Seventeen Moments in Soviet History
MetadataShow full item record
This describes results of the Seventeen Moments in Soviet History semester Capstone project in CS4624 Multimedia, Hypertext, and Information Access course. The majority of the work done with the website focused on shoring up security flaws and issues. This was first started by identifying all elements of the website that interacted with the database. Next, the corresponding code in the website was found and work was done to correct it. This began by identifying how CakePHP handles SQL queries and recommended ways to sanitize SQL queries in CakePHP. Next, flow of control in querying the database was changed to ensure that the recommended changes could be implemented. Once these change were made, the website was first tested to ensure that functionality was not damaged in anyway. Once it was confirmed that the website was still as functional as before the changes, testing was undergone to ensure that the SQL issues were fixed. This was done by attempting to make an SQL injection on the website. The database was then checked to ensure that no changes were made to the website and that the database was in the same state as before the injection attack. In addition to fixing the security issues associated with the website, general database changes were made as well. First, user registration was changed to ensure that new users were not listed as moderators. Next, all moderators were dropped, with the clients representing the only moderators. Then, the website was modified to no longer store passwords in plain text and changed to only store the hashed passwords. This was confirmed by making new users and testing to see if their plaintext passwords were stored. In addition, all plaintext passwords were removed from the database. Research was also undertaken for notifying the users of the Soviet History website that the website was operational again. First, a script for emailing users was considered but determined to be unacceptable due to a limit on number of emails sent by an address and the fact that the scripts are dependent on the running computer’s configurations. Next, a mass email service was considered, but determined to be undesirable as they operate on a monthly subscription fee and the service would only be used once. It was then determined that the best course of action was to determine which users should be emailed and only email them so as to not broadcast to the original hackers that the website was back up. Finally, work is being done to fix the subtitles not appearing on the audio sections of the website. However, currently they are not working, although, test code is being run to see if it improves the subtitles issue.