Page 1 of 2 12 LastLast
Results 1 to 10 of 31

Thread: FAQ: Web Development in Ubuntu

Hybrid View

  1. #1
    Join Date
    Nov 2006
    Location
    Mumbai, India
    Beans
    186
    Distro
    Ubuntu 8.04 Hardy Heron

    FAQ: Web Development in Ubuntu

    How do I create Web Pages?

    XHTML

    Although the internet can be used to transfer virtually any type of file, most websites that you come across are actually a collection of (X)HTML documents. The (eXtensible) HyperText Markup Language, as the name suggests, is a language that is used to describe the structure of text-based information in a document — by denoting certain text as links, headings, paragraphs, lists, and so on — and to supplement that text with interactive forms, embedded images, and other objects.

    The main difference HTML and XHTML is that XHTML conforms to XML syntax. This means that XHTML code is stricter and cleaner. It is much easier to learn because there are strict rules to follow and lesser ambiguity. Also, it concentrates on the semantics of the document so you can cleanly separate the content of the document from its presentation, which makes creating and maintaining the code much simpler. As XHTML is XML, it can also be easily parsed by standard XML parsers which is really useful when your web page is used by other applications, search engines, etc. As such, if you are new to web design, start learning XHTML and forget the old HTML even existed. (Note: The remainder of this article will only refer to XHTML)

    You do not need to install anything to create or view XHTML files. You simply create a file with the markup and save it with a .html extension, and open it in a web browser like Firefox or Konqueror to view it.

    Resources
    W3Schools - Although it is a good tutorial, it requires you to first read the HTML tutorial, and then understand the transition of HTML to XHTML.
    TopXML - Good site. It has a nice reference section so you can keep coming back to it to lookup something you might have forgotten while creating web pages in the future.
    XHTML Validator

    CSS

    Cascading Style Sheets is a language that is used to describe the presentation of web documents. It is most used with XHTML documents to tell the web browser how to render elements of the document (such as the font, colors, layout, etc). CSS can also describe the presentation of the document on different devices such as the screen, a projector, the printer, a speech device or a Braille-based device. It is used to separate presentation from the structure of a document.

    CSS, like XHTML, is directly supported by web browsers. CSS files have a .css extension.

    Resources
    W3Schools - The only good one I could find.
    CSS Validator

    If you want to create static web documents only, then XHTML + CSS is ideal and it is all that is required. All further languages described here are used to either enhance user experience or to dynamically generate XHTML/CSS on a web server.

    JavaScript

    JavaScript is the most common implementation of the ECMAScript standard for client-side scripting of web pages (The other popular implementation is JScript, although most of the API is the same). JavaScript affects the behaviour of the web document once it is loaded. For example, handling events and responding to them such as popping up an alert box if you click a link, or hiding an element on pushing a button. In short, it is a scripting language with a C-style syntax that gives you access to the Document Object Model (DOM), and lets you make changes to it on-the-fly, in response to events. Scripting can make web pages interactive and lively, and more responsive to the user's actions.

    As with XHTML and CSS, you don't need to install anything to be able to use client side scripting. Either embed the script in your XHTML page or save it as a .js file and let your XHTML link to it. The end-user will need a browser that supports scripting though. Although most modern browsers have script support, some devices such as handhelds may not. Further, a user can easily disable scripting in the browser or edit the script itself. Therefore, don't count on it to do responsible tasks. Use it only as an optional experience-enhancing feature that your web pages can very well do without.

    Resources

    W3Schools Again
    JavaScriptKit

    ECMAScript? JavaScript? JScript? I'm Confused

    Techincally speaking, the language specification is called ECMAScript, which standardizes the language. This scripting language can be used for any purpose, however it is more popular for use on web pages. The most common dialect of ECMAScript is JavaScript. This implementation is used by the Firefox (and other Mozilla products), Opera, Konqueror, Safari, etc. Microsoft's Internet Explorer and the .NET framework use the JScript dialect. In web browsers, these implementations come with the Document Object Model (DOM) which is an API to access and modify elements in the web page. Generally, all Javascript code should work with IE's JScript implementation (with minor exceptions).

    What are cookies?

    HTTP Cookies are pieces of information that web sites can store on the user's web browser. Sites use these cookies to remember things about the user from the last time(s) he/she visited the site. Cookies can help in tracking information about a user, or letting the server know of some persistent information about the user or the session over multiple page requests.

    Cookies can be created on-the-fly by scripting languages such as ECMAScript, or they can be sent in the HTTP Headers by a web server. However, browsers are implemented in such a way that pages or servers can only read the cookie that has been created in the same domain, to avoid security risks. However, security issues relating to cookies are still prominent (see section of security below).

