Timeline for What technical details should a programmer of a web application consider before making the site public?
Current License: CC BY-SA 4.0
109 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 16, 2024 at 21:15 | history | edited | Colonel Thirty Two | CC BY-SA 4.0 |
Fix broken link to mercurial scm
|
| Jan 6, 2024 at 2:20 | history | edited | J_H | CC BY-SA 4.0 |
Prominently mention contest-winner Argon2id as preferred way to make bruting password hashes expensive for the attacker.
|
| Jan 5, 2024 at 22:06 | history | edited | Hashim Aziz | CC BY-SA 4.0 |
Removed reference to deleted answer
|
| S Apr 29, 2022 at 10:11 | history | suggested | CommunityBot | CC BY-SA 4.0 |
Fix normalize.css link (also change http to https in some links)
|
| Apr 21, 2022 at 21:16 | review | Suggested edits | |||
| S Apr 29, 2022 at 10:11 | |||||
| Apr 15, 2020 at 22:07 | comment | added | Kiquenet | any updates for checklist (tecnical details), about your experiences, using ASP.NET MVC 5, ASP.NET CORE and BLAZOR ? | |
| Apr 9, 2020 at 12:58 | history | edited | tuxayo | CC BY-SA 4.0 |
Piwik is now Matomo
|
| Dec 27, 2019 at 10:57 | history | edited | Thomas Orlita | CC BY-SA 4.0 |
Update info about javascript-crawling and server-side rendering
|
| Apr 23, 2019 at 18:02 | history | edited | Robert Harvey | CC BY-SA 4.0 |
Strikeouts are the devil's work.
|
| Apr 23, 2019 at 17:52 | history | edited | Egret | CC BY-SA 4.0 |
Clarified that SSL / TLS should be applied to any site that has sensitive information (not just specific pages).
|
| Mar 21, 2019 at 4:52 | comment | added | nick012000 | Don't forget GDPR compliance! ;) | |
| Mar 19, 2019 at 19:06 | history | edited | Sybille Peters | CC BY-SA 4.0 |
Add brotli to compression tips
|
| Aug 12, 2018 at 15:58 | history | edited | LegionMammal978 | CC BY-SA 4.0 |
some refactoring
|
| Feb 1, 2018 at 4:34 | history | edited | Sahil Aggarwal | CC BY-SA 3.0 |
improved the answers
|
| Aug 10, 2017 at 16:52 | history | edited | styfle | CC BY-SA 3.0 |
Add link to Let's Encrypt for HTTPS
|
| May 23, 2017 at 12:40 | history | edited | CommunityBot |
replaced http://stackoverflow.com/ with https://stackoverflow.com/
|
|
| Mar 31, 2017 at 11:00 | history | rollback | dagnelies |
Rollback to Revision 60
|
|
| Mar 31, 2017 at 11:00 | history | rollback | dagnelies |
Rollback to Revision 61
|
|
| Mar 15, 2017 at 19:09 | history | edited | Pokechu22 | CC BY-SA 3.0 |
It's "nofollow", not "no follow"
|
| Mar 15, 2017 at 14:36 | history | edited | mwcz | CC BY-SA 3.0 |
correct values for rel attribute
|
| Mar 15, 2017 at 5:16 | history | edited | BehrouzMoslem | CC BY-SA 3.0 |
Containing spelling corrections due to higher impact
|
| Feb 3, 2017 at 12:06 | history | edited | reducing activity | CC BY-SA 3.0 |
update example
|
| Nov 17, 2016 at 21:19 | history | edited | tbodt | CC BY-SA 3.0 |
added 241 characters in body
|
| Oct 21, 2016 at 11:40 | history | edited | Pierre.Sassoulas | CC BY-SA 3.0 |
Fix broken link
|
| Aug 31, 2016 at 21:47 | comment | added | user145653 |
I'm not sure if someone already said it or not, but I would not be that specific to PHP, so I would at least specify, as an example, how to do it in PHP. I'm referring to when you talk about using $_REQUEST["_escaped_fragment_"]...
|
|
| Jun 5, 2016 at 11:53 | comment | added | thesecretmaster | @lux meta.stackexchange.com/q/279947/303538 | |
| Jan 29, 2016 at 17:08 | history | edited | Zerquix18 | CC BY-SA 3.0 |
Fixed dead link to the google's security handbook
|
| Dec 1, 2015 at 4:45 | comment | added | user40980 |
@arshad users' is the correct plural possive form in that instance. Example: "do not leave your friends' cars unlocked." See also: Singular possessive, plural possessive or neither.
