User:Zwang18/Writting assignment 1g
Introduction
Web framework is a software framework that is designed to support the development of web applications like dynamic website, web service APIs. It frees developer from lower layer details and provide tools to accelerate the development. A framework usually correspond to one or more languages and types of Database.
Except for standard libraries, web framework often provide libraries for frequently used functions in web applications and hide low level details to the developer. It also has all required protocols well implemented, i.e. HTTP(s) and all supporting protocols. Except the standard library, most web framework will include libraries for frequently used functions and modules by default, like: URL Encoding, HTTP Request header parsing, URL mapping, session module and Database module.
In addition, Template, Caching, Load balance, URL Fetch, DoS Protection, Frontend Channel, Mail, Open Authorization, DOM management, XMPP are also commonly seen features in most modern web framework.
Web application process
Most web applications are based on HTTP(s) protocol, where client and server uses Request-Response method to exchange information. In a typical round, client sends information encoded into a HTTP request header, server will respond with a HTML page, Json or XML data. The response is usually real-time generated based on the request.
Usually server only respond to requests and is not able to start a connection to client, unless certain hack like Javascript Channel is used.
Static
The static server is a direct implementation of HTTP protocol. In such model, every request corresponds to a file on server, the server daemon fetch the correspond file and send the file directly to client as is.
Therefore, as its name indicates, the response content is not dynamically generated.
CGI and PHP
CGI (Common Gateway Interface) and PHP (Hypertext Preprocessor) are naive implementation of dynamic web server. The response content are dynamically generated according to input parameters which is sent to server with the request header.
In this way, the server can customize the response based on the request parameters and client information.
These kind of web framework have a simple script interpreter or compiled server program in order to generate the response. However such framework only provides an executable environment for the response generator, usually without further functions.
Furthermore, these interpreter or program usually don't have strong protection or isolation from the operating system. That means the input parameters must be examined very carefully, otherwise an intruder may able to execute any command with the privilege of the interpreter or server program.
Modern framework
The basic task of a modern framework is still generate dynamic response according to the request and corresponding parameters. However, it provides many feature to make the task easier and more secure.
The framework may have build in modules to provide certain task like session management, templating and it may also provide interfaces which allow the server program to communicate with third parties upon user request. Those communication may use protocols other than HTTP(s), like XMPP or SMTP.
Modern framework runs not only at backend, but also at frontend: providing features like DOM management, asynchronous communications and two-way communications.
A modern framework includes protecting mechanism which prevents intruders from accessing the host operating system directly. Only through certain modules or interface can a service program access resources in operation system. therefore it is more secure.
Features
One of the advantages of using a web framework is that most frequently used features are already implemented and can be used easily through pre-defined interfaces.
Database
Most web framework have database module which allow the server program to provide persistent storage to data. This is considered a basic feature that should be provided by a web framework.
It is important to store and query data on server so that the response is not uniquely depend on the corresponding request. The response can now be generated upon previous session content even session between the server and other clients.
Session management
Session management is another basic feature in web framework.
HTTP protocol is designed to be stateless which makes it hard to track a client's identity. Therefore, without Session management, the server cannot provide continuous user-specific service, because the server cannot keep the client identity between requests.
Session also provide a temporary memory storage between associated requests. It is much faster and cheaper to store temporary data using session modules instead of database.
Channel
A channel can provide a persistent connection between client and server, allowing the client to send messages to JavaScript runs in client browser in real time without the use of polling.
This is useful for applications that are designed to update the user about new information immediately or where user input is immediately broadcast to other users. Without channel feature, the only way to do so may be client explicitly polling the server which results in high latency and high server load.
Email and XMPP
Web applications with user interfaces usually use HTTP protocol. However, there are web applications that uses other protocols like SMTP, XMPP, etc.
It would be useful to have the ability for a HTTP based web application to cooperate with other protocols. And it is important to do so through build-in modules of the web framework instead of access those functionality though operating system because for security reasons.
Open Authentication and URLFetch
Open Authentication protocols like OAuth and Open ID are protocols that allow a user to grant a third party limited permission to access a web application on his/her behalf, without sharing credentials with the third party.
Although most Open Authentication Protocols are based on HTTP(s). These protocols often have too many detail and procedures for a developer to write a compatible authentication adapter. Thus it becomes popular for web frameworks to have such modules build-in.
URL fetch enables the server to generate dynamic content based on HTTP(s) resources on other hosts or communicate with other HTTP(s) hosts over the Internet.requests.and communicate with other
Load Balance and Data Synchronization
Some web framework like Google Appengine are designed to work on multiple servers. Hence it becomes important to balance loads between servers and synchronize data between servers.
These kind of web framework often have load balance and data synchronization modules so that these trivial things can be handled by the framework automatically and efficiently.
Security and Server Logs
Security is another important aspect of web framework. Web frameworks often provides many mechanisms to protect the server from deny of services attack, SQL injection and prevent control flow escaped to operating system. Web framework should also provide a event log which makes it easier to debug and locate the security flaw.
List of Frameworks and programming languages
Google Appengine web.go
Backend
Types
CMS
Plug-ins
MVC
3-Tiers
Push-based vs. pull-based
languages
Shell Script
Java
Python
Go
Web.go Google Appengine