- The code must respect the [**good practices**](../good-practices/README.md).
- It is recommended that the code present a **test file**.
- It is recommended to have **test files** for [unit testing](https://go.dev/doc/tutorial/add-a-test).
- Some **banner** files with a specific graphical template representation using ASCII will be given. The files are formatted in a way that is not necessary to change them.
@ -25,7 +25,7 @@ To know more about SQLite you can check the [SQLite page](https://www.sqlite.org
In this segment the client must be able to `register` as a new user on the forum, by inputting their credentials. You also have to create a `login session` to access the forum and be able to add posts and comments.
You should use cookies to allow each user to have only one opened session. Each of this sessions must contain an expiration date. It is up to you to decide how long the cookie stays "alive".
You should use cookies to allow each user to have only one opened session. Each of this sessions must contain an expiration date. It is up to you to decide how long the cookie stays "alive". The use of UUID is a Bonus task.
Instructions for user registration:
@ -33,7 +33,7 @@ Instructions for user registration:
- When the email is already taken return an error response.
- Must ask for username
- Must ask for password
- The password must be encrypted when stored
- The password must be encrypted when stored (this is a Bonus task)
The forum must be able to check if the email provided is present in the database and if all credentials are correct. It will check if the password is the same with the one provided and, if the password is not the same, it will return an error response.
@ -75,7 +75,7 @@ For the forum project you must use Docker. You can read about docker basics in t
- You must handle website errors, HTTP status.
- You must handle all sort of technical errors.
- The code must respect the [**good practices**](../good-practices/README.md).
- It is recommended that the code should present a **test file**.
- It is recommended to have **test files** for [unit testing](https://go.dev/doc/tutorial/add-a-test).
@ -10,14 +10,19 @@ For this project you must take into account the security of your forum.
- Encrypted connection : for this you will have to generate an SSL certificate, you can think of this like a identity card for your website. You can create your certificates or use "Certificate Authorities"(CA's)
- Clients session cookies should be unique. For instance, the session state is stored on the server and the session should present an unique identifier. This way the client has no direct access to it. Therefore, there is no way for attackers to read or tamper with session state.
- We recommend you to take a look into [cipher suites](https://en.wikipedia.org/wiki/Cipher_suite).
- The implementation of [Rate Limiting](https://en.wikipedia.org/wiki/Rate_limiting) must be present on this project
- You should encrypt :
- Clients passwords
- Clients passwords.
- Database, for this you will have to create a password for your database.
Sessions and cookies were implemented in the [previous project](../README.md) but not under-pressure (tested in an attack environment). So this time you must take this into account.
- Clients session cookies should be unique. For instance, the session state is stored on the server and the session should present an unique identifier. This way the client has no direct access to it. Therefore, there is no way for attackers to read or tamper with session state.
### Hints
- You can take a look at the `openssl` manual.
@ -28,7 +33,7 @@ For this project you must take into account the security of your forum.
- You must handle website errors, HTTPS status.
- You must handle all sort of technical errors.
- The code must respect the [**good practices**](../../good-practices/README.md).
- It is recommended that the code should present a **test file**.
- It is recommended to have **test files** for [unit testing](https://go.dev/doc/tutorial/add-a-test).
@ -14,7 +14,7 @@ We advise you to create your own tests for yourself and for when you will correc
- Your project must be written in **Go**.
- The code must respect the [**good practices**](../good-practices/README.md).
- It is recommended that the code present a **test file**.
- It is recommended to have **test files** for [unit testing](https://go.dev/doc/tutorial/add-a-test).
The tool you are about to build will receive as arguments the name of a file containing a text that needs some modifications (the input) and the name of the file the modified text should be placed in (the output). Next is a list of possible modifications that your program should execute: