Results 1 to 10 of 31

Thread: FAQ: Web Development in Ubuntu

Threaded View

  1. #1
    Join Date
    Nov 2006
    Location
    Mumbai, India
    Beans
    186
    Distro
    Ubuntu 8.04 Hardy Heron

    FAQ: Web Development in Ubuntu

    How do I create Web Pages?

    XHTML

    Although the internet can be used to transfer virtually any type of file, most websites that you come across are actually a collection of (X)HTML documents. The (eXtensible) HyperText Markup Language, as the name suggests, is a language that is used to describe the structure of text-based information in a document — by denoting certain text as links, headings, paragraphs, lists, and so on — and to supplement that text with interactive forms, embedded images, and other objects.

    The main difference HTML and XHTML is that XHTML conforms to XML syntax. This means that XHTML code is stricter and cleaner. It is much easier to learn because there are strict rules to follow and lesser ambiguity. Also, it concentrates on the semantics of the document so you can cleanly separate the content of the document from its presentation, which makes creating and maintaining the code much simpler. As XHTML is XML, it can also be easily parsed by standard XML parsers which is really useful when your web page is used by other applications, search engines, etc. As such, if you are new to web design, start learning XHTML and forget the old HTML even existed. (Note: The remainder of this article will only refer to XHTML)

    You do not need to install anything to create or view XHTML files. You simply create a file with the markup and save it with a .html extension, and open it in a web browser like Firefox or Konqueror to view it.

    Resources
    W3Schools - Although it is a good tutorial, it requires you to first read the HTML tutorial, and then understand the transition of HTML to XHTML.
    TopXML - Good site. It has a nice reference section so you can keep coming back to it to lookup something you might have forgotten while creating web pages in the future.
    XHTML Validator

    CSS

    Cascading Style Sheets is a language that is used to describe the presentation of web documents. It is most used with XHTML documents to tell the web browser how to render elements of the document (such as the font, colors, layout, etc). CSS can also describe the presentation of the document on different devices such as the screen, a projector, the printer, a speech device or a Braille-based device. It is used to separate presentation from the structure of a document.

    CSS, like XHTML, is directly supported by web browsers. CSS files have a .css extension.

    Resources
    W3Schools - The only good one I could find.
    CSS Validator

    If you want to create static web documents only, then XHTML + CSS is ideal and it is all that is required. All further languages described here are used to either enhance user experience or to dynamically generate XHTML/CSS on a web server.

    JavaScript

    JavaScript is the most common implementation of the ECMAScript standard for client-side scripting of web pages (The other popular implementation is JScript, although most of the API is the same). JavaScript affects the behaviour of the web document once it is loaded. For example, handling events and responding to them such as popping up an alert box if you click a link, or hiding an element on pushing a button. In short, it is a scripting language with a C-style syntax that gives you access to the Document Object Model (DOM), and lets you make changes to it on-the-fly, in response to events. Scripting can make web pages interactive and lively, and more responsive to the user's actions.

    As with XHTML and CSS, you don't need to install anything to be able to use client side scripting. Either embed the script in your XHTML page or save it as a .js file and let your XHTML link to it. The end-user will need a browser that supports scripting though. Although most modern browsers have script support, some devices such as handhelds may not. Further, a user can easily disable scripting in the browser or edit the script itself. Therefore, don't count on it to do responsible tasks. Use it only as an optional experience-enhancing feature that your web pages can very well do without.

    Resources

    W3Schools Again
    JavaScriptKit

    ECMAScript? JavaScript? JScript? I'm Confused

    Techincally speaking, the language specification is called ECMAScript, which standardizes the language. This scripting language can be used for any purpose, however it is more popular for use on web pages. The most common dialect of ECMAScript is JavaScript. This implementation is used by the Firefox (and other Mozilla products), Opera, Konqueror, Safari, etc. Microsoft's Internet Explorer and the .NET framework use the JScript dialect. In web browsers, these implementations come with the Document Object Model (DOM) which is an API to access and modify elements in the web page. Generally, all Javascript code should work with IE's JScript implementation (with minor exceptions).

