A Stateless Quiz System

by Arne Sommer

A Stateless Quiz System with Raku - Part 4: Notes

[250.4] Published 18. August 2023

[ Index | Introduction | Security | The Program | Notes | RakuConf ]

Here are some features that would be more or less easy to add:

  • Add possibility to specify the port number
  • Add possibility to specify the cvs file name
  • Add possibility to load multiple csv files, each belonging to a separate question set (each one starting at question 1)
  • Add support for several correct answers (e.g. with | between each one in the csv file
  • Move the (web page) template to a separate file, and use «Cro::WebApp::Template» to set it up. Possibly even separate templates for «q», «q1» (ok) and «q0» (error)

Security Related features:

  • Block a user (the IP address) sending illegal question IDs (instead of sending the error message 418 as text), to prevent brute force attacks. The first time, we set a block time of 15 seconds. If the user tries again while still blocked, we add another 30 seconds. And so on. Note that this will require a database to keep track of blocked users
  • Send a cookie with the first question page. Keep track of the user (also in a database), and ensure that they have to go through each question - and present the cookie as proof - as they answers the questions
  • Change the initial Question ID on the URL to a quiz ID, and send the actual Question ID as POST data. In combination with encryption (HTTPS), this will make it impossible for hackers with access to networks that the requests pass through to sniff out legal Question IDs.

Beware of Scope Creep. Adding nice-to-have features will lead to a more complicated program, and the fundamental premise of doing this without a database is actually worth keeping hold of.

[ Index | Introduction | Security | The Program | Notes | RakuConf ]