A New CFC Website??

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #76
    Re: A New CFC Website??

    Originally posted by Roger Blum View Post
    For the Saskatoon Chess Club web site (http://scc.saskchess.com), I concocted a way to use the Chess Tempo viewer (http://chesstempo.com/). Check the Games section of the SCC site for examples. The site uses Drupal, but I'm sure something similar could be done with Joomla without too much difficulty.
    Thnx, I checked it. Could not figure out (read) how to insert the game in the post (http://chesstempo.com/pgn-usage.html gives instructions for the webpage, not the blog)
    The plugin, which I use, allows < pgn > tag. Thus simple copy/paste works like a charm :)

    Comment


    • #77
      Re: A New CFC Website?? Security Weakness Is Critical

      As stated in several posts it is not just new vs old website but also the use of new development tools and platforms which are easier to support and maintain as well as providing increased security.

      This is also an excellent time to introduce a project management methodology.

      My company Arizmi Solutions Inc. controls a dedicated server having 500GB monthly transfer with Canada Web Hosting who provide superior IT support including Microsoft OS patches etc.

      The server environment is .NET with SQL 2005 database, however, we can install any desirable component on server.

      Economies of scale are realized with select clients on the same platform supported by the same tools.

      My associates and I have been developing database applications for over 20 years and wish to start a dialog with the CFC on providing a cost effective solution for the website going forward.

      Comment


      • #78
        Re: CFC Office Hours/Wk

        Originally posted by Steve Karpik View Post
        I think Roger has hit the nail on the head. An up-to-date, functioning web site is essential to organizations like the CFC today. Custom coded web solutions like what the CFC has today belong to a bygone era. I happen to favour DotNetNuke but any well supported Content Management System (Joomla, Drupal, DotNetNuke, etc.) liberate staff from coding concerns. They make the upkeep of a web site a content problem not a technology problem.

        A small organization like the CFC can't afford to stick with yesterday's technologies. This isn't technology for technology's sake. A couple of years ago I rewrote the Scarborough Chess Club web site in DotNetNuke. After the work of transfering the web site from one platform to another, I now have a web site that is much easier to look after. Adding pages or sections or removing them is trivial in the new framework. I now do changes to the web site that I just wouldn't undertake before because it was to much a pain in the ass. Inertia is tough to overcome and there are Luddites who decry change but I wouldn't go back to my old web site for anything. We're making the same sorts of decisions in the web sites that I manage at my place of work. We want to spend more time creating content and less time managing it.
        This is not true. This website is today internet technology since it work in Internet Explorer. Even if you do not like the tools used with differents tools you will save only 10% in productivity when you have to update the data.

        It is a small system so no need for differents tools, simply more time. With 3.5 hours, give me any software and you will have the same result as what we get today.

        Keeping this website updated would required a minimum of 1 day per week. This is the same among of time Jean Hébert puts in HPE newsletter. Redaction work and formatting takes time. But HPE could also take more than a day of work if the user was no good with computers. When you are no good with computers everything seems complicated.

        Carl

        Comment


        • #79
          Re: A New CFC Website??

          Originally posted by Steve Karpik View Post
          I can't say whether the hosting that the CFC is using is good or bad. Issues of hosting, etc. are not really central to the problem the CFC is facing.

          Where we seem to have a definite weakness at the CFC is ASP knowledge. There's no excuse for the web site being "fixed" and then immediately hacked.
          I'm not technical, but I don't see why CFC needs ASP. OK, sure, you don't want to redevelop a database-membership-rating_system that's already written in MS Access / VB / Access BASIC. Continue with that. But the database itself is updated only once a week. No data entry is done on the www. Surely the database can be exported once a week (or once a day if automated, it only should take a few seconds) and "standard methods" used to query that. So, no ASP at the CFC website. What am I missing?

          Comment


          • #80
            Re: A New CFC Website??

            Originally posted by Jonathan Berry View Post
            I'm not technical, but I don't see why CFC needs ASP. OK, sure, you don't want to redevelop a database-membership-rating_system that's already written in MS Access / VB / Access BASIC. Continue with that. But the database itself is updated only once a week. No data entry is done on the www. Surely the database can be exported once a week (or once a day if automated, it only should take a few seconds) and "standard methods" used to query that. So, no ASP at the CFC website. What am I missing?
            You need something like PHP, ASP, ASP .NET, etc. to allow you to enter a last name and retrieve a rating. And any time you allow a query on a database, you have to guard against techniques that try to overwhelm the security on the database and allow malware to be injected into the database. So unless you're happy with a static list, ASP (or something else) is necessary. Even refreshing (i.e. replacing the database) every week doesn't really buy you protection from injection attacks. The solution lies in employing appropriating professional coding practices. Any number of strategies can provide adequate protection.

            Comment


            • #81
              Re: A New CFC Website??

              Originally posted by Steve Karpik View Post
              You need something like PHP, ASP, ASP .NET, etc. to allow you to enter a last name and retrieve a rating. And any time you allow a query on a database, you have to guard against techniques that try to overwhelm the security on the database and allow malware to be injected into the database. So unless you're happy with a static list, ASP (or something else) is necessary. Even refreshing (i.e. replacing the database) every week doesn't really buy you protection from injection attacks. The solution lies in employing appropriating professional coding practices. Any number of strategies can provide adequate protection.
              A naive question: What if a flat file is dumped out of Access (a csv file for example), and simple text searching (a cgi script in perl, say) used to retrieve the desired information?

