While there have been numerous web applications raised for various creative use, the use of web application becomes more important. From static HTML page, to traditional client-server page, and it now comes with Web 2.0 Rich Internet Application (RIA). Features, performance and user friendliness have taken a major focus of web development nowadays. However, there has been increasingly concern on security issue on internet applications.
There have been outbreaks of web application exploit due to lack on security consideration in the system design and implementation. There are well-known issues like SQL injection, cross site scripting, HTTP request splitting, and etc. While the technologies are frequently updated, the type of security issues fellow the pace of the update. How should we do web development, taking security concern in account, in a more systematic way? This page would introduce you a systematic process to protect your application from security problem, throughout the development process.
From setting expectations, looking for tools, making use of the tools, evaluation of the result and making modification accordingly, there are guidelines for each step. With these guidelines, we can get prepare for and execute the development of a secure web application.
http://searchsoftwarequality.techtarget.com/tip/0,289483,sid92_gci1247920,00.html
Sunday, April 13, 2008
Thursday, February 21, 2008
Using Python Scripts with IIS
http://support.microsoft.com/kb/276494
Web application development normally needs a web server to work along with throughout the implementation stage. We might need to work out some code and then put it onto the server for some simple testing. A more convenient way would be using a local web server for this sort of programming and testing tasks. It has been saying that ASP or .Net programmer stick with IIS and the others goes for other web server like Apache. What if you are using developing CGI application in Python with a Windows machine? Do we really need to install an Apache server and do some configuration in other to make things done? Not exactly, you may still stick with your IIS (for convenient). This page teaches you how to make your IIS work with Python scripts.
It is important to have a local testing server in development nowadays. Since development process is now talking about quality, developers need to do sufficient testing on their code in order to ensure the quality of their output. Another thing about development
process is speed. It is always good to have a higher development speed, so that the time-to-market of the software product can be shorten, and therefore a faster income for the team. Quality and speed may seem to contradict each other, but doing the test with local web server in development stage would provide a quicker and longer testing process. This can favor the development process in terms of both quality and speed.
So next time, when you want to do some Python CGI but you only have an IIS, no panic, try to make your IIS Python-enabled, and then enjoy the development.
Web application development normally needs a web server to work along with throughout the implementation stage. We might need to work out some code and then put it onto the server for some simple testing. A more convenient way would be using a local web server for this sort of programming and testing tasks. It has been saying that ASP or .Net programmer stick with IIS and the others goes for other web server like Apache. What if you are using developing CGI application in Python with a Windows machine? Do we really need to install an Apache server and do some configuration in other to make things done? Not exactly, you may still stick with your IIS (for convenient). This page teaches you how to make your IIS work with Python scripts.
It is important to have a local testing server in development nowadays. Since development process is now talking about quality, developers need to do sufficient testing on their code in order to ensure the quality of their output. Another thing about development
process is speed. It is always good to have a higher development speed, so that the time-to-market of the software product can be shorten, and therefore a faster income for the team. Quality and speed may seem to contradict each other, but doing the test with local web server in development stage would provide a quicker and longer testing process. This can favor the development process in terms of both quality and speed.
So next time, when you want to do some Python CGI but you only have an IIS, no panic, try to make your IIS Python-enabled, and then enjoy the development.
Thursday, January 31, 2008
Cheetah - The Python-Powered Template Engine
http://cheetahtemplate.org/index.html
When we are doing web application development, one of the most tedious thing for developers is to modify the page layout to reach users' satisfaction. This kind of modification is most likely time-consuming and error prompt. A minor change in the HTML code requires time for communication with users (or designers), actually programming task, testing, and sometimes recompilation and deployment. Even though you seem to be able to make the change to match with users' expectation, sometimes, the change may introduce another bug and raise extra effort.
It would be good to have the web application layout totally managed by users (or designers), which programmers can concentrate on developing the back-end logic. Therefore, the community comes up with a solution by making use of template engine. The basic idea is that the template engine provide help to generate HTML code with templates, and leaving business logic separated from the display logic.
Since the two logics are separated, users and programmers can now work at the same time on different aspect of the system. This would lower the communication overhead and error rate as each party is now assign with their most familiar area of work. Besides, since templates can be saved in files, instead of compiled in code, the deployment would be much more easier.
The above link is a template engine written in Python, which maybe useful for our course project. If you are interested, you may also search for template engine in other languages, e.g. PHP, .Net, Java, and etc.
When we are doing web application development, one of the most tedious thing for developers is to modify the page layout to reach users' satisfaction. This kind of modification is most likely time-consuming and error prompt. A minor change in the HTML code requires time for communication with users (or designers), actually programming task, testing, and sometimes recompilation and deployment. Even though you seem to be able to make the change to match with users' expectation, sometimes, the change may introduce another bug and raise extra effort.
It would be good to have the web application layout totally managed by users (or designers), which programmers can concentrate on developing the back-end logic. Therefore, the community comes up with a solution by making use of template engine. The basic idea is that the template engine provide help to generate HTML code with templates, and leaving business logic separated from the display logic.
Since the two logics are separated, users and programmers can now work at the same time on different aspect of the system. This would lower the communication overhead and error rate as each party is now assign with their most familiar area of work. Besides, since templates can be saved in files, instead of compiled in code, the deployment would be much more easier.
The above link is a template engine written in Python, which maybe useful for our course project. If you are interested, you may also search for template engine in other languages, e.g. PHP, .Net, Java, and etc.
Tuesday, January 22, 2008
Ajax Pattern
http://ajaxpatterns.org/Patterns
You may have heard of design pattern in software development. There're patterns like Singleton, Composite and Strategy in software development. For Ajax application development, we also have some specific patterns.
The above Wiki site shows a list of pattern specifically for Ajax development. They range from high level (application feature) to low level (software architecture). There are real world examples stated in the site for some of the patterns. For example, you can find Google Suggest in the Suggest pattern.
Among those patterns, I'm particularly interested Periodic Refresh and Unique URLs. Periodic Refresh is one of the AJAX application feature I use most of the time (in GMail and Google Reader). It is really useful in helping me keeping up-to-date and alerted.
Unique URLs may not seem to be useful to you. But when you try more AJAX application, you will find that bookmarking an exact URL in it. In the users' point of view, the bookmarking of these URLs would be preferable. To solve this mismatch between technology and user requirement, the pattern Unique URLs is proposed. It make use of the "#" character in URL (like what we did for HTML anchors), which I think is a bit tricky but a bright idea.
Next time, when we are going to develop an AJAX application, we may go there and see if it give us some new idea on how should our application look like.
You may have heard of design pattern in software development. There're patterns like Singleton, Composite and Strategy in software development. For Ajax application development, we also have some specific patterns.
The above Wiki site shows a list of pattern specifically for Ajax development. They range from high level (application feature) to low level (software architecture). There are real world examples stated in the site for some of the patterns. For example, you can find Google Suggest in the Suggest pattern.
Among those patterns, I'm particularly interested Periodic Refresh and Unique URLs. Periodic Refresh is one of the AJAX application feature I use most of the time (in GMail and Google Reader). It is really useful in helping me keeping up-to-date and alerted.
Unique URLs may not seem to be useful to you. But when you try more AJAX application, you will find that bookmarking an exact URL in it. In the users' point of view, the bookmarking of these URLs would be preferable. To solve this mismatch between technology and user requirement, the pattern Unique URLs is proposed. It make use of the "#" character in URL (like what we did for HTML anchors), which I think is a bit tricky but a bright idea.
Next time, when we are going to develop an AJAX application, we may go there and see if it give us some new idea on how should our application look like.
Subscribe to:
Comments (Atom)