WEB and environmental considerations

Others 2019-07-06 10:52:27 views: null

Environment Introduction

In java web project development, often write some sql statements, such as creating tables, modifying table fields, data migration history, writing triggers, stored procedures operate, these operations generally use to write sql directly in the development process general web environment will be divided into the local environment, development environment, test environment, drilling and production environments where I first explain to each environment:

  • Local environment: refers to the development of their own to build machines out of the environment, the environment for each developer who is unique, so the environment in general is to write code, debugging code in other words, there are several developers. personnel, there are several development environments. but there is only one database, all developers commonly used, in this environment, developers have executed the sql query authority .-
  • Development environment, usually only one. Is a common environment for all developers to use. This server performance in general than the machine used locally will be better, the speed of access to the site will be much faster than the local data used in the development environment and the local environment the data are generally the same. All the developers also have privileges to perform sql queries of fish.
  • Test environment, this is available to testers to test the performance, functionality, interface, and so the environment that the service is configured with the production environment is very similar, in this environment, developers only permissions sql query, and execute permissions only test manager there! All developers who are prepared sql, will be forwarded to the test manager execution.
  • Exercise environment that is a version of the project, carried out a visit on-line operation exercise an environment quite the whole versions of all the things carried a total of training, it can be said that rehearsal to! In this environment, developers even permissions sql queries generally are not, sql query execution with the privileges, and only the project manager or personnel deployment environment have the privilege of.
  • Production environment: This is the access to the external network environment, and all the work done by the early developers are doing for the environment, patch, or upgrade all mistakes are serious problems in this environment or even fatal problems. All data does not allow any slightest mistake, or will be facing customer complaints. under this environment, the entire development team is generally no ability to execute sql, project managers only have the ability to query sql, only this site managers only have execute permissions.

Precautions

1. All the data submitted by the filter is determined, to prevent cross-site attacks.
2. prevent SQL injection attacks statement on the address bar to filter parameters.
3. Write code that does not lead to serious bug.
4. verification code and other authentication mechanism to prevent brute force and a large number of spam submissions.
5. The site is not an error message is displayed in the foreground.
6. All pages do permission authorization verification.
7. directory file access control.
8. sha1 confidential data encryption or other means.
9. rational allocation of database permissions.
10. Administrator awareness training to prevent weak passwords or social engineering to obtain permission.
The receiving client parameters to the server must check and filtration (including length, format, illegal characters, etc.)
12. Always sensitive data transmission is encrypted signature
13. The plurality of closely related database operations must be added to the transaction manager rollback if necessary
14. anomaly must be unified print detailed log, do not throw
15. Do not write business logic in SQL, to know that large-scale application performance bottlenecks are in the database often end
16. the time code is necessary to be sure to write in detail comments
17. the feedback information to the client prompts sure to accurately and effectively (all exceptions are prompted to "processing error" indicates that you have not entry)

Guess you like

Origin blog.csdn.net/qq_37651267/article/details/94507908
Recommended
LFOSSA Yuanlaisusu Open Course | Mastering the Cloud Native Future: Comprehensive Guide to CNCF Certification and Exam Preparation Tips
Ranking
C++ Basic Syntax
bootstrapTable hides a column based on a condition
Why is reentrant lock recommended instead of Synchronized when dynamic high concurrency?
hexo create a blog
[Fully open source and non-encrypted version] Imitation of the eighth district distribution/online signature/multiple sets of download templates/APP distribution hosting/APP packaging and packaging
Polymerization combination
https://www.flysnow.org/2017/05/06/go-in-action-go-log.html
From the perspective of Flutter and the front-end, talk about how to ensure UI fluency under the single-threaded model
nginx-301, 302 redirect
Geolocation by IP Address in ASP.NET
Daily
More
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)

Code World

© 2018 codetd.com