Jump to content

watch my spending beta


jdforsythe

Recommended Posts

test account
email: test@test.com
password: password

security nightmare? no.  it's safe.  how?

no information is kept which can link any data to you apart from your email address. no account numbers are kept on the site, or ever entered. you name your accounts and credit cards whatever you choose, so nothing which is stored or transferred on the site links any data to any real account. if anyone knew your account numbers and your email address, all they could gain from finding a way to steal your data is the knowledge of what you spend your money on (or, more accurately, what you [i]describe[/i] your expenses as, because when you enter them you can use whatever description you want); and if someone has your email address and your account numbers, you have bigger problems.
Link to comment
Share on other sites

how do you secure email addresses and any personal information?

I guess I have a few issues with the possibilities of a site like this:
1) Why track my stuff on your site when I can just login to my bank/credit card website and view the statement?
2) There are a lot of programs out there that sit on someone's PC (more secure) and do SO much more than what you're offering.
3) The biggest problem with all of these programs is that you have to be very dedicated to it.  The reason so many people suck at using these things is because they're not dedicated to it... so they get behind and they get to a point where they're so far behind there's no point in catching back up.

Link to comment
Share on other sites

@ober:

at present, email addresses are stored as plain text in the database, but in the next revision they will be md5()'d along with the passwords.  apart from that, there is no personal information kept, since there's no need for it.

1. Why track my stuff on your site when I can just login to my bank/credit card website and view the statement?
Several reasons.  First, when you first spend money, it doesn't show on your bank/credit card website and therefore you can't see an accurate picture of how much money you have unless you haven't spent anything for a couple days, or if you keep track yourself (which, granted, some people do, but many don't).  Second, you if you have 3 accounts (checking, savings, paypal) and several credit cards, you need to switch between 5 different windows/tabs to see what is going on with all of them at any given time.  Third, none of your bank/credit card sites offer a budgeting tool, which my site will offer in the very near future.  It will help you keep track of your bills, email you reminders of upcoming payments, help you set aside portions from each check for bills, help you track your savings dollars and percentage, and more.
2) There are a lot of programs out there that sit on someone's PC (more secure) and do SO much more than what you're offering
Sure.  The security, though, I addressed in my last reply.  There's no real sensitive data here, no account numbers or anything which would really be a threat if someone did gain access to the database.  Another feature in the works is a reason to use my site over software - a mobile version.  A version you can access from any device with an internet connection, anywhere in the world.  Some software has handheld versions to work on Palm or Windows handhelds, but what if all you have is a Motorola?  With my mobile version you'll still be able to view your account balances and budget, but not with software solutions.
3) The biggest problem with all of these programs is that you have to be very dedicated to it.  The reason so many people suck at using these things is because they're not dedicated to it... so they get behind and they get to a point where they're so far behind there's no point in catching back up.
Agreed.  I can do nothing personally to motivate anyone to keep track of their money.  But that's not what it's about.  I aim to have a tool which will help the average, non-mathmatical joe keep track of his finances, stop missing bills, and save more money.  His dedication is his own problem.  But hopefully he can gain some useful knowledge and motivation from his peers in the planned forum.

I aim to take all the work out of budgeting (other than inputting your expenses, income, and bills, obviously).  People who are bad with numbers have a very difficult time budgeting.  This tool will allow them to keep a strict budget without worrying how numbers interact, all they need to do is input their expenses, income, and bills, and the site will do the rest, down to emailing them reminders when bills are coming due.

How many times are you standing in a store, wanting to buy something, but not knowing your account balance or budget allowance for that type of expense?  It happens to me all the time.  I aim to give you the ability to find out within seconds by browsing to my site on your cell phone.
Link to comment
Share on other sites

Anywhere where i see ->
http://www.webstats4u.com/stats?AD6b7Q77GySlO8GOXlkSx/de8suw

a DIY/hobby site springs to mind.

The site looks ok, your Nav menu is innovative - however the mouse MUST hover over the text rather than the green bar. The latter is better.

You have no validation on your internal forms ->
0000-00-00 "asdfsfd $0.00 Yes
Not user friendly.

The this is cleared button - is there an Undo??

-------------

Ah - u've bugs already. Register -> you rely on magic quotes.
Note some email addresses can and do have a single quote in them. !!!
You dont enforce strong passwords.

The Welcome usernamem at the top right is too inconspicious.
It should be down where I can see that I am logged in as who I am.
Also REMOVE the nav menu with all its options for people who are not logged in. It is only showing an open door.

-steve
Link to comment
Share on other sites

@steviewdr:

about webstats4u - agreed.  it's a crappy counting site, and i'm sad i need to use it.  but my host recently upgraded my cpanel install and magically awstats disappeared.  i'm working on correcting that, so i slapped up the crap counter in the meantime.

about the mouse hover on name - great point.  i'll change that.  interesting how another perspective brings things to light.

no validation on internal forms - i don't get what you're saying here, can you be more specific?

no undo as of yet on the cleared property of records, but it's a great thought and will be implemented.

magic quotes! aaaaahhh! of course my host would have them on... thanks for bringing this to light.  another thing i never thought to check...

no, i don't enforce strong passwords.  i suppose because i HATE having a punctuation mark or number in my password.  i guess i should at least suggest it to registering users, though.

agreed on the welcome.  i don't think i'll remove it, but make it more noticeable and plop another copy of it, even more noticeable, above the nav.

i don't want to remove the nav for those who don't have an account, because i think it's a good demonstration at a quick glance of what the site is about.  although i will test for logged in status and remove the links for those who aren't.  good point.

thanks for your remarks.  this is the only way i can improve the site.
Link to comment
Share on other sites

[quote]You have no validation on your internal forms ->
0000-00-00 "asdfsfd $0.00 Yes
Not user friendly.[/quote]
What can I say. When a user fills out a form for a credit card etc. and puts in a Quote or wrong character or too long of a character!!! - you simply slap it into the db without validation. See the above date!! If the user didnt put in a correct date - they should be informed of such! rather than allowing the db to spit out 0000-00-00

I hope you are not too keen on this site making business. Its a good site to learn stuff - but as mentioned previously, Im not sure if it will work in "real life".

-steve
Link to comment
Share on other sites

ok i understand what you mean about the forms now.  yea, i was aware there isn't any validation of user input as far as that goes.  it's on the way.

and the date problem will be solved when i add the calendar to the forms.

i hear what you're saying about it not working in real life, but i beg to differ.  the only problem people have when i explain it to them is security, which is pretty much a non-issue because, as i've stated previously, there's no real useful data that could be gathered about you, nothing that could harm you anyway.  once i explain that there are no names, addresses, or account numbers, people seem to think it's a great idea.  we'll just have to wait and see.

besides, there are already a couple of sites out there with a worse model and ease-of-use (weird terms for things and hard to navigate) and they seem to be doing okay.  one of them charges for using their service after 30 days and the other is just plain crap, but they have enough users that at a 1.5-2% click thru on ads, i would be able to profit about $5 a month on the site.  all i'm really aiming for is to get back my hosting costs and have another site to put in my portfolio.  making about $50 a year shouldn't be too terribly difficult, once everything is tested and working.

again, thanks for your comments.  i will be working on the input validation and getting rid of magic quotes this weekend.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.