Security is of huge importance to us, which is one of the reasons we recently undertook a large upgrade of our framework to incorporate several extra security enhancements. This involved a wholesale review of the code and a lot of meetings to come up with the best way forward. We decided to move entirely to a class-based framework which has led to many varied improvements, some of which are explained below.
The class framework itself
We originally created our own code framework to afford us total control, flexibility and knowledge of every detail. As we offer bespoke website development this allows us to amend it to suit our clients’ needs easily and with no wasted effort. When it came to moving to a class-based framework there was no question of adopting a third party solution, so we decided to migrate the best bits of our old system to a pure Object Oriented framework whilst rewriting the remaining code from the ground up.
Initially this was quite a commitment for us in terms of time, but the investment has paid off and we are recouping time as bug fixing is reduced and code re-use significantly increased. This allows us to pass development savings onto our clients and to significantly cut development timescales. Essentially, our class-based code makes it a lot easier to build functionality once and then re-use it multiple times in several different scenarios with limited changes.
One of the main reasons for the redevelopment was to increase the security of our framework. In particular the underlying database module has been completely overhauled to ensure that all database accesses are filtered against several security processes before being run. The nature of our framework means that we can guarantee that all database calls have to run through these processes.
We also took the opportunity to review and refine our user and member login functionality following 2 penetration tests on our old system. The upgrades ensure that every system we develop will benefit from the full range of cross browser and other exploit prevention mechanisms we have employed. The new user system also ensures that security is maintained through all processes by kicking non-authorised users before any other calls can proceed.
Code maintenance and long term stability
The move to a class-based system has ensured that all of our code is more readable and therefore easier to maintain. This allows us to develop web software faster and more efficiently. The tightly structured framework ensures all developers create code using the same format and structure. All of our developers can easily jump into new projects and instantly understand the environment allowing them to be productive immediately with little learning curve.
Our use of industry standard version control software allows us to keep track of all the changes that are made to the code, allowing us to easily trace bugs to their source and ensure they are fixed for all revisions.
The re-development has also allowed us to fully document our code. This makes it even easier for other developers to understand and amend functionality.
Finally, we have further developed our editing and display functions to automatically provide paging and filter functionality. Along with several other useful functions such as the ability to export any list of results, this allows us to concentrate on developing more bespoke functionality for the benefit of individual clients. Obviously any enhancements which may be of use to future clients are incorporated into our centrally administered system for immediate deployment to the next project. This way everyone benefits from incremental changes.