A Stateless Quiz System with Raku - Part 4: Notes
[250.4] Published 18. August 2023
[
Index |
Introduction |
Security |
The Program |
Notes |
RakuConf
]
Here are some features that would be more or less easy to add:
- Add possibility to specify the port number
- Add possibility to specify the cvs file name
- Add possibility to load multiple csv files, each belonging to a separate
question set (each one starting at question 1)
- Add support for several correct answers (e.g. with
|
between
each one in the csv file
- Move the (web page) template to a separate file, and use
«Cro::WebApp::Template» to set it up. Possibly even separate templates for
«q», «q1» (ok) and «q0» (error)
Security Related features:
- Block a user (the IP address) sending illegal question IDs (instead of
sending the error message 418 as text), to prevent brute force attacks.
The first time, we set a block time of 15 seconds. If the user tries
again while still blocked, we add another 30 seconds. And so on. Note
that this will require a database to keep track of blocked users
- Send a cookie with the first question page. Keep track of the user
(also in a database), and ensure that they have to go through each
question - and present the cookie as proof - as they answers the questions
- Change the initial Question ID on the URL to a quiz ID, and send the
actual Question ID as POST data. In combination with encryption (HTTPS),
this will make it impossible for hackers with access to networks that the
requests pass through to sniff out legal Question IDs.
Beware of Scope Creep.
Adding nice-to-have features will lead to a more complicated program, and
the fundamental premise of doing this without a database is actually
worth keeping hold of.
[
Index |
Introduction |
Security |
The Program |
Notes |
RakuConf
]