]>

Web

Dynamic sized page layout instead of fixed sized page layout When the font is changed in the browser the page still looks fine The page will never look exactly like a photoshop design The page will always fill the browser window, the user can choose how wide to make the tpage When the browser window is narrower than the page design the page will still be readable Dynamic sized designs take more work and time to implement than static sized designs Use XSLT to seperate logic from presentation Standard since 16 November 1999 and supported in most web browsers Can be done client side or server side using java or perl business logic is seperated from presentation allowing a web designer to modify the display without touching the logic the template can process static or dynamic data allowing for easier prototyping not supported in all web browsers requires more server processing than just outputing html requires collection of data to be passed on to the template the web designer and script writer need to understand XML and XSLT Use templates to seperate logic from presentation only resulting html is sent to the client requires collection of data to be passed on to the template The script programmer and web designer can each work on their parts without needing to worry about the other the web designer needs to know how the specific template language works use mod_perl rather than PERL-CGI does not reqire the launching of a new process the script runs in the web server process and can modify the web server's active configuration and access anything the web server can (use FastCGI instead) script code is cached in compiled form in the web server giving dramatic speedup (speeds comparable to static content) script code is cached in compiled form in the web server increasing the memory requirements persistant database connections are available eliminating the server-time required to connect to the database on each request use mod_fastcgi to speed up scripts keeps scripts loaded after the first invocation so that initialization time is eliminated, almost as fast as mod_perl integrates with suexec to allow the scripts to be run as users, improving security the scripts stay in memory the pool of waiting scripts in memory is managed according to use allows for multiple versions of php to be available the scripts need to be written for use with FastCGI (easy conversion in perl) use mod_perl to extend web server capability allows for custom authentication methods allows for generated config files, making configuration easier use SSI (Server Side Includes) instead of copying text into each page reduces the person-time required to update the shared content ensures a consistant appearance on the site requires SSI, not available on the local disk during design not every hosting environment allows SSI is slightly slower than having the text in every page use Content Negotiation feature available in apache since 1999 feature consts money in IIS and not supported in Tomcat even works for jsp pages served through Tomcat through Apache not all hosting providers enable Content Negotiation most hosting providers have the option to use Content Negotiation shortens urls by allowing the extension to be left out in the page source and address allows the implementation of a page to change without changing the url to the page, for example changing a html file to a shtml file to a cgi script requires a directory scan and quality calculation for each request, which is slightly slower than using the full name hides the technology used to implement a dynamic page from possible attackers Supports multiple languages at the same URL, the browser perfereed language will be served use valid HTML Strict the page is more accessable layout may be slightly harder browser specific features are not available in html (but may be available in javascript) only use javascript for added functionality, do not require javascript for the page to perform basic functions like navigation the page is more accessable, people with scripting turned off and search engines will be able to navigate the page. awareness of the non-script appearance of the page is required accept and use graceful degredation use current features, but do not rely on them, allow the page to look acceptable to browsers that do not support them the page may not look identical in all browsers use Firefox or Mozilla instead of Internet Explorer a more standards based browser not every feature of Internet Explorer is available much less annoyances (spyware) harder to implement annoyances that work with Firefox or Mozilla (why you would want to is a mystery) You take control of you web browsing experience, elminate new window links, per-site javascript control, and many other things available as extensions web page 'Subscriptions' are not available more secure and faster response to security problems

Security

store password hashes instead of passwords the password can not be viewed and remains safe if the database is comprimised can not get the password for password reminders, need to reset password instead can not move the passwords to a new hash (need to keep verifying against old hash, changing the hash when the clear password is knwown) Do not allow direct remote access to a database. in other words filter external traffic to the database server ports it is harder for someone to break into the database, they need to get onto a system that can access the database first the database is only accessable from the local machine (or allowed machine) so desktop clients do not directly work