Difference between revisions of "Module 5"

From CSE330 Wiki
Jump to navigationJump to search
Line 72: Line 72:
=== Web Security and Validation ===
=== Web Security and Validation ===
Your project needs to demonstrate that thought was put into web security and best practice.  For more information, see this week's Web Application Security guide: [[Web Application Security, Part 2]]
Web frameworks take care of a lot of the security practices you learned in modules 2 and 3.  For more information on Django security, refer to the Django documentation: https://docs.djangoproject.com/en/dev/topics/security/
In particular:
You still need to ensure that all pages on your site pass the W3C validation.
* '''Your application needs to be secure from SQL injection attacks'''. If you are using prepared queries, you should already be safe on this front.
* '''All of your output needs to be sanitized using htmlentities()'''.
You shouldn't forget the practices you learned last week:
* '''You should pass tokens in forms''' to prevent CSRF attacks.
* '''Your page should validate''' with no errors through the W3C validator.
== Grading ==
== Grading ==

Revision as of 08:46, 21 April 2013

In Module 5, you will learn about Git, a version control system, and Django, a web framework.

This article contains your assignments for Module 5.


The following articles on the online class wiki textbook contain information that will help you complete the assignments.

Individual Assignments

Learn about Version Control Systems

On your own time, watch the 40-minute screencast that has been posted to Blackboard. This gives an insightful understanding of how VCSs work under-the-hood.

Django Tutorial

The web framework we will be using in Module 5 is called Django. Django is the dominant Python-based web framework and is useful for large web sites.

Before you may begin, you need to install Django. You may do this using pip, which you installed in Module 4. Django's package name in pip is Django.

Once you have Django installed, complete the official Django tutorial. You will be creating a simple poll app. There are four parts to the tutorial.

It is important that you do all the steps in the tutorial in order to get comfortable defining models, views, templates, and using the interactive shell and the admin app. Understanding these concepts will make the project go much quicker.

Tip: It is recommended that you install a copy of Python and Django on your local computer. This way, you will not need to upload the files to your server every time you make a change, because your server will be running locally.

  1. Part 1
    • Create a project
    • Start the development server
    • Setup an SQLite database
    • Create the Polls app and define the models
    • Interact with the database using the interactive python shell
  2. Part 2
    • Activate the admin site
    • Add the poll app to the admin site
    • Modify the database using the admin site
  3. Part 3
    • Configure URL handling
    • Create some views
  4. Part 4
    • Write a form that modifies the database
    • Refactor to use generic views

Group Project

Extending the Polls App using Version Control

As your group project, you and your partner will each independently add an additional feature to the polls app you made in the individual portion. You will each be working in your own branch in your group Git repository. When the features are complete, you will merge them back into the master branch.

  1. Someone in your group needs to copy their tutorial code from the individual portion into the master branch of the group repository.
  2. After pushing and pulling, everyone should have the up-to-date master branch on their machine.
  3. Each person in the group should then make a new branch named with their first name.
  4. Each person can then individually work on their new feature. Here are some ideas for new features that will all earn full credit:
    • Enable users to create their own polls
    • Add user accounts. Polls voted on would be associated with the account
    • Check for double votes using Cookie and/or IP
    • Set a timeout for polls (e.g., the poll is active for only 7 days)
    • Add a banner ad to the site that changes on a page reload (you could use Google Adsense or similar)
    If there is a feature not on this list that you would like to add, please ask a TA.
  5. When someone completes their feature, they should merge their branch into the master branch, and everyone else in the group should merge the master branch (which now has the new feature) into their personal working branch.

On Demo Day, you will need to show the branching structure of your repository in SourceTree to the TA.

Creative Portion

As your creative portion, add two more features to your polls app, at least one of which shouldn't be in the list above.

Web Security and Validation

Web frameworks take care of a lot of the security practices you learned in modules 2 and 3. For more information on Django security, refer to the Django documentation: https://docs.djangoproject.com/en/dev/topics/security/

You still need to ensure that all pages on your site pass the W3C validation.


We will be grading the following aspects of your work. There are 100 points total.

  1. MySQL Queries (25 Points):
    • A MySQL server is running on your instance (2 points)
    • Tables fields, including data types, are correct (4 points)
    • Foreign keys are correct (4 points)
    • The output of each of the five queries is correct (3 points each)
  2. News Site (60 Points):
    • User Management (20 Points):
      • A session is created when a user logs in (3 points)
      • New users can register (3 points)
      • Passwords are hashed using salted one-way encryption (3 points)
      • Users can log out (3 points)
      • A user can edit and delete his/her own stories and comments but cannot edit or delete the stories or comments of another user (8 points)
    • Story and Comment Management (20 Points):
      • Relational database is configured with correct data types and foreign keys (4 points)
      • Stories can be posted (3 points)
      • A link can be associated with each story using a separate database field (3 points)
      • Comments can be posted in association with a story (4 points)
      • Stories can be edited and deleted (3 points)
      • Comments can be edited and deleted (3 points)
        Note: Although there are only 6 points allocated for editing/deleting in this section, there are 8 more points at stake in the User Management section that cannot be earned unless editing/deleting is implemented. Implementing editing but not deleting, or vice-versa, will result in earning half the points.
    • Best Practices (15 Points):
      • Code is well formatted and easy to read (3 points)
      • Safe from SQL Injection attacks (3 points)
      • All content is sanitized on output (3 points)
      • All pages pass the W3C validator (3 points)
      • CSRF tokens are passed when creating, editing, and deleting comments and stories (3 points)
    • Usability (5 Points):
      • Site is intuitive to use and navigate (4 points)
      • Site is visually appealing (1 point)
  3. Creative Portion (15 Points)