[phpBB Debug] PHP Warning: in file [ROOT]/ext/tas2580/seourls/event/listener.php on line 213: Undefined array key "FORUM_NAME"
Process and technology questionnaire - REDAXO Forum
Hallo,

Wir haben in letzter Zeit festgestellt, dass die Kommunikation via Slack viel schneller und zielführender ist als ein Beitrag im Forum. Aufgrund der neuen und besseren Möglichkeiten der Kommunikation haben wir uns entschlossen das Forum nur noch als Archiv zur Verfügung zu stellen. Somit bleibt es weiterhin möglich hier nach Lösungen zu suchen. Neue Beiträge können nicht mehr erstellt werden.

Wir empfehlen, für deine Fragen/Probleme Slack zu nutzen. Dort sind viele kompetente Benutzer aktiv und beantworten jegliche Fragen, gerne auch von REDAXO-Anfängern! Slack wird von uns sehr intensiv und meistens "rund um die Uhr" benutzt :-)
Selbst einladen kannst Du dich hier: https://redaxo.org/slack/
Antworten
fthiel
Beiträge: 5
Registriert: 4. Mär 2009, 18:50

Process and technology questionnaire

31. Mär 2009, 15:09

Hello english-speaking part of the Redaxo community,

I'm in the process of writing my diploma thesis on the prevention of
web application security vulnerabilities and I'd like to know a bit
about developer's views about technical and process related questions.

It would be great if you could take a couple
of minutes and think about the questions below. The questions are
mostly open-ended. Elaborate and skip questions at will. They may not be relevant to all of you but I chose to be rather inclusive than to only ask the project lead.

Thank you very much in advance. If you want me to I will provide you with the results of my research when it's done.

P.S.: I'm posting this in the english forum since I don't want to annoy the non-english community. It would probably be better if I could also reach the rest of the redaxo community (which seems to speak german). The questionnaire should be in English since my thesis and all the questionnaires are too. I wouldn't mind if someone would cross-post the questionnaire to the german speaking part if you all deem it ok.

Thanks all,
Florian

The questions:

Note: you means the project (Redaxo), not you personally! :-)

About technical aspects:
- Are you using a web application framework? Which one?
- Do you use explicit data modeling for all business objects in the
application?
- Do you have a specific layers for input/output validation/filtering?
(If applicable) What does the input/output layer do (respectively)?
How? Are you using external libraries? Why? Why not? (for HTML
sanitation. object-relational mappers, database abstractions with
prepared statements)?
- (If applicable) What responsibilities do the input/output layers
have, respectively?
- How do you ensure that all input passed through validation/
filtering? Do you have an API that must be used?
- Do you provide services to independently developed modules/
components? Is there a defined API?
- Which other external libraries do you use?

About the development process:
- Is there public documentation about the responsibilities of the
input/output layers?
- Is there public documentation about *when* input/output validation/
filtering should happen? (Like: "output filtering must always happen
in the method that renders the data")
- Do you have automatic tests for the whole system?

Bonus question:
- Do you do manual code review?
Antworten

Zurück zu „Sonstiges“