Beta Version

The beta version is the final version of your course project. At this point, the site should be pretty well polished, with directions on the nice-looking web pages and forms, good feedback, and good error handling.

In many cases, the beta is slightly polished and improved from alpha, without new features and such. That's fine. I'm looking for these to be good not huge: to demonstrate skills, not to show them five times over.

What to turn in

Since this is the best version of your project, I think it's worthwhile to create a video demonstration of it. That video can be shared with friends, family and potential employers. It can also be helpful to me in my grading, to see that the feature worked at least for you, if not for me. It's also something I can share with future CS 304 students. Therefore, I would like each team to create such a video and share it with me.

As with the alpha version, I will need some help in grading these, since everyone is doing something slightly or radically different. Therefore, your Google doc should have some of the following

  • I will assume the navigation works, so no need to provide URLs.
  • The sample usernames/passwords that I might need.
  • Directions on how to use your pages, if they're not self-explanatory
  • The database tables I need to look at, if any
  • The code that I need to grade
  • A link to the video demonstration.

It's helpful to note what things are new, so that I don't have to review and re-grade things I've seen before.

How I will test == How you should test

Just to be clear, here's how I will test your code:

  • I will login to your team account.1
  • I will activate the venv that is in your team account
  • I will cd to your beta directory. 2
  • I will run your app.py
  • I will test your app in the browser, using the directions that you gave me in the Google Doc.
  • I will review and comment on the code in the Google Doc. (Some teams put their code in a separate Google Doc from the one with the directions, and others just create one Google Doc. Either is fine with me, as long as I have both.)

How to Submit it

Like our earlier phases, you'll write this as a Google Doc, shared with your team and me. This will allow all of you to easily co-author it, and allow me to comment on it.

The title of the document is very important, otherwise I will mis-place it and lose time finding it. The title of the document will be CS304-SEM-YYYY-beta-TEAM where the SEM is the semester (Fall/Spring), the the YYYY is year, and the TEAM is name of your project or team account or your names.

Since Google often makes these documents hard to find (weird for a search company...), please submit the URL via this

URL submission Google Form

How You Will Be Graded

The following is repeated from the project description:

You and your teammates will create an web application. It should have some cool features that demonstrate your mastery of the concepts and skills we've learned in this course:

  • Displaying, searching, inserting, updating, and deleting data.
  • Sessions — extended interactions with a user, providing context and state
  • Logins and authentication, probably with different permissions for administrators versus ordinary users, and users from each other.
  • File upload, whether pictures, MS Word files, or whatever.
  • Ajax: to allow seamless and asynchronous updates.

Your project need not have all of these, but most projects will have most of these. I'm flexible, so if you have an idea, please talk to me about it.

An excellent project will typically either do an exceptionally good job on these core concepts and skills or go beyond them, adding extra features to their web application. There's no menu of such features, but recent projects have done things such as emailing users, setting up cron jobs for automatic tasks, authenticating with Facebook or OpenID logins, using JavaScript in the browser to reduce load on the server and improve the user experience, and having an exceptional user interface, whether through their own code or UI plugins. Eye candy is always nice.

Your code should work: no error traces to the browser, no broken links, no errors in the JavaScript console, and so forth.

As is true of all the homework assignments in the course, your code should also be clear and readable, well documented, and modular. Furthermore, it should not be vulerable to SQL injection, Cross-site Scripting (XSS) or other attacks. For example, I shouldn't be able to hack into your site by changing a cookie value or modifying the value of a hidden input in a form. Also, if you're using Flask, the code should be thread-safe, meaning that there should not be global variables (constants are okay), since globals are shared across requests. Finally, if your project has file uploads, there are extra security considerations there (which is one reason I would like you to find a use for file uploads in your project).

This is not primarily a security course, but neither do I want you building insecure applications. Our goal is to learn the basic skills so that we are prepared to learn more. Avoiding security holes is important, so in general I will deduct a full letter grade for a project that has one or more holes. So, I expect:

  • No SQL injection vulnerabilities and other injection vulnerabilities.
  • No XSS vulnerabilities.
  • Thread-safe Flask code
  • Password protection for file upload and insertion of data.
  • The password protection need not be state-of-the-art, but it should avoid obvious flaws. The passwords should probably not be stored in plaintext, and they should probably not be emailed to the user.

Students typically do very well on the project; I'm not looking to grade harshly. I know you work very hard and the results are usually amazing.

I will also need to be grading these quickly, so my commenting and such will not be as thorough. But the time for revision is past, anyhow.

However, I do take security vulnerabilities seriously, so you should be careful with that. It is easy to focus exclusively on functionality and aesthetics, and while that's understandable, avoiding vulnerabilities is necessary.

Please contact me if you have any questions or concerns.

  1. As sysadmin, I can login to any account, so there's no need for you to give me the password. However, you might remind me of the name of the team account, though I also have records of that. 

  2. Eventually, your team account will have separate directories for draft, alpha and beta versions of your project, each with different versions of the code.