Application Security Testing: An Integral Part of DevOps
Environment: VC6 /Win 2K/Win XP
- Diagram & explanations
- How to test this program (click here if you want to play with it right away)
- Known bugs
- Suggestions for update
This is not an update of my previous article. Although this is also a chat room program, it was written in a totally different way from its precedent. After my previous article was published, many people wrote to me for comments, which are highly appreciated. And many people wanted a "CSocket" version chat - room example too. So this article is an answer to their request. Since I am a physics student and have been busy playing with the detector simulation instead of Visual C++, I'd not even studied the CSocket mechanism until Matthew Millman 's excellent article came to the front page of Codeguru.
Inspired by the elegant implementation of his "NetMsg" program I decided to rewrite my chat room with CSocket too.
Another reason for me to do this piece of work was a realistic one: I'm on my way to graduation, and I want to begin my career as a programmer. And I hope my code would interest any potential employers. Please go see the statement below for details.
Before I dive into the details of my code, I'd like to share some ideas about the programming with you guys, which I believe you'll benefited from as I have.
Java, C++, Basic, no matter what language you prefer to use, some principles are always to be held dear:
- Think. Dr. Stroustrup said in his "The C++ programming language", "always think more before coding". Always think the problem over and over, knowing what you are going to solve and the possible solution.
- Keep the data process code and the GUI code separated always; GUI module is supposed to collect the data from some place( end user, I suppose?) and do the data presentation. Your program should always have one or more "information center" to hold these data(through variables) and manipulate them(through the methods or functions) and, at the right time , inform the GUI to update the presentation through interface. Take MFC SDI/MDI or dialog_base program as examples, for simple cases, the main dialog and the document class are the ok place to be "information center". For large project, it might use the self-sufficient logic units as the building blocks, which have their own data manager classes, and have loosen relation with each other.
Advantage of using CSocket.
Now it's the time to talk my code. My previous program used the socket class from David Kruglinski's "Programming Visual C++". One of the disadvantages of that class was that it's extremely hard for the developer to send /receive more data types other than character stream.
But CSocket use the wonderful concepts of CSocketFile and CArchive. If you have used CFile + CArchive before, you might realize how convenient it's to deal with different data. Its counterpart, CSocketFile, together with CArchive, can do the same thing for the network data streamming.
After some simple initialization work to link CSocket and CSocketFile and CArchive objects, we can focus our attention on the collecting and processing of data, almost all kinds of data*(I did have some problems dealing with the pointer, which is also a member for streaming in my program. Later I converted it into a DWORD so that it went to Archive happily), then wrap them into package and send it to the CArchive object, MFC will take care of the rest Sending the package to the other computers with the predefined data order. So the whole programming became nothing more than the collection, assemble and distribution and parse of the data. See the diagram below.
Another advantage of CSocket is its virtual function overridden mechanism. Once the virtual functions of CSocekt like OnReceive, OnAccept have been overridden by the developer, we have set a network alert guard. For example, once there comes an incident message, OnReceive will alert and forward it to your corresponding handler). Similarly, once a request of connection comes, the OnAccept sends an alert to the handler too.
- I believe the diagram would speak for itself. Still, I have to point out that the actual code would not strictly follow the building blocks shown above, as the design- programming is always an interactive activity which requires the continuous modification.
The design of the server is a litter different from the client.
7 Two CSocket derived classes are used. One is listening to the ports, once a request for connection is coming, a new clientsocket is created and its info is added to a linklist maintained by the main dialog (in my case, CChatServer).
7 I removed the burden of Sending/Receiving message from main dialog (CChatServer) to the client socket class. The main dialog is responsible for the forwarding and coordination of the messages between clients, in other words, a manipulation of the linklist
Since only source file is provided, you need Visual C++ for compilation.
- Open the chat - server project, run it, click the "start" button, the IP of the current machine appears on the right;
- Open the chat client project, press "connection" button, change the IP address to the one shown on the server side, then ok. Next, press "Sign in" button, and begin to chat.
- Functionality of the buttons below are (from left to right): "Connection", "Sign in", "Sign out", "my icon"(N/A), "On leave"(N/A), "About".
I used Visual C++ 6.0 / Window Xp/2K to do the test.
- Rich text editing;
your customized setting will be remembered and recalled next time.
I did find some bugs when I operated server a lot (stop, start, stop, start) while the clients were still linking. For example, if the client logs off during the period while the server stops services, the other clients of cause couldn't get his log off info. Since in the normal circumstance the server is supposed not to be bothered after it's started, I did no bother to fix that part.
I tested on a single machine( Win XP installed) and also test in the LAN of my lab(Win2K installed ). I was carefully to avert the possible error. So I believe you guys will find many more bugs, just don't hesitated to let me know. Of course, if you can solve them on your own, that'd be better. J
- The icon button is a fake, no response to the users' input. It needs to be improved;
- The contact list box on the right is a fake, no icons - just names, and can't do anything. It needs to be improved for personal talk;
- The persistence is machine dependent instead of account dependent, which means different users get the same setting if he run this program on the same machine. It's not a mistake, but the account dependent setting is more "professional". Suggestion: use GetProfileIni/WriteProfileIni to do the persistence.
- Private conversations. People need to single out a certain guy for a private talk. Like MSN message; Matthem Millman did that with multi thread. But automation tech might be an alternative;
- File transfer;
- Pop3 mail reminder.
I'll do these updates in the coming days, maybe after
I'll do these updates in the coming days, maybe after graduation.
I finished this project( maybe not yet J) within two weeks by myself, in my spare time at night. However, without the genius idea and code on codeguru, I couldn't make it. So many thanks should go to the people contributing their effort to this great website. Also, direct helps from the following guys are highly appreciated:
- Matthem Millman for his NetMsg and the clear presentation of the usage of CSocket;
W. Stowell for his cool
G. Hyams for his great expansion dialog code, which goes into my code
- Bogdan Matasaru for his powerful property sheet wizard, which helped me to construct my server in a professional way.
Also many thanks go to the people emailed me, commented on my previous article, and answered my questions on the discussion board. I sincerely request you for the continuing supports for this one too.
As I mentioned at first, I am now looking for a proper job as a programmer. I like to use C/C++ and Java as my programming languages, my preferred IDE is Visual C++ studio and Forte from SUN. My computer skills are including but not limit to the programming ability. Web authoring and script writing are also my interests. I use Linux and IRIX from SGI doing my work as well. I also sometime consult on campus. I like to talk with people on all topics. At last, my loyalty and diligence is of no doubt because, this kind of work, is something I really fond of.
Work area includes any state within the
I'll send you my resume and ready to answer your questions.
Thank you all, and enjoy coding!Chat server source code (116 kb)
Chat client source code (342 kb)