|
|
| Dec 1, 2015 at 4:41 | history | rollback | user40980 |
Rollback to Revision 54
|
|
| Dec 1, 2015 at 4:37 | history | edited | arshad | CC BY-SA 3.0 |
changed users' to user's
|
| Sep 30, 2015 at 9:47 | history | edited | Mr_Green | CC BY-SA 3.0 |
Added task runners and svg sprites
|
| Sep 30, 2015 at 9:39 | history | edited | Mr_Green | CC BY-SA 3.0 |
Added task runners
|
| Jun 10, 2015 at 13:05 | history | edited | Dmitry Grigoryev | CC BY-SA 3.0 |
fixed dead link
|
| Mar 15, 2015 at 10:43 | history | edited | Deer Hunter | CC BY-SA 3.0 |
Removed circular reference to Github, moved a few links to HTTPS.
|
| Mar 15, 2015 at 9:42 | history | edited | dhilipsiva | CC BY-SA 3.0 |
Added few other tips and links
|
| Mar 15, 2015 at 8:38 | comment | added | dhilipsiva | I have made a GitHub repo out of this question: github.com/dhilipsiva/webapp-checklist There are three reasons why I am making a GitHub repo: 1. Collaborative editing is much more powerful on GitHub. 2. People can fork this repo and make customizations that might not apply to everyone else. 3. We can have translations of the answer in many languages. Not everyone is good with English. I have already translated this to Chinese and French with the help of google translate. And I was wondering if would it be appropriate to edit the answer to add this at the end? | |
| Dec 9, 2014 at 9:01 | history | edited | Mawg | CC BY-SA 3.0 |
Addded fully automated testing & Continuous Integration with Jenkins
|
| Dec 9, 2014 at 6:10 | history | edited | Sai Manoj Kumar Yadlapati | CC BY-SA 3.0 |
Correcting a spelling mistake
|
| Sep 25, 2014 at 7:21 | history | edited | Johny T Koshy | CC BY-SA 3.0 |
Answer deleted
|
| Sep 9, 2014 at 19:21 | comment | added | Nick | Make sure your website properly handles special characters such as these: 𝒜wesome Iñtërnâtiônàlizætiøn☃💩 | |
| Aug 5, 2014 at 12:24 | history | edited | Ian | CC BY-SA 3.0 |
Added an edit about using alternatives to CDN's as fallbacks in case the CDN goes down or is slow (seems to becoming more common)
|
| Aug 2, 2014 at 18:33 | history | edited | Baldrick | CC BY-SA 3.0 |
Fix broken link
|
| Jun 28, 2014 at 11:22 | history | edited | jpaugh | CC BY-SA 3.0 |
word choice: "traditional" is less ambiguous (cannot mean, e.g. standards-incompliant)
|
| Dec 31, 2013 at 20:21 | history | edited | pd40 | CC BY-SA 3.0 |
Adding a security point on the principal of least privilege for app servers . If possible, app servers should not run as root
|
| Dec 8, 2013 at 3:24 | history | edited | classicjonesynz | CC BY-SA 3.0 |
deleted 3 characters in body
|
| Nov 12, 2013 at 18:33 | history | edited | Tobias | CC BY-SA 3.0 |
Added information about clickjacking, using different salts and other ways of injections
|
| Nov 6, 2013 at 4:30 | history | edited | meda | CC BY-SA 3.0 |
added a book recommendation
|
| Sep 30, 2013 at 16:30 | comment | added | Matthew | Besides the JavaScript frameworks, shouldn't a dynamic stylesheet language like LESS be talked about? Or the very popular front-end framework Bootstrap? | |
| Sep 20, 2013 at 14:56 | comment | added | dave thieben | Progressive enhancement is dead: tomdale.net/2013/09/progressive-enhancement-is-dead | |
| Sep 17, 2013 at 15:14 | history | edited | Mike | CC BY-SA 3.0 |
Yslow is now available for other browsers
|
| Sep 6, 2013 at 22:13 | history | edited | fhucho | CC BY-SA 3.0 |
Changed XSRF to more commonly use CSRF
|
| Jul 16, 2013 at 0:49 | history | edited | Kevin Ji | CC BY-SA 3.0 |
link to NoScript for completeness sake
|
| Jul 2, 2013 at 8:17 | comment | added | Peter Taylor | @Aufziehvogel, it's on archive.org, and I've edited in the relevant part. | |
| Jul 2, 2013 at 8:16 | history | edited | Peter Taylor | CC BY-SA 3.0 |
Merge in (with modification) some text from another answer which was referenced but no longer exists
|
| Jul 2, 2013 at 6:06 | history | edited | aufziehvogel | CC BY-SA 3.0 |
There are no other answers anymore, so the reference to other answers is wrong.
