Hein (fub) wrote,
Hein
fub

  • Mood:

"Making a site is easy"

When I point people at kliktikfix and tell them what I did to make it like it is, I got a few strange reactions.

"Oh, yeah, that's easy."

I'm wondering what prompts people to react that way. Especially when I tell them I want to add functionality X, and they cheerfully tell me: "Oh, just use library Y -- easy!" Until you look into library Y and discover that it doesn't, in fact, offer functionality X. Apparently library Y is so easy that you don't need personal experience with it to know that it is easily implemented...

I know making a site is easy: just create a database table, make a page to enter stuff into the database, and make another to show it. Sure, that's easy.
But it's hard to do it right. Trust me on that: I spent five years building sites as my day-job, and back there I had the advantage of a full-fledged CMS to build upon. Making a site is easy. But making a site that has lots of functionality that isn't easily hackable is hard.

Right now, I'm building a functionality to leave a comment on an entry. Easy, right? Again, a simple database table, a page to enter your comment and a page to display the comments. We've seen it hundreds of times on various weblogs.
But what about sanitising the entered comment? Because I sure as hell don't want my site to become a vector of XSS attacks. And that is where the 'easyness' breaks down: there are umpteen libraries and shortcuts, all with their own vulnerabilities. Obviously, a simple regexp doesn't cut it, and I could simply strip out all the links and stuff, but I don't want that -- I want to offer a richer experience. I could use BBCode-like stuff, but I hate pseudo-HTML and it adds another learning curve.

There's a lot of hidden complexity in building sites, that most people never even get to see. And if you build a quick intranet-site, you don't have to concern yourself over it. But an outward-facing site that is open to the public, that offers interactivity? Just don't bring your "that's easy"-mentality over, because it will bite you in the ass later.
Tags: kliktikfix, programming
Subscribe

  • Final RPG-a-Day: Thank

    The last prompt for RPG-a-Day this year is ‘Thank’. If you have read every entry of this year’s RPG-a-Day, then I certainly…

  • Next-to-last RPG-a-Day: Mention

    Today’s prompt is ‘Mention’. I guess this is where I mention people I look up to, or websites I frequent? Ok, here’s…

  • RPG-a-Day 29: System

    We’re in the home stretch for this year’s RPG-a-Day! Today’s prompt is ‘System’. Paulo, who has been doing…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 15 comments

  • Final RPG-a-Day: Thank

    The last prompt for RPG-a-Day this year is ‘Thank’. If you have read every entry of this year’s RPG-a-Day, then I certainly…

  • Next-to-last RPG-a-Day: Mention

    Today’s prompt is ‘Mention’. I guess this is where I mention people I look up to, or websites I frequent? Ok, here’s…

  • RPG-a-Day 29: System

    We’re in the home stretch for this year’s RPG-a-Day! Today’s prompt is ‘System’. Paulo, who has been doing…