Cardinal Rules of Web Development

It doesn’t matter what your language of choice is, as you learn the basics of a language to use for web development, these are critical items you must learn as well.

  1. CSRF

    Cross site request forgery. In short, it’s when the user can make a request wihtout any checks to make sure that request should actually be made. For example, are you doing GET requests to delete items? You may want to do a DELETE request, or at the minimum a POST request. This will slow down some users from automating it, but POST requests are only a few more lines of code to automate. What you need to do is generate a token everytime your form loads. That token should be verified server-side as being the token that the user can use to perform an action. Most, if not all, popular web frameworks will have some sort of support for this.

  2. Host static assets on a CDN

    You can use Amazon S3 if you’d like, Rackspace has a nice option, or even roll your own server that sets long expire times for static content. The top reason being, browsers limit the requests per site it can make simultaneously, so the more unique domains it can access to grab your content, the quicker your site will load. You will also want to take advantage of that domain NOT using any cookies, as that too will speed up load times on your site.

  3. Never trust user input

    Assume your user doesn’t know what they are doing, and doesn’t know how to properly use a keyboard and mouse. You want to be able to lead your user in the direction you want them to follow, and validate on the back end (front end would be nice as well) that the user is doing the action correctly. Always have a default value for an input, and validate at the minimum that it’s the correct type of value you want (int, string, bool, array, etc.) ** Go Language makes this easy since it’s static typed**

  4. Find a caching library or method

    To develop at scale, caching content is crucial, expiring content is a must-have as well, but I’d argue that if you can get either your application or web server(apache, nginx, etc.) to cache content for at least 5 minutes, in bursts of traffic you will thank yourself later. Caching is very easy to do with nginx, and I’ve written an article that explains how to cache based on query strings which shows how powerful and simple it is to optimize your site in only a few minutes.

  5. Find the community

    You’re not the only web developer out there for your language of choice. Scour reddit, IRC, online forums. You’ll find a community you are comfortable with and be sure to make an introduction and make connections. These connections and your reputation in the community will help you when you’re looking for answers. Give back to the community, because essentially our job as web developers is to create tools for the end user, but to also learn new ways of doing things that may help pave new paths for development in the future.

  6. Set up your environment

    Take the time to set up your environment correctly the first time. I learned the hard way with Go Language when I had to refactor some code for a project to acommodate for tracking on git when I realized I hadn’t set up the folder structure correctly. I took 30 minutes out of my day to figure out the best way to set up the environment, and it has made development a breeze since then. Each language has their own way of doing things, and you may need to tweak things to work optimally for you, but spending a day to get your environment set up to make you more productive benefit you in the future.

This will be a guide that is updated on a regular basis, which is the reason it’s not called “5 rules every web developer should follow”

Do you have any tips that you recommend that have helped you become a better, more productive developer?

Last Updated: 2015-02-11 21:11:33 +0000 UTC

What are your thoughts on this?


RSS feed

Follow Doug On Social