cs173: Assignment 3
Version 3, 2002-10-08 13:30
This assignment asks you to write a Web program. You may use any server, language, etc., that you wish. You need to turn in your program as well as a URL (Web address) that the graders can use to test it. The simplest Web programming protocol is called CGI (the Common Gateway Interface); you can find lots of information on it on the Web. You are permitted to run CGI programs on the departmental's internal network. Ask the TAs for additional information.
Although this program is quite simple, it is representative of the core of much larger Web software (just like the interpreters we write in this course are themselves quite lean, but represent the core of large programming languages).
Some Web applications depend on having a usable email address for each user. A calendar manager, for instance, might send event reminders to that address. Unfortunately, users are notoriously bad at correctly typing their email addresses. Therefore, most applications now have an interface where:
We want you to implement such a email checker. The "rest of the application" should just print a message that includes the user's email address and says that that email address has registered successfully. You do not need to check for duplicate registrations. Your program should not, however, successfully register someone who does not visit the key URL!
Note that you can't substitute the key URL with a generated key that the user must enter into a Web page. We really want an interface where you generate a single key URL, visiting which tells the application that the email address is valid. (If you can build the former, it's not much more work to write the latter.)
The validation process should be reasonably secure for instance, if you simply put the email address in the URL, then it becomes easy for a malicious user who notices the pattern to infiltrate your database of registered users with bogus email addresses.
This application does raise issues of resource management: a malicious user could fill your entire database with initial requests, but not complete any of them (and not even have to bear the consequences of his action by entering a bogus email address). A real Web application would protect against such behavior. You don't have to, but it's okay if you do, e.g., by using timeouts. That is, if the user takes longer than (say) three days to visit the key URL, the program can report that the URL is no longer valid and the user must start afresh. (If you do use timeouts, make them at least a day long.) Likewise, this application doesn't need to be highly fault tolerant. If someone is attacking your server, you may need to restart it; doing so may expire recent key URLs. That's okay. Just tell the user to restart the registration process.