The getpepper™ Christmas project 2008 was to convert our home-grown secret santa desktop application into a website that anyone can use for free. See the result at www.sledgecrash.com – a suitably disaster-orientated domain name, given the economic climate for Xmas 2008, and the outlook for 2009!
SledgeCrash is a simple on-line version of the classic Secret Santa Christmas gift exchange game that uses email to make gift exchange assignments. Intended as a decorative ‘stocking-filler’ of a site, and to be extremely simple to use, it nevertheless threw up a few considerations over our sherry and mince pies, one of which was security.
Security is hugely important to us at getpepper™, and an obvious issue for a site that sends out emails. Nobody wants to be spammed and we take our users’ privacy very seriously, so password protected sign up was a must, with account activation via email.
To protect the SledgeCrash website all passwords are ‘hashed’ and ‘salted’ (sounds tasty!), techniques that combine to make stored passwords unique, unrecognisable, and indecipherable, whilst still allowing authentication of users when they log in. A penalty of this approach however is that forgotten passwords are non-recoverable.
This is an example of balancing security and usability, another getpepper™ priority. ‘Forgotten your password?’ functionality allows users to assign a fresh password to their account via a process that mirrors sign up. However those helpful error messages that you might reasonably expect on mis-typing your username are withheld. This is to help defend against nasties such as so-called ‘dictionary attack’, where spamming tools test huge numbers of possible values against a site in rapid succession in order to break the security and access the database.
As well as authentication of genuine users, another security concern has been the management of users’ authorisation levels, to ensure that whilst they are logged in they can only ever access their own data – no snooping on anyone else’s gift exchange groups! We’ve handled this using the latest role-based authorisation control, (RBAC), which assigns ‘permissions’ to users via roles depending upon where they are in the system. This approach lends itself to adding new roles, and to future development we have in mind for Phase II of the site.
In our paranoia about site misuse we even chose to auto generate the gift assignment email in order to control its content, (was that too big brother of us…?) We might relent on that one, and trust in our Terms of Use, especially since there is nothing to stop users assigning their exchange group members a bunch of rude names – one of the few outlets for self expression that SledgeCrash currently allows!
Usability has been another preoccupation in design of the SledgeCrash site, particularly since it features a number of forms. I”ll talk about our usability dilemmas in another post!
Meanwhile take a look at the site, www.sledgecrash.com, and bookmark it for Christmas 2009!