Module 4

From CSE330 Wiki
Revision as of 12:20, 20 April 2013 by Shane (talk | contribs) (Copying template from Module 3)
Jump to: navigation, search

In Module 3, you will learn about MySQL, a web application database.

This article contains your assignments for Module 3.

Individual Assignments

Group Project

Web Security and Validation

Your project needs to demonstrate that thought was put into web security and best practice. For more information, see this week's Web Application Security guide: Web Application Security, Part 2

In particular:

  • Your application needs to be secure from SQL injection attacks. If you are using prepared queries, you should already be safe on this front.
  • All of your output needs to be sanitized using htmlentities().

You shouldn't forget the practices you learned last week:

  • You should pass tokens in forms to prevent CSRF attacks.
  • Your page should validate with no errors through the W3C validator.


We will be grading the following aspects of your work. There are 100 points total.

  1. MySQL Queries (25 Points):
    • A MySQL server is running on your instance (2 points)
    • Tables fields, including data types, are correct (4 points)
    • Foreign keys are correct (4 points)
    • The output of each of the five queries is correct (3 points each)
  2. News Site (60 Points):
    • User Management (20 Points):
      • A session is created when a user logs in (3 points)
      • New users can register (3 points)
      • Passwords are hashed using salted one-way encryption (3 points)
      • Users can log out (3 points)
      • A user can edit and delete his/her own stories and comments but cannot edit or delete the stories or comments of another user (8 points)
    • Story and Comment Management (20 Points):
      • Relational database is configured with correct data types and foreign keys (4 points)
      • Stories can be posted (3 points)
      • A link can be associated with each story using a separate database field (3 points)
      • Comments can be posted in association with a story (4 points)
      • Stories can be edited and deleted (3 points)
      • Comments can be edited and deleted (3 points)
        Note: Although there are only 6 points allocated for editing/deleting in this section, there are 8 more points at stake in the User Management section that cannot be earned unless editing/deleting is implemented. Implementing editing but not deleting, or vice-versa, will result in earning half the points.
    • Best Practices (15 Points):
      • Code is well formatted and easy to read (3 points)
      • Safe from SQL Injection attacks (3 points)
      • All content is sanitized on output (3 points)
      • All pages pass the W3C validator (3 points)
      • CSRF tokens are passed when creating, editing, and deleting comments and stories (3 points)
    • Usability (5 Points):
      • Site is intuitive to use and navigate (4 points)
      • Site is visually appealing (1 point)
  3. Creative Portion (15 Points)