 In this module, we will talk about how do we design an effective web based database application. And as I have mentioned that we use a tiered approach and in the subsequent modules, I will also talk more about that tiered approach. And that tiered approach, which is the most important part of that tiered approach that is the server side logic. And as application designer, you divide your application into tiers, right? So as to ensure performance, to ensure security, and to ensure other requirements as we will be discussing in this module and in the subsequent module. So we will discuss the guidelines about 11 guidelines which are there. And before we discuss those guidelines, let me briefly go over certain points, which should be considered while designing a web based database applications. So let's go over those points. So this is a tiered, it's a layered approach. Okay. And this is the most critical part over here. This is the part which we will be looking at. Okay. This is the client. This is your browser over here. This we will discuss in the more detail in subsequent modules. So we are not going to leave anything. Things will be covered. So we will be having a top down approach going to more detail. So what are the design considerations? Partitioning the application logically. What is happening in a certain part of the application that should be partitioned from the other part. So that when you are working on that part, it should not affect the working on the other parts. They work together, but it should not be influencing it. Abstraction for loose coupling. Don't be very precise. Okay. Lose the divided use abstraction. And there should be communication between the components across those boundaries. For that purpose, you can use the standard or follow the standard methodologies. So as to have something which is easy to understand and which is easy to code also reduce the round trips. This is basically what performance is about performance. It is that you fetch something from the web server for the client. And then you go again fetch it and you go again fetch it reduce those round trips because that server could be at the other. End of the planet in view of the distributed database and nature. So reduce those round trips. And when you prevent that fetching again and again, fetch whatever is required, which you know is going to fetch in one go because that reducing the round trip will give you better performance. I hope you get the picture. We'll go into more details. Caching what is needed time and again that should be placed in the case. Right. It is there in the case. It is it could be prefetched in the case. And the point is that instead of looking at the main server in the main database, you first check the case. And when what you need is in the case, it gives you good performance logging and instrumentation. Across the boundaries of those different modules or those layers, whatever activity is taking place that should be recorded in a log. The benefit of recording that in a log is that you can perform a log analysis of the activities which are stored in the log that will help you find and establish suspicious activity. If the security of the system has been compromised, that will help you look at those issues and identify them and maybe identify them before something serious happens. Avoid blocking long running tasks. Okay. That is that is important. And for this, you can use avoid blocking long running tasks. Because if you if you do it, this is all for the performance. They should be an asynchronous mechanism. Right. Because those tasks should not bring down the performance of the entire system. Authentication at trust boundaries, whatever is happening across the boundaries, only the people or the counts on the services which are authorized to do perform certain activities. They should be doing it. No sensitive data in plain text. Sensitive data must be encrypted. Should not be sending it over without any encryption using the least privilege account, whatever actions are being performed, use that account which has limited privilege. Because if that account is hacked, then by virtue of having extensive privileges, a hacker will create problems for you to have limited privileges that account is being used. So what are the design guidelines? There are about 11 design guidelines, authentication, authorization, you can read them. I will go into more details. People processes authorized to do their authorized exception management. This this we have covered now I will go to the validation validation should be done means that if somebody is entering a command, typing a text, check that is malicious code is entered in a text window which will run on your server. Right. Or if somebody is entering text where a numeric value was required. These are all performance issues because if numeric is entered at the text instead of having it validated at the server end, which will take a lot of time. Very dated at the client in your browser. And of course, now I will go into more detail. Authentication identify the trust boundaries where you want to check. The boundary is being crossed. Platform supported authentication better use windows based authentication. Don't make your own authentication use platform features for forms. Use the standard features. Which are robust, which are strong, which will secure a system in force account management. Do not let the accounts to be hanging around. Okay. The people should not. They should be kind of a self log out in force strong password policies password should be uppercase combination numeric lower case and so on. And of course, authorization. Identify the trust boundaries use URL authorization based upon it. So that the people should not be changing the things and getting the rights which you don't allow them to write granularity of authorization. If you go into a lot of details, nitty-gritty details, you will have a secure system, but it will compromise the performance. And if you are not into very high level of a details of security, you will have good response, but the security can be compromised and use impersonation and delegation. So all of those things will ensure that your web based database application is secure. More points in the next module.