Account services

Design checklist

This is a web application design checklist. It is meant as a help for developers to create a well-designed product for EEA.

Security

  1. Is your application protected against SQL injection?
    • E.g.: If you update a database record through a form field, can it contain quote (") and apostrophe (')?
  2. If your application accepts HTML input; is it vulnerable against Cross-site scripting?
    • E.g.: If you display a string from a database on an HTML page, have you escaped '&' to '&amp; and '< to '&lt;?'
  3. If your application allows file uploads, is it possible to upload a file that might be interpreted by the server? - e.g. to upload crack.php to a temp directory accessible through the webserver.
  4. If your application limits access to some objects, are you sure it isn't possible to circumvent it by manipulating the object reference in the URL?

Database

  1. Is the database normalised? I.e. you first bring it to 3rd Normal Form, then optimise. (Yes, this has been a problem in the past)

Look & feel and accessibility

  1. Is the style easy to change?
    1. Have you avoided using tables for layout?
    2. Do your pages follow the EEA or Eionet layout, or is it easy to make them follow it?
    3. Do you avoid pixel (px) specifications for font sizes and table widths? (Hint: use em, % or pt.)
    4. Have you removed the use of <b> and <i> and instead use CSS styling to achieve the same effect as much as possible?
    5. Have you designed your CSS styles so they can be used with the sitewide stylesheet without side-effects?
  2. Have you validated your pages with the W3C HTML validator?
  3. Do your pages print correctly?
    1. Have you designed CSS styles for the print stylesheet?
    2. Do tables, text and images fit within an A4 page and are they legible?
    3. Pages must not loose information when backgrounds are not printed.
  4. Have you made the webpages accessible?
    1. Are "alt" attributes used for all images - e.g. alt="" for bullets and such?
    2. Do you have <label> tags in forms?
    3. Do you use semantically correct markup?
    4. Do you have alternatives such as <noscript> for webbrowsers that don't understand Javascript?
    5. Do you only use <em> and <strong> when it semantically makes sense? I.e. where a speech-device should change the voice for emphasis?
    6. Do you have link texts that are meaningful out of context? I.e. no click here links!
  5. Have you done search engine optimisation?
    1. Is it possible to find everything by just following links? I.e. can a search engine get to the data without filling a form to search?
    2. Have you created a Google sitemap?
    3. Does the page heading say something meaningful, and not just e.g. "Details" or "Factsheet"?
    4. Does the <title> metadata tag match the page heading?
    5. Do you have a resource-oriented URL style?
  6. Does your product use Unicode? Have you tested with the Greek and Cyrillic alphabets? Even if you only handle English, you must support fancy quotes (“”„), em-dash () and the bullet (). The users paste them into HTML from MS-Word.
  7. Have you spell-checked the texts in British-English? - also the error messages?

Integration

  1. If your application lets users log in - does it use the Eionet site directory for authentication?

Deployment

  1. Have you provided installation instructions so that the application can be installed, upgraded, reinstalled and moved to another platform by a different person than you?
  2. Can the application be installed in both in the root of a website and in a subfolder?
  3. Can you run two instances on the same server?

Inspiration