Filed under: Software Systems

Ready Made v Ground Up

Now this is a debate ragging in my head for quite some time now. I just completed a project for my college's website. The website was built using Drupal. We are now looking for a fully functional website for the college alumni. And there again, we are looking at Ning as a platform. Drupal wass used by a group of students to build a website. They did not have the time to build the whole thing from scratch. Why? Because they were busy with their projects and assignments. When it came to working professionals building a similar website, time became even more of a luxury than before and we moved towards a more ready made platform. And in all this i am not even talking about the time spent in developing the product. But like all software pros, i am talking about the time spent in testing it, making it bullet proof and then maintaining it. Now, this entails a lot of time. When you come to think of it, if and when someone starts paying you for something like this, it becomes a full time job. But then again, that is a big "if".

Read the rest of this post »

SRS: Software Requirement Specifications

I was finally able to clean up my comp today off all the trash i had accumulated over the years in college. Saved up a lot of space!! :D That is when i found this rather interesting document worth having a look at. It was a simple straight forward guideline to writing an SRS. I used it while documenting my analysis and design aspects of my final year project. It is to the point and comprehensive to say the least. I guess one such document should always be by your side while working on any project. :) I could never quite locate the true source of this document. It was a life saver for me. So here is the link to it: SRS.pdf Hope this helps you in your documentation and analysis of your projects. Cheers!!!

Login Issues

The other day at office, there was some general talk on how people get some really retarded ideas when it comes to making a login process really secure. The particular feature that was in focus concerned the idea of temporarily deactivating a person's login after 3 unsuccessful tries. The simple issue with this method is thus: any one, can deactivate your account if he knows your user-id by making 3 unsuccessful log in attempts using incorrect passwords. This can make life hell for you. So, what are the possible work-arounds? Well, take a look at the core issue that you are trying to address by deactivating accounts after 3 unsuccessful login attempts. I think the core issue is to make it difficult for the person/bot who is trying to login, in case of 3 unsuccessful attempts. Now, try and understand this: the person or bot may not be the actual user himself. So the locality of the issue and its solution should be at the client side of the application where the login attempts are being made, not at the data level where the respective user information is being stored. In a nutshell, make it difficult for the person who is logging in by creating trouble at the UI not by completely deactivating the account itself from the DB.

Read the rest of this post »