[Phpmyadmin-devel] GSoC Project - AJAX Error Reporting

Abhishek Kandoi abhikandoi2000 at gmail.com
Tue Apr 16 23:37:24 CEST 2013 

On 4/16/13, Rouslan Placella <rouslan at placella.com> wrote:
> On 04/15/2013 07:16 PM, Abhishek Kandoi wrote:
>> Hi Rouslan,
>>
>> Thanks for replying. I was unable to reply properly using my SourceForge
>> account.
>   I have worked with a few mailing lists like Google Groups, but this
> one seemed different to me.
>   I didn't even get emails when you people replied on this thread
> because I had my Digest Mode On,
>   thus I didn't have an option to Reply to All.
>>
>> I will be formatting manually for this time only, as I have no email to
>> reply to.
>   (Didn't wanna spoil the reply format)
>>
>> Rouslan Placella wrote:
>>
>>> Hi Abhishek,
>>>
>>> have you got a live demo of this application that I could try?
>>
>> Yes, you can try it online at http://faceinbook.co.nr/flowork/home.html.
>
> Out of curiosity, was the app a college project?
>

No. I made it as an assignment given to me at SDSLabs(a group of like
minded students developing open source) after a Lecture on basic PHP.
I had to attend it although I knew everything that was taught. I have
been using PHP for the past few years and I really enjoy it.

> Also, I would like to hear from you about what you think are the
> shortcomings of your implementation. Would you do anything differently
> if you had to do it again from scratch?
>

According to me there are a few shortcomings in my implementation.
If I had to develop it again from scratch, I would like to work on the
following features:

1) Security implementation(escaping html) to prevent XSS attacks.
2) Adding Modularity to the code both on client-side and on server-side.
3) Limiting the number of unsuccessful  login attempts to prevent easy
brute-force based account cracking.
4) Use of Enter button for Login In and Sign Up forms to enhance user
experience(the current one lacks this UX feature).
5) Basic animations on deletion of a to-do.
6) Drag and drop functionality for deleting a to-do.
7) Responsive Design for the to-do list (the current one has too small
images on a smartphone).
8) Using bcrypt instead of sha1 for password encryption.
9) Ability to nest to-do descriptions and summaries.

I have these ideas in my mind for now. Will let you know more, if you
are interested.

>>> From your email, I'm getting the feeling that you didn't fully
>>> understand where the different components of the system will reside...
>>
>> Yeah, I got it a bit wrong on the first go. But on reading the idea again
>> I understood
>   what exactly it is about.
>>
>>
>>> The server-side component of this system will not be for the users of
>>> phpMyAdmin or administrators of individual phpMyAdmin installations, it
>>> will, instead, be used by the members of the phpMyAdmin development
>>> team[0] to globally diagnose issues.
>>
>> I thought a client-side component for handling errors as well as one for
> diagnosing issues was suggested. But actually the suggestion was for a
> client-side
> component for sending errors to a server-side component with the data
> containing
> nothing that concerns the user about his/her privacy. Thus there is no
> need of encryption
> as you said, because the data contains no sensitive information.
>>
>>
>> And also as you wrote that there is no means to check if a request is
>> valid,
> and hence no need for checking for authentication.
>>
>>
>> I would be happy to implement what you suggested about restricting the
>> number
> of requests per IP to prevent the defacing of the server-system. Also I
> will be
> more than pleased to work on the server-side part to allow the
> phpMyAdmin developers
> to analyze and diagnose the errors.
>>
>>
>> Also to prevent the back-end from attacks such as DoS you suggested a
>> global limit
> on the number of requests. It seems easy to implement but will play an
> important role
> against DoS attacks.
>>
>>
>> I will reply back after I work out a plan for the server-side interface
> and functioning for comments from you all.
>>
>>
>> Rouslan Placella wrote:
>>
>>> The wiki is pretty comprehensive on the matter. Do you have a more
>>> specific question?
>>
>> Yes, is there a place where I can upload a draft of my application
> for my mentor to review it? If not, is posting it to the mailing list fine?
>
> Not that I know of. You can post to the mailing list, but your draft
> will be visible to other gsoc candidates.

Ok. Thanks for the information.

>
> Bye,
> Rouslan
>
>

More information about the Developers mailing list