ICT. Universityy. in any

Similar documents
ICT. PHP coding. Universityy. in any

JobScheduler Web Services Executing JobScheduler commands

Novell Identity Manager

Jobs Guide Identity Manager February 10, 2012

Policy Guide Access Manager 3.1 SP5 January 2013

Case Study. Data Governance Portal Brainvire Infotech Pvt Ltd Page 1 of 1

HP Operations Manager Software for Windows Integration Guide

Java Application Developer Certificate Program Competencies

Manual. CollabNet Subversion Connector to HP Quality Center. Version 1.2

Webmail Using the Hush Encryption Engine

FileMaker Server 11. FileMaker Server Help

Portals and Hosted Files

Parallels Plesk Control Panel. Plesk 8.3 for Windows Advanced Administration Guide. Revision 1.0

4 Understanding. Web Applications IN THIS CHAPTER. 4.1 Understand Web page development. 4.2 Understand Microsoft ASP.NET Web application development

INTERNET PROGRAMMING AND DEVELOPMENT AEC LEA.BN Course Descriptions & Outcome Competency

The presentation explains how to create and access the web services using the user interface. WebServices.ppt. Page 1 of 14

Course Number: IAC-SOFT-WDAD Web Design and Application Development

FileMaker Server 12. FileMaker Server Help

Requirement Priority Name Requirement Text Response Comment

New Features... 1 Installation... 3 Upgrade Changes... 3 Fixed Limitations... 4 Known Limitations... 5 Informatica Global Customer Support...

Christchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard

HP Service Manager. Software Version: 9.40 For the supported Windows and Linux operating systems. Application Setup help topics for printing

LAMP [Linux. Apache. MySQL. PHP] Industrial Implementations Module Description

FileMaker Server 9. Custom Web Publishing with PHP

Sage CRM Connector Tool White Paper

Bijlage1. Software Requirements Specification CIS. For. Version 1.0 final. Prepared by Saidou Diallo. HvA/Inaxion. November 2009

Novell ZENworks 10 Configuration Management SP3

Magento Clang Integration Extension version 1.2.0

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

Ahsay Offsite Backup Server and Ahsay Replication Server

Elgg 1.8 Social Networking

Server-Side Scripting and Web Development. By Susan L. Miertschin

Novell Identity Manager

ASP.NET: THE NEW PARADIGM FOR WEB APPLICATION DEVELOPMENT

LabVIEW Internet Toolkit User Guide

FileMaker Server 10 Help

Unit 21: Hosting and managing websites (LEVEL 3)

Microsoft Dynamics GP Web Services Installation and Administration Guide

Server Installation Guide ZENworks Patch Management 6.4 SP2

FileMaker Server 13. FileMaker Server Help

DiskPulse DISK CHANGE MONITOR

GLEN RIDGE PUBLIC SCHOOLS MATHEMATICS MISSION STATEMENT AND GOALS

11. Oracle Recovery Manager Overview and Configuration.

753 Broad Street Phone: Suite 200 Fax: Augusta, GA Copyrights

White Paper BMC Remedy Action Request System Security

Postgres Plus xdb Replication Server with Multi-Master User s Guide

FDA 21 CFR Part 11 Features

Adeptia Suite 6.2. Application Services Guide. Release Date October 16, 2014

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

Cloud Storage Standards Overview and Research Ideas Brainstorm

05.0 Application Development

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:


metaengine DataConnect For SharePoint 2007 Configuration Guide

Web Portal Installation Guide 5.0

D61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:

Integration of Hotel Property Management Systems (HPMS) with Global Internet Reservation Systems

Accessing Data with ADOBE FLEX 4.6

User Application: Design Guide

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1


Integrating Oracle Sales Cloud, Release 9 with JD Edwards EnterpriseOne release 9.1 Implementation Guide

CrownPeak Playbook CrownPeak Hosting with PHP

FileMaker Server 12. Custom Web Publishing with PHP

SECURITY DOCUMENT. BetterTranslationTechnology

ADMINISTRATOR GUIDE VERSION

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3 April 8, Integration Guide IBM

Zend Server 4.0 Beta 2 Release Announcement What s new in Zend Server 4.0 Beta 2 Updates and Improvements Resolved Issues Installation Issues

Introduction to Ingeniux Forms Builder. 90 minute Course CMSFB-V6 P

Administrator Operations Guide

Glyma Deployment Instructions

FileMaker Server 14. Custom Web Publishing Guide

Advanced Service Design

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006

IBM Campaign and IBM Silverpop Engage Version 1 Release 2 August 31, Integration Guide IBM

