Difference between revisions of "Module 4"

From CSE330 Wiki
Jump to: navigation, search
(Copying template from Module 3)
Line 1: Line 1:
== Install Python Tools ==
+
In Module 3, you will learn about MySQL, a web application database.
  
*<code>sudo yum install python-setuptools</code><br>
+
This article contains your assignments for Module 3.
*<code>sudo yum install python-devel</code>
 
  
== Python Assignment ==
+
== Individual Assignments ==
  
*You will write a python script that reads a set of student grades in from a file and does some basic parsing and processing. [http://docs.python.org/tutorial/inputoutput.html#reading-and-writing-files here] is the section of the python tutorial on reading and writing files.
+
 
*An example grades file is [http://research.engineering.wustl.edu/~todd/cse330/grades.txt here]. For the sake of simplicity you can assume that the file name is always going to be grades.txt.
+
== Group Project ==
*The first line of the file is of the form: NUM_LABS,NUM_EXAMS,LAB_WEIGHT
+
 
*All of the other lines in the file are of the form: FIRSTNAME LASTNAME|GRADE|TYPE
+
=== Web Security and Validation ===
*The FIRSTNAME and LASTNAME fields are the student's full name (always only a first and last name), the GRADE is one grade for the student, and the TYPE describes what kind of assignment the grade was for, in this case either a 'lab' or an 'exam'.
+
 
*Your script should read in a grades file with the above format and perform the following:
+
Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: [[Web Application Security, Part 2]]
*# Compute the final grade for every student, given that there were a total of NUM_LABS labs, NUM_EXAMS exams, and that the labs account for a total of LAB_WEIGHT percent of the grade.
+
 
*# Compute the final letter grade based on the final numeric grade (A = 90 or above, B = 80 - 90, C = 70 - 80, D = 60 - 70, F = below 60)
+
In particular:
*# Ignore any blank lines.
+
 
*# Sort the students by last name, and print out final grades in that sorted order.
+
* '''Your application needs to be secure from SQL injection attacks'''. If you are using prepared queries, you should already be safe on this front.
*# No names should be hard coded into the script (you will run your script on another file with different student names when we grade your assignment).
+
* '''All of your output needs to be sanitized using htmlentities()'''.
*# Finally, the script should take one optional command line argument, which is a string to match against student names.  Only names that match the string in full or in part, should be printed out with their final grades.
+
 
*#*For example, with the argument 'John' grades for both John Smith and John Locke should be printed (if those are the only two Johns in the grades.txt file)
+
You shouldn't forget the practices you learned last week:
 +
 
 +
* '''You should pass tokens in forms''' to prevent CSRF attacks.
 +
* '''Your page should validate''' with no errors through the W3C validator.
 +
 
 +
== Grading ==
 +
 
 +
We will be grading the following aspects of your work. There are 100 points total.
 +
 
 +
# '''MySQL Queries (25 Points):'''
 +
#* A MySQL server is running on your instance (2 points)
 +
#* Tables fields, including data types, are correct (4 points)
 +
#* Foreign keys are correct (4 points)
 +
#* The output of each of the five queries is correct (3 points each)
 +
# '''News Site (60 Points):'''
 +
#* '''''User Management (20 Points):'''''
 +
#** A session is created when a user logs in (3 points)
 +
#** New users can register (3 points)
 +
#** Passwords are hashed using salted one-way encryption (3 points)
 +
#** Users can log out (3 points)
 +
#** A user can edit and delete his/her own stories and comments but cannot edit or delete the stories or comments of another user (8 points)
 +
#* '''''Story and Comment Management (20 Points):'''''
 +
#** Relational database is configured with correct data types and foreign keys (4 points)
 +
#** Stories can be posted (3 points)
 +
#** A link can be associated with each story using a separate database field (3 points)
 +
#** Comments can be posted in association with a story (4 points)
 +
#** Stories can be edited and deleted (3 points)
 +
#** Comments can be edited and deleted (3 points)
 +
#**: ''Note: Although there are only 6 points allocated for editing/deleting in this section, there are 8 more points at stake in the User Management section that cannot be earned unless editing/deleting is implemented.  Implementing editing but not deleting, or vice-versa, will result in earning half the points.''
 +
#* '''''Best Practices (15 Points):'''''
 +
#** Code is well formatted and easy to read (3 points)
 +
#** Safe from SQL Injection attacks (3 points)
 +
#** All content is sanitized on output (3 points)
 +
#** All pages pass the W3C validator (3 points)
 +
#** CSRF tokens are passed when creating, editing, and deleting comments and stories (3 points)
 +
#* '''''Usability (5 Points):'''''
 +
#** Site is intuitive to use and navigate (4 points)
 +
#** Site is visually appealing (1 point)
 +
# '''Creative Portion (15 Points)'''
  
 
[[Category:Module 4]]
 
[[Category:Module 4]]
 
[[Category:Modules]]
 
[[Category:Modules]]

Revision as of 13:20, 20 April 2013

In Module 3, you will learn about MySQL, a web application database.

This article contains your assignments for Module 3.

Individual Assignments

Group Project

Web Security and Validation

Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: Web Application Security, Part 2

In particular:

  • Your application needs to be secure from SQL injection attacks. If you are using prepared queries, you should already be safe on this front.
  • All of your output needs to be sanitized using htmlentities().

You shouldn't forget the practices you learned last week:

  • You should pass tokens in forms to prevent CSRF attacks.
  • Your page should validate with no errors through the W3C validator.

Grading

We will be grading the following aspects of your work. There are 100 points total.

  1. MySQL Queries (25 Points):
    • A MySQL server is running on your instance (2 points)
    • Tables fields, including data types, are correct (4 points)
    • Foreign keys are correct (4 points)
    • The output of each of the five queries is correct (3 points each)
  2. News Site (60 Points):
    • User Management (20 Points):
      • A session is created when a user logs in (3 points)
      • New users can register (3 points)
      • Passwords are hashed using salted one-way encryption (3 points)
      • Users can log out (3 points)
      • A user can edit and delete his/her own stories and comments but cannot edit or delete the stories or comments of another user (8 points)
    • Story and Comment Management (20 Points):
      • Relational database is configured with correct data types and foreign keys (4 points)
      • Stories can be posted (3 points)
      • A link can be associated with each story using a separate database field (3 points)
      • Comments can be posted in association with a story (4 points)
      • Stories can be edited and deleted (3 points)
      • Comments can be edited and deleted (3 points)
        Note: Although there are only 6 points allocated for editing/deleting in this section, there are 8 more points at stake in the User Management section that cannot be earned unless editing/deleting is implemented. Implementing editing but not deleting, or vice-versa, will result in earning half the points.
    • Best Practices (15 Points):
      • Code is well formatted and easy to read (3 points)
      • Safe from SQL Injection attacks (3 points)
      • All content is sanitized on output (3 points)
      • All pages pass the W3C validator (3 points)
      • CSRF tokens are passed when creating, editing, and deleting comments and stories (3 points)
    • Usability (5 Points):
      • Site is intuitive to use and navigate (4 points)
      • Site is visually appealing (1 point)
  3. Creative Portion (15 Points)