    What are cookies?

    HTTP Cookies are pieces of information that web sites can store on the user's web browser. Sites use these cookies to remember things about the user from the last time(s) he/she visited the site. Cookies can help in tracking information about a user, or letting the server know of some persistent information about the user or the session over multiple page requests.

    Cookies can be created on-the-fly by scripting languages such as ECMAScript, or they can be sent in the HTTP Headers by a web server. However, browsers are implemented in such a way that pages or servers can only read the cookie that has been created in the same domain, to avoid security risks. However, security issues relating to cookies are still prominent (see section of security below).

    What is a web server?

    When you etner a URL in your browser, the browser sends an HTTP request to a remote machine (your ISP contacts a DNS to resolve the domain name into an IP address which locates the machine). If the machine has a web server (a kind of computer program) installed on it that listens for requests, then the server will process that request and send the response, which is a bunch of HTTP Headers (meta-information about the file) and the file itself (such as an XHTML page), which is what you see in your browser. The most common web servers are Apache and Microsoft Internet Information Services.

    How Web Servers Work


    How do I install Apache on Ubuntu?

    You can install Apache the standard way and configure it yourself, and install PHP, MySQL, mod_perl, mod_python, etc. manually: ApacheMySQLPHP - Ubuntu Community Documentation

    Alternatively, you can Install XAMPP, which gives you Apache, MySQL, PHP and Perl all in one neat package. This is a very easy to install package for new users, but it should be used as a development environment only and should not be used as a public webserver.

    What is Server Side Scripting?

    As described above, web servers accept requests for pages and send responses with the data. Server Side Scripting is a technology by which web servers use other programs such as a PHP interpreter or a Python interpreter to evaluate PHP or Python code and send the output as the response. If the PHP/Python code is made in such a way that it generates XHTML documents as the output, then it is possible to create dynamic XHTML pages. Server Side Scripts can also generate other dynamic data not limited to XHTML/CSS.

    PHP

    PHP is a programming language that uses somewhat a C style syntax which is used for server side scripting. It is one of the most popular server side languages out there. The massive library of functions that comes with PHP gives it it's main feature.

    Installing PHP locally

    PHP as a server side language is popularly used alongside the Apache Web Server.

    Manually: ApacheMySQLPHP - Ubuntu Community Documentation
    or Install XAMPP (Development only)

    Resources
    Practical PHP Programming - PHP Tutorial (Personal Favourite)
    PHP on W3Schools
    PHP.net - Best reference to lookup predefined functions and modules

    Python

    The Python interpreter is installed on Ubuntu by default. However, in order for it to be used as a server side language, you need a web server.

    For Apache: You need mod_python. Maybe this thread has some answers for you. However, if you don't want all the hassle of configuring Apache, and you only need a web server for local development rather than production, then there are easier alternatives:

    You can set up very simple web server, and write simple web applications in plain CGI without mod_python. Also, there are two excellent web app frameworks for Python, Django and Turbogears. Both come with a simple web development server.

    Databases

    Once you start to use server side scripting for dynamic page generation you will soon find the need to store data on the server for later use. For example information about a user account, user generated posts/comments, etc. have to be stored somewhere.

    SQL

    Structured Query Language is a database language used to store data in tables of information and retrieve it. There are many implementations of SQL (such as MySQL or SQLLite). All of these implementations support Scripting languages may provide an inbuilt interface to communicate with certain types of databases or there may be additional modules that may do so. For example, PHP provides predefined functions to access MySQL databases wheras Python comes with a module for SQLite.

    Resources
    SQL on W3Schools - Straightforward Tutorial to SQL in general

    MySQL
    MySQL is a multithreaded, multi-user SQL database management system (DBMS) which has more than 11 million installations. The program runs as a server providing multi-user access to a number of databases.

