Friday, May 18, 2012

Looking for a question that combines the understanding of few web technologies


I am teaching a web development course at a CS department, I wrote most of the final test by now, each question focus on a specific feature or a specific technology,



I wonder if you can think of/recommend a question that combine the knowledge of few technologies..



The course mostly covers: HTML, CSS, JS, HTTP, Servlets, JSP and JDBC. (as well as AJAX, ORM, basic security issues like SQL-Injection and XSS, HTML5, REST APIs)



EDIT : I will super appreciate questions with answers :-) thanks!



I'll give the bounty to the question with the highest rank, so please vote! I honestly like most of the questions here, thank you all :-)


Source: Tips4all

10 comments:

  1. Explain the relationship of the DOM to
    each of the following technologies:
    HTML, CSS, JavaScript.


    The goal here is for the answer to make clear the student understands that HTML generates a DOM structure, CSS affects how that structure is rendered, and JavaScript affects how that structure is modified. If you understand how it all ties back into the DOM, all client-side coding becomes straightforward.

    ReplyDelete
  2. Fun question :-) How about...


    On web development you need to separate content, style and behavior. Describe why this is done and what different technologies you use in which layer. Every acronym should be written in full text on first time use. (10 p)


    or...


    Describe what happens in a Web Browser (step by step) when a web page is transferred on the internet from a Web server through HyperText Transfer Protocol to a Client. Consider all the different technologies you have used in this course. (10 p)

    ReplyDelete
  3. Explain what happens, and which technologies could be used, when a user logs in to a protected web site using form based login that sets a HTTP cookie. (Starting from the HTML form all the way to the database and back to the browser.) Bonus question: What changes, when using AJAX for the login?


    Answer (main points):


    HTML: Form (using POST) with text input fields and a button. Security: Form sends via HTTPS. The login page itself should also be a HTTPS page (otherwise, the form could be replaced by mallory -> MITM)
    Javascript: Performs some basic validation (e. g. empty password), and displays error message before sending to server.
    Servlet: Receives POST request, takes username/password parameters (in plaintext), calculates (salted) hash from password, discards plaintext password.
    JDBC: Selects hashed password from DB. Used to compare with the transmitted password.
    Servlet: On success, creates a new session (leads to the creation of a cookie header). Prepares objects that will be used in the JSP page (and stores them in the session or request scope).
    JSP: Prepares the HTML page that will be sent to the browser.
    Browser: Receives HTTP response, sets cookie and displays the page.


    Bonus (AJAX): The server doesn't have to prepare the entire page, but only sends the necessary data and/or HTML snippets to the client. The browser doesn't reload the entire page, but modifies the current page using JavaScript. Security: AJAX can't perform Cross-Site requests, so it's impossible to have a HTTP page submit the login data via HTTPS.

    Caution

    It should be noted, that this is not meant to be used as a HOWTO for building a secure login mechanism. This description is simplified and doesn't cover every security aspect. OTOH, as an exam question, it should probably be simplified further and adjusted to the content of the curriculum.

    ReplyDelete
  4. You can ask to explain how to implement MVC pattern. And in this MVC pattern where does each technology come in use. Rather How and Why ?

    ReplyDelete
  5. Since students have already developed simplified twitter during their course, you may ask a question like what additional steps they would do to make it a real twitter website or a clone of it and ask to describe each steps staring from html to ORM / database. You may explicitly specify the technologies to be used.

    ReplyDelete
  6. Well, putting on my "evil" hat for a moment, you could ask how the back end data model should dictate the layout of the front end, and any answer other than some variation of "It doesn't" gets to take the class over again. >:-)

    ReplyDelete
  7. Why should any framework you use generate
    HTML, CSS and JS?


    DRY

    ReplyDelete
  8. Imagine you work for a security agency
    and were given the task of developing
    a web-site. The field agents
    specifilly requested that the site
    could swap colors so that they could
    use it both on night-vision and at the
    office. With what you learned describe
    how you would separate content from
    structure to allow night/day switching
    and what security measures you would
    implement to prevent another enemy
    agency from stealing your data.


    A spiced up question. I always find my students more interested when I put them in the middle of a plot.

    ReplyDelete
  9. Something along the lines of...


    Explain how you would display the results of a call to an offsite XML feed when the user performs some action in the browser. The browser must not navigate.


    A good answer would address the need for client-side scripting, the XSS issue, and the server-side component necessary to get around the XSS issue, possibly with pseudocode or snippets.

    ReplyDelete
  10. ask to develop a student database system,in which you user can search the database with Date of Birth.

    here the folowing technologies can be used and tested.

    1.HTML for form controls

    2.CSS for esthetics

    3.Javascript for date validation

    4.very importantly you can explain SQL INJECTION.

    5.JSP

    6.SERVLETS

    7.JDBC

    8.ANY database

    9.AJAX

    10.MVC design pattern can be used.

    ReplyDelete