    What is a web server?

    When you etner a URL in your browser, the browser sends an HTTP request to a remote machine (your ISP contacts a DNS to resolve the domain name into an IP address which locates the machine). If the machine has a web server (a kind of computer program) installed on it that listens for requests, then the server will process that request and send the response, which is a bunch of HTTP Headers (meta-information about the file) and the file itself (such as an XHTML page), which is what you see in your browser. The most common web servers are Apache and Microsoft Internet Information Services.

    How Web Servers Work


    How do I install Apache on Ubuntu?

    You can install Apache the standard way and configure it yourself, and install PHP, MySQL, mod_perl, mod_python, etc. manually: ApacheMySQLPHP - Ubuntu Community Documentation

    Alternatively, you can Install XAMPP, which gives you Apache, MySQL, PHP and Perl all in one neat package. This is a very easy to install package for new users, but it should be used as a development environment only and should not be used as a public webserver.

    What is Server Side Scripting?

    As described above, web servers accept requests for pages and send responses with the data. Server Side Scripting is a technology by which web servers use other programs such as a PHP interpreter or a Python interpreter to evaluate PHP or Python code and send the output as the response. If the PHP/Python code is made in such a way that it generates XHTML documents as the output, then it is possible to create dynamic XHTML pages. Server Side Scripts can also generate other dynamic data not limited to XHTML/CSS.

    PHP

    PHP is a programming language that uses somewhat a C style syntax which is used for server side scripting. It is one of the most popular server side languages out there. The massive library of functions that comes with PHP gives it it's main feature.

    Installing PHP locally

    PHP as a server side language is popularly used alongside the Apache Web Server.

    Manually: ApacheMySQLPHP - Ubuntu Community Documentation
    or Install XAMPP (Development only)

    Resources
    Practical PHP Programming - PHP Tutorial (Personal Favourite)
    PHP on W3Schools
    PHP.net - Best reference to lookup predefined functions and modules

    Python

    The Python interpreter is installed on Ubuntu by default. However, in order for it to be used as a server side language, you need a web server.

    For Apache: You need mod_python. Maybe this thread has some answers for you. However, if you don't want all the hassle of configuring Apache, and you only need a web server for local development rather than production, then there are easier alternatives:

    You can set up very simple web server, and write simple web applications in plain CGI without mod_python. Also, there are two excellent web app frameworks for Python, Django and Turbogears. Both come with a simple web development server.

    Databases

    Once you start to use server side scripting for dynamic page generation you will soon find the need to store data on the server for later use. For example information about a user account, user generated posts/comments, etc. have to be stored somewhere.

    SQL

    Structured Query Language is a database language used to store data in tables of information and retrieve it. There are many implementations of SQL (such as MySQL or SQLLite). All of these implementations support Scripting languages may provide an inbuilt interface to communicate with certain types of databases or there may be additional modules that may do so. For example, PHP provides predefined functions to access MySQL databases wheras Python comes with a module for SQLite.

    Resources
    SQL on W3Schools - Straightforward Tutorial to SQL in general

    MySQL
    MySQL is a multithreaded, multi-user SQL database management system (DBMS) which has more than 11 million installations. The program runs as a server providing multi-user access to a number of databases.

    It is a popular choice for PHP users, and it is a rather powerful choice for production, but the advanced features and multi-user environment can get overwhelming for new users.

    Resources
    Manual Install: ApacheMySQLPHP - Ubuntu Community Documentation
    or Install XAMPP (Development only). An advantage here is that it comes with phpMyAdmin, a simple graphical administration tool, which often suffices for new users.
    Databases in PHP (Includes a basic MySQL Tutorial within the topics)

    SQLite
    SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. It is actually a small C library that is internally linked within programs that use it, but it uses the SQL API to give it the feel of a full fledged SQL server. It is widely used in desktop applications (such as Firefox 3) and for simple web development.

    SQLite has bindings for a large number of programming languages, including BASIC, C, C++, Common Lisp, Java, Delphi, Lua, Tcl, R, PHP, Perl, Ruby, Python, newLisp and Smalltalk.

    Python 2.5 comes with the SQLite preloaded. For PHP, in order to have the SQLite functions available, you must compile PHP with SQLite support, or load the SQLite extension dynamically from your php.ini.

    Resources
    PHP with SQLite
    Python with SQLite

    PostgreSQL

    PostgreSQL is a powerful object-relational database management system, provided under a flexible BSD-style license. PostgreSQL contains many advanced features, is very fast and standards compliant.