Analytics Configuration Reference

Product Guide Revision A. McAfee Secure Web Mail Client Software

Talk Internet User Guides Controlgate Administrative User Guide

FileMaker Server 12. Custom Web Publishing with XML

2012 Nolio Ltd. All rights reserved

Server Installation ZENworks Mobile Management 2.7.x August 2013

Oracle Enterprise Manager. Description. Versions Supported

Backup and Recovery. What Backup, Recovery, and Disaster Recovery Mean to Your SQL Anywhere Databases

Practice Fusion API Client Installation Guide for Windows

Citrix EdgeSight Administrator s Guide. Citrix EdgeSight for Endpoints 5.3 Citrix EdgeSight for XenApp 5.3

Developing Web Browser Recording Tools. Using Server-Side Programming Technology

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

Windows Scheduled Tasks Management Pack Guide for System Center Operations Manager. Published: 07 March 2013

Sophos Mobile Control Startup guide. Product version: 3

The DirectOne E-Commerce System

Online Data Services. Security Guidelines. Online Data Services by Esri UK. Security Best Practice

BF Survey Plus User Guide

J j enterpririse. Oracle Application Express 3. Develop Native Oracle database-centric web applications quickly and easily with Oracle APEX

Skynax. Mobility Management System. System Manual

FileMaker Server 13. Custom Web Publishing with XML

Password Management Guide

CA Identity Manager. Glossary. r12.5 SP8

IBM Unica emessage Version 8 Release 5 February 19, Transactional Administration Guide

BusinessObjects Enterprise XI Release 2 Administrator s Guide

Transcription:

Information Technology Services Division ICT Volume 3 : Application Standards ICT 3.2.2-2011 Web Application Development Standards Abstract This document defines standards applicable to any web application developed at Deakin University. Copyright Deakin Universityy All rights reserved. No part of thiss work coveredd by Deakin University's copyright may bee reproduced or copied in any form or by any means (graphic, electronic or mechanical, includingg photocopying, recording, taping t or information retrieval systems) without the written permissionn of Deakin University.

Document Control Document Title ICT 3.2.2-2011 Web Application Development Standards Version 2011 Controlled Copy (Electronic Reference) Document History Ver. Primary Author(s) Description of Version Date Completed 0.01 Steven George Initial draft 26-11-2008 0.02 Steven George Standards compliance 25-02-2009 0.03 Steven George Standards compliance 18-03-2009 0.04 Steven George Correct numbering error 07-04-2009 0.05 Steven George Update from feedback 17-04-2009 0.06 Steven George Added 8.2 24-04-2009 0.0.7 Steven George Added 2.8 per SC 470657 24-09-2009 1.0 Steven George Annual Review 05-07-2010 2.0 Steven George 2011 Update 02-11-2010 Information Technology Services Division Page 2 of 14 Version: 2011

Table of Contents 1 DESIGN METHODOLOGY... 7 1.1 THE OBJECT ORIENTED DESIGN STANDARDS SHALL APPLY (ICT 3.1.1)... 7 1.2 THE PHP 5 LANGUAGE SHALL BE USED... 7 1.3 AN MVC ARCHITECTURE APPROACH SHOULD BE USED... 7 2 CONTENT... 7 2.1 THE DEAKIN UNIVERSITY WEB PUBLISHING DESIGN GUIDELINES SHALL APPLY... 7 2.2 CONTENT SHALL CONFORM TO ACCESSIBILITY STANDARDS... 7 2.3 CONTENT SHALL CONFORM TO ALL RELEVANT LEGISLATIVE REQUIREMENTS... 7 2.4 HTML STANDARDS SHALL APPLY... 7 2.5 CLIENT SCRIPT SHOULD BE COMPRESSED... 8 2.6 HTML FORMS... 8 2.6.1 Form naming conventions... 8 2.6.2 Form element length... 8 2.6.3 HTTP verbs shall be used appropriately... 8 2.7 NAMING... 9 2.7.1 Class names shall apply to Zend naming conventions... 9 2.7.2 Class names shall be defined by the file system path which they reside in... 9 2.7.3 File system... 9 2.8 EMAIL... 9 2.8.1 Information Security Standards shall apply... 9 2.8.2 Application-generated email of a system-support nature shall be sent to an email account dedicated to the receipt of such correspondence... 9 3 DOCUMENTATION... 9 3.1 CLASS DIAGRAM... 9 3.1.1 Type hinting for Abstract Data Types shall be depicted... 10 3.2 CODE SHALL BE DOCUMENTED USING PHPDOCUMENTOR CONVENTIONS... 10 3.3 CODE SHALL NOT BE COMMENTED-OUT... 10 4 ERROR HANDLING... 10 4.1 PHP EXCEPTION ARCHITECTURE... 10 4.1.1 The PHP Exception architecture shall be used to handle errors... 10 4.1.2 Custom exception objects shall inherit from a base exception class... 10 4.1.3 Functions shall not return customised errors.... 10 4.1.4 Try/catch blocks... 10 4.1.5 PHP warnings... 11 5 APIS... 11 5.1 AN OBJECT ORIENTED API ARCHITECTURE SHALL BE USED... 11 5.2 ACCEPTABLE API IMPLEMENTATIONS... 11 Information Technology Services Division Page 3 of 14 Version: 2011

5.3 WEB SERVICES... 11 5.3.1 Web services shall comply with SOAP standards... 11 5.3.2 Web services shall employ and comply with WSDL standards... 11 6 DATABASE... 11 6.1 A DATABASE ABSTRACTION CLASS SHALL BE USED... 11 6.2 A DATABASE ABSTRACTION SHALL NOT CONTAIN BUSINESS LOGIC... 12 7 TESTING... 12 7.1 THE ITSD WEB APPLICATION TESTING STANDARDS SHALL APPLY... 12 8 MAINTENANCE... 12 8.1 DESIGN DOCUMENTATION SHALL BE KEPT UP TO DATE... 12 8.2 MODIFICATIONS AND / OR ADDITIONS TO ANY APPLICATION SHALL NOT ADVERSELY IMPACT THE APPLICATION UPGRADE PATH... 12 9 SECURITY... 12 9.1 SESSION TIME-OUT... 12 9.2 DATA INPUT SHALL BE VALIDATED TO ENSURE DATA IS CORRECT AND APPROPRIATE.... 12 9.3 INTERNAL PROCESSING SHALL BE VALIDATED TO DETECT AND PREVENT ANY CORRUPTION OF INFORMATION THROUGH PROCESSING ERRORS... 12 9.4 DATA OUTPUT SHALL BE VALIDATED TO ENSURE DATA IS CORRECT AND APPROPRIATE.... 13 9.5 PROGRAM UNITS SHALL BE TECHNICALLY CODE REVIEWED.... 13 9.6 A FULLY COMPLIANT CODE REVIEW IS REQUIRED PRIOR TO RELEASE.... 13 9.7 CREDENTIALS SHALL BE ENCRYPTED... 13 9.8 APPLICATION SHALL LOG ONTO SYSTEMS AND DATABASES USING SUITABLY RESTRICTIVE ACCOUNT... 13 10 SOURCE CONTROL... 13 10.1 APPLICATION CODE SHALL BE REVISION CONTROLLED... 13 11 MONITORING... 13 11.1 PRODUCTION SYSTEMS SHALL BE MONITORED... 13 12 APPENDIX A... 14 Information Technology Services Division Page 4 of 14 Version: 2011

ICT Volume 3 : Application Standards ICT 3.1 Design Standards ICT 3.1.1 Object Oriented Design Standards ICT 3.2.1.1 PHP Coding Standards ICT 3 Application Standards ICT 3.2 Development Standards ICT 3.2.1 Coding Standards ICT 3.2.2 Web Application Development Standards ICT 3.2.1.2 Oracle PL/SQL and SQL Coding Standards ICT 3.3 Testing Standards ICT 3.3.1 Web Application Testing Standards Information Technology Services Division Page 5 of 14 Version: 2011

Standards Brief This document serves to outline standards that shall apply within Deakin University. Standard Document Access All Deakin University staff and authorised/approved contracted personnel are provided access to this document. Policy These standards must be used in conjunction with all other referenced standards, and when considered in isolation from the referenced standards may not constitute adequate conformance. Conflict of Information or Clarification Whenever a conflict of information occurs or clarification of instruction is required all queries shall be made to the Deakin University Information Technology Services Division (ITSD). Information Technology Services Division Page 6 of 14 Version: 2011

