Redesigning Web Sites: Retooling for Changing Needs of Business

I worked with Stefan Mumaw back a couple years ago at BigMan Creative. He’s now at Brainyard, apparently busy writing books. “Redesigning Web Sites: Retooling for Changing Needs of Business”, available soon from amazon, leads with the story of the redesign of FAO Schwarz, which MINDSEYE (the company I work for) completed in August of 2001. I was the lead engineer for the ColdFusion & Spectra portion of the project.

Web.config vs. Application.cfm

In response to my post about the web.config file in ASP.NET, Ray asked how this was any different from Application.cfm in ColdFusion land. I think that it’s very similar, but there are some things that are better about web.config than Application.cfm.

First, and I think most importantly, web.config is a configuration file and a configuration file only. I’ve seen ColdFusion applications that use Application.cfm for security, some to include the header, some that contain database connection strings, some that contain UDF’s, etc. etc… Application.cfm is more flexible in that sense, but as always, that flexibility comes at the cost of misuse. There is no standard way of providing configuration information to a ColdFusion application.

Second, because web.config contains only XML, you can use your favorite XML parser to create and edit your configuration file. You could programatically generate your configuration file if necessary, while an Application.cfm would require a custom script to be written to first parse the file and then another script to write out the file.

Third, web.config files can be included in multiple directories on an application and inherited. You can include Application.cfm files in multiple directories, but you don’t get inheritance unless you explicitly include the parent level Application.cfm.

Fourth, you can programmaticly access configuration information about the current application without reading web.config. You can’t do this AFAIK in ColdFusion. For instance, let’s say that I have an Application.cfm that includes the following tag:

<cfapplication name=”myApplication” clientmanagement=”Yes” sessionmanagement=”Yes”>

and then somewhere later I wanted to know if sessionmanagement is enabled. How would I do that? Can you? Again, as far as I know, you can’t get that information without parsing the Application.cfm and looking for sessionmanagement=”true”. In ASP.NET, I write a simple line of code:

String sessionMode = Session.Mode;

where Session.Mode has the possible values of Off, Inproc, StateServer, and SQLServer.

I think something like what web.config provides would be a really nice addition to Application.cfm. Maybe Application.cfm just stays as it is and we get Application.config in addition…. maybe it’s better that Application.cfm goes away.

C# Documentation

More fun features in .NET, actually this time specific to C#. Documentation, though not usually the most fun thing to write, is probably one of the most valuable. C# lets you embed your documentation in your source code as XML. Visual Studio users will be pleased to know that their IDE automatically rips out the XML and creates Microsoft MSDN style files automagically. But where does that leave those of us who hack in Notepad or Eclipse? Even better off! Enter your XML documentation (more information on XML documentation within C# below) in your source code and then add a flag to your compilation statement. Here’s a sample compile statement of a class called ‘MyClass’:

csc /t:library /r:System.dll /doc:MyClass.xml MyClass.cs

Given that you entered comments in your source code, the C# compiler will then strip our your comments, package hierarchy, related classes and create an xml file, in the above case, called ‘MyClass.xml’. In and of itself, this doesn’t do you much good. But if you download NDOC from sourceforge, you can create not only Microsoft MSDN style help files, but JavaDoc help files, LaTex helps files and plain xml.

Further Resources:
C# Programmer’s Reference: XML Documentation [msdn]
C# Programmer’s Reference: Tags for Documentation Comments: [msdn]
XML Comments Let You Build Documentation Directly From Your Visual Studio .NET Source Files [msdn mag]

System/App Configuration in .NET

I mentioned I’m working with .NET stuff on my current project. One of the nicer features I’ve found so far is that .NET includes an entire package devoted to System/App Configuration. So I I’m writing an web application, I can put a web.config file in the root of my app and/or any of the subdirectories of my application. Inside that web.config file, I can set security, modify the compiler setting, specify an error handler… you get the picture. IMHO, the best part is that you can extend web.config and add your own custom settings. For instance, almost every web application worth a look uses some sort of database, which usually requires a database connection string or DSN name. You’d add something like this:

   <add key=”connectionString” value=”user id=sa;password=mypassword;initial catalog=mydb;data source=mydbserver;Connect Timeout=30″ />

outside of the system.web tag. To use that value in your application, you need not parse the xml file, you don’t have to worry about getting it into application scope, you don’t need to worry about locking. You only need to write one line of code:

private static String CONNECTIONSTRING = System.Configuration.ConfigurationSettings.AppSettings["connectionString"].ToString();

Pretty simple isn’t it? It gets better. According to this document, “ASP.NET detects changes to configuration files and automatically applies new configuration settings to Web resources affected by the changes. The server does not have to be rebooted for the changes to take effect.” and more importantly, “ASP.NET protects configuration files from outside access by configuring Internet Information Services (IIS) to prevent direct browser access to configuration files.

Further Resources:

ASP.NET Configuration: [source]
Format of ASP.NET Configuration Files: [source]
Configuring Applications in .NET: [source]

WEB-INF directory security

Thanks to Maia for pointing out that my WEB-INF directory on and other jsp based sites was accessible.. I was under the (incorrect) impression that Tomcat didn’t allow requests to the WEB-INF directory by default, but apparently it’s something you have to setup in Apache, specifically:

<Location “/WEB-INF/”>
   AllowOverride None
   deny from all

Covalent has an excellent support document on properly setting up your Apache and Tomcat installation.