Archive for the ‘Web Dev Checklist’ Category
Tuesday, March 11th, 2008
- Value also the default values, even if the default value is as you like. Infact they could change the default value along versions.
- Use GET as a method for the forms that doesn’t send any important information but they act just as a filter. This is good:
- In the case of reloading of the page, the form is still the same
- It’s easier to manage in the case there are also links that submit the form (all the filter values will be in the GET array)
- When you submit a form or a page that should perform an action, take into account that the user could submit it a long time after the loading of it, so the situation of the system could have been changed in the meantime. Then in the action page do the proper checks.
Posted in Web Dev Checklist | No Comments »
Saturday, November 24th, 2007
- Speed up: check again included css or js files that actaully don’t exist. They’d generate a 404 error and if our 404 page is very heavy the site will experience delay.
- Backup: obviously database backup is a must. But you should backup also files, even if you don’t make any change to them…an hacker could change them
Posted in Web Dev Checklist | No Comments »
Saturday, October 6th, 2007
- [general] Focus your attention on the most critic parts of the system, all across the testing stage. The most critic parts are those that could cause an important money loss for the client (for example feedback forms or newsletter joining setting).
- Keep a big eye on the code that manages AJAX requests: filter the input, perform permission check,…
- Javascript: when declaring a variable, use the var keyword (that set the variable as local if inside a function) as much as possible
- Use CSS as often as possible rather than properties inside the HTML tags: this will make your code more cross-browser
- CSS: don’t mess up visibility and display properties (check here).
- PHP: when performing operation on the filesystem (copy, unlink, ….) or calling external program (through the system function) always check the return values and inform the user about failures.
- HTML: if a “submit” button is used just for an AJAX request or a different Javascript action (without meaning to really submit the form), use button rathen than submit as type (for cross browser compatibility).
- Check inputs containing quotes or double quotes don’t break the system:
- if a PHP variable is put into a Javascript string, you need to escape the characters corresponding to the delimiters of the string
- if a PHP variable is put into the value parameter of an input tag, you need to use the HTML entities corresponding to the delimiters of the string
- Check foreign characters (for example, accented vowels) don’t break the system.
- Check the charset for Apache (in the VirtualHost directive) and for MySQL. They should be UTF8. For MySQL the default one is latin1
alter table mytable charset=utf8;Be Careful! If you change the charset for the database with the command above, probably the single fields will be still the old one. Check dumping the database and work on the dump to amend.
- Check you use mysql_real_escape_string for string and a cast to integer for integers for the data in the query that could be malicious (or alternatively the purge-function you have in your personal toolbox).
- Move the rules in .htaccess to the Apache configuration file (VirtualHost section)
- If you need to include some JS on your page that requests external resources (living on other sites), include it at the bottom of the page and not on top otherwise your page might not be displayed if there’s a problem with the other site
- Make sure all the vital functionality (such as signing up) can be performed also with Javascript disabled, or, at least, notify the user that they need JS enabled.
Posted in Web Dev Checklist | No Comments »
