61 things that Web developers should know

Author: Ruan Feng

Date: November 25, 2010

Some people ask questions on stack overflow, what do you need to know before you start developing a website?

Not surprisingly, he got a lot of answers.

Usually, you need to read all the speeches from beginning to end. However, Stack overflow has a very intimate design that allows you to open a wiki area under the problem, allowing everyone to edit an optimal answer together. So, there is the following article, summed up a total of six aspects of 61 "website development Notice."

I have found that this sort of summary question is best suited to the collective wisdom, brainstorming style of answering. It's also the first time I've felt that Stack overflow did what Wikipedia couldn't. (No wonder it has recently squeezed into the top 400 websites of the United States.) ）

In my impression, this comprehensive overview of Web site development is rare and therefore useful. Let's see, how much did you do in 61 things?

(update: Just found, altogether should be 62 suggestions, I have several wrong, this ... It's embarrassing. ）

=============================

61 things that Web developers should know

Original website: http://stackoverflow.com/questions/72394

A: Ruan Feng

interface and user experience (Interface and experience)

1.1

Know that the major browsers to implement the Web standards, to ensure that your site in the main browser can work correctly. You should at least test the following engines: Gecko (for Firefox), Webkit (for Safari, Chrome and some mobile browsers), IE (you can use Microsoft's creator compatibility VPC Images for testing) and opera. At the same time, different operating systems may also affect how browsers present your site.

1.2

In addition to the browser, the site has other ways to use: mobile phones, screen readers, search engines and so on. You should know the health of your site in these cases. Mobiforge provides some relevant knowledge of mobile website development.

1.3

Know how to upgrade a Web site without affecting the user's use. Typically, you must have a version control system (CVS, Subversion, Git, and so on) and a data backup mechanism.

1.4

Don't let the user see the unfriendly error prompts.

1.5

Do not display the user's email address directly, at least not in plain text.

1.6

Set up some reasonable usage limits for your website, and stop the service automatically once the threshold is exceeded. (This is also related to Web site security.) ）

1.7

Know how to implement incremental enhancements to Web pages (progressive enhancement).

1.8

Once a user makes a POST request, it is always redirected (redirect) to another Web page.

1.9

Don't forget the accessibility of the site (accessibility, that is, how people with disabilities use the site). Sometimes this is a statutory requirement for American websites. Aria has some good references in this area.

Ii. Security

2.1

Read the owasp Development Guide, which provides comprehensive web site security guidance.

2.2

Learn about SQL injection (SQL injection) and how to prevent it.

2.3

Never trust user-submitted data (cookies are also submitted by the client)! ）。

2.4

Do not store the user's password in plaintext (Plain-text), and then store it after hashing.

2.5

Don't be too confident in your user authentication system, it can easily be compromised, and you're not aware of any vulnerabilities in advance.

2.6

Learn how to handle credit cards.

2.7

Use Ssl/https on the login page and other pages that handle sensitive information.

2.8

Know how to deal with session hijacking (session hijacking).

2.9

Avoid "cross-site Execution" (cross site SCRIPTING,XSS).

2.10

Avoid "cross-domain Forgery requests" (Cross site request forgeries,xsrf).

2.11

Make a patch on time to keep your system up to date with the latest version.

2.12

Verify the security of your database connection information.

2.13

Track the latest development of attack technology and the latest security vulnerabilities for the platforms you use.

2.14

Read Google's browser safety manual (Browser Security Handbook).

2.15

Read the hacker manual for Internet software (the Web Creator Hackers Handbook).

Iii. Performance (configured)

3.1

Use caching (caching) whenever possible. Properly understand and use HTTP caching and HTML5 offline storage.

3.2

Optimize the picture. Do not put a 20KB picture file as a recurring page background pattern.

3.3

Learn how to compress content with gzip/deflate (deflate method is preferable).

3.4

Combine multiple style sheet files or script files into one file, reducing the number of HTTP requests to the browser and reducing the total volume of gzip compressed files.

3.5

Browse Yahoo's exceptional configured website, which has plenty of excellent tips for improving front-end performance, as well as their yslow tools. Google's page speed is another tool for analyzing Web page performance. Both require installation of Firebug.

