Home
>>     < >




In-class notes for 05/04/2020

CS 284 (MCA), Spring 2020

  • Senior Banquet, 4:30 on Friday (virtual location TBA)

  • Correction in Lab 6: the name of your Postgres schema (on csinparallel.cs) should be mca_s20_repo instead of only your stogit repo name repo.

  • Workarounds for authentication on Windows systems added to Lab 5

    • Alternatives to .pgpass

    • Security issue:   Do not enter passwords in code then create a git commit.

  • To resolve: button server network issue

    • Is this currently a Lab 4 button-server issue (without DBMS connection)or only Lab 5 (with DBMS connection)?

    • Lab 5 Architecture diagram

    • I only recall seeing this (Mac, Android) when I was experimenting to discover how to connect from Node backend server to Postgres DBMS.

    • IOS problem?

      • Researched this with a student with an iPhone.

      • Security issue:  By default, IOS devices are configured not to connect with HTTP servers

      • But the Expo app we work from appears to have the code needed to fix that problem

    • Windows-related?

      • At least 2 students with Windows have reported this issue.

      • One student indicated that they can successfully run a different Expo app, but cannot run a button server.

      • Windows students can run pgCommands.js successfully by using the workarounds above.

      • The Node backed server needs to connect on two networks - does that take special configuration in Windows?

      • Have any students running Windows been able to get a Lab 5 button server to work?

    • Is this a Windows issue?

    Please update me on Piazza.
    Please volunteer to help there if you know how to make it work

  • Today - Worksheet 19

    • RESTful APIs with React Native Express

    • Security issue:  Parameterized queries - use these whenever you are transmitting user-provided data strings to the DBMS

    To appear: Navigation among multiple pages - NavigationContainer component

  • Project deliverables by date page
    No logs required for these projects.

  • Next project deliverables - Storyboards and updated features lists, due Wednesday

    • Please draw images of your user-interface pages, and submit as a single PDF with comments indicating how the images relate to your features list

    • It's fine to draw by hand on paper, upload the photos to Drive or your computer, and insert them into a Google doc in order to produce the PDF.

  • Project requirements - document to appear

Worksheet 19 - Additional project technologies

Worksheet 19 does not need to be submitted, but its technologies should be used in your projects.

  • RESTful APIs with React Native Express

  • Parameterized queries in Postgres

    • Security issue:  Always use parameterized queries whenever you are sending user-entered text.

      • Example: If you send an SQL query such as 

        INSERT INTO mytable VALUES (500, 'XXX')
        where the string XXX represents user input, then what happens if the user enters the following string? 
        '); DELETE * FROM mytable; --

      This is called SQL injection, and the risk comes from the fact that the SQL language expression isn't processed (parsed) until it arrives at the DBMS

      • Parameterized queries enable the SQL language structure to be processed (parsed) first, then the (user-provided) string values to be entered later.

      • xkcd




< >

rab@stolaf.edu, May 4, 2020