Weekly Sprint #3: Database Security
This week I primarily focused on ensuring the security of the FoldFeed database. Originally, I had structured the sign up process so that users could simply enter a username/password and instantly log into their account. While this would make account creation simpler, it would leave the database vulnerable to potential manipulation.
In order to fix this, I implemented a 2-step account creation process. Instead of a user simply logging in with their newly created username, they must first verify their account via email. If the account is not verified, the user will not be able to create posts or write any data to the database. They must also agree to FoldFeed’s Terms of Service and Privacy Policy which will include additional information to ensure that only appropriate content is uploaded to the website.
I also spent many hours this week working on realtime input validation using React. For example, when a user creates their password, it must contain specific characters and numbers. In this case, an error message will update in realtime with the remaining requirements that the user must meet.
Once the user has successfully created and verified their account, they will then be able to log into the system. After logging in, the user will be re-directed to a page in which they can enter a user name (as well as their first and last name) to add to their profile. This input is also validated in realtime to ensure that invalid data is not passed to the database.
Towards the end of the sprint, I started implementing the dashboard feature which will allow users to see all of the recent activity on their posts. It will also have a section for finding new origami artists to follow for first-time users. I plan on improving these functionalities in next week’s sprint so that users will be updated on any feedback they receive on their work. I also intend to start adding more origami-related functionalities when users create a post to ensure that the data can be categorized correctly.
