61 things developers should know about the site

Source: Internet
Author: User
Tags version control system

Author hoogle, dragon fruit software released: 2014-01-23

Some people ask questions on stack overflow, what do you need to know before you start developing a website?

Not surprisingly, he got a lot of answers.

Usually, you need to read everyone's speeches from beginning to end. However, Stack overflow has a thoughtful design that allows a wiki area to be opened under the question, allowing everyone to co-edit one of the best answers. So, there is the following article, summed up six aspects of a total of 61 "web site development notes."

I have found that this overview of the problem is best suited to this collective wisdom, brainstorming style of answer. It was also the first time I felt that Stack overflow did what Wikipedia couldn't do. (No wonder it recently squeezed into the top 400 sites in the United States.) )

In my impression, this comprehensive overview article about Web development is very rare and therefore very useful. Let's see how much you've done in 61 things.

First, interface and user experience (Interface and users Experience)

1.1 know that browsers are performing web standards to ensure that your site works on the primary browser. You should at least test the following engines: Gecko (for Firefox), Webkit (for Safari, Chrome, and some mobile browsers), IE (you can take advantage of Microsoft's published application compatibility VPC Images for testing) and opera. At the same time, different operating systems may also affect how the browser renders your site.

1.2 In addition to the browser, the site has other uses: mobile phones, screen readers, search engines and so on. You should be aware of the health of your site in these situations. Mobiforge provides a number of relevant knowledge about mobile website development.

1.3 Know how to upgrade a Web site without fundamentally affecting the user's use. Typically, you must have a version control system (CVS, Subversion, Git, and so on) and a data backup mechanism (backup).

1.4 Do not let the user see those unfriendly error prompts.

1.5 Do not display the user's email address directly, at least not in plain text.

1.6 Set some reasonable usage limits for your website and automatically stop the service once the threshold is exceeded. (This is also related to website security.) )

1.7 Know how to implement progressive enhancement of Web pages (progressive enhancement).

1.8 After the user makes a POST request, it is always redirected (redirect) to another page.

1.9 Do not forget the accessibility of the website (accessibility, that is, how people with disabilities use the site). For U.S. websites, this is sometimes a legal requirement. Wai-aria has some very good references in this area.

Ii. Safety (Security)

2.1 Read the Owasp Development Guide, which provides comprehensive web site security guidance.

2.2 Understand SQL injection (SQL injection) and its prevention methods.

2.3 Never trust user-submitted data (cookies are also submitted by the client!) )。

2.4 Do not clear (Plain-text) Save the user's password, to hash processing and then storage.

2.5 Don't be too confident with your user authentication system, it can easily be compromised, and you don't even realize there's a vulnerability in advance.

2.6 Learn how to handle credit cards.

2.7 On the login page and other pages dealing with sensitive information, use SSL/HTTPS.

2.8 Know how to deal with session hijacking (session hijacking).

2.9 Avoid "Cross site Execution" (SCRIPTING,XSS).

2.10 Avoid "cross-domain forgery requests" (crosses site request forgeries,xsrf).

2.11 Patch in time to keep your system up to date with the latest version.

2.12 Confirm the security of your database connection information.

2.13 Tracking the latest developments in attack technology and the latest security vulnerabilities in the platform you are using.

2.14 Read Google's browser safety Guide (Browser Security Handbook).

2.15 Read the Cyber Software Hack Handbook (the Web Application Hackers Handbook).

Third, performance (performance)

3.1 Use the cache (caching) only if it is possible. Correctly understand and use HTTP caching and HTML5 offline storage.

3.2 Picture optimization. Do not put a 20KB picture file as a recurring page background pattern.

3.3 Learn how to compress content with gzip/deflate (deflate way preferable).

3.4 Combine multiple stylesheet files or script files into one file, which reduces the number of HTTP requests to the browser and reduces the total volume of files after gzip compression.

3.5 Browse Yahoo's exceptional performance website, which has a number of excellent tips for improving front-end performance, as well as their yslow tools. Google's page speed is another tool to analyze the performance of Web pages. Both require installation of Firebug.

