Hello everyone.
If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).
How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know
I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?
Thanks in advance
Gabriel
8  2258 
"Gabriel" <en************ **@hotmail.com> wrote in message news:c1******** *************** **@posting.goog le.com... Hello everyone.
If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).
How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know
I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?
Thanks in advance
Gabriel
I've been doing quite a bit of PHP coding lately - but I still rely on PHP.net and occasionally the news-groups. There is no way
that I or anyone else can tell you if it's possible for YOU to finish this project in 10 weeks.
Aside from the security issues for money handling, the interface as you described it could be implemented in a short period of time.
Developers who have implemented login mechanisms/password recovery in PHP for three or more web sites could probably have that
portion of the site done in just a few days with code-reuse.
I think the security issues here are beyond PHP. Not that PHP can't handle them - it can - but there are other security concerns
outside of the user/database interface that would need to be addressed. For instance PHP can't help you if your system leaves
telnet available to the outside.
Making the content look pretty is a whole different issue, and can take endless amount of time. But you didn't say much about that.
For what you did say I think 10 weeks (400 hours) is adequate.
-CF
Gabriel wrote: Hello everyone.
If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
Up to this pint, I would estimate approx. 3 hrs - programming and
testing only, but I already have done this before and have existing
frameworks in place.
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
Depends on the implementation. .. I would NOT store credit card info in
the database, but the amount the user currently has is ok.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).
Simple form filed that updates the user's balance.
This brings up the total to approx 4 hrs, but that isn't including all
the design, betting and game stuff that you'd also need to do...
How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know
7
I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?
10 weeks sounds like a good timeline to me, even with a couple other
projects going on at the same time.
--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.
Gabriel wrote: Hello everyone.
If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).
How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know
I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?
Thanks in advance
Gabriel
10 weeks? Shoot, if that's your job and you're devoting 40hrs/wk (or more)
to it, you should be able to do it in ten days and not break a sweat. (and
btw, I would rate myself at 10 in all categories.)
Building the system you described is easy. I would put coding time at around
a week, and another week for setting up the server. The tough thing is
proving that the system works correctly. In order to perform proper and
thorough QA testing on the site, you'd need a complete functional specs and
a complete technical specs. From these you develop test cases covering all
possible scenarios. And then you need to analyse the system to see how it
can withstand different types of attacks. Finally, internal policy has to be
developed controlling who has access to the database, encryption keys, SSL
certificates and so forth.
If you're the only member of your development team, there's no way you can
do all that in 10 weeks.
Uzytkownik "Gabriel" <en************ **@hotmail.com> napisal w wiadomosci
news:c1******** *************** **@posting.goog le.com... Hello everyone.
If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).
How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know
I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?
Thanks in advance
Gabriel
Chung Leong wrote: Building the system you described is easy. I would put coding time at
around a week, and another week for setting up the server. The tough
thing is proving that the system works correctly. In order to perform
proper and thorough QA testing on the site, you'd need a complete
functional specs and a complete technical specs. From these you
develop test cases covering all possible scenarios. And then you need
to analyse the system to see how it can withstand different types of
attacks. Finally, internal policy has to be developed controlling who
has access to the database, encryption keys, SSL certificates and so
forth.
If you're the only member of your development team, there's no way
you can do all that in 10 weeks.
10 weeks is extremely generous. Personally, my opinion is that if you're
going to do attack testing, sure - do a bit yourself, but get an external
person / group to try and hack the system. You don't have a fresh
perspective, they do. As for everything else, this really is not that
complicated, and should be doable within a two week period. Anyone saying10wk is either a really poor coder, has time management issues, lies to
their employer about how long their work takes, or some combination of those
three.
For a time I was working as a QA analyst. We used to say that QA is about
checking for compliance, not correctness. Without detailed documentation you
really can't test anything. Say you hire this external person to test your
site. How do you know he/she did anything? As the result that pleases is no
results, you'll end up with just that.
Uzytkownik "Agelmar" <if**********@c omcast.net> napisal w wiadomosci
news:bt******** ****@ID-30799.news.uni-berlin.de... 10 weeks is extremely generous. Personally, my opinion is that if you're
going to do attack testing, sure - do a bit yourself, but get an external
person / group to try and hack the system. You don't have a fresh
perspective, they do. As for everything else, this really is not that
complicated, and should be doable within a two week period. Anyone saying10wk is either a really poor coder, has time management issues, lies to their employer about how long their work takes, or some combination of
those three.
"Gabriel" <en************ **@hotmail.com> wrote in message
news:c1******** *************** **@posting.goog le.com... Hello everyone.
If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).
How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know
I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?
Thanks in advance
Gabriel
rating PHP 4 Mysql 5 Project planning 9
This project should be able to be at the 90% stage in under 40 hours time
using unique code and combining it with available code.
It would work and do what you want, but it may or may not be secure or
pretty.
The reason I used 90% was the 90/10 rule that has seemed to dog me since I
started programming back in 1966. That is the first 90% of any software
project seems to take 10% of the time and the last 10% takes 90% of the
time.
The only way to beat this that I have found is to take the first 5 to 7% of
the projected time and not start on the project but use it to develop a very
detailed plan and very specific specifications. Then I seem to only spend
about 70 of the total projected time completing the entire project.
--
God Bless you,
Al Kolff
"There is a God we want, and there is a God who is. They are not the same
God. The turning point of our lives is when we stop seeking the God we want
and start seeking the God who is."
Patrick Morley
Seven Seasons of the Man in the Mirror
p184
I noticed that Message-ID:
<c1************ *************@p osting.google.c om> from Gabriel contained
the following: If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
I thought the idea of an encrypted password was that no one, other than
the user, would know what it is?
Or do you mean the things that ask a security question and then allocate
a new random password?
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: lawrence |
last post by:
I haven't been able to reach www.php.net for days. Most of the rest of
the web is working for me, though I've bad trouble reaching any
English sites. Anyone else having trouble?
|
by: Bartosz Wegrzyn |
last post by:
I need help with sessions.
I createt set of web site for nav with authorization.
first I go into main.php which looks like this:
<?php
//common functions
include_once '../login/common.php';
global $LOGINDIR;
|
by: Japhy |
last post by:
Hello,
I'm am pulling data from a mysql db and want to use the data to
populate a <ul.
Here are relavent parts of my code :
$wohdate = mysql_result($wohRS,$wohndx,woh_date);
$woh_display .="<li>".$wohdate."</li>" ;
$TemplateText = Replace($TemplateText,"@$wohdisplayndx@",$woh_display);
|
by: Chris Paul |
last post by:
I'm having trouble with PHP & PostgreSQL/OpenLDAP/Apache on Windows.
I've set this up countless times on BSD (piece of cake) but I'm trying
to do this on Windows now so that my developer can work on her local
machine.
Everything looks pretty good. OpenLDAP/cygwin works great. PostgreSQL
works great. Apache runs. PHP runs.
But when I try to connect to my PostgreSQL server using PHPPgAdmin, I
|
by: Lennart Björk |
last post by:
Hi All,
I have a tiny program:
<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>MyTitle</title>
<meta http-equiv="Content-Type" content="text/html;
| | |
by: laredotornado |
last post by:
Hi,
I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed
using Apache's apxs and the php library was installed to
/usr/local/php. However, when I set my "error_reporting" setting to be
"E_ALL", notices are still not getting reported. The perms on my file
are 664, with owner root and group root. The php.ini file is located
at /usr/local/lib/php/php.ini. Any ideas why the setting does not seem
to be having an effect? ...
|
by: ansc1 |
last post by:
Hello, I'm new to using php coding. I need help with the following:
1. There is a submit button on the form and is saves information to
my database. After clicking on "Save Measurement" it redirects me to
another page in my site.
What I would like to do is change what page directs it to. Currently
the submit button redirects me to page /measure/men_measure. I would
like to be able to change this.
Please see below my page below:...
|
by: tsivaraman |
last post by:
I am trying to build php-5.2.1 in RedHat Linux 9.
I have installed libxml2-2.6.11,mysql-5.0.33,httpd-2.2.4(apache)
successfully.When i do 'make' from the php directory,i get the
following errors..Not able to proceed further.(./configure went
smooth).
I request you to provide suggestions to solve this problem.
-5.2.1/include -I/lamp/php-5.2.1/main -I/lamp/php-5.2.1 -I/usr/local/
include/libxml2 -I/lamp/php-5.2.1/ext/date/lib...
|
by: Benjamin Grieshaber |
last post by:
Hi,
I´m on SuSE 9.3 with xmlrpc-c and xmlrpc-c-devel installed (ver. 0.9.10)
I tried to compile php with xmlrpc support and got the following errors:
ext/xmlrpc/.libs/xmlrpc-epi-php.o(.text+0x359): In function
`set_zval_xmlrpc_type':
/php-5.2.5/ext/xmlrpc/xmlrpc-epi-php.c:1313: undefined reference to
`XMLRPC_CreateValueDateTime_ISO8601'
|
by: mechphisto |
last post by:
I'm working on a friend's box, Fedora Core 6. It has PHP 5.1.6.
I need to install mcrypt into it, and the only way I can find to do it
is from source then recompile PHP. So I did all that, and got the
latest PHP, 5.2.5.
The ./configure finally went through OK. Make and make install. Then I
restarted Apache...
but the phpinfo() shows no change. It's still using 5.1.6.
When I run "php -v" from command line I get a huge error I'll include...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
