Web Application Questions List

J.D. Meier, Alex Homer, Jason Taylor, Prashant Bansode, Lonnie Wall, Rob Boucher, Akshay Bogawat

Contents

  • Authentication
  • Authorization
  • Caching
  • Exception Management
  • Logging and Instrumentation
  • Navigation
  • Page Layout (UI)
  • Page Rendering
  • Presentation Entity
  • Request Processing
  • Service Interface Layer
  • Session Management
  • Validation

Authentication

  • How do I identify trust boundaries in web applications?
  • What are the authentication options available?
  • How do I choose the appropriate authentication model for my web application?
  • When should I design Forms authentication?
  • How do I protect passwords?

Authorization

  • What are the authorization options available?
  • How do I choose the appropriate authorization model for my web application?
  • What is impersonation and when should I use it?
  • What is delegation and when should I use it?
  • What is the trusted subsystem model?

Caching

  • Which layers should implement caching?
  • What data should be cached and what are the benefits or liabilities of caching?
  • Where should I store the data?
  • When should I use out-of-the-box caching mechanism?
  • What are the options to improve performance with caching?
  • What are the caching options for my Web pages?
  • What are distributed coherent caches?

Exception Management

  • What are the common types of exceptions in the application?
  • How do I catch exceptions in each layer of my application?
  • How do I propagate exceptions?
  • How do I log exception information in each layer?
  • How does an effective exception management strategy improve the security and reliability of the web application?
  • When and how should I create custom exception classes?
  • What are the common pitfalls?

Logging and Instrumentation

  • How does an effective exception management strategy improve the security and reliability of the web application?
  • What information should I log at various layers of the application?
  • What are the options available to store the information?
  • When should I use an out-of-the-box logging mechanism?
  • How should I design custom reusable logging mechanism?
  • What are the options available for configuration of logging?

Navigation

  • Why should I separate the navigation logic from user interface logic?
  • What are effective design patterns for navigation?
  • How should I design menus?
  • What are the options for implementing navigation?
  • What are the various visual elements to implement navigation in web pages?

Page Layout (UI)

  • Why should I separate the page layout from the UI processing?
  • What are the effective design patterns for page layout?
  • How do I choose between CSS and table based layout for my page layout?
  • What are the options for rich user interface?
  • How are the options to improve the user experience?

Page Rendering

  • How should I improve performance while page rendering?
  • How do I design for globalization?
  • How do I design for localization?

Presentation entity

  • What are presentation entities and when should I use it?
  • What are the options for designing presentation entities?
  • What the common pitfalls while designing presentation entities?

Request Processing

  • Why should I separate request processing from the user interface?
  • What are the effective design patterns for request processing?
  • What is the difference between MVC and MVP patterns?

State Management

  • How does the state management improve performance and reliability of the application?
  • Which layers should maintain state?
  • What data should be stored to maintain session?
  • What are the options for session store?
  • How do I maintain state in web farm scenario?
  • How do I design for persistent state?
  • How do I protect session state?

Validation

  • What data should I validate in various tiers?
  • What are the scenarios where data can be trusted?
  • What are the various mechanisms to validate data?
  • When should I consider designing custom reusable validation mechanism?
  • How to protect web application from cross-site scripting attacks?
  • How do I identify the trust boundaries?

Last edited Oct 16, 2008 at 1:33 AM by prashantbansode, version 1

Comments

No comments yet.