1 Design Methodology 1.1 The Object Oriented design standards shall apply (ICT 3.1.1) All server-side coding within web applications shall conform to the Object Oriented Design Standards as documented in ICT 3.1.1 where practical. Any standards set out in this document are supplementary to those standards. 1.2 The PHP 5 language shall be used Web development will be implemented using the PHP 5 language and shall be PHP 5 compliant. 1.3 An MVC architecture approach should be used A Model View Controller approach to application architecture should be used where practical. 2 Content The following standards relate to web applications, classes or components which return or generate content which will be sent to the client. 2.1 The Deakin University Web Publishing Design Guidelines shall apply Any content sent to the client shall conform to the Deakin University Web Publishing Design Guidelines (https://staff.deakin.edu.au/services/web-management/wpdg/) 2.2 Content shall conform to accessibility standards Content must be accessible and must conform to Deakin University accessibility guidelines as set out in https://staff.deakin.edu.au/services/web-management/accessibility/ Content should comply with W3C WAI Guidelines and Techniques (http://www.w3.org/wai/guidtech.html) 2.3 Content shall conform to all relevant legislative requirements Content shall conform to all relevant legislative requirements including laws surrounding copyright, censorship and all other applicable legislation. 2.4 HTML standards shall apply HTML content sent to the client shall be valid HTML 4.01 as set out by the W3C (http://validator.w3.org/) Information Technology Services Division Page 7 of 14 Version: 2011

2.5 Client script should be compressed Client-side scripting (JavaScript) should be compressed in order to reduce size and improve performance. 2.6 HTML forms 2.6.1 Form naming conventions The following may be prefixed to the value of the name attribute within a form element: "txt_" for text elements "chk_" for checkbox elements "rdb_" for radio button elements "sel_" for select elements "btn_" for button elements "hid_" for hidden elements 2.6.2 Form element length The length of a form element should be representative of any related database column length. For example, a database column of VARCHAR(50) should be represented by a form element with a maximum data entry length of 50 characters. 2.6.3 HTTP verbs shall be used appropriately The HTTP request method employed shall conform to RESTful principals and as a general rule should map to the CREATE, READ, UPDATE, DELETE (CRUD) operations associated with database technologies as follows: HTTP POST GET PUT DELETE CRUD Create, Update, Delete Read Create, Overwrite/Replace Delete Information Technology Services Division Page 8 of 14 Version: 2011

2.7 Naming 2.7.1 Class names shall apply to Zend naming conventions Class names shall comply with the standards set out by Zend http://framework.zend.com/manual/en/coding-standard.naming-conventions.html An exception is granted for the DU namespace, but not child namespaces of DU. 2.7.2 Class names shall be defined by the file system path which they reside in A class will contain all namespaces / directories that are derived from the class root. These shall be formatted according to ICT standards. 2.7.3 File system 2.7.3.1 Namespaces shall be represented by directories Namespaces will be implemented through the creation of directories on the file system. A directory represents a namespace in any file structure that is deemed or constitutes a library. 2.7.3.2 Each file shall contain a maximum of one class 2.7.3.3 Class filenames shall replicate the class name, minus packages/namespace A class filename shall be the class name, without leading namespace and/or package name, followed by the.php extension. For example, the class MyPackage_MyClass will reside within a file named MyClass.php 2.8 Email 2.8.1 Information Security Standards shall apply The Information Security - Standard for mass emails and emails generated by information system shall apply for all system generated emails. 2.8.2 Application-generated email of a system-support nature shall be sent to an email account dedicated to the receipt of such correspondence Where an application generates email for the purposes of systems support (status notification, error notification, etc), this email will be only sent to an email account that is dedicated to receiving that type of email. This shall also apply for vendor support correspondence. It is not acceptable for these emails to be sent to individuals email accounts or to mailing lists that individuals are subscribed to. 3 Documentation 3.1 Class diagram The class diagram shall conform to the requirements of a class diagram stated in ICT 3.1.1 with the following additions. Information Technology Services Division Page 9 of 14 Version: 2011

3.1.1 Type hinting for Abstract Data Types shall be depicted Where abstract data types are passed as parameters to function, a type hint shall be depicted on the class diagram. 3.2 Code shall be documented using phpdocumentor conventions phpdocumentor style comment tags shall be used to document PHP code. Documentation shall comply with the standards and conventions set out by http://manual.phpdoc.org/htmlframesconverter/default/ 3.3 Code shall not be commented-out Commented-out code shall not be stored within the application source and must be removed. 4 Error handling 4.1 PHP Exception architecture 4.1.1 The PHP Exception architecture shall be used to handle errors Errors shall be represented by Exceptions and caught by the program code. Other forms of error handling are not acceptable. 4.1.2 Custom exception objects shall inherit from a base exception class Custom exceptions declared and raised by the application shall inherit from a base exception class 4.1.3 Functions shall not return customised errors. Functions shall not return a customised error code, string, object or other. Functions may return a boolean value indicating whether the operation was successful. 4.1.4 Try/catch blocks When calling methods which could trigger an exception, and there is a logical path that code could follow in the event of an exception (other than just propagating it to the user), a try/catch block should be used. The try section shall contain only: 1. The statements that could fail, and 2. Subsequent code that is dependent on the statements that could fail (code that should not be executed in the event of an exception) The catch section shall not re-throw the exception unless it performs other operations as well; otherwise the try/catch block is redundant. Information Technology Services Division Page 10 of 14 Version: 2011

4.1.5 PHP warnings Functions that can trigger warnings may be suppressed with an @ symbol only if valuable troubleshooting information is not lost by doing so. 5 APIs 5.1 An object oriented API architecture shall be used ICT 3.1.1 Object Oriented Design Standards shall apply for all APIs. 5.2 Acceptable API implementations Acceptable API implementations are limited to: 1. Standards compliant shared class hierarchy 2. SOAP standards based web service 3. HTTP (RESTful) interface Excluded API implementations are, but not limited to: 1. Direct database calls 2. Shared files 3. SMTP 4. Telnet 5. Any non-php platform-specific implementation 5.3 Web Services 5.3.1 Web services shall comply with SOAP standards All web services shall comply with SOAP standards http://www.w3.org/tr/soap/ 5.3.2 Web services shall employ and comply with WSDL standards 6 Database 6.1 A database abstraction class shall be used Any database interaction shall be via a database abstraction class. Information Technology Services Division Page 11 of 14 Version: 2011

6.2 A database abstraction shall not contain business logic Any database abstraction shall be strictly for the purpose of interacting with the database in a generic manner. Business logic shall not be included in any part of a database abstraction. A database abstraction should be generic to the extent that it could be replaced with minimal effort with another database abstraction of the same interface. 7 Testing 7.1 The ITSD Web Application Testing Standards shall apply ICT 3.3.1 Web Application Testing Standards shall apply. 8 Maintenance 8.1 Design documentation shall be kept up to date Design documentation shall be updated whenever modifications to a system are undertaken which impact the design documentation. 8.2 Modifications and / or additions to any application shall not adversely impact the application upgrade path Any modifications, additions, customisations or configurations applied to any application (either in-house or third party supplied) shall not bear an adverse impact on the application's upgrade path. That is, the application shall continue to be upgradeable and patched in accordance with the application's standard upgrade procedures. 9 Security 9.1 Session time-out Inactive sessions shall shut down after period of inactivity that is defined in accordance with the data classification of the application. 9.2 Data input shall be validated to ensure data is correct and appropriate. 9.3 Internal processing shall be validated to detect and prevent any corruption of information through processing errors Information Technology Services Division Page 12 of 14 Version: 2011

9.4 Data output shall be validated to ensure data is correct and appropriate. 9.5 Program units shall be technically code reviewed. 9.6 A fully compliant code review is required prior to release. The identification of items requiring attention in a code review shall automatically necessitate additional review until a fully compliant code review is achieved. 9.7 Credentials shall be encrypted Credentials used by the application to log onto other systems (eg: databases) shall be stored in encrypted form. 9.8 Application shall log onto systems and databases using suitably restrictive account Applications shall log on to other systems and databases using an account that is granted with the least amount of privileges required. 10 Source Control 10.1 Application code shall be revision controlled In general, web applications should be revision controlled using Subversion. 11 Monitoring 11.1 Production systems shall be monitored Any application residing within a production environment shall be monitored via a standardised enterprise monitoring service. Any detected change in application state shall be reported and/or escalated in accordance with the standard operating procedure set out by the enterprise monitoring service. Information Technology Services Division Page 13 of 14 Version: 2011

12 Appendix A Definitions Term/Abbreviation. API Definition Application Programming Interface: A set of calling conventions that enable one application to utilize the services of another application or shared library. PHP PHP: Hypertext Preprocessor The primary server-side scripting language used for building web applications at Deakin. Class The basic building block of software in the object-oriented programming paradigm. Subversion Apache Subversion (often abbreviated SVN, after the command name svn) is a software versioning and a revision control system. Web Service A software system designed to support interoperable machine-to-machine interaction over a network Web application An application that is accessed via web browser over a network such as the Internet or an intranet Information Technology Services Division Page 14 of 14 Version: 2011

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information