I was wondering if you can tell me about some of the shortcomings that you found in my webapp. I can teach me a lesson and I can learn something new from it and improve in my future projects.
On Wed, Apr 17, 2013 at 3:07 AM, Abhishek Kandoi abhikandoi2000@gmail.comwrote:
On 4/16/13, Rouslan Placella rouslan@placella.com wrote:
On 04/15/2013 07:16 PM, Abhishek Kandoi wrote:
Hi Rouslan,
Thanks for replying. I was unable to reply properly using my SourceForge account.
I have worked with a few mailing lists like Google Groups, but this one seemed different to me. I didn't even get emails when you people replied on this thread because I had my Digest Mode On, thus I didn't have an option to Reply to All.
I will be formatting manually for this time only, as I have no email to reply to.
(Didn't wanna spoil the reply format)
Rouslan Placella wrote:
Hi Abhishek,
have you got a live demo of this application that I could try?
Yes, you can try it online at http://faceinbook.co.nr/flowork/home.html
.
Out of curiosity, was the app a college project?
No. I made it as an assignment given to me at SDSLabs(a group of like minded students developing open source) after a Lecture on basic PHP. I had to attend it although I knew everything that was taught. I have been using PHP for the past few years and I really enjoy it.
Also, I would like to hear from you about what you think are the shortcomings of your implementation. Would you do anything differently if you had to do it again from scratch?
According to me there are a few shortcomings in my implementation. If I had to develop it again from scratch, I would like to work on the following features:
- Security implementation(escaping html) to prevent XSS attacks.
- Adding Modularity to the code both on client-side and on server-side.
- Limiting the number of unsuccessful login attempts to prevent easy
brute-force based account cracking. 4) Use of Enter button for Login In and Sign Up forms to enhance user experience(the current one lacks this UX feature). 5) Basic animations on deletion of a to-do. 6) Drag and drop functionality for deleting a to-do. 7) Responsive Design for the to-do list (the current one has too small images on a smartphone). 8) Using bcrypt instead of sha1 for password encryption. 9) Ability to nest to-do descriptions and summaries.
I have these ideas in my mind for now. Will let you know more, if you are interested.
From your email, I'm getting the feeling that you didn't fully understand where the different components of the system will reside...
Yeah, I got it a bit wrong on the first go. But on reading the idea
again
I understood
what exactly it is about.
The server-side component of this system will not be for the users of phpMyAdmin or administrators of individual phpMyAdmin installations, it will, instead, be used by the members of the phpMyAdmin development team[0] to globally diagnose issues.
I thought a client-side component for handling errors as well as one for
diagnosing issues was suggested. But actually the suggestion was for a client-side component for sending errors to a server-side component with the data containing nothing that concerns the user about his/her privacy. Thus there is no need of encryption as you said, because the data contains no sensitive information.
And also as you wrote that there is no means to check if a request is valid,
and hence no need for checking for authentication.
I would be happy to implement what you suggested about restricting the number
of requests per IP to prevent the defacing of the server-system. Also I will be more than pleased to work on the server-side part to allow the phpMyAdmin developers to analyze and diagnose the errors.
Also to prevent the back-end from attacks such as DoS you suggested a global limit
on the number of requests. It seems easy to implement but will play an important role against DoS attacks.
I will reply back after I work out a plan for the server-side interface
and functioning for comments from you all.
Rouslan Placella wrote:
The wiki is pretty comprehensive on the matter. Do you have a more specific question?
Yes, is there a place where I can upload a draft of my application
for my mentor to review it? If not, is posting it to the mailing list
fine?
Not that I know of. You can post to the mailing list, but your draft will be visible to other gsoc candidates.
Ok. Thanks for the information.
Bye, Rouslan