Subscribe to my email list now at http://jauyeung.net/subscribe/
Follow me on Twitter at https://twitter.com/AuMayeung
Many more articles at https://medium.com/@hohanga
Even more articles at http://thewebdev.info/
It’s easy for developers to make mistakes, but we can prevent them if we know them beforehand.
In this article, we’ll look at mistakes that back end developers make.
If we don’t want to fix problems on the weekend, then we shouldn’t deploy on Friday.
Any deployment is risky and we should always think twice before doing if it’s not an emergency.
Things never go the way that we expect. And we definitely don’t want to ignore anything bad that comes up on the weekend and have angry customers to deal with on Monday.
Server-side input validation is important. They serve 2 purposes. We need them to ensure security and also to prevent corrupt data from being saved.
We have to prevent SQL injection issues so that attackers can’t run malicious code to do whatever they want in our databases.
Also, we should validate input data to make sure that the data is in the proper format that we’re looking for.
If we don’t, then we’ll probably run into problems in some other places.
Most back end frameworks should be able to do both out of the box so that we don’t have to write all the code from scratch to do all that validation.
Authentication and authorization are 2 different things. People may not be aware of that.
Authentication is just checking for the ability to be able to log into a system with valid credentials. Authorization is the privileges that we give users.
We should make sure that users aren’t authorized to do more than they should.
For instance, if they’re a regular user, then they shouldn’t be able to view other user’s private profile. That’s an authorization.
Authentication is just making sure that a username and password or anything else that we have to enter is valid so that we can log into a system.
Performance and scaling are always important things to consider in the back end. We don’t want our systems to time out when we’re dealing with too much data.
Therefore, we should consider caching, doing long-running jobs in the background, pagination, etc. These are things that’ll help us prevent overloading our servers.
It’s bad if our app is overloaded since it’ll fail before it can do what customers want.
Resource intensive jobs like report generation, sending mass emails, etc. should all be done in the background. They’re all resource-intensive and it’s hard to do them synchronously without holding up our app for a long time.
Users will be frustrated if they’re left waiting for a long time when we have jobs running in the foreground and keeping users waiting.
Therefore, we should create background jobs for these resource-intensive tasks and batch them so that they won’t overload our servers.
Also, we should move these tasks to run on their own servers so it won’t overwhelm the main app.
We should minimize bandwidth usage in all communications. For instance, we may be sending large chunks of data or images between multiple remote servers.
To make the transfer process more efficient, we should compress everything before sending it to save bandwidth. Then they can be decompressed on the receiving server.
REST API should follow some basic best practices. For instance, the HTTP verbs to match the database operations that they’re doing.
GET should retrieve data, POST should create data, PUT and PATCH should update data, and DELETE should delete data.
This way, no one will be confused as to what our code is doing.
Also, our endpoints have to send the right HTTP status codes. 200 series is for successful operations. 400 series for errors coming from client-side and 500 series errors for errors occurring on the server-side.
For instance, 401 is for unauthorized, 403 means that we’re forbidden to access a resource because of a lack of privileges, 404 for not found, 502 for timeout errors.
We should stop ourselves before committing these mistakes if we’re doing back end development.
We should think about performance, scaling, validating inputs, and returning errors with the right status code.