Difference between revisions of "Module 2"

From CSE330 Wiki
Jump to: navigation, search
(Simple File Sharing Site)
m (Web Security and Validation)
Line 128: Line 128:
 
In particular:
 
In particular:
  
* '''Your application needs to be safe from CSRF attacks'''. That is, '''you should pass tokens when uploading and deleting files''' in order to prevent request forgeries.
+
* '''Your application needs to be safe from CSRF attacks'''. That is, '''you should pass tokens when uploading and deleting files''' and them check them against their analogs on the server (perhaps in session variables) in order to prevent request forgeries.
 
* '''Your project must pass the W3C Validator with no errors'''.  For more information, see the HTML and CSS guide: [[HTML and CSS#Validation]]
 
* '''Your project must pass the W3C Validator with no errors'''.  For more information, see the HTML and CSS guide: [[HTML and CSS#Validation]]
  

Revision as of 12:01, 20 April 2013

Module 2 introduces you to Linux, a command-line environment, the Apache web server, and PHP. You will create and configure your own cloud instance, install Apache and related software, and then form groups to make a simple file sharing site.

DO NOT WAIT UNTIL THE LAST MINUTE TO START ON THIS (or any) MODULE! The most common reason students perform poorly in this class is procrastination. You have been warned.

Reading

The following articles on the online class wiki textbook contain information that will help you complete the assignments.

Individual Assignments

Learn About Linux

Linux is an open-source operating system based on UNIX. Linux is highly versatile and is used in a wide range of applications.

If you are not a Linux guru, read the Linux guide to get started: Linux

Install Cygwin: Windows Users Only

You will need Cygwin in order to log into and configure your EC2 instance. Cygwin is already installed on the CEC machines. Instructions for installing Cygwin on your personal machine are located in the Workflow guide.

Mac OS X users should located the "Terminal" application, which is installed by default; you will need this in the coming steps.

Create an AWS EC2 Instance

Once you understand Linux, you need to set up your Amazon EC2 Instance. Use the AWS article to guide you through the process: Amazon Web Services

Configure SSH

Follow the instructions in the SSH guide to do the following:

  1. Create your own SSH key pair
  2. Log in as the default user to your EC2 instance
  3. Create a new user
  4. Give the new user your SSH public key

From now on, when you need to log into your EC2 instance as an administrator, just pop up a terminal and run:

$ ssh your-username@ec2-xx-xx-xx-xx.compute-1.amazonaws.com

Install Essential Packages

Recall that software installation in Linux instances is usually handled through apt (Debian) or yum (RHEL). For more information, refer to the Linux guide.

To make sure everything is working properly, install your first package(s) according to the Essential Packages subsection in the Linux guide.

Set the Timezone

Set your server to use US Central time. Instructions are in the Linux guide: Linux#Synchronizing Date and Time

Set Up the Apache Web Server

You need to install the Apache web server on your EC2 instance. Instructions are in the Web Server Configuration guide: Web Server Configuration#Apache

In order for your web server to be accessible, you need to open up Port 80 on your EC2 instance. Instructions are in the AWS guide: Amazon Web Services#Enabling Web Access to your EC2 Instance

Enable the UserDir module in Apache. Instructions are in the Web Server Configuration guide: Web Server Configuration#Enabling the UserDir Module

Install PHP

You need to install PHP on your EC2 server. Instructions are at the top of the PHP guide: PHP

You need to configure PHP to show errors. Instructions are immediately below installation in the PHP guide.

Learn the PHP Language

Before you can continue, you will need to make yourself acquainted with PHP language components. Read the PHP guide for an overview: PHP#PHP Language Components

Set Up your Workspace

You are now ready to set up the workspace that you will be using for the rest of the semester. Follow the instructions in Workflow to:

  1. Install SourceTree
  2. Clone your personal Git repository for CSE 330
  3. Install Komodo Edit
  4. Create a Komodo Edit Project inside of your Git repository
  5. Add the *.komodoproject file to .gitignore
  6. Install Komodo's "Upload" extension
  7. Connect Komodo to your EC2 instance

Calculator

Make a calculator using PHP and an HTML form. The form should have two inputs. The form should submit a GET request either back to the same page or to a different results page. The calculator should support addition, subtraction, multiplication, and division by means of a radio button group on the page. (Consider edge cases, like decimal numbers and division by zero!)

