Week 8 CST 336

For the final for this class, our team had to develop a shopping website. The requirements were:

Minimum requirements:

If any of the following elements is missing, you will get deducted 20 points.

Documentation must include Title, Description, Mockup, Database Schema and Screenshots -20pts
missing any)
Project must use at least four database tables
The combined database tables must have at least ten fields
One of the database table must have at least 20 records

Feature requirements:

There is a “user” section in which users can search and filter data using at least three fields 10pts
Users can add items to a shopping cart  10pts
Users can see all items in their cart (Total cost is also displayed) 10pts
Administrators can login and logout from the system 10pts
Administrators can update content of at least one table (using pre-populated data in the form) 10pts
Administrators can insert new records in at least one table 10pts
Administrators can delete records 10pts
Administrators can generate at least three reports, which use aggregate functions (e.g., average price of all products in the table) 10pts
Project uses at least two AJAX calls with their corresponding Web APIs.
As part of your submission, please explain where the AJAX calls are.
Project has a nice and consistent design (preferably, use Bootstrap) 10pts
We met all the requirements with our project, Pontificating Monty’s Firefly Bazaar.

Week 7 CST 336

This week we learned about authentication and sessions.

One method of authentication is HTTP Basic Auth, which is just username:password. However, passwords should not be passed as plain text because it is easily intercepted and read. There are many encryption methods, but we focused on BCrypt. BCrypt is an adaptive hashing function that uses a changing key factor that makes it resistant to hacking/cracking.

We did not implement BCrypt ourselves, but we used the bcrypt package on npm to hash our passwords to implement authentication on our web apps. We also tracked users with express-sessions.

CST 336 Week 6

This week we connected our knowledge of Node.js with the skills we built in the Intro to Databases class using the node-mysql package. Of course preventing SQL injection was emphasized. If user input is not properly escaped, anyone could inject their own SQL queries and gain access to the entire database–they could even drop an entire schema worth of tables.

There are two methods for escaping user input. One involves calling the mysql.escape method from the (mysql npm package) on user input. The other method involves using a question mark placeholder for user inputted values, which are then passed in as arguments into the query.