Building an web 2.0 blog RAPIDLY in Alpha Five v10 with Codeless AJAX

Application Server What’s New in Version 10 Deployment

Topics What’s New in Version 10 Deployment

What’s New in Version 10 Performance Security Functionality/Configuration

What’s New in Version 10 Performance A Peek at What the Server Spends Time Doing

What’s New in Version 10 Performance What is the Server Overhead? Read and Parse incoming request Determine action required to fulfill request Retrieve/Instantiate session Set up A5W execution environment Prepare and send response back to client

What’s New in Version 10 Performance Request Parsing More efficient socket reading Totally new parser Orders of magnitude faster Tightens up potential attack vectors Paves way for future functionality

What’s New in Version 10 Performance Set up A5W execution environment Cache the Application Root Cache a5_application.a5i

What’s New in Version 10 Performance Prepare and Send Response Cache gzipped output for static resources Optimized output sending

What’s New in Version 10 Performance The Results? Vary with type of request, hardware, etc. On average, server overhead is about ½ of what it is in V9 Large gzipped static resources have the most significant improvement

What’s New in Version 10 Security Security is implemented at many levels. Most significant in core server are: Connection handling Request parsing Session management

What’s New in Version 10 Security Connection Handling Intentionally malformed socket communications have potential to crash server Largely the operating system’s responsibility Application Server adds additional protection

What’s New in Version 10 Security Request parsing is dangerous business Depends on input from an untrusted source Uses untrusted input to create variables, take actions, etc. Most common area of exploit across web servers The new request parser has further protection against attacks via request parsing.

What’s New in Version 10 Security Session Management Cookie lifetime matches session lifetime Cookie is an Http-Only cookie If using SSL, cookie is a “Secure” cookie Server prevents recycling of session IDs

What’s New in Version 10 Functionality Logging Options Thread transition logging Xbasic error stack logging

What’s New in Version 10 Functionality Session.BrowserId Similar to V9 session Id Does not change across sessions Can be used to uniquely identify browser across sessions

What’s New in Version 10 Functionality New Response Methods AddCookie() supports Http-Only and Secure cookies AddHeader() supports additional header syntax Expire() directs client on how long to cache the resource NoCache() directs client to not cache resource Redirect() supports Permanent (301) redirects SendFile() easily send a file back to clients

What’s New in Version 10 Functionality Error Pages Custom error pages can now execute A5W code Write your own error handlers that email administrator, attempt to fix mistyped URL, or take just about any other action you can code in Xbasic

What’s New in Version 10 Functionality IP Address Binding Server can now run on just one of a machine’s addresses Allows for multiple servers on same system using same port to serve different applications

What’s New in Version 10 Functionality Enable/Disable Built-in Functionality Alpha favicon Alpha logo used in a5w_info() output .a5ajax processing .a5image processing Alpha JavaScript library Automatic sample pages deployment

What’s New in Version 10 Functionality Configuration Options Timeout for header reading Timeout for full request reading Timeout for Keep-Alive connections Maximum Keep-Alive requests per connection Maximum URI length

What’s New in Version 10 Functionality Version 9 Compatibility Server Runs the old Version 9 server Removes all new Version 10 functionality Provided for debugging purposes only

Deployment Web application or browser-based application? Web browser is used for UI, but app does not need to be on the Internet Recommended approach for new development work

Deployment The primary deployment issue is where to host your application. But other questions must be answered first. Who needs access to the application? Is this a hybrid app or browser-based only? Internal resources

Deployment Who needs access to the application? Internal users on local network Internal users at remote location(s) External users at specific remote location(s) General public Internet

Deployment Browser-based only or hybrid app? A desktop app with DBF suggests hosting locally A desktop app with no DBF is more flexible Purely browser-based provides more options

Deployment Internal Resources Once installed, little ongoing maintenance is needed Greater availability tends to be difficult for smaller companies

Deployment Given these considerations, should you host it internally or use a hosting provider? Internal typically gives you greater control, makes broader access more difficult, and has a greater initial cost. Hosting providers can provision quickly, specialize in keeping your server running 24x7, can limit or open access as desired, may be slower for internal users.

Deployment Regardless of internal or outsourced hosting, consider the hardware configuration Memory is inexpensive and greatly improves performance Disk drives often create a bottleneck Many database tasks are CPU intensive For a detailed discussion, see Kurt’s articles on blog.alphasoftware.com

Building an web 2.0 blog RAPIDLY in Alpha Five v10 with Codeless AJAX

More Related Content

What's hot (20)

Similar to Building an web 2.0 blog RAPIDLY in Alpha Five v10 with Codeless AJAX (20)

More from Richard Rabins (7)

Building an web 2.0 blog RAPIDLY in Alpha Five v10 with Codeless AJAX