Structuring Your Website
When developing your web application you may wish to bear the following things in mind. Nothing, of course, can
substitute for a good analysis and design process, but for many small sites such techniques are either beyond
the budget, or beyond the technical ability of the client or developer.
Create centralised folders for re-usable content. Web designers have been doing this for quite some time
with images. By centralising all images to a central /images/ (or similar) folder loading of webpages is faster for
the end-user because images will be reloaded from the browser's cache. Whilst a similar rationale does not
apply to Server-Side Include files, the use of a central /includes/ folder to store re-usable content means that
both absolute references (<!-- #include virtual="/includes/include.asp" -->) can be used,
and that SSI directive code can be "cut-n-pasted" from page to page without the need to worry about
adjusting relative references.
Store file based databases (eg Access .mdb) files outside the website's folder structure. This will prevent
attackers from downloading your database by entering http://yoursite.com/db/yourdatabase.mdb into their
web browser. If you can't store the database outside the web root (eg because you are using a hosted
server), then ensure that Read permission is not allowed in the IIS MMC Snapin for the folder in question.
This prevents attempts to read the file via a HTTP request. Many hosting companies will provide a folder
configured this way (eg /fpdb) for your use. For those using Frontpage Server Extensions, running the
Security Configuration Wizard (via the IIS MMC) will automatically secure permissions on a folder named
fpdb if there is one off your www root folder.
Centralise common information (eg database connection strings, or ADO constants). For small sites you could
store your database connection string in an application variable which is initialised when the first person hits
your website, by entering the following into your global.asa
Application("DBConnString") = _
"Provider=Microsoft.Jet.OLEDB.4.0;" & _
Guide Homepage | Back | Next