Many core architecture improvements have been happening
Well... it's been a little over two weeks since my last post and I published the new C++CMS based code. I've put every spare hour I could find into it since. I want to have a core system up and running by end of year. I've set the bar awfully high as to what I want completed before I think of it as ready. In brief these are the main things that I've accomplished in the past days:
- Many styling changes, especially with forms.
- Session cookie security was greatly improved, especially with the next item.
- I procured and installed a certificate to encrypt the site for everyone's comfort and protection. It makes the big g00gle happy too.
- Many minor bugs fixed throughout the system.
- Many improvements to my modular application framework, using C++CMS.
- A good start on a core "pages" module with bindings to users.
- Started work and testing on user email communication tools.
Personally I'm very excited about the progress. At the same time I'm always disappointed in the speed in which things are progressing. Still things are beginning to look the way I want under the hood. Like watching a house being built or a remodel in progress the internal work is never very visible. The visible progress usually is a fairly small percentage of total effort.
At this point I'm pretty pleased with the visual appearance. What do you think of the teletype bullets for the blog list? I need to work on the color a bit more... Most all of the components are styled as I originally envisioned. Well... except for SysOp's (my) console. But nobody else is looking at that. I can live with it until I get closer to allowing people in. I'm imagining something in the style of a classic Toshiba T3200 laptop (red gas plasma) display...
Session cookies are always a concern in something like this. Yes, the site uses cookies. Its the mechanism that was invented to allow a server to keep info about the state of a user's session. This is necessary since HTTP is essentially a connection less protocol. Well... the connection starts at the request of a resource and then ends. Although in later versions "keep alive" allows a connection to request more than one resource and then drop. But they still aren't usable like a traditional network connection to a service, which opens upon authentication and stays open until the session is finished.
So we use cookies to store state information on the client allowing the simulation of a connection to some extent. For the server side development its still problematic but it works after a fashion and its what I have. They are pretty harmless and are easily cleared from the client side (browser) and unless seriously abused, by the web developer, which I haven't seen, they are harmless. My chief concern with cookies is session theft. Someone stealing the cookie and using it, thereby appearing to be the user that logged in with the original cookie. Its identity theft to the web server.
To prevent this: I am using httpS, which hides the login password and the session cookie. But then I also encrypt some data into the cookie that makes it difficult for someone whose stolen it to look like the original user. Any funny business and the session is immediately discarded requiring another login, but the user's data on my site stays safe. This was a large concern to me.
Most the rest of the goodies on my list are all about the internal plumbing and probably not of real interest to anyone but me, at the moment. But it felt good to whittle down my bug list and make the internal structure more pliable.
On the internal structure probably the biggest thing is a module for generic pages. This will get wired in to provide the backing storage for all page like content on the site. This will make it so that all of the modules that inherit this functionality will automatically receive all of the features and functions of this "page" object. For starters this will include: comments, ratings, tags and search capabilities.
Well I need to get back to writing code. But an example of a user's personal page can be seen in my general user account page.