    PostgreSQL has bindings for many programming languages such as C, C++, Python, Java, PHP, Ruby... It can be used to power anything from simple web applications to massive databases with millions of records.

    Resources
    Ubuntu Community Documentation
    PostgreSQL Wiki

    What are the security risks involved when deploying web pages?

    Security vulnerabilities in web applications generally occurs as a form of a code injection, that is, when a malicious user is able to exploit the application such that his harmful piece of code is executed to generate destructive results.

    Cross Site Scripting

    Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include XHTML code and client-side scripts.

    For example, if a forum user posts a XHTML message with an embedded script that reads cookies stored in the browser and emails the data to him, then every user who reads this post has his/her cookies (which may contain information such as session IDs or passwords) sent to the attacker who can then use it to login under the victim's account. This is why sites like forums and wikis don't generally allow XHTML to be posted. XSS attacks are even possible via injecting CSS.

    XSS on Wikipedia

    Server Side Code Injection

    Be very careful when using your server side code to perform actions based on user input. Never use functions such as PHP's eval(), which executes a string as PHP code on any variable string, especially one that is user-generated. Evaluating untrusted code can result in your entire system being compromised, everything from exposing stored passwords to deleting important data to tricking your system into logging in as a different user (this is very hard to detect).

    Also, never load other files to be executed (such as includes) with a variable filename, if the variable contains user supplied data. A malicious user may supply wrong data that allows sensitive files to get included (such as those that have your password stored in them). You may think you have validated your code, but attackers can find ways through many layers to get their harmful code into your innocent variable.

    As a rule of thumb, the only things you should do with variable data that comes from the user is either match it with expected values and perform your own static operations, use it in a mathematical context, or echo it back to the user. You might store this data in a database for further use, but when you retrieve this data later, make sure to follow the same rules again, or else you are vulnerable to second order attacks.

    SQL Injection

    Exploting usage of unescaped strings in a SQL query is one of the most common ways of exploiting a web application and it is something that most beginner applications are vulnerable to.

    SQL Injection on Wikipedia

    Other Stuff

    This is a list of links to stuff that is not described in this article. If anybody is willing to contribute some introductory writeup for these then please edit this post (or ask a moderator to do so)

    Ruby
    Beginner's Guide to CGI Scripting with Perl
    Perl CGI Programming FAQ
    Java Applets
    Java Servlets
    JavaServer Pages (JSP)
    Last edited by Verminox; June 4th, 2008 at 09:45 AM. Reason: Disambiguation of ECMAScript
    http://verminox.wordpress.com - Answers to Life, the Universe and Everything

  2. #2
    Join Date
    Jun 2006
    Location
    CT, USA
    Beans
    5,267
    Distro
    Ubuntu 6.10 Edgy

    Re: FAQ: Web Development in Ubuntu

    Good post, but you have too much bias towards PHP. PHP is popular, but it does not mean PHP is preferred way to build web apps.

    Server Side Scripting - there is a simpler way

    It is not only possible without mod_python, and without apache: it is also easier.

    http://learnpython.pbwiki.com/WebApplication shows how to set up very simple web server (much simpler than apache), and write simple web app in plain CGI without mod_python.

    There are two excellent web app frameworks for Python, Django and Turbogears. Both come with simple web development server, which reloads after changes (unlike Apache). Apache is excellent (and much more efficient) for production, but not for development.

    Also, MySQL is way too complicated for beginner. Better way is to use SQLite DB library (not server, no administering) and object-relational mapper (ORM) which hides differences, so later you can use same code with real database, either MySQL or Postgress.

    With plain PHP, it is extremely easy to create messy web app which are hard to modify and maintain. Using web app framework with superior language guides beginner without pain to superior results. Also, Google App Engine provides free web hosting for Python apps.

    Suggestions: instead of adding fluff with 'what a great post', just thank OP. Don't worry, this will be linked from FAQs.
    Last edited by pmasiar; May 20th, 2008 at 01:35 PM.

  3. #3
    Join Date
    Nov 2006
    Location
    Mumbai, India
    Beans
    186
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: FAQ: Web Development in Ubuntu

    Quote Originally Posted by pmasiar View Post
    Good post, but you have too much bias towards PHP. PHP is popular, but it does not mean PHP is preferred way to build web apps.
    Well, to be honest, it is only because PHP is the only server side language I've worked with. Although I know about other options, I don't have the experience to write about it or provide useful resources without being terribly wrong.

    It would be great if the community can contribute to stuff that I have missed out. Sadly this isn't a wiki, so you can either PM me or a moderator who can edit the post.