3.6 If your Web page uses a large number of small volume images (such as toolbars), you should use a CSS image Sprite to reduce the number of HTTP requests.

3.7 High-traffic sites should consider dispersing Web site objects across multiple domain names (split components across domains).

3.8 Static content (Web content that is not related to slices, CSS, JavaScript, and other cookies) should be placed on a separate domain name that does not require the use of cookies. Because if there is a cookie under the domain name, each HTTP request sent by the client to the domain name will be accompanied by the cookie content. A good way to do this is to use the Content distribution network (Delivery NETWORK,CDN).

3.9 minimizes the number of HTTP requests required to complete a Web page rendering by the browser.

3.10 Using Google's closure compiler compressed JavaScript files, YUI compressor can also.

3.11 Make sure that the Favicon.ico file is in the root directory of the Web site, because the browser automatically sends a request to it even if the file is not included in the page at all. So if this file does not exist, it will generate a lot of 404 errors, consuming the bandwidth of your server.

Iv. seo (search engine Optimization,seo)

4.1 Use a "search engine friendly" url form, such as Example.com/pages/45-article-title, rather than example.com/index.php?page=45.

4.2 Do not use hyperlinks like "Click here", as this is tantamount to wasting an SEO opportunity and reducing the use of screen reader.

4.3 Create an XML sitemap file whose default location is typically/sitemap.xml (that is, placed in the root directory of the Web site).

4.4 When you have multiple URLs pointing to the same content, use <link rel= "canonical" .../> in the Code of the Web page.

4.5 Use Google's webmaster tools and Yahoo's site Explorer.

4.6 From the start, use Google Analytics (or open source Access analysis tool Piwik).

4.7 Know the role of robots.txt, as well as the working principle of search engine spiders.

4.8 Directs www.example.com access requests to example.com (using 301 Moved permanently redirection), or vice versa, in order to prevent Google from using them as two sites to calculate rankings separately.

4.9 Know that there is a malicious or improper behavior of the network spider.

4.10 If your site has non-textual content (such as video, audio, etc.), you should refer to Google's sitemap extension protocol.

V. Technology (TECHNOLOGY)

5.1 Understand the HTTP protocol, as well as concepts such as GET, POST, sessions, and cookies, including what "stateless" (stateless) means.

5.2 Make sure your xhtml/html and CSS conform to the standards, so that they can pass the test. This can prevent your Web page from triggering a browser's erratic behavior (quirk) and make it work on screen readers and phones.

5.3 Understand how the browser handles JavaScript scripts.

5.4 Understand how JavaScript files, style sheet files, and other resources on a Web page are loaded and run, considering how they affect page performance. In some cases, you might want to place the script file at the end of the page.

5.5 Understand how the JavaScript sandbox works, especially if you plan to use an IFRAME.

5.6 know that JavaScript may not be available or disabled, and that Ajax does not necessarily run. Remember, "Do not allow scripts to run" (NoScript) is becoming popular among some users, and mobile browser support for scripts varies widely, while Google index pages do not run most of the script files.

5.7 Understand the difference between 301 redirects and 302 redirects (this is also an SEO-related issue).

5.8 Learn as much as you can about your deployment platform (deployment platform).

5.9 Consider using the style sheet reset (reset style Sheet).

5.10 Consider using JavaScript frameworks (such as jquery, MooTools, Prototype) so that you don't have to think about differences between browsers.

Vi. Resolving Bugs

6.1 Understand the programmer 20% of the time used for encoding, 80% of the time for maintenance, according to the corresponding scheduling time.

6.2 Establish an effective error reporting mechanism.

6.3 Set up some way or system to allow users to contact you, to give you advice and criticism.

6.4 Write a document for future maintenance and customer service personnel to explain how the system works.

6.5 Regular Backup! (and make sure that these backups are valid.) In addition to the backup mechanism, you must also have a recovery mechanism.

6.6 Use a version control system to store your files, such as Subversion or Git.

6.7 Do not forget to do Unit test (unit testing), selenium and the like framework will be useful to you.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.