Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should a website be W3C certified/compliant?


  • Please log in to reply
10 replies to this topic

#1 Snoopy101

Snoopy101

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 08 May 2012 - 10:08 AM

I have an important and a bit of urgent question.
I'm new to web development and am about to hire an Indian IT company via freelancer to create a rental website for me.
The IT company will make the site in core PHP but when I asked them to guarantee that the website will be W3C certified/compliant, they replied that it is not possible and that even Google is not W3C certified/compliant.
The reason I want the website to be W3C certified/compliant, is to secure that it is free of any errors and will work on future web browsers.
I would love to have your comments on this and to what alternative I should request from the web developer.
Also, I would love to hear what else I should request from the developer, as well as what I should look out for/secure is done, so I can add it on the agreement before the IT company starts the work.
I hope this will lead to an interesting discussion on how to secure that a developer creates a really good and secure website.
Thank you everybody.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:51 AM

Posted 08 May 2012 - 10:23 AM

Couple of things to consider:

1) SQL Query Sanitation

2) The site should be compatible with all modern browsers.

3) Site should be done via CSS.

4) With W3C Certification you will need to decide what level of compliance you want.

Its kind of hard to make a search engine page W3C Compliant.

#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:51 PM

Posted 08 May 2012 - 11:19 AM

Just a couple of thoughts. I work on a code base that was outsourced to an offshore company many years ago. I am pretty much guaranteed a few years worth of work to re-implement all of it. Your mileage may vary. The biggest mistake that was made when outsourcing was not demanding adequate code documentation. At some point you are going to want to update/alter/implement new features. If the person you hire to do updates or maintenance can't figure out what is going on, count on spending big bucks.

'Standards compliant code' is not realistic (or, I would argue, even a meaningful term). No two browsers agree on what the standards are, or how they should be interpreted. And they don't want to break old websites, so there are always going to be hacks to get pages to work on all browsers, even modern browsers. I have code that works perfectly in IE and Firefox, but Chrome can't handle it. Fortunately for my purposes, I do not have to support anything other than IE or Firefox. And there is no guarantee that the code is going to work on future browsers, 'compliant' or not.

@cryptodan, can you clarify what you mean by "Site should be done via CSS"? If you know how to create a website without any HTML, I would love to learn. All I can do is use CSS to style my elements. :P

Some other points you might want to consider:
1. How will conflicts be resolved?
2. How much time will pass before they respond to your emails/question?
3. How thorough are your specifications? Does it include screen shots, work flows, use cases, etc? You cannot expect them to guess at what you want.

If you could, report back on your experience?

Edited by groovicus, 08 May 2012 - 11:26 AM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:51 AM

Posted 08 May 2012 - 03:49 PM

What I meant via CSS, is that all elements and lay out be controlled via CSS, so the site is more global.


Nothing annoys me more then going to a site that has differently designed pages. The site should remain fluid.

#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:51 PM

Posted 08 May 2012 - 05:26 PM

I knew what you meant. Just wanted to make sure our other members did also. :)

I also wanted to add another comment about my statements above. The fact that some of the code I work on was outsourced is not wholly to blame for the condition of the code base. What is to blame is that the code base was treated like a part time project that was only worked on when others had spare time, and had no coherent picture of how everything worked.

Edited by groovicus, 08 May 2012 - 05:30 PM.


#6 Snoopy101

Snoopy101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 10 May 2012 - 12:30 AM

Thank you very much for your reply cryptodan. Would you mind esplaining "1) SQL Query Sanitation & 4) With W3C Certification you will need to decide what level of compliance you want" in further details? I am completely new to this and would love to understand this.

#7 Snoopy101

Snoopy101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 10 May 2012 - 12:54 AM

Ups... explaining

Thank you very much for your reply groovicus.

1. How will conflicts be resolved?
I have a written agreement with the developer wherein it among many other details, is agreed that I test the work and they correct any bugs/errors before I make any Milestone further payments.
Do you (or anyone else) have any further suggestions to this?

2. How much time will pass before they respond to your emails/question?
Well, they won´t get any further payment until any bugs/errors are corrected.

3. How thorough are your specifications? Does it include screen shots, work flows, use cases, etc? You cannot expect them to guess at what you want.
My specifications are quite thorough. I provide them with 3 draft containing draft of the design (made from screen shots) and a detailed description of each feature on the site. Draft 1st is over the HOME PAGE, SEARCH MODULE etc. The 2nd draft is over the SEARCH RESULT PAGE etc. and the 3rd draft is over the PROPERTY DETAIL PAGE etc.
Do you (or anyone else) have any further suggestions to this?

#8 Snoopy101

Snoopy101
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 AM

Posted 10 May 2012 - 01:04 AM

One more question that I would like to discuss:

Should I add a clause in the agreement that the developer should correct any errors found by W3C Markup Validation Service?

Would that not be the best way to secure that the developer does a good job?

#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:09:51 PM

Posted 10 May 2012 - 09:03 AM

Again, if you only want your page to work in one browser, and the pages are largely static, then you can probably get pages that validate. It is very difficult to get complex, dynamically generated pages to validate 100%, and you get no guarantee that just because a page validates now, that something in the future will not change with the W3 specs, and cause a page to no longer work properly.

The way to insure that a developer does a good job is to give them a set of specs and make them stick to it.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:51 AM

Posted 10 May 2012 - 01:26 PM

SQL Sanitization is used to prevent sql injection attacks where malicious users can inject code into your pages via the database.

#11 super-grusha

super-grusha

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 21 May 2012 - 04:11 AM

W3C validation is always good. Although they are right. There are always mistakes. Just make sure they are under 20 mistakes.
My personal suggestion is to do split testing in order to ensure that it works properly across all browsers, OS and screen resolutions.

Ask them for a document of split testing and make sure it has been performed properly.

Best of luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users