|
| Jul 2, 2013 at 6:02 | comment | added | aufziehvogel | There is no "Ed Lucas"-answer anymore. Does anyone know what he posted and can add it? Or maybe better link to a new good resource. | |
| Jun 21, 2013 at 19:53 | history | undeleted | yannis | ||
| Jun 21, 2013 at 19:53 | history | deleted | yannis | ||
| Jun 21, 2013 at 19:09 | history | unlocked | Shog9 | ||
| Jun 14, 2013 at 8:26 | history | undeleted | ChrisF | ||
| Jun 14, 2013 at 8:24 | history | locked | CommunityBot | ||
| May 17, 2013 at 16:54 | history | edited | Celmaun | CC BY-SA 3.0 |
Chrome no longer users WebKit
|
| Mar 5, 2013 at 4:32 | history | edited | Erik Reppen | CC BY-SA 3.0 |
added 323 characters in body
|
| Mar 4, 2013 at 21:14 | history | edited | Craig Treptow | CC BY-SA 3.0 |
Fixed link for Google Library API
|
| Feb 26, 2013 at 9:53 | history | edited | Web_Designer | CC BY-SA 3.0 |
Typo: 'Mecurial' >> 'Mercurial'
|
| Feb 26, 2013 at 9:41 | history | edited | Web_Designer | CC BY-SA 3.0 |
Google Page Speed doesn't require firebug
|
| Feb 26, 2013 at 9:24 | history | edited | Web_Designer | CC BY-SA 3.0 |
Linked the session hijacking tip to Wikipedia
|
| Dec 27, 2012 at 5:24 | history | edited | MartinodF | CC BY-SA 3.0 |
Add normalize.css as an alternative to the older reset stylesheets.
|
| Nov 21, 2012 at 21:07 | history | edited | makerofthings7 | CC BY-SA 3.0 |
NIST didn't certify PBKDF2, however PBKDF2 in .NET is FIPS approved. Clarified and added links.
|
| Nov 21, 2012 at 19:52 | history | edited | Eran Medan | CC BY-SA 3.0 |
some clarification about password hashing algorithms
|
| Nov 21, 2012 at 19:45 | history | edited | Eran Medan | CC BY-SA 3.0 |
some clarification about password hashing algorithms
|
| S Nov 13, 2012 at 11:18 | history | suggested | CommunityBot | CC BY-SA 3.0 |
It seems that raw deflate is NOT safe to use.
|
| Nov 13, 2012 at 10:41 | review | Suggested edits | |||
| S Nov 13, 2012 at 11:18 | |||||
| Sep 5, 2012 at 16:19 | comment | added | vartec | regarding Google not running JS: twitter.com/mattcutts/status/131425949597179904 | |
| Sep 5, 2012 at 13:14 | history | edited | Joel Coehoorn | CC BY-SA 3.0 |
deleted 219 characters in body
|
| Jun 30, 2012 at 15:12 | history | edited | Mike Cluck | CC BY-SA 3.0 |
Updated the deprecated link to Google page speed/best practices.
|
| Jun 18, 2012 at 17:18 | history | edited | Tacroy | CC BY-SA 3.0 |
Link rot
|
| Jun 18, 2012 at 15:33 | history | edited | pgfearo | CC BY-SA 3.0 |
Added mention for XSLT 2.0 processing in the technology section
|
| May 24, 2012 at 19:23 | history | edited | pearcoding | CC BY-SA 3.0 |
Add links to log4j, log4net and log4r.
|
| May 7, 2012 at 22:59 | history | edited | avpaderno | CC BY-SA 3.0 |
added 12 characters in body
|
| Apr 24, 2012 at 4:36 | comment | added | ChrisLively | As an example, you don't just jump into a car and start driving. Instead, you take classes on the proper operation of that car and ultimately have to pass a test proving you can drive. For some, that takes many, many, many hours of study. And yes, I'd equate learning how to properly build a web application with learning to drive a car as failure to properly build an application can certainly result in a larger degree of disruption of peoples lives than a simple fender bender, including a much larger financial loss. Death? well, depends on what type of app the developer screwed up. | |
| Mar 19, 2012 at 14:47 | history | edited | Tjaart | CC BY-SA 3.0 |
Added "Dont reinvent the wheel" on technology section
|
| Mar 8, 2012 at 10:21 | history | edited | Jan Hudec | CC BY-SA 3.0 |
Extend "don't trust user input" to anything in the request.