              John Cordes

              Comment


              • #82
                Re: A New CFC Website??

                When the database is being updated off site, it might be practical to write a program to generate static pages from the database which could then be transferred to the website.

                For example, ratings could be organized alphabetically by lastname on a page starting with the first letter of the lastname.

                A index page could also be created that would provide one click access to the page with your rating.

                Many browsers have a find on this page feature which could be used to locate the name instead of scrolling.

                No database is required on the website. The key question is who at the CFC is evaluating which processes would be practical and at a budget the CFC can afford.

                SQL injection attacks in ASP queries can be avoided by not running a query - built in the code - directly against the tables, for example,
                execute "select * from ratings where lastname like '%" & inputfield & "%'"

                The SQL injection attack places subqueries in the input field that will also be run as part of the statement execution. These subqueries can build temporary tables,transfer data to the tables, execute stored procedures that provide access to the file system etc.

                These attacks can be avoided by running a stored procedure to select the records instead of building the statement in code.

                The stored procedure will limit the parameters size making it more difficult to embed longer statements in an input field. Permissions are only given to the stored procedures needed by the web pages and not to all the tables and stored procedures in the database.
                Last edited by David Lyall; Tuesday, 29th September, 2009, 03:18 PM. Reason: typos

                Comment


                • #83
                  CFC Website - Ratings Page Virus Still There

                  CFC Website - Ratings Page Virus Still There

                  Today at 3:30 pm, I asked IT specialist Steve Karpik to check the CFC website ratings page for the virus/unauthorized script. He checked Egis' rating page, and the Hart House summer crosstable, and the infection is STILL THERE . It is something put into the ratings database by unknown persons, and its effect is not known, but usually these incursions are in furtherance of criminal aims. It seems to me that therefore CFC members checking their ratings may be at risk still. Also, this points to the fact that our CFC website security is still very lacking. Steve advises me that a number of security measures can be taken to prohibit this kind of incursion, though the age of our website does make it more vulnerable.

                  Furthermore, the notice on our CFC website says:

                  " Our site has since been cleaned and is presently virus-free. "

                  Obviously this is no longer true, and should be changed.


                  What are the Executive/EK Gillin doing about this current new infection? What are they doing about improving security for our site while discussions go on about perhaps purchasing a new website? Why is the executive so silent on these issues?

                  Bob

                  Comment


                  • #84
                    Re: A New CFC Website?? Security Weakness Is Critical

                    What if a company paid the CFC an amount to develop and host the ratings, for example, $500 per year?

                    The company would incur all development costs which would be recouped from advertising rights on the ratings page over an agreed upon period, for example, 3 years.

                    As membership grows the advertising value of the page increases and a new rate is negotiated at the end of the agreed upon period.

                    The CFC may seek other sponsors of the page at the end of this period to who ever is willing to bid the most for the rights to the ratings page.

                    This solution would provide reliable hosting of the ratings page - developed with new tools - over several years as well as generate some revenue for CFC ( with no costs ) allowing the CFC to focus on membership and other initiatives.

                    Comment


                    • #85
                      Re: A New CFC Website?? Security Weakness Is Critical

                      CFC memberships more than cover the costs to run a website. The only ads that should be on the CFC site are ads for CFC related events and the books/equipment stores. $500 a year is hardly worth annoying the crap even more out of the membership, is it?
                      Christopher Mallon
                      FIDE Arbiter

                      Comment


                      • #86
                        Re: A New CFC Website?? Security Weakness Is Critical

                        Originally posted by Christopher Mallon View Post
                        CFC memberships more than cover the costs to run a website. The only ads that should be on the CFC site are ads for CFC related events and the books/equipment stores. $500 a year is hardly worth annoying the crap even more out of the membership, is it?
                        I think the USCF site has some ads on their rating page, though not many. Revenue is revenue and since the CFC lacks revenue, no harm in looking into this IMO.

                        Comment


                        • #87
                          Re: A New CFC Website?? Security Weakness Is Critical

                          Originally posted by Christopher Mallon View Post
                          CFC memberships more than cover the costs to run a website. The only ads that should be on the CFC site are ads for CFC related events and the books/equipment stores. $500 a year is hardly worth annoying the crap even more out of the membership, is it?
                          Besides, it is easy enough to block (most) ads.
                          ...Mike Pence: the Lord of the fly.

                          Comment


                          • #88
                            Re: A New CFC Website?? Security Weakness Is Critical

                            Who says the CFC lacks revenue? The CFC should be running a huge surplus this year since they haven't proceeded with any of the major programs in the budget.

                            A financial update would help, of course.
                            Christopher Mallon
                            FIDE Arbiter

                            Comment


                            • #89
                              Re: A New CFC Website?? Security Weakness Is Critical

                              Ads could be given a specific area on the page , for example, the page could have a design where the name entered to do ratings lookup would be on left and the ad ( graphic ) would be on right of the page - no popups.

                              The value of the advertising on the ratings page could grow as the membership increases, for example, each 2,000 increase in members could have the ad value grow by $500.

                              The idea would be to get the page established so other parties could see the page, know the number of visitors to page, and also want to advertise on that page.

                              Also key to the idea would be to put the page and process for updating the ratings - as viewed on the web site - developed in new tools - with increased security and reliability to ensure access to both ratings and ads over an extended period.

                              Comment

                              Working...
                              X