Key Site Architecture Considerations
Virtually every site or web application should consider the following:
- Multilingual capable - even if the content is not immediately available in other languages. Retrofitting translation into a site is extremely costly.
- Common components - any code that will execute in more than one place should be shared through includes or other mechanisms.
- Hierarchical templates - this provides a more consistent interface and more efficient code. Templates must be general enough to support this.
- Appropriate user assistance - help, at both the field and page level
- List of browsers supported - you can’t support every browser. Identify those you will.
- Graceful error handling - don’t just issue a print or echo and die
- Security - close the windows and doors into your application. Ensure error handling prevents disclosure of code and database elements
- Configuration - database access constants should be sourced from a single point, as should all other configuration directives. This ensures all elements of the application, including backend/offline scripts. Otherwise, the constants can’t be changed without risking the integrity of the system.
- Server configuration - prevent access to areas the site visitor should not see at the server level.
- Multi-mode deployment - only put the code required on the server. Set up the distribution/installation process accordingly.
- Use mod_security.
- Let the web server be the only reader of script files. This makes it more difficult for hackers to get to the web code.
- Use robots.txt and meta tags to keep things out of search engines unless necessary.
- Change off port 22 for SSH, or close it entirely from public access
- Enforce these practices across the entire team, and audit for them during development
Print article | This entry was posted by elvis on 08/02/08 at 07:53:04 am . Follow any responses to this post through RSS 2.0. |