Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


|Views: 45|Likes:
Published by sushengloong

More info:

Published by: sushengloong on Apr 08, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Copyright © 2011 Su Sheng Loong Page 1
First name :
Sheng Loong
Last name :
Email :
sushengloong [at] gmail [dot] com
IRC Nick :
Skype :
Location/Timezone :
Brisbane, Australia (GMT+10)
Education :
University of Queensland, Information Technology
Project Proposal
Coming from a Java/Spring/Hibernate background, I have yet encountered a framework inthe CodeIgniter world (or even PHP) that is comparable to Spring Security which providesinterfaces that allows the developers to easily implement different kind of authenticationmethods (or so-called “authentication providers”) including database, LDAP, social networks(Facebook connect, Twitter OAuth), XML files, etc. Also, CodeIgniter has yet got anyauthentication framework that comes built-in with URL-level access control. Therefore, Ireckon this is the direction that this project is heading towards.My proposal is therefore to develop an authentication framework that is integrated intoLimesurvey yet the code is generic enough to be ported to any other CodeIgniter basedapplication. Basically the framework will intercept all traffic to perform some authenticationcheck before allowing the visitors to proceed. This concept is generally a port from SpringSecurity. However, PHP does not have filters whereby the interceptors are created.Therefore, some modifications have to be made in the parent/super/generic classes of thecontrollers to call the framework authentication functions before executing the remainingoperations. Even better, this can also facilitate URL-level access control since all controllerswill perform authentication check.In order to facilitate extensibility and modularity, the authentication framework will define aset of interfaces which the developers have to implement in order to add in newauthentication methods and backend providers. Similar to Spring Security, the developersneed to define login, logout, register, failure, access denied pages for each of theauthentication methods. As for the backend, the developers need to implement andconfigure the authentication providers, once again be it typical database storage, socialnetwork API, LDAP, XML files, Excel spread sheets, etc.Furthermore, we can have different level of user authentications. It means that we candefine different type of user groups and what URLs or controllers that each of the groupscan access. If the time is permissible, the framework will be made to allow the developers todetermine what kind of operations can be performed on certain URLs or controllers bywhich group of users. This in turn acts like an access control list (ACL).
Copyright © 2011 Su Sheng Loong Page 2
This proposal is not meant to be porting Spring Security to CodeIgniter. Instead, I am hopingto absorb the goodness of the framework and then create a brand new authenticationframework that suits the Limesurvey’s needs. This might sound like a difficult task but Ibelieve with my enthusiasm and experience in using Spring Security and CodeIgniter I willsucceed eventually.
Benefits for Limesurvey
A powerful, secure, flexible and extensible authentication framework for Limesurvey.2.
Other developers can easily implement new authentication methods and backendproviders by coding based off the framework interfaces.3.
Well documentation, coding style and design pattern for the framework.
Milestones and Deliverables
Date Range Descriptions
April – 22
May 1.
Communicate with mentor.2.
Produce basic analysis and design artefacts.3.
Receive feedback from mentor and the community.4.
Finalise design artefacts.23
May – 24
June 1.
Start coding basic components.(Unfortunately my final examinations fall in between 11
 June and 25
June, I have only two papers though)25
June – 10
July 1.
Start coding more difficult components.2.
Perform testing.11
July – 15
July 1.
Submit mid-term evaluations.2.
Revise design artefacts.3.
Continue coding more difficult components and performintegration.15
July – 15
August 1.
Start integrating authentication framework with existingcodebase.2.
Start developing and testing different authenticationproviders.3.
Much time will be spent on debugging.4.
Perform testing and prepare written documentations.15
August – 22
August 1.
More testing and debugging to be done.2.
Complete documentation.3.
Clean up the code.22
August – 26
August 1.
Submit final evaluations.
Past Open Source Development Experience
Frankly speaking I have not really contributed code and patch to open source projects.Nevertheless, I have experience in modifying or hacking open source software such as GNUPth library and ext2 file system at University, for which you can find out more under the“Academic Experience” section. Apart from that, I have used many other open sourcesoftware for my academic and hobby projects. Hence, I do not find my lack of experience incontributing to open source projects as a hurdle or disadvantage.
Copyright © 2011 Su Sheng Loong Page 3
Other Coding Experience
Cheer List
Lead Programmer cum Co-founder 
A hobby web project which involves another two co-founders – a Bachelor’s student inInformation Technology and a Master’s student in International Economics and Finance.
Developing a web application for sports fans to follow and discuss about their favouritegames.
Programming Languages/software used including XHTML, CSS, JavaScript, AJAX (usingprimarily JSON), XML, PHP, MySQL, Apache HTTP server, CodeIgniter, jQuery, etc.
Academic Experience
GHASH Location-based Search Engine
Lead Programmer 
A yearlong project undertaken in a flagship course, Advanced Information TechnologyProject (CSSE3005).
Involving another five Bachelor’s and Master’s students in Information Technology.
Developing a Google Maps API driven yellow pages with front-end search engine, full-fledged storefront, complex business transactions, back-end administration panel,reporting system, social network integration, etc.
Programming Languages/software used including XHTML, CSS, JavaScript, AJAX (usingprimarily JSON), XML, Java (Enterprise Edition), Apache Tomcat, Spring (Spring Core,Spring MVC, Spring Security, Spring WS), Hibernate, Oracle 10g, Yahoo UI, jQuery, GoogleMaps API, Facebook API, Eclipse, Subversion, other third party libraries and APIs.
Operating System Architecture Courseworks
Gained exposure and experience in developing and hacking Linux libraries, file systemsand device drivers.
Software developed or modified including GNU Pth userspace threading library, ext2 filesystem and a Linux device driver which performs cryptography computations.
Programming language and software used including C, vim, Subversion, Ubuntu LinuxServer Edition, VMware, putty, etc.
Web Information System Courseworks
Learning to build enterprise-standard web information systems by using various opensource software and programming languages.
Software/programming languages used including XHTML, CSS, JavaScript, AJAX, XML, PHP,MySQL, Java, Apache Tomcat, Apache HTTP server, eclipse, etc.
Coding and Cryptography
One of the non-programming courses which are related to this project.
A flagship Mathematics course which was enrolled as one of my elective courses.
Half of the course is about studying various cryptosystems including theencryption/decryption process, strengths and weaknesses and how cryptanalysis can beperformed to crack each of the cryptosystems.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->