    Edits: Changed JavaScript to ECMAScript as per LaRoza's suggestion. Technical error here. Also, I added some stuff from pmasiar's post, but I don't have any idea about SQLLite.... Links anybody?
    http://verminox.wordpress.com - Answers to Life, the Universe and Everything

  4. #4
    Join Date
    Nov 2007
    Beans
    81

    Re: FAQ: Web Development in Ubuntu

    What about PERL
    I troll, therefore I am

  5. #5
    Join Date
    Apr 2007
    Beans
    14,781

    Re: FAQ: Web Development in Ubuntu

    Quote Originally Posted by dsiembab View Post
    What about PERL
    tsk, tsk.

  6. #6
    Join Date
    Nov 2006
    Location
    Mumbai, India
    Beans
    186
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: FAQ: Web Development in Ubuntu

    Quote Originally Posted by dsiembab View Post
    What about PERL
    I put two links to CGI/Perl in the last section (Other stuff). Most Perl related resources I found date back to mid-90s or even earlier and I could find no Ubuntu-Perl-CGI-HowTo. Also, the only thing I know about using Perl as a Server Side Language is mod_perl in Apache. Any other ideas?

    PS: Since I am new to Perl, Ruby, etc. I can see how finding these resources as a novice Ubuntu user can be frustrating. Hopefully this thread should ease it out a bit.
    Last edited by Verminox; May 20th, 2008 at 08:12 PM.
    http://verminox.wordpress.com - Answers to Life, the Universe and Everything

  7. #7
    Join Date
    Jan 2008
    Location
    Raytown, MO
    Beans
    460
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: FAQ: Web Development in Ubuntu

    Verminox - thanks, this is nicely done.

    One more, re other ideas - folks are probably not aware of the tclhttpd -
    http://www.tcl.tk/software/tclhttpd/

    extremely easy to use webserver ...

    Tcl, along with Python, Ruby, Perl, etc ... can be quite useful for web programming.

    Steve
    The Tcler's Wiki http://wiki.tcl.tk Tcl Developer Exchange http://www.tcl.tk SQLite http://www.sqlite.org

  8. #8
    Join Date
    Dec 2007
    Location
    .
    Beans
    Hidden!
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: FAQ: Web Development in Ubuntu

    Quote Originally Posted by dsiembab View Post
    What about PERL






















    no.

  9. #9
    Join Date
    May 2006
    Location
    California
    Beans
    30
    Distro
    Ubuntu Karmic Koala (testing)

    Re: FAQ: Web Development in Ubuntu

    Quote Originally Posted by days_of_ruin View Post
    no.


    Anywho, mod_python is considered bad juju by alot of people.

    At #python.web we warn against using mod_python. Here's a handful of the reasons:

    1. It complicates your upgrade process, as versions of Python, Apache, and mod_python must be coordinated. The appropriate versions are not always available for some combinations.
    2. It makes user separation or chrooting of webapps impossible.
    3.

    If you're using PHP and mod_python, and you're using MySQL in both languages, you generally must coordinate versions of MySQL as well, or suffer lots of configuration headaches. The same applies for many other popular C libraries.
    4. Apache's processes will be heavier because you're embedding a python interpreter in it.
    5. Debugging a wsgi app is a lot easier.
    6. mod_python is a module for Apache, which is tested less than other well known Apache modules such as mod_proxy. Because of this reason the server administrator (which might not be you) might not want to install this module for security reasons.
    7. You wont find a lot of hosting companies offering mod_python, which makes wsgi applications (which can be deployed through several ways) very flexible in your quest for a hosting company.
    8. Using nginx as a front-end is usually a more speedy and flexible solution.
    From mod_python entry in python wiki

    Anywho, WSGI is considered the way to go these days for python based web development. Most frameworks support wsgi.

  10. #10
    Join Date
    Aug 2007
    Location
    127.0.0.1
    Beans
    1,800
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: FAQ: Web Development in Ubuntu

    Quote Originally Posted by Verminox View Post
    but I don't have any idea about SQLLite.... Links anybody?
    Sqlite documentation:
    http://www.sqlite.org/docs.html

    Sqlite with Python (comes preloaded, module sqlite3)
    http://docs.python.org/lib/module-sqlite3.html

    sqlite just works with single files (or memory), and access it as if it were a full database. Works for web development, and specially good for client applications development (Firefox 3 uses sqlite3 for example)
    Last edited by Can+~; May 20th, 2008 at 04:58 PM.
    "Just in terms of allocation of time resources, religion is not very efficient. There's a lot more I could be doing on a Sunday morning."
    -Bill Gates

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •