In the previous discussion, we have been discussing several tips and tricks, how to create web based application more secure and stable, specially for naming convention and how to get data from table more effective and stable.

Now, we will discuss about how to build the best practice for user interface and web security. The best way to create user interface is a separate web design and business rule. Don’t use HTML tag in PHP code, it’s make the code very unmanageable, see sample bellow :

1
2
3
4
5
6
7
8
9
10
11
12
 
<?php
 
	echo<html>;
	echo<head>;
	echo<title>Sample Bad Practice </title>;
	echo<body>;
	echo<h1>Sample</h1>
	echo</body>;
	echo</html>;
 
?>

If we will generating HTML interface for web based application, we would use HTML template object such Smarty, PHPLIB template and others.

When we develop web application with team, we must create design and implementation documentations, includes block diagrams, flow charts and class or code diagram that describe and show the class hierarchy. We can use based on PHPDoc comment style, see sample comment style bellow.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 
<?php
 
/**
 * Page-Level DocBlock example.
 * displays as Gregory Beaver<strong>cellog@php.net</strong>
 * , where underlined text is a "mailto:cellog@php.net" link
 * @author Gregory Beaver <cellog@php.net>
 */
/**
 * function datafunction
 * another contributor authored this function
 * @author Joe Shmoe
 */
function datafunction()
{
...
}
 
?>

Many web applications use authentication information to allow restricted access to the application using username, password and IP address, store user and other information using database. For better security for our web based application, we can using one of these methods : store authentication data way from the web document tree. If we cannot store authentication files outside our web document tree for some reason, we must ensure the authentication files are not browse able via the web.

If we use databases, always create a limited privilege user by following our database administration guide. This user should be allowed to only access the specific database that our application needs access to. We should never use a administrator privileges to access database from web applications.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Slashdot
  • Technorati
  • YahooMyWeb