Enterprise Application Problems Caused by single-page web applications and web enterprise applications
Due to the popularity of single-page web applications, the client and server have made some subtle changes accordingly. For example, the client was originally used to display pages and clarify the logic, and now it is gradually transformed into an application that can enter the driving state.
The future development direction of enterprise-level applications and the final implementation of technologies will certainly change a lot compared with the present, but new changes will certainly cause some troubles for developers and management personnel, this leads to a series of technical or practical problems.
If the page rendering function is excluded from the server...
1. reduce the pressure on the server itself. The server does not need to save any client status content, which indirectly increases the server's processing capacity.
2. The same server can adapt to different types of clients, including iOS, Android, and browsers.
3. When the server needs to be switched, the previous practice was to redo all over again. Now, all previous pages and interfaces can be reused, greatly reducing the technical cost of the project.
4. improve efficiency. Page Development and server-side development can be performed at the same time without connecting each other.
5. Reduce the error rate. After the page rendering function is removed from the server side, the possibility of writing SQL harmonious business logic on the page directly becomes zero.
Confusions and questions generated by project personnel...
After the above ideas are thrown out, the project developers and management personnel will certainly start to issue many problems, such:
Twitter has switched from Client Side rendering to ServerSide rendering. Does it prove better Server Side rendering performance?
FaceBook has already abandoned HTML5 on its mobile phone. Is there any problem?
New things are not tested and certified. Is the actual operation feasible?
These problems are difficult to explain for a while, but people are reluctant to change the processes they are already familiar. When a very urgent project comes to the fore and there is not enough time for a complete assessment, various problems may occur in the future, so that we can realize that the previous judgment is wrong. It is precisely in the face of many such failures that we are more motivated to try some new methods.
Solve client and server problems in enterprise applications
Many comments have been written against JS, but when you have a deep understanding of AngularJS, it will definitely change. AngularJS can easily guide us to accept and recognize Node, eliminate important language barriers, and solve client performance problems.
Many architects will say that Java has a very mature framework architecture, but the biggest problem currently is that Java is used only as a transitional language during development. Too many times the entire web cannot be started due to irrelevant service configuration issues, such problems are too many, so Java applications should gradually become unified, thus reducing the cost of unit testing.
For web applications with a large volume of data on a single page, what are the best designs to ensure the user experience and speed?
You can study Renren's framework. It starts to query databases that are not very important after the page is loaded.
What are common security vulnerabilities in Web applications?
Ignoring the test of Data legitimacy before data is input into a program is a common programming vulnerability. With OWASP's investigation of Web application vulnerabilities, illegal input has become a common phenomenon in most Web application security vulnerabilities. Most enterprises are very concerned about controlling established connections. However, allowing a specific string input allows attackers to bypass enterprise Control. Invalid account and thread Management Broken Authentication and Session Management good access control does not mean everything is fine, enterprises should also protect users' passwords, session tokens, account lists, and any other information that can provide attackers with favorable information and help them attack the enterprise network. Cross Site Scripting Flaws is a common attack. When the Attack Script is embedded into the enterprise's Web page or other accessible Web resources, when a desktop with no protection capability accesses this page or resource, the script will be started. This attack can affect the terminal computers of hundreds of employees in the enterprise. The Buffer Overflows problem occurs in earlier programming languages, such as C programming languages, this programming error is actually caused by the lack of a good determination of the position of the input content in the memory. Injection Attack Injection Flaws if the input content with syntax meanings is not successfully blocked, it may lead to illegal access to the database information. The content entered in the Web form should be kept simple, and should not contain executable code. Exception Handling Improper Error Handling when an Error occurs, it is normal to submit the Error message to the user. However, if the submitted Error prompt contains too much content, attackers may analyze the structure or configuration of the network environment. Insecure Storage for Web applications, it is very important to properly store passwords, user names, and other information related to identity authentication, encryption of this information is very effective, but some enterprises will adopt encryption solutions that are not verified in practice, which may have security vulnerabilities. Program Denial of Service (DoS) attacks are similar to Application Denial of Service. Application DoS attacks use a large number of illegal users to seize Application resources, the Web application cannot be used by legal users. Insecure Configuration Management the effective Configuration Management process can provide good protection for Web applications and enterprise network architectures.