View Forum Topic

Forums
CS520
Homework6 - Part 3

Author	Message
kk-das Posts: 21	Posted 20:32 Dec 01, 2013 \| Part3 -> Everyone can see the basic information of an event such as event name and message, but only the event owner can see additional information such as the guest list and invitation status. Just considering a case if there are Hundreds of events created by various users in the envite application, should any random Guest (who is NOT a registered User or Signed in) be able to see the Events created in the application (without the inside details). Doesn't it need some kind of authentication even to view the basic Event names and messages ONLY ? Last edited by kk-das at 20:34 Dec 01, 2013.
cysun Posts: 2935	Posted 20:41 Dec 01, 2013 \| I personally don't see any problem for everybody to see every event - it's unlikely that you'd use an e-invite site in the first place if your event is secret. With that said, it's OK if you want to implement some additional security measure so that only the guests invited to an event can see the basic information of that event.
kk-das Posts: 21	Posted 20:51 Dec 01, 2013 \| Thank you Dr. Sun So is it okay if I display all the Events in the Welcome Page itself so any anonymous visitors can view those events once they visit the home page of the envite application. Does that match the requirement ?
cysun Posts: 2935	Posted 21:45 Dec 01, 2013 \| kk-das wrote: Thank you Dr. Sun So is it okay if I display all the Events in the Welcome Page itself so any anonymous visitors can view those events once they visit the home page of the envite application. Does that match the requirement ? No, the requirement doesn't ask you to display all events on the welcome page. You don't have to implement any security measure to prevent anonymous users from viewing an event, but you shouldn't make it too easy for them see other people's events either.
kk-das Posts: 21	Posted 22:16 Dec 01, 2013 \| Can we simply put a hyperlink that says: LIST OF ALL EVENTS and navigates to the list of events ? Now since there is No authentication needed or asked for, I'm not quite sure Where & How an anonymous visitor can navigate to be able to see the events created by others in the application ? How can we achieve this without making it too easier for them as you are suggesting. (If you can suggest any minor security measures we may implement) If it's okay for you, then can you please discuss this once in the class tomorrow for us to have a better picture. It is important to know this as the UI of the application will depend on this. Thank you Last edited by kk-das at 22:17 Dec 01, 2013.
cysun Posts: 2935	Posted 07:56 Dec 02, 2013 \| kk-das wrote: Can we simply put a hyperlink that says: LIST OF ALL EVENTS and navigates to the list of events ? Now since there is No authentication needed or asked for, I'm not quite sure Where & How an anonymous visitor can navigate to be able to see the events created by others in the application ? How can we achieve this without making it too easier for them as you are suggesting. (If you can suggest any minor security measures we may implement) If it's okay for you, then can you please discuss this once in the class tomorrow for us to have a better picture. It is important to know this as the UI of the application will depend on this. Thank you I think you may be misinterpreting "everyone can see the basic information of an event" - it simply means you don't have to implement any security measure to prevent anonymous users from viewing the basic information of an event, but it doesn't mean you have to provide some convenient way (e.g. an event list) for them to do so. Your current UI should already let users to access the events relevant to them easily (e.g. showing the list of events a user created after the user logs in and including a link to the event in the invitation email), and that's enough.