Category: "Web Business"

Secure CSS For ADNs

This rewrite rule allows CSS requests to run through css.php, which can substitute color attritubes on the fly to allow a single application to be supported by multiple skins, and have greater immunity to cross-site scripting attacks.

RewriteEngine On

RewriteRule ^(.*)\.css$ css.php?d=$1

Key considerations:

  • sed may be the best substitution strategy, instead of PHP, because it is probably faster, and little to no development would be required
  • Caching should be done carefully to ensure the files are not recreated unnecessarily, and files that don’t exist should be created. If the source .css file has changed, the recolored one must be updated.
  • One may use the REQUEST_URI to select the .css files
  • Backend management of the .css file identifiers will be required if they are dynamic. This implies the ability of a user to be able to select colors and store the scheme. If they are fixed, it is simpler.
  • This is not really intended for individual user customization and user experience, but to allow a single installation of an application to support multiple skins. With that in mind, it is assumed there would be a fixed set of .css files, with a default used in the event of an invalid file request, and the .css files would be managed manually by the design/engineering team.

A New Paradigm in Web Applications

Services such as Ning (http://ning.com), Shopify (http://shopify.com), and WordPress’ blog system are making it possible for people to provide a social network, ecommerce, or blog with little to no technical experience. Many of these people will succeed, their sites will become popular with a community, their products will be purchased, and the blogs will be read. Eventually, they may want to integrate their initial offering with additional applications, using the same approach.

Web companies that can gracefully integrate diverse, distributed, externally-hosted applications into an attractive, polished, cohesive site, will provide a path for independent people to transition their basic, hosted, presence on the web into more robust site.

An extension of this is the ability for a collection of organizations to indentify their content as related, and their group as cooperative. The opportunity is in designing and integrating the independent elements gracefully.

The engineering required in these cases is the management of the CSS and supporting elements, definition of system common, site common, application common, and page specific elements. Browser caching must be handled very carefully, to ensure optimal use of the cache, while delivering the latest versions of the files. Sourcing of files is also key, meaning creating a filesystem and server architecture that will work well for many designs.

Designers will have to consider the same issues, and work with the engineering team to achieve the best solutions.

Companies should avoid including language in the design (particularly images), or creating an appropriate architecture to allow multi-lingual sites with language in images.

The real value here is that people can use a hosted service to test an idea. They can bring a shop to life in minutes, manage it themselves for months, then turn to a company for help transitioning it into a full site and system with a custom design and additional features. This greatly reduces the required administration of applications, because when the clients approach the web companies, they already know how to use the application and the content is established. Improvements can always be made, but the majority of the work will be done (as with any project, sometimes, the work done may be done poorly as well).

If a web company identifies a potential client that doesn’t have the budget for a custom solution, refering them to a hosted solution with an offer of future extension is a nice way to help people and create the possibility of a relationship later.

Secrets Web Development Companies Don't Want You to Know

  • You can register a domain name very easily.
  • Hosting is cheap. HostForWeb, and many other companies (see link above), has plans that start at $5/month.
  • Running a web site requires very little technical knowledge. Most hosting companies offer web-based control panels that allow you to manage your site easily.
  • email is not complicated, but you should be careful. Creating email accounts can be done through the aforementioned control panel. You can set the limits of the mailboxes.
  • Most people don’t read newsletters. Do you?
  • Most people are not going to visit your site. Those that do may only stay 2 seconds. That’s okay.
  • Spam protection is usually included in the hosting. Just ask.
  • Template based sites will not immediately be identified as such by most visitors. Using simple tools to make a decent looking site is okay. Most visitors are not trying to review your site, they are seeking information about your company, most commonly how to contact you.
  • Most template systems let you change templates without losing your work. You can polish your site as you have time, and interest.
  • Hackers will not steal all your hard work or ruin it. This isn’t true. However, I strong recommend all ecommerce or other sensitive data be handled by PayPal or Shopify or some other properly qualified organization. Understand the laws and regulations (http://www.pcicomplianceguide.org/), to protect yourself and your clients.
  • Search engines will index your site no matter what you do. If you put more information on the site, the site may do better in the search engine. If you are concerned about search engines, visit them and read their recommendations. Remember that they change the way the work, so your search engine ranking can change even if you don’t do anything.
  • Flashy graphics and videos aren’t really important for small sites - unless that’s what you’re selling. Most people don’t want to wait for pages to load fancy images if they are just looking for information.
  • Building a web site is not difficult. Maintaining a web site is not difficult.
  • Requesting a web company to make changes to your site may take as long as if you do it yourself.
  • Your web site probably won’t be a major source of customers. Ever. There are millions of site on the Internet. There are many great companies in the world. Focus on your products and services, and you will succeed, even if your web site is … not there.
  • In most cases, all the code and text on your web site can be copied by anyone.
  • Many web companies use free software. You are paying them to make the software work. If you only need a simple site, there is no sense in paying for a team of people to make a complicated system work.
  • You know better than anyone what you like. Any good salesperson will help you think about what you want, but in the end, you must decide what is best for you. The same is true for a web site. They are very subjective collections of code and text. If you like your site, then it is good.
  • You can start a small business without a web site.
  • There are many ways you can establish a web presence without building a site. Participate in forums. Set up a site at ning.com, or a blog with blogger.com.
  • You don’t need a social network, a forum, a blog, live support, or anything else if you are a small company starting out. Every new feature is more money, and more to take care of. Simplicity is key.
  • Pay-per-click advertising is not necessarily profitable.
  • Partnerships with open source software companies does not ensure the company has great engineers, and certification only means people passed a test. Don’t mistake these credentials for true qualifications. Talk to people who have worked with the company.
  • You do get what you pay for. If a company gives you a discount, rest assured, as they are working on the site and setting priorities, that discount will impact performance or timing.
  • Hosting companies are extremely helpful. You just have to be patient. Remember, they have a lot of servers and a lot of clients. You’re one of them.
  • A web site is only one part of a successful marketing plan. Don’t forget promotions, coupons, signs, business cards, public relations, community action, magazine/newspaper/television/radio ads.
  • You risk very little trying to build your own site, with tools. I don’t recommend trying to learn HTML/CSS and all the web technologies - it will take too long and your inexperience will show. The same is true for ‘the kid next door’. Using templates allows you to focus on the site content and not the code to deliver it.
  • Most hosting companies include statistics packages that let you see where the site visitors are coming from and what pages they look at. Free. You don’t need fancy tools to interpret the data.
  • Most hosting is reliable, most servers don’t crash, most crashes are resolved quickly, without any action on your part. Remember, many web companies outsource their hosting. Doing it yourself cuts out the middle man.
  • It can be fun to make your own site.