Group Project

You will work in pairs (that means you and one other person) on this project.

In this module, and all future modules, the group portion builds off of material you learn in the individual portion. You should therefore complete the individual portions prior to working on the group portions. (Trust us: it will make your life easier!)

Important Reminder: frequently commit your work to your repository as a backup!

Simple File Sharing Site

You will be making a simple file sharing site that supports uploading, viewing, and deleting files associated with various users. Details:

  • You should have a file named users.txt stored in a secure place on your filesystem. It should have at least three usernames, with one username per line.
    Passwords add an extra layer of complexity (encryption) that we will cover in Module 3. You will not earn credit for implementing passwords as your creative portion for this module.
  • Users of the file sharing site should be able to enter their username and then log in.
    You may implement logins using session variables, or you may implement them using a GET parameter that is passed between pages. You will need to always use sessions starting in Module 3.
  • Users should see a list of all files associated with their username after the log in.
  • Users should be able to view, upload, and delete files associated with their username.
  • The URI should NOT reveal the internal file structure of your web site.
    In general, don't reveal any internal information about the site.
  • Food for thought: Given that Apache processes (with the exception of the main process) do not run as root, but rather as the user apache, how can you allow both your user account and the php scripts to read and write the necessary files?
  • You should customize your file sharing site by implementing an additional feature or two as part of the creative portion.

You will probably find the PHP guide on this wiki to be helpful: PHP#Other PHP Tips

Web Security and Validation

Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: Web Application Security, Part 1

In particular:

  • Your application needs to be safe from CSRF attacks. That is, you should pass tokens when uploading and deleting files and them check them against their analogs on the server (perhaps in session variables) in order to prevent request forgeries.
  • Your project must pass the W3C Validator with no errors. For more information, see the HTML and CSS guide: HTML and CSS#Validation

Tips on Editing Files

You should tune your development environment to save you headaches throughout the semester. Instructions: Text Editing

Grading

We will be grading the following aspects of your work. There are 100 points total.

  1. Cloud Instance and Web Server (30 Points):
    • You can SSH into your instance using your own custom username and SSH key (15 points)
    • Your custom username is able to perform SUDO commands (5 points)
    • The time zone is correct on your instance (5 points)
    • The UserDir Apache module is working (5 points)
  2. PHP Calculator (15 Points):
    • The calculator is able to perform all four functions (2 points each)
    • Each function is given as a radio button choice (4 points)
    • The calculator page passes the W3C HTML validator (3 points)
  3. File Sharing Site (40 Points):
    • File Management (25 Points):
      • Users should not be able to see any files until they enter a username (4 points)
      • Users can see a list of all files they have uploaded (4 points)
      • Users can open files they have previously uploaded (5 points)
        Note: Users should be able to open not only plain text files but also other file formats: images, spreadsheets, etc.
      • Users can upload files (4 points)
      • Users can delete files. If a file is "deleted", it should actually be removed from the filesystem (4 points)
      • The directory structure is hidden (4 points)
    • Best Practices (10 Points):
      • Code is well formatted and easy to read (3 points)
      • All pages pass the W3C validator (3 points)
      • CSRF tokens are passed when uploading and deleting images (4 points)
    • Usability (5 Points):
      • Site is intuitive to use and navigate (4 points)
      • Site is visually appealing (1 point)
  4. Creative Portion (15 Points) (see below)

Creative Portion

This module, and all future modules, will require that you invest some time into creating additional features for your group project. Plan to invest at least 60 minutes of your time into the creative portion.

  • The creative portion is an opportunity for you to learn material of your own interest.
  • You will not earn credit for a creative-portion feature that simply rehashes something you've already done in a previous module.

If you need ideas for a creative portion, or if you want to know whether or not your creative portion idea is "hard enough", ask a TA.