided that we would not implement this for
the time being because if a pharmaceutical company goes out of business or changes
their name, the drugs may live on in generic form. Furthermore, while there are active
and or past prescriptions, regulations may prevent us from removing such data from the
database.

Here are the notes we had on the ER Design:

● While the SSN may be identifying, we don't think it is proper security to use it as a
Primary Key and have it listed in tables that are accessible to a wide audience of
 doctors, pharmacists, and patients. As such we have created patientId and doctorId
columns that are Auto Incrementing INTs as primary keys for data security.
● In the case of the patients table, we have included a birthDate column that would be
used to calculate age. This would be more pertinent information and also is regularly
asked as a security question when dispensing prescriptions
A couple of changes from the original ER Diagram were the following:
● We removed the Prescription ID column from the Drug table as this was not needed in
our design.
● We removed the PatDoc relationship table to make the application and resulting SQL
simpler, without so many joins, and put the foreign keys directly in the prescriptions
table. We decided the separate Security Engineering team, which will implement
registration and login on the application, can implement a hash on sensitive information
such as the SSN in the next iteration of the project.
● We added a field to keep track of refills remaining, not just refills allowed. This way we
can keep track of how many times the patient may pick up prescriptions without talking
to their physician and have enough data that shows how many pills have been
dispensed and by who.
Updated ER Diagram
Web Application Design
For the Web Application, we created a template that allowed easy access to each of the
Web Applications that we were requested to design. We replaced the body section of the
template in each of our servlets with the data we needed to display before writing it to the
response. As security was not one of our team’s requirements a login page or registration
system that would allow a user access to these pages and identities was not implemented, and
we left these to the Security Engineering team that the client will hire at a later time.
Currently the Web Application allows you to select any Doctor or Patients for creating a
prescription. Upon completion of a login/registration setup, the Doctor or Pharmacy will be
preselected in the background based off of who has logged in.
We implemented 5 parts of the app asked of us in the requirements. We implemented
our program utilizing Java Servlets. As part of our program architecture, we did implement a
validation class that would process the data sent and make sure it is valid and won't cause any
SQL injection attacks by escaping characters. We also created a Create Table class that holds
all the necessary SQL statements for the different sections of the app. The following are each of
the pages with screenshots. One note is some small typos were fixed after these screenshots
were taken.

Web Application System Requirements

As the web application is written in Java, it is supported on multiple operating systems. It
has been successfully tested on Windows 10, Fedora Linux, and Mac OS X. The required
Tomcat version is 8.5.x, and the required MySQL Connector version is 5.1.x.

Doctor Prescription Portal:

We had to use a lot of joins and logic needed on this one as we had to connect many
tables. And in the case that a prescription was being reissued we had to delete and reinsert the
prescription as we did not want the same patient to have multiple prescriptions for the same
medicine on file.
Initial Page

Prescription Filled Out

Prescription Added

Patient Prescription Filling/Cost Lookup:

The logic here only required two select statements so it was not too difficult to implement just
had to select the prescription than had to select the pharmacy location.

Initial Page before selecting a patient.

After Selecting Patient can Compare costs and click the order button to send it to the Pharmacy
to be filled.
After sending it to the pharmacy you can not order that prescription again only refill it on the next
page.

Patient Prescription Refill:

Was most likely the easiest as we only needed to have a select statement to create the rows in
the table and an update to update the number of refills left.

Patient Refills after selecting a patient but before refilling.

Patient Refills after ordering a refill to be sent to the pharmacy. Note the Refills column went up
by one.

Pharmacy Manager:
We decided to use the last calendar month rather than last 30 days, so the logic for creating this
sql statement and Java was quite longer than normal as we had to figure out the current month
then reduce it and start from the beginning of the previous month

Initial Page

After selecting the Planet Health Pharmacy. Note: As we used the last calendar month we had
to update the date on this prescription to get it to show as all of our prescription Dates are within
this calendar month.

FDA Prescriptions Dispensed by Doctors per Drug:

Simply used the last 6 months query by the day through subtracting 6 months from the current
date so it was much easier than figuring out the calendar month. We used group statements on
the doctor and drug, while calculating the Quantity Dispensed for each of the drugs in the list.
This shows both the Form and the results of selecting Dr. David Wisneski.