Advanced Search
Search Results
457 total results found
ACM
Amazon Certificate Manager (primarily for e.g. CDN certificates for CloudFront distributions)
Languages
Amo, amas, amat, amatus, amatis, amant
Frameworks & Runtime Environments
Ancient bones creaking...
Expanding your website: scaling considerations
Adding extra infrastructure to help with performance and scaling needs.
Client-side caching
An introduction to client-side caching, how to use it, and when to use it over server-side caching.
Designing interactive, responsive interfaces
The bane of all developers... well, non-frontend ones, anyway.
EC2 (Elastic Compute Cloud)
AWS' gigantic cloud computing solution, also includes load balancers
Videos: Overview
Much more complex than transcoding images.
Image Transcoding
How to set up image transcoding, image-specific considerations, etc.
Artwork Galleries
Display styles, gallery object variables, etc.
Artwork Submissions
Variables and other references relating to artwork submission handling.
Redis: Cached Items and Rate Limits
Significant variables cached in the cache servers, etc.
Pre-page loading
Standards for pre-page loading, the navigation bar and head HTML, etc
Videos: Dedicated Services
Using dedicated transcoding services, pros and cons, etc.
Videos: Serverless Code
Transcoding videos with serverless code functions, use cases and implementation.
MediaConvert
AWS' video transcoding service (we do not currently use this)
Bunny Stream
Bunny's video transcoding and streaming offering.
Site Themes Implementation
Notes on how themes (including the custom theme) are implemented.
IAM
Identity and access management - example IAM policies for various use cases
Cloudflare
A cloud services provider that mostly deals with CDN and security services.
Tech stack and managerial considerations (non-developers)
If you're a developer, then choosing a tech stack to use is probably going to come down to what you are most familiar with. For non-developers, that isn't going to be as relevant per, since if you are hiring a developer then it's just a case of them being comp...
Storing User Sessions
In most websites, user "sessions" are stored to keep users logged in, among other things. There are some important things to note about this that are explained below. User sessions aren't only for logged-in users A user session can be for any website visitor...
Apache configuration
Configuring Apache properly is essential for website security. Generally, pre-packaged webserver software (e.g. Bitnami instances) are not designed to have every security measure enabled, as some measures need to be carefully decided by the server administrato...
Language-specific configuration (e.g. PHP)
Depending on your tech stack, the language of choice that serves backend requests must be configured to handle requests and user sessions securely. This page focuses on PHP as an example. This is not an exhaustive list, as some languages have their own specif...
User Input: Sanitization and Validation
To protect your website from malicious attacks (and also simply to prevent weird errors for users), you need to sanitize and validate user input. Sanitization Sanitization means removing any potentially malicious content, like a user writing a comment that c...
Storing Credentials for Cloud Services
Your webservers usually have to connect to various services, like your database and cache servers. To do this, they will usually need to have credentials on hand to authenticate themselves. How should you store these? Best practices The Need to Know (Least-A...
Storing User Credentials
For the most part, this is about storing passwords, and understanding how to secure them properly. Password encryption algorithms When it comes to storing user passwords, the algorithm you use for doing so is always going to be a tradeoff between security st...
WebSockets-specific security practices: JSON Web Tokens
When using the WebSockets protocol, there are a lot of potential pitfalls to bear in mind that can be very confusing to really get your head around from a security standpoint. There's no real "authentication system" in WebSockets In a normal HTTPS scenario, ...
CSRF tokens and CSRF headers
CSRF Headers Adding a custom request header to 'unsafe' outgoing AJAX requests (e.g. POST requests) adds some additional protection against CSRF attacks. Article here: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_...
Introduction and Critical Points
Defending against security threats, such as XSS (Cross-Site Scripting) and CSRF (Cross-Site Request Forgery) attacks is, like most of computer security, a case of defence-in-depth: there is no "one single approach" that defends against them. You need to use se...
Displaying user-inputted content on webpages
XSS (Cross-Site Scripting) generally results from bad practices regarding user input. For example, suppose there is a simple HTML text box for users to comment on an artwork, and a user writes: <script> alert('Execute order 66'); </script> If this comment ...
Implementing an image transcoding solution yourself
If you are going to implement your own image transcoding solution, the first thing to understand is the basic infrastructure and execution flow. Infrastructure As a reminder of the basic execution flow that was shown earlier: Your website is going to invo...
Implementation
Prerequisites Before reading this page, read the page on implementing image transcoding solutions yourself (as much of the same process is required). This page assumes you already know the steps involved in that, and focuses on specific differences you need ...
Infrastructure Overview
Before thinking about code of any sort, creating a website bigger than "Hello World!" requires a lot of infrastructure: it involves much more than simply a webserver. It will effectively have an entire network of systems and servers that work with each other t...
Choosing a 'primary' infrastructure provider
For the most part, big web infrastructure providers are fairly few in number (as the cost and difficulty of setting them up is very high). In addition, you are likely to use several features of whichever provider you choose, such as webservers / database serve...
Choosing a CDN provider
There are a lot more CDN providers than there are cloud service providers (though most of the cloud services providers also offer CDNs). For an art website in particular, but also for any site hosting large assets like big images or videos, which CDN you choos...
Choosing providers for collaboration tools (email, support, etc)
Workspace Provider For sending non-automated emails, you have a few options. The "traditional" providers - Microsoft and Google - are actually fairly expensive, and unless you plan to make use of all the features they offer, that can be an unnecessary expense...
Financial Costs Overview
Ultimately, an art website faces mostly similar costs to other websites (and extra bandwidth costs, like other media-heavy websites). Below is a list of expenses to keep in mind, roughly ordered from most expensive to least expensive. Staff If you're hiring ...
FFmpeg
Homepage https://ffmpeg.org/ What is it? An open-source library for processing and transforming videos. Why did we choose it? It's open source, well maintained, and extremely powerful. What do we use it for? Resizing and re-encoding user video uploads ...
Tech Stack Explanation Template
Homepage What is it? Why did we choose it? What do we use it for?