This week, I plan to optimize the login feature by using stored procedures and validating the username and password fields.
I implemented stored procedures to improve the security of Ukiyo, such as prevention of SQL Injections.
Impediment: However, when implementing the validation of the login fields, it is not case sensitive due to the nature of SQL. After some research, I found that SQL collation helps to resolve this issue.
I also intend to do validation for registration, where users must have unique username and emails. This is done by checking the existing usernames in the database. If the username or email had already been used, a TempData is passed to the Register View to display the error message.
My Learning Points:
I have learnt about SQL collation, where fields can now be checked with case-sensitivity. (as SQL is by default case-insensitive).
What I would have done differently:
If I had more time to work on these features, I would like to optimize the efficiency and security of the functions. For instance, the registration feature uses a for loop to check if there are existing usernames and emails in the database. To optimize this, the fields captured in the list can simply contain the usernames and emails, making it much more efficient.
Furthermore, the user table can be horizontally fragmented by alphabetical order (i.e. 1 fragment contains username starting with 'A'), which would make checking more efficient as only number of data rows needed to be checked is much lesser.'
As for the security aspect, I wished I had more time to adopt stored procedures for all the frequently used functions so as to prevent SQL Injection.
Personal Thoughts:
I realized that my strongsuit is databases, especially SQL, as I have a stronger understanding after taking the ADB module provided by Ngee Ann Polytechnic.
Comments