Name | Studentno |
Jone Skaara | 473181 |
Kristian S. Holm | 473114 |
Olav H. Hoggen | 473138 |
Martin Kvalvåg | 473144 |
Magnus Bringe | 473155 |
This is the assignment in IMT3501 Software Security at NTNU in Gjøvik Norway. The task is to create a web forum with a concept of users, threads, categories, messages, and message replies. Users can sign up then login and keep the session for their time browsing the forum, post messages and have other users up- and downvote your messages earning you reputation points (that is not completed). There is a strong focus on security in the application.
- The Golang server takes requests from the different HTML documents. We have a
- DefaultHandler that returns the index document with a list of categories, it can also return any generic html document using the /page prefix.
- SignupHandler that returns the signup document or register new user.
- LoginHandler that returns the login html document. It logs user in, creating session cookies.
- LogoutHandler that logs a user out by deleting their sessions.
- MessageHandler displays the content of a thread. Create new message if post request.
- ThreadHandler displays content of a category. Create new thread if post request.
- CategoryHandler generates a list of threads and sends it to the user.
In the html documents we use basic html with form actions which contacts the go handlers in the golang server. We have a htmlGeneration package that generates threads, categories and messages from the database.
We have made a struct for each of our database types, add functions, get functions, show functions and delete functions. The add functions use prepare statements to insert into the database. The get functions is used to retrieve the user, threads, messages or replies. Show is used to generate a slice of category and treads.
- My SQL driver for golang.
- Reading for json files for system configuration.
- Generating session ids.
- Generating salt and hashing of passwords
Prerequisite for installation on any OS is that golang 1.11 or later is installed and set up on the intended server computer. Link to Golang download:
Time to fill in all parameters the server uses to communicate with the database and requesting clients.
"Port" : int, # The port the golang server will be using.
"Address" : string, # The address of the host computer on the local network.
"DatabasePort" : int, # The port the SQL database will be using.
"DatabaseAddress" : string, # The address to the database that the golang server will be using.
"DatabaseDatabase" : string, # The database within the SQL databse server to use.
"DatabaseUser" : string, # The user the golang server will be logging into the database with.
"DatabasePassword" : string, # The password for that databse user.
"HtmlPath" : string # The relative or absolute path to the html folder in the repository containing all the html docs.
"Port" : 5000,
"Address" : "",
"DatabasePort" : 3306,
"DatabaseAddress": "",
"DatabaseDatabase" : "forumdatabase",
"DatabaseUser" : "forumuser",
"DatabasePassword" : "password",
"HtmlPath" : "/home/name/golang/src/"
# cd $GOPATH
mkdir -p src/ && cd src/
git clone
cd imt3501-Software-Security
go get
go get
go get
go get -u
cp docs/config.json.example cmd/forumServer/config/config.json
# See Config.json setup above.
go build ./cmd/forumServer
# In powershell or cmd
# Navigate to $GOPATH
mkdir src
mkdir krisshol
git clone
go get
go get
go get
go get -u
cd src\\krisshol\imt3501-Software-Security\
copy docs\config.json.example cmd\forumserver\config\config.json
# Setup config file, see start of installation guide
mkdir bin
cd bin
go build ..\cmd\forumServer
local db:
# basic setup login in with root or other authorised user
mysql -u root -p
create database forum
# go to $GOPATH/src/
mysql -u root -p forum < create-db.sql