3.6

If your Web page uses a lot of small volume images (such as toolbars), you should use CSS image Sprite to reduce the number of HTTP requests.

3.7

Large-volume Web sites should consider spreading Web objects across multiple domain names (split rs across domains).

3.8

Static content (such as pictures, CSS, JavaScript, and other cookie-independent web content) should be placed on a separate domain that does not need to use cookies. If there is a cookie under the domain name, then each HTTP request sent by the client to the domain name will be accompanied by a cookie content. A good way to do this is to use the Content distribution network (IBuySpy Network,cdn).

3.9

Minimizes the number of HTTP requests required to complete Web page rendering.

3.10

Using Google's closure compiler compressed JavaScript files, YUI compressor can also be.

3.11

Make sure that there is a favicon.ico file in the root directory of the Web site, because even if the file is not included in the Web page, the browser automatically makes a request to it. So if this file does not exist, a large number of 404 errors will be generated, consuming your server's bandwidth.

SEO (Search Engine optimization,seo)

4.1

Use "search engine friendly" URL forms, such as Example.com/pages/45-article-title, rather than example.com/index.php?page=45.

4.2

Do not use hyperlinks such as "Click here" because this is a waste of an SEO opportunity and reduces the use of screen readers.

4.3

Creates an XML sitemap file whose default location is generally/sitemap.xml (that is, in the site root directory).

4.4

When you have multiple URLs pointing to the same content, use <link rel= "canonical" in the Web page code .../>.

4.5

Use Google's webmaster tools and Yahoo site Explorer.

4.6

Use Google Analytics (or open Source Traffic analysis tool Piwik) from the start.

4.7

Know the role of robots.txt, as well as search engine spider working principle.

4.8

www.example.com access requests are directed to example.com (using the moved Permanently redirection), or to the contrary, the goal is to prevent Google from using them as two sites and counting the rankings separately.

4.9

Know the existence of malicious or improper behavior of the web spider.

4.10

If your site has non text content (such as video, audio, etc.), you should refer to Google's sitemap extension protocol.

V. Technology (Marvell)

5.1

Understand the HTTP protocol, as well as concepts such as GET, POST, sessions, cookies, including "stateless" (stateless).

5.2

Make sure that your xhtml/html and CSS conform to the standards of the consortium so that they pass the test. This allows your Web page to avoid triggering the quirky behavior of the browser (quirk) and makes it work on "screen readers" and mobile phones as well.

5.3

Understand how browsers handle JavaScript scripts.

5.4

Understand how JavaScript files, style sheet files, and other resources on a Web page are loaded and run, considering how they affect page performance. In some cases, you might want to place the script file at the end of the page.

5.5

Understand how JavaScript sandbox (JavaScript sandbox) works, especially if you intend to use IFRAME.

5.6

Know that JavaScript may not be available or disabled, and Ajax is not necessarily running. Remember, "Do not allow script to run" (NoScript) is becoming popular among some users, the mobile browser to support the script is very different, and Google index Web pages do not run most of the script files.

5.7

Learn the difference between 301 redirects and 302 redirects (this is also an SEO-related issue).

5.8

Learn as much as you can about your deployment platform (deployment platform).

5.9

Consider using the style sheet reset (reset style Sheet).

5.10

Consider using JavaScript frameworks, such as jquery, MooTools, and Prototype, that allow you to not consider the differences between browsers.

Vi. Solving Bugs

6.1

Understand that programmers 20% of the time for coding, 80% of the time for maintenance, according to the corresponding schedule time.

6.2

Establish an effective error reporting mechanism.

6.3

Establish certain pathways or systems that allow users to contact you and make suggestions and criticisms.

6.4

Write documentation for future maintenance and customer service personnel to explain how the system works.

6.5

Regular backups! (and make sure that these backups are valid.) In addition to the backup mechanism, you must also have a recovery mechanism.

6.6

Use a version control system to store your files, such as Subversion or Git.

6.7

Don't forget to do unit tests (testing), selenium frameworks like this will work for you.

Finish）

Source: http://www.ruanyifeng.com/blog/2010/11/61_things_every_web_developer_should_know.html