Web Application Frame

- J.D. Meier, Alex Homer, Jason Taylor, Prashant Bansode, Lonnie Wall, Rob Boucher Jr, Akshay Bogawat

There are several common issues that you must consider as you develop your design. These issues can be categorized into specific areas of the design. The following table lists the common issues for each category where mistakes are most often made.

Category Key issues
Authentication Lack of authentication across trust boundaries
Storing passwords in a database as plain text
Designing custom authentication mechanism instead of using built-in capabilities
Authorization Lack of authorization across trust boundaries
Incorrect role granularity
Using impersonation and delegation when not required
Caching Caching volatile data
Not considering caching page output
Caching sensitive data
Failing to cache data in a ready-to-use format
Exception Management Revealing sensitive information to the end user
Not logging sufficient details about the exception
Using exceptions to control application flow
Logging and Instrumentation Failing to implement adequate instrumentation in all layers
Failing to log system-critical and business-critical events
Not supporting run-time configuration of logging and instrumentation
Logging sensitive information
Navigation Mixing navigation logic with user interface components
Hard-coding relationships between views
Not verifying if the user is authorized to navigate to a view
Page Layout (UI) Using table-based layout for complex layouts
Designing complex and overloaded pages
Page Rendering Using post backs and page refreshes for many user interactions
Using excessive page sizes that reduce performance
Presentation Entity Creating custom entity objects when not required
Adding business logic to presentation entities
Request Processing Mixing processing and rendering logic
Choosing an inappropriate pattern
Service Interface Breaking the service interface
Implementing business rules in a service interface
Failing to consider interoperability requirements
Session Management Using an incorrect session store
Not considering serialization requirements
Not persisting session data when required
Validation Failure to implement server-side validation
Lack of validation across trust boundaries
Not reusing the validation logic

Last edited Feb 2, 2009 at 5:33 PM by prashantbansode, version 1

Comments

No comments yet.