|
| Mar 6, 2012 at 19:49 | history | edited | hippietrail | CC BY-SA 3.0 |
link to ux "click here" question
|
| Mar 6, 2012 at 10:17 | history | edited | Mathias Bynens | CC BY-SA 3.0 |
edited body
|
| S Feb 7, 2012 at 21:03 | history | suggested | Ashley | CC BY-SA 3.0 |
Added Mecurial SCM
|
| Feb 7, 2012 at 21:00 | review | Suggested edits | |||
| S Feb 7, 2012 at 21:03 | |||||
| Jan 3, 2012 at 6:58 | history | edited | steveax | CC BY-SA 3.0 |
Remove obsolete Yahoo url in links list
|
| Jan 3, 2012 at 6:48 | history | edited | steveax | CC BY-SA 3.0 |
Fix links that I broke when inserting new link for WCAG
|
| Jan 2, 2012 at 18:30 | history | edited | steveax | CC BY-SA 3.0 |
Add link to WCAG 2 in a11y section. Remove obsolete Yahoo Site Explorer link (that was pointing to google) and replace with link to Bing webmaster tools
|
| Oct 3, 2011 at 17:11 | history | edited | eykanal | CC BY-SA 3.0 |
add link to security hashing library question, formatting
|
| Aug 8, 2011 at 12:48 | history | edited | the_drow | CC BY-SA 3.0 |
Added another common javascript framework
|
| Aug 8, 2011 at 7:48 | history | edited | outis | CC BY-SA 3.0 |
Added note about Google Libraries API
|
| Jul 21, 2011 at 16:25 | vote | accept | Joel Coehoorn | ||
| May 16, 2011 at 10:38 | comment | added | Morten | Also JavaScript should also use logging or atleast capture unhandled exceptions to capture errors that occur when the site is live even on the client side. For example something similar to: www.js-analytics.com | |
| Apr 25, 2011 at 1:00 | history | edited | alternative | CC BY-SA 3.0 |
deleted 5 characters in body
|
| Mar 11, 2011 at 16:11 | history | edited | Mariano Desanze | CC BY-SA 2.5 |
link to Ed Lucas wasn't working
|
| Feb 16, 2011 at 23:54 | history | edited | Nicole | CC BY-SA 2.5 |
Qualified a bullet point and added context to help explain that it's not *always* the right decision.
|
| Feb 12, 2011 at 13:24 | comment | added | Philluminati |
One thing I suggest you add to your security section, is that all files you serve up should be compared to a whitelist of allowed folders, or to "jail" the webserver. This stops someone using http://server/download.php?file=../../etc/password. Never expose file paths to the user.
|
|
| S Feb 11, 2011 at 18:04 | history | suggested | CommunityBot | CC BY-SA 2.5 |
Added bullet points about logging
|
| Feb 11, 2011 at 17:50 | review | Suggested edits | |||
| S Feb 11, 2011 at 18:04 | |||||
| S Feb 11, 2011 at 17:28 | history | suggested | CommunityBot | CC BY-SA 2.5 |
I personally don't feel comfortable using scrypt just _yet_. Adding back mention of bcrypt and briefly mentioning the difference.
|
| Feb 11, 2011 at 17:21 | review | Suggested edits | |||
| S Feb 11, 2011 at 17:28 | |||||
| Jan 5, 2011 at 13:49 | comment | added | just_name | alistapart.com/articles/understandingprogressiveenhancement | |
| Mar 16, 2009 at 1:19 | comment | added | Joel Coehoorn | One more note: if you do come back and edit this, try to be respectful of what was written. Don't just remove the parts you disagree with: actually take the time to address the short-comings and provide something better. | |
| Mar 16, 2009 at 1:18 | comment | added | Joel Coehoorn | Then edit it. I didn't write most of this: I'm only maintaining it -- a job which I've inherited because I asked the question, solicited this larger answer specifically, and I'm genuinely interested in seeing what we can come up with. The more contributions the better. | |
| Mar 6, 2009 at 0:29 | comment | added | DisgruntledGoat | Some of your SEO suggestions are bad. It doesn't matter if you use tables or divs (Google confirmed this themselves). That SEF URL thing... I hate those "fake URLs", where the ID is the only thing that actually determines the page. "45-blah" would be the same page. It's not user-friendly either. | |
| Dec 10, 2008 at 14:50 | comment | added | Joel Coehoorn | If you can recommend good books, please feel free to edit the post with links for them. | |
| Nov 20, 2008 at 14:03 | history | answered | naeblis | CC BY-SA 2.5 |