Seventeen Moments in Soviet History

Files

PowerPoint presentation of our project (1.35 MB)
Downloads: 105

PDF version of our project presentation (1.55 MB)
Downloads: 207

SovietHistory-Final.docx (1.06 MB)
Downloads: 417

SovietHistory-Final.pdf (1.54 MB)
Downloads: 403

SovietHistory.pdf (1.59 MB)
Downloads: 431

TR Number

Date

2015-05-14

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

This describes results of the Seventeen Moments in Soviet History semester Capstone project in CS4624 Multimedia, Hypertext, and Information Access course. The majority of the work done with the website focused on shoring up security flaws and issues. This was first started by identifying all elements of the website that interacted with the database. Next, the corresponding code in the website was found and work was done to correct it. This began by identifying how CakePHP handles SQL queries and recommended ways to sanitize SQL queries in CakePHP. Next, flow of control in querying the database was changed to ensure that the recommended changes could be implemented. Once these change were made, the website was first tested to ensure that functionality was not damaged in anyway. Once it was confirmed that the website was still as functional as before the changes, testing was undergone to ensure that the SQL issues were fixed. This was done by attempting to make an SQL injection on the website. The database was then checked to ensure that no changes were made to the website and that the database was in the same state as before the injection attack.

In addition to fixing the security issues associated with the website, general database changes were made as well. First, user registration was changed to ensure that new users were not listed as moderators. Next, all moderators were dropped, with the clients representing the only moderators. Then, the website was modified to no longer store passwords in plain text and changed to only store the hashed passwords. This was confirmed by making new users and testing to see if their plaintext passwords were stored. In addition, all plaintext passwords were removed from the database.

Research was also undertaken for notifying the users of the Soviet History website that the website was operational again. First, a script for emailing users was considered but determined to be unacceptable due to a limit on number of emails sent by an address and the fact that the scripts are dependent on the running computer’s configurations. Next, a mass email service was considered, but determined to be undesirable as they operate on a monthly subscription fee and the service would only be used once. It was then determined that the best course of action was to determine which users should be emailed and only email them so as to not broadcast to the original hackers that the website was back up.

Finally, work is being done to fix the subtitles not appearing on the audio sections of the website. However, currently they are not working, although, test code is being run to see if it improves the subtitles issue.

Description

Items included: SovietHistory-Final (1).docx - Editable Word Document of Final Report. SovietHistory-Final (3).pdf - PDF version of final report. SovietHistory.pdf - Final Complete requirements report. SovietHistoryReport.pdf - PDF version of our report for easier viewing. SovietHistoryPresentation.pdf - PDF version of our PowerPoint presentation for our project. SovietHistoryPresentation.pptx - PowerPoint version of our project presentation.

Keywords

Soviet History, Website security, database

Citation

Persistent link

http://hdl.handle.net/10919/52356

Collections

CS4624: Multimedia, Hypertext, and Information Access