You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(this is a suggestion, I'm not saying it needs to be implemented exactly like that)
Design principles:
Contestants are assumed to be clumsy, but not malicious.
They may confuse team names (especially because there are always 2-3 teams named "DROP TABLE [something]"), or sit at the wrong table.
They will not try to impersonate other teams, or destroy sheets given to other teams.
Contestants must only ever input any kind of credentials once, for the entire duration of the contest, dry run included.
Team names must never be inserted into a plain text field, as they may contain non-standard characters (e.g. the "flipping table" emoji).
From the contestants' point of view:
Boot into a screen with 1 field: "Please input your password".
Insert the password (in a "plain" text box, no masked characters), given by contest organizers.
See the corresponding team name (including contestants' full names), with a "confirm" button
Click on the button.
From the client/server point of view:
Prompt the user for a password on boot
Ask the server to which team name it corresponds, and display it
If the user confirms, send a message to the server indicating a login
The server replies with some form of executable command/script that sets up any credentials-related settings
From the organizers' point of view:
Export the list of teams from the contest website.
Import it into the server.
Put the printed password sheets on the right tables.
Some notes:
There should be a hardcoded special password that bypasses everything (and thus doesn't set up any credentials), so that contestants can try out the system before a contest.
It'd be nice to leave the password generation outside of the contest website, so that it's not bound to a specific way to do authentication.
This system could most likely be reused for non-contest settings, e.g. coding exams, by changing the way passwords are distributed, and perhaps allowing an optional "name" field (enabled by some special config) to integrate into any university's existing login system.
The judging system may not be integrated with this, but will definitely have an online "username/password" login form.
One way to bypass this would be to have a script that sends the form (as an HTTP POST), gets the resulting cookie, and adds it to the browser's cookie store, so that users are logged in as soon as they open the website.
A more hacky way to do it is by adding data to the stored passwords list, and finding a way to automatically send forms that are auto-completed, so that users feel like they're logged in automatically. Then the bookmark for the contest website (or even the browser homepage) can be the login page.
The text was updated successfully, but these errors were encountered:
(this is a suggestion, I'm not saying it needs to be implemented exactly like that)
Design principles:
They may confuse team names (especially because there are always 2-3 teams named "DROP TABLE [something]"), or sit at the wrong table.
They will not try to impersonate other teams, or destroy sheets given to other teams.
From the contestants' point of view:
From the client/server point of view:
From the organizers' point of view:
Some notes:
One way to bypass this would be to have a script that sends the form (as an HTTP POST), gets the resulting cookie, and adds it to the browser's cookie store, so that users are logged in as soon as they open the website.
A more hacky way to do it is by adding data to the stored passwords list, and finding a way to automatically send forms that are auto-completed, so that users feel like they're logged in automatically. Then the bookmark for the contest website (or even the browser homepage) can be the login page.
The text was updated successfully, but these errors were encountered: