webapps studyguide

What is a django model?

A class that specifies the fields in a database table

What are the advantages of delivering software as web applications (vs apps installed in users' computers)?

Software delivered as a web application is better because it can be accessed from anywhere since data is stored on servers instead of locally on a specific device

What is HTML?

Hypertext markup language and it is used for structuring a web page

What is the structure and syntax of HTML?

It is composed of elements that specify what the specific content type is and allow for many customizable features

What are the basic tags of HTML?

The markup includes tags that re enclosed in angle brackets and other characters that begin with &. Some basic tags include p, h1, h2, a, etc.

What is CSS and what are the advantages of using CSS in your HTML files?

CSS stands for cascading style sheets. CSS helps with the styling of the webpage and it's useful in HTML to separate document structure from formatting while making everything more pleasing/easy to look at.

What is JavaScript and why is it so popular?

JavaScript is a programming language that is popular because it is built into browsers and runs consistently across all platforms. It also has access to DOM.

What is the DOM?

The document object model is a way to describe how an HTML document is laid out. It is in a tree structure, so it starts with document at the top and splits into header and body and the relevant content in each one.

What is the HTTP Protocol?

The HTTP protocol is how a browser connects with a server to make websites work

What are the HTTP protocol methods?

Most common are GET and POST

How is data sent/received in HTTP protocol?

Data is sent when you make an HTTP request by entering a URL, submitting a form, clicking on a hyperlink, etc. The GET method allows you to receive data from the server, and the post method lets you update data on the server.

What is Django?

Django is a python based web framework that allows you to develop secure and maintainable websites

How does Django implement the MVC pattern?

Django implements the MVC pattern through its file structures. The views.py and urls.py file are the controller, models.py is the model, and the templates/static files are the view

What are the benefits of using MVC?

MVC is useful because it allows for separation of concerns so several people can work on different parts of the application at the same time (web designers do the view, database people do the model, programmers to the action/control)

How are Django actions run?

Through the mapping between urls.py and views.py. Doing certain things in the web application like submitting forms or clicking buttons will call functions in the views.py to perform the actions.

How does Django format the results sent back to the browser in the HTTP response?

The results are formatted in an HTML file

What are cookies?

Cookies are data sent from the server to the browser during an HTTP response, and then the browser sends it back to the server so the server knows who the user is because the browser doesn't understand cookie data. This data is typically identifiable like browser preferences of a user. Cookies can keep track of who is logged in.

What are sessions?

Sessions are used to maintain data correlated with a browser session. They are shared across tabs and terminated within browser close. Sessions can keep track of items in a user's shopping cart.

What are hidden fields?

Hidden fields are fields in HTML elements that allow data to not be displayed but a value is still returned. Hidden fields can keep track of what page to redirect back to.

What is responsive web design?

Responsive web design is making web pages scale based on different devices and their screen sizes.

What do we need to do in our HTML and/or CSS files to make pages more responsive?

We need to add responsive CSS that uses sizes relative to components like font size or view port. We need to add specific tags in HTML with the viewport to use the screen size. You can also put things in a container to style an entire section.

What are HTTP forms?

HTML forms are an element that allow you to submit information

What are Django forms?

Django forms allow you to store information in fields and they are linked to the HTML forms to display the information accordingly

How do forms get rendered using Django templates?

In HTML, the Django form is looped through to get all the fields and it is displayed
{% for field in form.visible_fields %}

What is a hierarchical template?

A hierarchical template allows you to inherit from other templates like having base.html that other files can inherit from.

What does it mean to store hashed passwords?

It means to put the password through a hash function that will return a scrambled version of itself that is harder to unscrambledW

What are the risks of storing passwords unhashed?

Unhashed passwords are very easy for hackers to crack in a reasonable amount of time.

What is salt?

Salting is adding a sequence of unique characters to a password before hashing

Why is salting used?

It helps make the password even harder to crack, especially in the event that two passwords are the same

What is 2FA?

To factor authentication is using two forms of authentication such as a password or PIN along with finger print, security question, email/text verification

What is OAuth?

Using other authentication services, like google's email, to login instead of having to make another account

What are the advantages of OAuth?

It helps reduce the number of identities, user doesn't have to make new username/password, no need for extra coding of registration, password wouldn't be compromised

What are Django models?

A Django model is a python object that inherits from a Django super class which provides functions to read and write from a database table

How do Django models work?

The data attributes of the class specify the fields in the database table. The values from each row of the underlying table can be stored in an instance of the model.

What is the Django ORM?

It is the object relation mapping that allows you to easily store and manipulate objects in a database using python

How is Django ORM used?

Django models define a model manager called objects and you can access things like all of the objects, the count, get a specific one, etc.

How do you send files to and receive files from Django?

You need to specify an encoding type and use an HTTP request for files in a POST request and there needs to be file storage using a file field

Where are files stored?

They are stored locally

What extra work needs to be done to place image files in HTML output?

You need to have an image tag and a specific action in views and you need to check the file size and content type. You also need to update settings.py with MEDIA so images are stored properly.

What is AJAX?

AJAX is a way to make more interactive web applications through JS.

How does AJAX work?

It works by allowing requests to be send asynchronously or synchronously when the state of the request changes. It uses an XMLHttpRequest object to make requests and data is received as XML, HTML, JSON, and is converted into a DOM tree to then be updated in the document's HTML.

What are the benefits of using AJAX in your web application?

It is useful because the sites become more interactive since the page isn't reloaded and it reduces load on the server

What are some features jQuery provides to make writing javascript easier?

Using jQuery makes it even easier to do things like element selection, traversal, manipulation, event support, AJAX support, etc. It has functions like $ and ones to convert to HTML and/or delete HTML.

How does WebSocket communication differ from using HTTP?

