Beta Version¶
The beta version is the final version of your course project. At this point, the site should be pretty well polished, with directions on the nice-looking web pages and forms, good feedback, and good error handling.
In many cases, the beta is slightly polished and improved from alpha, without new features and such. That's fine. I'm looking for these to be good not huge: to demonstrate skills, not to show them five times over.
What to turn in¶
Since this is the best version of your project, I think it's worthwhile to create a video demonstration of it. That video can be shared with friends, family and potential employers. It can also be helpful to me in my grading, to see that the feature worked at least for you, if not for me. It's also something I can share with future CS 304 students. Therefore, I would like each team to create such a video and share it with me.
As with the alpha version, I will need some help in grading these, since everyone is doing something slightly or radically different. Therefore, your Google doc should have some of the following
- The URLS of the web pages I need to look at, or just the home page if all the navigation works.
- The sample usernames/passwords, items, and other inputs, so I can use the forms.
- Directions on how to use your pages, if they're not self-explanatory
- The database tables I need to look at, if any
- The code that I need to grade
- It's helpful to note what things are new, so that I don't have to review and re-grade things I've seen before.
- A link to the video demonstration.
How to turn it in¶
Like our earlier phases, you'll write this as a Google Doc, shared with your partner and me. This will allow the two of you to easily co-author it, and allow me to comment on it.
How to Submit it¶
Like our earlier phases, you'll write this as a Google Doc, shared with your partner and me. This will allow the two of you to easily co-author it, and allow me to comment on it.
The title of the document is very important, otherwise I will
mis-place it and lose time finding it. The title of the document will
be CS304-SEM-YYYY-beta-TEAM where the SEM
is the semester
(Fall/Spring), the the YYYY
is year, and the TEAM
is
name of your project or team account or your names.
Since Google often makes these documents hard to find (weird for a search company...), please submit the URL via this
How You Will Be Graded¶
The following is repeated from the project description:
You and your teammates will create an web application. It should have some cool features that demonstrate your mastery of the concepts and skills we've learned in this course:
- Displaying, searching, inserting, updating, and deleting data.
- Sessions — extended interactions with a user, providing context and state
- Logins and authentication, probably with different permissions for administrators versus ordinary users, and users from each other.
- File upload, whether pictures, MS Word files, or whatever.
- Ajax: to allow seamless and asynchronous updates.
Your project need not have all of these, but most projects will have most of these. I'm flexible, so if you have an idea, please talk to me about it.
An excellent project will typically either do an exceptionally good
job on these core concepts and skills or go beyond them, adding extra
features to their web application. There's no menu
of such
features, but recent projects have done things such as emailing users,
setting up cron jobs for automatic tasks, authenticating with Facebook
or OpenID logins, using JavaScript in the browser to reduce load on
the server and improve the user experience, and having an exceptional
user interface, whether through their own code or UI plugins. Eye
candy is always nice.
Your code should work: no error traces to the browser, no broken links, no errors in the JavaScript console, and so forth.
As is true of all the homework assignments in the course, your code should also be clear and readable, well documented, and modular. Furthermore, it should not be vulerable to SQL injection, Cross-site Scripting (XSS) or other attacks. For example, I shouldn't be able to hack into your site by changing a cookie value or modifying the value of a hidden input in a form. Also, if you're using Flask, the code should be thread-safe, meaning that there should not be global variables (constants are okay), since globals are shared across requests. Finally, if your project has file uploads, there are extra security considerations there (which is one reason I would like you to find a use for file uploads in your project).
This is not primarily a security course, but neither do I want you building insecure applications. Our goal is to learn the basic skills so that we are prepared to learn more. Avoiding security holes is important, so in general I will deduct a full letter grade for a project that has one or more holes. So, I expect:
- No SQL injection vulnerabilities and other injection vulnerabilities.
- No XSS vulnerabilities.
- Thread-safe Flask code
- Password protection for file upload and insertion of data.
- The password protection need not be state-of-the-art, but it should avoid obvious flaws. The passwords should probably not be stored in plaintext, and they should probably not be emailed to the user.
Students typically do very well on the project; I'm not looking to grade harshly. I know you work very hard and the results are usually amazing.
However, I do take security vulnerabilities seriously, so you should be careful with that. It is easy to focus exclusively on functionality and aesthetics, and while that's understandable, avoiding vulnerabilities is necessary.
Please contact me if you have any questions or concerns.