Important

This is not intended to discredit web companies, but to offer important considerations for people that believe a web site will help their business, but really don’t have the money to purchase one. As with all professional service organizations, from plumbers to lawyers and everything in between, a professional will usually deliver a higher quality solution.

Extending or Customizing a Live Site or Application

If your company site is based on a complex, open-source application, it’s live, and you don’t want to put a copy on a development server - create an alternate view or access path.

Any company that does or allows development live on their own site (easy to see with errors, browser incompatibility issues, layout problems, IE conditional tags which are displayed) risks their credibility, particulary if they are in the web business.

Create an alternate access path into the application and update the skins and modules as separate components accessible only through a development path until new code has been carefully reviewed for quality. Most powerful content management systems have some method to identify a site visitor entering through a different path. You can use a second domain name, a subdomain, a different URL or port. You may also need to modify the application very slightly.

The technical team (designers, developers and engineers/backend people) should build their code off-line and outside of the application, then integrate it. Complex applications have longer load times than simple pages, and it is very easy to make a mistake that ripples through the entire page.

It may be better to take the site down for major upgrades. Doing this after hours should avoid noticeable service outages.

ADN - Application Delivery Network

Content Delivery Networks (CDNs) allow sites and applications to draw files from common servers. This allows far more efficient caching, reduces bandwidth and disk space requirements on both the server and client sides.

The next logical step are Application Delivery Networks (ADNs). These are hosted application services like WordPress’ blogs (http://wordpress.com/), Ning social network (http://www.ning.com/), Shopify ecommerce (http://www.shopify.com/), LivePerson live support (http://solutions.liveperson.com/index.asp), Kayako Support (http://www.kayako.com/solutions/hosted-support-desk/), News Letter or Paper Hosting (http://www.our-hometown.com/). The challenge is to develop an architecture that allows you to take advantage of the hosted services while integrating them seamlessly into a site.

Advantages

  • Security is the responsibility of the hosting company and application provider. They know the server and the application, they can prevent and recover from problems quickly and in all likelihood, without disrupting service.
  • Server administration is virtually eliminated. Application installation and maintenance is not necessary.
  • Reduction of support requirements.
  • Scalability is less of an issue. It is assumed that the application providers have the infrastructure to support busy sites if necessary
  • Distributing the applications to other companies increases the fault tolerance of the systme. If one application crashes, the others can still run.

  • A CDN can be used to deliver the design files, as well as a the home page or portal into the system. This also increases the fault tolerance of the system.

  • Engineering tends to be the most expensive part of site development. Purchasing the logic allows more money to be spent on sophisiticated design interfaces, or - amazing application integration.

  • Rapid deployment of extremely complex sites.

Disadvantages

  • Customization may be difficult, expensive, or impossible. This includes design and functionality. WYSIWYG.
  • A layer is added into the support path. The application provider must perform requested support, the site provider is dependent on them.
  • Induces recurring hosting costs, which may be significant.

Supporting Trends

  • The increased use of open source applications and toolkits is definitely making this vision more possible.
  • The skills of web professionals are increasing exponentially
  • Bandwidth is becoming a valuable commodity
  • Security has become extremely important, even for ’simple’ blogs
  • Cooperation within the open source community, across all boundaries
  • The ability to use CSS to control the pagelayout and design allows the application to deliver well-formed XHTML that can be presented as defined by CSS. This is the key to a successful integration. Furthermore, the CSS must be assembled in such a way that it is hierarchical and observes site, application, and possibly page specific requirements.

Opportunities

  • Architecture definitions
  • Multiskin/multitoolkit applications
  • Education
  • Innovative connections