Category: "HTML / CSS"

Version Hiding for Server and Application Security

One of the easiest ways to make a server or application more secure it to reduce the publicly accessible information.

The above link describes how the versions can be suppressed in the HTTP headers to make it more difficult for people to identify the version of server software you are running, and the version of PHP.

This same principle should be used with applications. Any tag in the HTML that exposes the version should be suppressed.

Rapid Development Strategies

These are my rapid development strategies.


Works well for simple sites where the page layout is very important.

  1. Build the HTML/CSS framework of the screen

  2. Create navigation and page stubs

  3. Set up help, about, terms/privacy stubs

  4. Create a login screen (if necessary), that does nothing, and a logout. This helps to establish the logic flow.

  5. Build a home page

  6. Build pages out in a logical order (it will vary), again, front2back - start with the way it looks on the screen, then build the server side logic.


Works well when the complexity and risk are related to server-side logic and interfaces, or when there is a designer and developer on the project.

  1. Get the documentation, find the resources for the difficult parts

  2. Choose the simplest task, for example, submitting access credentials, and get it working.

  3. Define an object-oriented architecture and one class to support the requirements.

  4. Get the OO code interface working
  5. Break the OO code into two layers (if necessary), one a general interface, the other specific to the class.
  6. Clone the OO code for the remaining data types
  7. Create the view for one class, then use the same approach as before to define the display architecture. Strive to use only very basic HTML, so the design can be managed efficiently with CSS.
  8. Refine the interfaces to make integration easy.

Use a base tag to ease the transition from a development environ to a live server

If you have to develop a site or application on a server that isn’t the target server, you can use a base tag to set the base directory for HTML references. That will allow the vast majority of the code to be URL/domain independent. This is especially important if userdir access is being used. When the site goes live, changing or removing the base tag should ensure the site has valid references in all the links.

To be sure all the development references are removed, use grep.

grep -r development_ref *

Accelerate - Focus on the end product, not the components

There is so much awesome open source code available, and some of it is very powerful. To build a powerful, cost-effective solution, the best approach is to use open source code to provide the bulk of the functionality, and then extend or integrate the remaining elements.

The complexity is in gracefully combining elements from diverse sources into a cohesive unit, and ensuring the design is manageable in the event that more than one application is used on the site.

The choice of components is extremely important. I think the only way you can really decide is to try them out.

Converge - dojo panes - AJAX iframes ...

I wanted to break my page into 6 content areas, with 5 where the content could be directed by one, and from cross-links from the other.

I pursued iframes, but the site architecture didn’t work well with it. I tried dojo’s content panes and was really impressed. In addition - these panes allow delivery of standalone HTML, while applying the page’s CSS. The integration is very simple, and polished, and extending the micro page to a full page would be easy. They also resize, so the user can adjust the page to meet their needs.

One interesting note, if you would like the panes to scroll, load the content in at page load time. Works great!