On 4/16/13, Rouslan Placella <rouslan(a)placella.com> wrote:
On 04/15/2013 07:16 PM, Abhishek Kandoi wrote:
Hi Rouslan,
Thanks for replying. I was unable to reply properly using my SourceForge
account.
I have worked with a few mailing lists like Google Groups, but this
one seemed different to me.
I didn't even get emails when you people replied on this thread
because I had my Digest Mode On,
thus I didn't have an option to Reply to All.
I will be formatting manually for this time only, as I have no email to
reply to.
(Didn't wanna spoil the reply format)
Rouslan Placella wrote:
Hi Abhishek,
have you got a live demo of this application that I could try?
Yes, you can try it online at
http://faceinbook.co.nr/flowork/home.html.
Out of curiosity, was the app a college project?
No. I made it as an assignment given to me at SDSLabs(a group of like
minded students developing open source) after a Lecture on basic PHP.
I had to attend it although I knew everything that was taught. I have
been using PHP for the past few years and I really enjoy it.
Also, I would like to hear from you about what you
think are the
shortcomings of your implementation. Would you do anything differently
if you had to do it again from scratch?
According to me there are a few shortcomings in my implementation.
If I had to develop it again from scratch, I would like to work on the
following features:
1) Security implementation(escaping html) to prevent XSS attacks.
2) Adding Modularity to the code both on client-side and on server-side.
3) Limiting the number of unsuccessful login attempts to prevent easy
brute-force based account cracking.
4) Use of Enter button for Login In and Sign Up forms to enhance user
experience(the current one lacks this UX feature).
5) Basic animations on deletion of a to-do.
6) Drag and drop functionality for deleting a to-do.
7) Responsive Design for the to-do list (the current one has too small
images on a smartphone).
8) Using bcrypt instead of sha1 for password encryption.
9) Ability to nest to-do descriptions and summaries.
I have these ideas in my mind for now. Will let you know more, if you
are interested.
From your email, I'm getting the feeling that you
didn't fully
understand where the different components of the system will reside...
Yeah, I got it a bit wrong on the first go. But on reading the idea again
I understood
what exactly it is about.
The server-side component of this system will not
be for the users of
phpMyAdmin or administrators of individual phpMyAdmin installations, it
will, instead, be used by the members of the phpMyAdmin development
team[0] to globally diagnose issues.
I thought a client-side component for handling errors as well as one for
diagnosing issues was suggested. But actually the suggestion was for a
client-side
component for sending errors to a server-side component with the data
containing
nothing that concerns the user about his/her privacy. Thus there is no
need of encryption
as you said, because the data contains no sensitive information.
And also as you wrote that there is no means to check if a request is
valid,
and hence no need for checking for authentication.
I would be happy to implement what you suggested about restricting the
number
of requests per IP to prevent the defacing of the server-system. Also I
will be
more than pleased to work on the server-side part to allow the
phpMyAdmin developers
to analyze and diagnose the errors.
Also to prevent the back-end from attacks such as DoS you suggested a
global limit
on the number of requests. It seems easy to implement but will play
an
important role
against DoS attacks.
I will reply back after I work out a plan for the server-side interface
and
functioning for comments from you all.
Rouslan Placella wrote:
The wiki is pretty comprehensive on the matter.
Do you have a more
specific question?
Yes, is there a place where I can upload a draft of my application
for my mentor
to review it? If not, is posting it to the mailing list fine?
Not that I know of. You can post to the mailing list, but your draft
will be visible to other gsoc candidates.
Ok. Thanks for the information.
Bye,
Rouslan