Paj's Home
About Me
Site Info
Cryptography
Security
Programming
Web Apps
Frameworks
Introduction
Features
Robustness
Components
Python
TurboGears
SQLAlchemy
Pipp
Shit Head
Guest Book
Lottery Check
Web 3D
Theory Test

Robustness

Introduction

A framework must enable development of applications ready for high-load, mission-critical deployments. The framework itself must be robust, and it must help applications developed using the framework to keep this robustness. The main components of this are:

  • Stability
  • Security
  • Performance
  • Deployment options

Stability

Being able to confidently deploy an application into a live environment is critical. Some of the main considerations are:

  • Reliability - the framework needs to cope with all corner-cases encountered in day to day operations, such as the database being restarted. This relies on the framework being well tested, both with unit tests and deployments.
  • The framework should promote reliability in application code, e.g. encouraging design patterns that avoid race conditions.
  • Release quality - changes in the framework between releases need to be well managed to minimise incompatibilities.
  • Community (or paid) support is available in case of problems, and will remain available long term.

Security

The framework itself must not contain security vulnerabilities, such as directory traversal. Where the framework implements security-significant features, such as authentication, these must have all appropriate precautions (such as lockouts) available, and enabled by default.

Moreover, the framework must encourage secure coding. Use of an ORM and XML-based templates makes SQL injection and cross-site scripting vulnerabilities much less likely. The forms library needs to help prevent cross-site request forgery (CSRF) attacks, and similarly the JSON support must help prevent JavaScript hijacking attacks. The framework should also help prevent authorization flaws, such as parameter tampering attacks.

Performance

There are a variety of requirements around performance. Comparison figures often focus on the raw server performance, but this is only part of the picture. Some of the major factors influencing performance:

  • Cacheing
  • Bandwidth reduction - e.g. JavaScript optimisation, gzip filter
  • Scalability - Ability to take advantage of multiple CPUs and run on multiple systems. In general, as long as all intra-request state is stored in the database, all frameworks can scale well in this manner.
  • Optimising use of the database
  • Raw speed - how many CPU cycles it takes to service a request

Deployment Options

Applications must be deployable on a range of operating systems, web servers and databases. Having full Windows support, including IIS and SQL Server, is a definite advantage. Ideally, there should be a single, prefered deployment option for each platform, although some use cases (such as high performance) may require a different approach. There are three main styles of deployment:

  • Integrated with a web server. WSGI is extremely helpful here - as long as the framework presents as a WSGI application, this will be possible for any server that has a WSGI interface.
  • Running standalone. Frameworks should have a reasonable web server included, including SSL support, so this is a viable option. There will always be benefits to using a real web server, e.g. fast serving of static files, DOS protection. When an application runs standalone, it needs to integrate with OS management, e.g. becoming a service on Windows.
  • Reverse proxy. Gives some benefits of both standalone and integrated, but has challenges as well. If the web server does authentication, the details need to be communicated to the standalone application.

© 1998 - 2008 Paul Johnston, distributed under the BSD License   Updated:20 Jan 2008