    It is a popular choice for PHP users, and it is a rather powerful choice for production, but the advanced features and multi-user environment can get overwhelming for new users.

    Resources
    Manual Install: ApacheMySQLPHP - Ubuntu Community Documentation
    or Install XAMPP (Development only). An advantage here is that it comes with phpMyAdmin, a simple graphical administration tool, which often suffices for new users.
    Databases in PHP (Includes a basic MySQL Tutorial within the topics)

    SQLite
    SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. It is actually a small C library that is internally linked within programs that use it, but it uses the SQL API to give it the feel of a full fledged SQL server. It is widely used in desktop applications (such as Firefox 3) and for simple web development.

    SQLite has bindings for a large number of programming languages, including BASIC, C, C++, Common Lisp, Java, Delphi, Lua, Tcl, R, PHP, Perl, Ruby, Python, newLisp and Smalltalk.

    Python 2.5 comes with the SQLite preloaded. For PHP, in order to have the SQLite functions available, you must compile PHP with SQLite support, or load the SQLite extension dynamically from your php.ini.

    Resources
    PHP with SQLite
    Python with SQLite

    PostgreSQL

    PostgreSQL is a powerful object-relational database management system, provided under a flexible BSD-style license. PostgreSQL contains many advanced features, is very fast and standards compliant.

    PostgreSQL has bindings for many programming languages such as C, C++, Python, Java, PHP, Ruby... It can be used to power anything from simple web applications to massive databases with millions of records.

    Resources
    Ubuntu Community Documentation
    PostgreSQL Wiki

    What are the security risks involved when deploying web pages?

    Security vulnerabilities in web applications generally occurs as a form of a code injection, that is, when a malicious user is able to exploit the application such that his harmful piece of code is executed to generate destructive results.

    Cross Site Scripting

    Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include XHTML code and client-side scripts.

    For example, if a forum user posts a XHTML message with an embedded script that reads cookies stored in the browser and emails the data to him, then every user who reads this post has his/her cookies (which may contain information such as session IDs or passwords) sent to the attacker who can then use it to login under the victim's account. This is why sites like forums and wikis don't generally allow XHTML to be posted. XSS attacks are even possible via injecting CSS.

    XSS on Wikipedia

    Server Side Code Injection

    Be very careful when using your server side code to perform actions based on user input. Never use functions such as PHP's eval(), which executes a string as PHP code on any variable string, especially one that is user-generated. Evaluating untrusted code can result in your entire system being compromised, everything from exposing stored passwords to deleting important data to tricking your system into logging in as a different user (this is very hard to detect).

    Also, never load other files to be executed (such as includes) with a variable filename, if the variable contains user supplied data. A malicious user may supply wrong data that allows sensitive files to get included (such as those that have your password stored in them). You may think you have validated your code, but attackers can find ways through many layers to get their harmful code into your innocent variable.

    As a rule of thumb, the only things you should do with variable data that comes from the user is either match it with expected values and perform your own static operations, use it in a mathematical context, or echo it back to the user. You might store this data in a database for further use, but when you retrieve this data later, make sure to follow the same rules again, or else you are vulnerable to second order attacks.

    SQL Injection

    Exploting usage of unescaped strings in a SQL query is one of the most common ways of exploiting a web application and it is something that most beginner applications are vulnerable to.

    SQL Injection on Wikipedia

    Other Stuff

    This is a list of links to stuff that is not described in this article. If anybody is willing to contribute some introductory writeup for these then please edit this post (or ask a moderator to do so)

    Ruby
    Beginner's Guide to CGI Scripting with Perl
    Perl CGI Programming FAQ
    Java Applets
    Java Servlets
    JavaServer Pages (JSP)
    Last edited by Verminox; June 4th, 2008 at 09:45 AM. Reason: Disambiguation of ECMAScript
    http://verminox.wordpress.com - Answers to Life, the Universe and Everything

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •