Dave Gardner
- dave@mpdconsulting.co.uk
- 07921 465358
back
Building Scalable Web Sites
Cal Henderson
“Building Scalable Web Sites” provides a fascinating insight into the complexities of building large-scale web applications. Written nearly three years ago (May 2006) by Cal Henderson, the engineering manager for Flickr, the book’s themes are still very relevant today, whether you are building a small web application or aiming for another Flickr!
The book covers the topics comprehensively, including chapters on:
- Web Application Arhitecture
(layered designs, hardware platforms, networking) - Internationalisation and Localisation (i18n and L10n for short!)
(Unicode, UTF-8, using UTF-8 with various technologies) - Data Integrity and Security
(validation, filtering UTF-8, XSS and SQL injection attacks) - Scaling
(vertical, horizontal, database replication and sharding, caching, load balancing)
What is particularly useful about “Building Scalable Web Sites” is how it provides a thorough grounding in a wide range of topics related to scalability without going into extreme detail on any area. This makes it an easy to read and approachable introduction. I found plenty of things that I knew, but didn’t really know. Cal points out the huge number of ways a Cross Site Scripting (XSS) attack can be implemented.
In fact, most browsers try to be a bit helpful by making minor corrections, such as replacing a missing semicolon. So the following, although invalid, will also work as an attack:
<a href="java script::foo">
Cal then goes on to point out how each of these numbers can be valid (with semicolon), invalid (without), with a zero prefix, without a zero prefix, in decimal or hex! It can be difficult to prevent XSS attacks and something that even the big boys haven’t 100% nailed yet (remember the Twitter worm recently created by Michael Mooney that exploited XSS vunrabilities in Twitter).
In addition to the purely technical, Cal offers up some more practical advice to would-be web application developers. One of my favourites being the “Web Application Scale of Stupidity”:
OGF < ------- sanity ------- > OOP
(where OGF = One Giant Function, OOP = Object Oriented Programming)
Another classic that gives a feel for the book is in the opening chapter on layered web applications where Cal compares an ideal web application to an English trifle (but not a Canadian trifle!)
http://www.flickr.com/photos/kukeit/8295137
I’ve found the book to be a valuable asset to my programming arsenal, and there are many points that will definitely be put into practice on the next project. As a colleague of mine says - you could build a pretty good web application referring soley to this book.
