Beta Version

The beta version is the final version of your course project. At this point, the site should be pretty well polished, with directions on the nice-looking web pages and forms, good feedback, and good error handling.

In many cases, the beta is slightly polished and improved from alpha, without new features and such. That's fine. I'm looking for these to be good not huge: to demonstrate skills, not to show them five times over.

What to turn in

Since this is the best version of your project, I think it's worthwhile to create a video demonstration of it. That video can be shared with friends, family and potential employers. It can also be helpful to me in my grading, to see that the feature worked at least for you, if not for me. It's also something I can share with future CS 304 students. Therefore, I would like each team to create such a video and share it with me.

As with the alpha version, I will need some help in grading these, since everyone is doing something slightly or radically different. Therefore, your Google doc should have some of the following

  • The URLS of the web pages I need to look at, or just the home page if all the navigation works.
  • The sample usernames/passwords, items, and other inputs, so I can use the forms.
  • Directions on how to use your pages, if they're not self-explanatory
  • The database tables I need to look at, if any
  • The code that I need to grade
  • It's helpful to note what things are new, so that I don't have to review and re-grade things I've seen before.
  • A link to the video demonstration.

How to turn it in

Like our earlier phases, you'll write this as a Google Doc, shared with your partner and me. This will allow the two of you to easily co-author it, and allow me to comment on it.

How to Submit it

Like our earlier phases, you'll write this as a Google Doc, shared with your partner and me. This will allow the two of you to easily co-author it, and allow me to comment on it.

The title of the document is very important, otherwise I will mis-place it and lose time finding it. The title of the document will be CS304-SEM-YYYY-beta-TEAM where the SEM is the semester (Fall/Spring), the the YYYY is year, and the TEAM is name of your project or team account or your names.

Since Google often makes these documents hard to find (weird for a search company...), please submit the URL via this

URL submission Google Form

How You Will Be Graded

The following is repeated from the project description:

You and your teammates will create an web application. It should have some cool features that demonstrate your mastery of the concepts and skills we've learned in this course:

  • Displaying, searching, inserting, updating, and deleting data.
  • Sessions — extended interactions with a user, providing context and state
  • Logins and authentication, probably with different permissions for administrators versus ordinary users, and users from each other.
  • File upload, whether pictures, MS Word files, or whatever.
  • Ajax: to allow seamless and asynchronous updates.

Your project need not have all of these, but most projects will have most of these. I'm flexible, so if you have an idea, please talk to me about it.

An excellent project will typically either do an exceptionally good job on these core concepts and skills or go beyond them, adding extra features to their web application. There's no menu of such features, but recent projects have done things such as emailing users, setting up cron jobs for automatic tasks, authenticating with Facebook or OpenID logins, using JavaScript in the browser to reduce load on the server and improve the user experience, and having an exceptional user interface, whether through their own code or UI plugins. Eye candy is always nice.

Your code should work: no error traces to the browser, no broken links, no errors in the JavaScript console, and so forth.

As is true of all the homework assignments in the course, your code should also be clear and readable, well documented, and modular. Furthermore, it should not be vulerable to SQL injection, Cross-site Scripting (XSS) or other attacks. For example, I shouldn't be able to hack into your site by changing a cookie value or modifying the value of a hidden input in a form. Also, if you're using Flask, the code should be thread-safe, meaning that there should not be global variables (constants are okay), since globals are shared across requests. Finally, if your project has file uploads, there are extra security considerations there (which is one reason I would like you to find a use for file uploads in your project).

This is not primarily a security course, but neither do I want you building insecure applications. Our goal is to learn the basic skills so that we are prepared to learn more. Avoiding security holes is important, so in general I will deduct a full letter grade for a project that has one or more holes. So, I expect:

  • No SQL injection vulnerabilities and other injection vulnerabilities.
  • No XSS vulnerabilities.
  • Thread-safe Flask code
  • Password protection for file upload and insertion of data.
  • The password protection need not be state-of-the-art, but it should avoid obvious flaws. The passwords should probably not be stored in plaintext, and they should probably not be emailed to the user.

Students typically do very well on the project; I'm not looking to grade harshly. I know you work very hard and the results are usually amazing.

However, I do take security vulnerabilities seriously, so you should be careful with that. It is easy to focus exclusively on functionality and aesthetics, and while that's understandable, avoiding vulnerabilities is necessary.

Please contact me if you have any questions or concerns.