The Old Joel on Software Forum: Part 4 (of 5) - Web application development best practices

Web application development best practices

Can anyone point me to a Web site and/or book that discusses Web application development best practices?

I develop Web apps using J2EE, so I do know about things like keeping presentation separate from business logic, but I'm concerned about those things I don't know.

TryingToDoThingsRight
Friday, April 16, 2004

I too mainly program web apps, and I think there are no such practices to speak of. Apply general software development good practices, and that's it. There *are* a lot of specific good practices in web interface design, but that's an area of usability, not programming. Refer to Krug, and Nielsen for that.

Egor
Friday, April 16, 2004

Some general principles apply much more to web app development, though - e.g. the "idempotent action" principle, which is that an action done by the user any non-zero number of times should have the same effect of doing it exactly once. Most systems do not conform to this principle, and as a result, e.g., pressing "reload" or "back" on a browser often leads to multiple purchases / bulletin board posts, though non were intended by the user.

And no, I don't know of any resource that documents web app best practices and principles either.

And a word about terminology: too many people industries confuse "best practices" and "standard practices". Beware.

Ori Berger
Friday, April 16, 2004

One thing that makes web applications 'different' is the stateless nature of HTTP. Keeping track of state is something to watch. J2EE has some nice things like automatic creation of sessions, but the developer is still responsible for adding data to the session (and removing it when it is no longer relevant).

In my own projects I avoid the use of JSP and use just servlets (and filters). Velocity is my current favorite for creating HTML views on data.

Jeroen
Friday, April 16, 2004

Never put user input strings into SQL-strings without stripping/escaping / \ * - ' "

:D

Eric Debois
Friday, April 16, 2004

Or better yet used paramaterised queries, and let the database library do the work for you.

Matthew Lock
Friday, April 16, 2004

I've been specialising in web application development since 1998, and I _still_ wonder about the best way to do this. Not just the programming but the whole development cycle.

I will write some of the issues I have faced and occasionally solved. For example:
* how does one best perform unit testing on web applications?
* a large part of web apps is putting data into the database or retrieving it. Therefore testing changes the database. What is a simple, clean, effective way of testing routines that involve database changes? Especially system testing, which tends to alter the database and therefore is hard to repeat.
* In non-compiled languages like ASP and PHP, there is no build phase. Should one still work on a copy of the source that is not directly in a web server, and deploy after each change to a personal webserver? Or does one maintain a working copy directly in a personal webserver folder?
* the Java world has a complicated but very nice framework for web apps called Struts. Should one use the Struts approach with other languages?
* When is a 3-tier approach worth the extra development costs? Many web apps do quite fun with some scripts connecting to the database. Others are better using COM objects or JavaBeans (or EJB's but in my opinion, rarely), but then development is _so much harder_.

To be honest, I have answers for most of these questions, feel free to e-mail me directly if you want to discuss more about this. But thinking about the questions yourself can be very helpful.

Herr Herr
Friday, April 16, 2004

> how does one best perform unit testing on web applications?

I have been automating IE through COM from perl and screen scraping.

Matthew Lock
Friday, April 16, 2004

Sun Java BluePrints, illustrates design patterns and best practices
http://java.sun.com/reference/blueprints/index.html

Sun Java Code Samples and Apps, provides guidelines for building Web services using the J2EE platform
http://java.sun.com/developer/codesamples/index.html

Evgeny Gesin /Javadesk.com/
Friday, April 16, 2004

Try to apply general application architecture patterns such as model-view-controller and the command pattern. That will make your application maintainable and extensible.

jz
Friday, April 16, 2004

Better yet: Considering that over 90% of users run IE and how pathetic an HTML interface and how painful the connection-less HTTP protocol are... first, make sure it doesn't make more sense to write your application as an ActiveX control that you simply embed in a web page so as to minimize the cost of deployment while offering fast and content-reach UIs. Sure solved the issue on our side :-)

My €.15/$.20

Fred
Friday, April 16, 2004

Speaking of automated testing, generally there are some lightweight tools/modules that can be used to emulate server environment.

Egor
Friday, April 16, 2004

To jz's comment I'd add separating style from markup by avoiding excessive layout tables, font tags, etc in the HTML and using CSS to style the appearance of the pages as much as possible. In my experience this eliminates a lot of complexity in the front-end and improves maintainability and readability of the UI code.

drpeterjones
Friday, April 16, 2004

Look at http://www.serverside.com : site specialized in J2EE related info. Lots of good articles and news.

R Chevallier
Friday, April 16, 2004

I meant http://www.theserverside.com

R Chevallier
Friday, April 16, 2004

Fred,
Comments like that make me sick.

Tom
Friday, April 16, 2004

One thing I'd say is that if you declare your document to be of a certain standard then the page ought to validate according to that. I'm amazed at how many people describe their page as adhering to a standard when all they ought to have is <html>.

Personally I believe a best practice is to deliver html output which can be objectively measured.

I'm not to sure even separating display from business logic would necessarily be a best practice. I've been doing that for years only because I find it easier to extend/evolve applications.

When publishing for the open web I think we ought to all care most whether our output is accessible to as many people as it can be. Often times just a little work can make that true. I happen to use debian/kde3.2/firefox and I'm amazed at the number of sites which make life difficult for me.

Me
Friday, April 16, 2004

>Can anyone point me to a Web site and/or book that
>discusses Web application development best practices?

>I develop Web apps using J2EE,

I thought that this was OK: "Core J2EE Patterns: Best Practices and Design Strategies" by Deepak Alur, John Crupi, and Dan Malks.

http://www.corej2eepatterns.com

On the other hand, their Web site seems really, really slow, which, though it may be unrelated, seems kind of ironic.

--Steve

SG
Friday, April 16, 2004