HTTP protocol is half duplex meaning data can be sent and received but not at the same time, WebSockets are full duplex meaning they can at the same timeW

What are some advantages and disadvantages of using WebSockets?

It is much faster than HTML but can be much more complicated

SaaS?

Software as a service is a way of delivering applications over the internet. It is centrally hosted without the need to install and maintain software. You can simply access over the internet without complex software/hardware management.

What are some key differences to using PaaS vs IaaS to deploy a web application?

IaaS offers more flexibility and scalability and it is more resilient but PaaS is srreamlined and simpler which saves more time and money

What are some key differences between Google and Amazon's product offerings in this area?

Amazon offers AWS with many services like EC2, RDS, S3 and google has Google AppEngine and Google Compute Engine

EC2

Elastic Compute Cloud (virtual private servers), IaaS

S3

Simple storage service, SaaS

RDS

Relational database service, PaaS

AWS

Amazon Web Services, IaaS

What are some advantages of deploying using an Amazon EC2 instance?

EC2 allows you to configure your own DB and use RDS and S3

What are some advantages of deploying using Heroku?

Heroku is scalable, but ephemeral file system

What are some advantages of deploying using Google App Engine?

Google uses relational and non-relational databases

What steps do you need to protect credentials used to send email and access cloud databases?

You need to set values in settings.py to ensure that secrets are kept private, don't put passwords or keys in code/config files, set them in environment variables

What special work is required to maintain data when deploying a website on a platform that provides only ephemeral file system (like Heroku)

Need to use a database or something like S2 to store the files

What is a backlog?

Backlogs describe the functionality of the project at a certain point and a description of each action

What are sprints

Sprints are typically 1-4 week stretches of time where the project is worked on through planning, designing, building, testing, reviewing, and launching

Why do we ask you to make a back log and declare sprints?

It's very useful and important to know what the current status of the project is so each spring can be adjusted accordingly, and breaking up the timeline into sprints ensures that everything is going well at every point along the way instead of working to the end and realizing something major went wrong

What is version control?

It is a way to track and manage changes in code

What are branches?

Branches are ways to split the current repository so different people can work on different sections of the code without causing merge conflicts.

Why are branches/version control important in the software development process?

It ensures that every version of the code exists in case something happens and people need to revert back to or reference older code. It also allows the code to be stored somewhere that can be accessed from anywhere.

What is authentication?

Authentication is knowing with whom you are communicating

What is authorization?

Authorization is making sure the user has privileges to perform certain actions on the server

What is privacy

Privacy is communicating without others knowing what is being said

What is SSL?

Single socket layer, it provides another level of security on top of TCP, it is the S in HTTPS (secure)

What security guarantee does SSL provide for web applications?

It provides server authentication and privacy

What is a certificate?

Certificates contain information about an entity and have signature information

What is a CA?

Certificate authority, it confirms an entity's public key

What is public-key encryption?

Public-key encryption is when there is a public and private key and either can be used to encrypt and the other can be used to decrypt

What is secret-key encryption?

Secret key encryption is when there is only one private key used to encrypt and decrypt

What is a message digest/one-way hash?

A message digest is a one way encoding of data that is only stored on disks

What is the SSL handshake?

To get SSL to work, you need authentication and privacy. When you say HTTPS it opens up a TCP connection to the server and does an SSL handshake to make sure we are talking to the right server and we've set up encryption. The browser(client) sends a message to server asking what version of protocol to use, server sends back response with certificate, clients look to see if CA is trusted, then generates secret key and sends it back to server, only the server can decrypt key

Which parts of SSL provide security guarantees?

The certificate and key provide the security guarantees

What is XSS

Cross site scripting attacks are when attackers inject script into a site that other users will see

What are SQL injection attacks?

When commands are sent with delimiters in them like quotes to mess up how it is processed

How can XSS be prevented?

By sanitizing outputs

What is CSRF?

Cross site request forgery is when authenticated users are forced to submit a request to a web page against which they are currently authenticatedH

How to prevent CSRF?

Generate CSRF tokens and check them on POST requests

What are some ways to keep passwords secure?

Use password manager, SSO, 2FA

Why would application developers need to use transactions?

It ensures consistency of data in the face of concurrency and failure and it can improve performance

What are the ACID properties of a transaction?

Atomicity, consistency, isolation, durability

What is atomicity?

All changes to data are performed as if they are a single operation. That is, all the changes are performed, or none of them are.

What is consistency?

Data is in a consistent state when a transaction starts and when it ends

What is isolation?

The intermediate state of a transaction is invisible to other transactions. As a result, transactions that run concurrently appear to be serialized

What is durability?

After a transaction successfully completes, changes to data persist and are not undone even in the event of a system failure

What is thread safe code?

It is code that works as expected even when several threads are running simultaneously

What is a race condition?

A race condition is when the program may or may not execute correctly depending on how threads are scheduled.

How can you prevent race conditions?

They can be prevented with avoidance, thread synchronization, transactions

What is avoidance?

Each thread gets its own variablesW

What is thread synchronization?

Locking techniques against resources

What are transactions?

Database handles concurrency control

When should you do your performance tuning on your application?

Do it if you don't get the answer in time or if its slow to users or uses too many resources or isn't competitive

What is a proxy server?

It is a relay between client and server and can help prevent attacksW

What is a CDN?

Content delivery network, a group of geographically distributed servers that speed up the delivery of web content by bringing it closer to where users are

What is the difference between proxy server and CDN?

CDN is a network of proxy servers

What are some techniques to spread load across web servers?

Distributing requests using DNS, HTTP, Intermediary

What is the database problem?

You can have as many web servers as you want but there is only one database so how do you scale up

What is I18n?

Internationalization, building software so it can be used in multiple languages and countries