[Phpmyadmin-devel] GSoC Project - AJAX Error Reporting

Abhishek Kandoi abhikandoi2000 at gmail.com
Fri Apr 19 09:25:09 CEST 2013 

I was wondering if you can tell me about some of the shortcomings that you
found in my webapp.
I can teach me a lesson and I can learn something new from it and improve
in my future projects.


On Wed, Apr 17, 2013 at 3:07 AM, Abhishek Kandoi
<abhikandoi2000 at gmail.com>wrote:

> On 4/16/13, Rouslan Placella <rouslan at placella.com> wrote:
> > On 04/15/2013 07:16 PM, Abhishek Kandoi wrote:
> >> Hi Rouslan,
> >>
> >> Thanks for replying. I was unable to reply properly using my SourceForge
> >> account.
> >   I have worked with a few mailing lists like Google Groups, but this
> > one seemed different to me.
> >   I didn't even get emails when you people replied on this thread
> > because I had my Digest Mode On,
> >   thus I didn't have an option to Reply to All.
> >>
> >> I will be formatting manually for this time only, as I have no email to
> >> reply to.
> >   (Didn't wanna spoil the reply format)
> >>
> >> Rouslan Placella wrote:
> >>
> >>> Hi Abhishek,
> >>>
> >>> have you got a live demo of this application that I could try?
> >>
> >> Yes, you can try it online at http://faceinbook.co.nr/flowork/home.html
> .
> >
> > Out of curiosity, was the app a college project?
> >
>
> No. I made it as an assignment given to me at SDSLabs(a group of like
> minded students developing open source) after a Lecture on basic PHP.
> I had to attend it although I knew everything that was taught. I have
> been using PHP for the past few years and I really enjoy it.
>
> > Also, I would like to hear from you about what you think are the
> > shortcomings of your implementation. Would you do anything differently
> > if you had to do it again from scratch?
> >
>
> According to me there are a few shortcomings in my implementation.
> If I had to develop it again from scratch, I would like to work on the
> following features:
>
> 1) Security implementation(escaping html) to prevent XSS attacks.
> 2) Adding Modularity to the code both on client-side and on server-side.
> 3) Limiting the number of unsuccessful  login attempts to prevent easy
> brute-force based account cracking.
> 4) Use of Enter button for Login In and Sign Up forms to enhance user
> experience(the current one lacks this UX feature).
> 5) Basic animations on deletion of a to-do.
> 6) Drag and drop functionality for deleting a to-do.
> 7) Responsive Design for the to-do list (the current one has too small
> images on a smartphone).
> 8) Using bcrypt instead of sha1 for password encryption.
> 9) Ability to nest to-do descriptions and summaries.
>
> I have these ideas in my mind for now. Will let you know more, if you
> are interested.
>
> >>> From your email, I'm getting the feeling that you didn't fully
> >>> understand where the different components of the system will reside...
> >>
> >> Yeah, I got it a bit wrong on the first go. But on reading the idea
> again
> >> I understood
> >   what exactly it is about.
> >>
> >>
> >>> The server-side component of this system will not be for the users of
> >>> phpMyAdmin or administrators of individual phpMyAdmin installations, it
> >>> will, instead, be used by the members of the phpMyAdmin development
> >>> team[0] to globally diagnose issues.
> >>
> >> I thought a client-side component for handling errors as well as one for
> > diagnosing issues was suggested. But actually the suggestion was for a
> > client-side
> > component for sending errors to a server-side component with the data
> > containing
> > nothing that concerns the user about his/her privacy. Thus there is no
> > need of encryption
> > as you said, because the data contains no sensitive information.
> >>
> >>
> >> And also as you wrote that there is no means to check if a request is
> >> valid,
> > and hence no need for checking for authentication.
> >>
> >>
> >> I would be happy to implement what you suggested about restricting the
> >> number
> > of requests per IP to prevent the defacing of the server-system. Also I
> > will be
> > more than pleased to work on the server-side part to allow the
> > phpMyAdmin developers
> > to analyze and diagnose the errors.
> >>
> >>
> >> Also to prevent the back-end from attacks such as DoS you suggested a
> >> global limit
> > on the number of requests. It seems easy to implement but will play an
> > important role
> > against DoS attacks.
> >>
> >>
> >> I will reply back after I work out a plan for the server-side interface
> > and functioning for comments from you all.
> >>
> >>
> >> Rouslan Placella wrote:
> >>
> >>> The wiki is pretty comprehensive on the matter. Do you have a more
> >>> specific question?
> >>
> >> Yes, is there a place where I can upload a draft of my application
> > for my mentor to review it? If not, is posting it to the mailing list
> fine?
> >
> > Not that I know of. You can post to the mailing list, but your draft
> > will be visible to other gsoc candidates.
>
> Ok. Thanks for the information.
>
> >
> > Bye,
> > Rouslan
> >
> >
>



-- 
Abhishek Kandoi
First Year, Computer Science and Engineering
Indian Institute of Technology Roorkee
About Me : about.me/kandoiabhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20130419/7ffd4a2d/attachment.html>

More information about the Developers mailing list