

Ask HN: What is a good book for building quality websites? - lettergram

Hello, I am looking to create a secure website that is subscription based. It needs to keep track of users, and use&#x2F;have access to a large dataset (I currently have an SQLite database, but may change it). I have a few months to get this website going and I have a fair amount of experience using WordPress and I have made a simple website from scratch. However, I am looking to create an enterprise quality website and was hoping someone here had a book recommendation to walk me through the steps.
======
callmeed
First of all, avoid WordPress because (a) it wasn't designed for subscriptions
and datasets and (b) it has a history of security issues [1]

As bmelton said, Rails is a good option. If you're going to use Rails, my
advice wrt security would be:

\- Don't try and roll your own authentication system. Use Devise and keep it
and Rails updated.

\- Run the entire app over SSL

\- Use best practices to secure the actual box where your app runs. Assuming
*nix, this means things like disabling root login, using fail2ban, iptables,
key-based login,

\- Make sure to do some basic security setup on your database if it's on the
same box. Allow only local connections, run mysql_secure_installation, etc.

For learning Rails, I'd suggest going through the Rails Tutorial from Michael
Hartl [2] and/or getting a RailsCasts subscription [3] and/or trying one-month
rails [4]

[1] [http://www.cvedetails.com/vulnerability-
list/vendor_id-2337/...](http://www.cvedetails.com/vulnerability-
list/vendor_id-2337/product_id-4096/)

[2] [http://ruby.railstutorial.org/](http://ruby.railstutorial.org/)

[3] [http://railscasts.com](http://railscasts.com)

[4] [https://onemonthrails.com](https://onemonthrails.com)

------
bmelton
Define "enterprise quality"? A lot of people use the term to describe a "web
scale" type of application, but in my experience, "enterprise quality"
requires less scaling and more enterprisey features, like log auditing,
AD/LDAP authentication, etc.

As for a book on the subject, I don't know of any off the top of my head, but
there are resources aplenty online.

I would suggest that if you're leaning towards the latter definition of
'Enterprise', your Wordpress experience isn't going to factor in very much.
That said, for the most part, Enterprise web apps mostly tend to be CRUD-based
applications with a little bit of specialized business logic -- a framework
like Django or Rails is probably ideal for this, though bear in mind, that
limits your target audience -- which brings up another question -- who are you
building this for? Are you wanting to sell it, or is it for your current
employer?

If the former, you'll have to evaluate your customer size. Enterprise
customers aren _slightly_ harder to sell to if your application doesn't
conform to their application stack -- this means eschewing Django or Rails for
Java, in a lot of cases.

If the answer is the latter though, then you should find out what languages
and technologies your company allows, and target that as your starting point
-- then look for "building applications with _insert language here_ " type of
books.

All in all, good luck.

~~~
lettergram
I suppose it is more "web scale," it is a website I am building for my own
product(s).

We are now looking to create a form of a book club online. However, you can
imagine we have 40 million or so possible books, and hope to have a few
hundred to thousand(s) of users given time.

That being said we need it to scale, and be secure. We both have some Rails
experience, but we are willing to learn just about what ever.

~~~
bmelton
I'm not a Rails guru, so hopefully somebody else will interject some best
practices on security.

In the interim, all I can say is don't worry _too_ much about scaling. I mean,
obviously, don't make it unscalable on purpose, but your most important
priority is to launch a product that works. Your first 100 users or so won't
notice poor scalability, and Rails is easy enough to scale wider at the app
server that you should be able to get to profitability before having to worry
too much about it.

On the other end, if you spend three times longer building a scalable
application out of the gate and don't get any customers, or lose first-mover
advantage, then all that work was a waste of time, when you could have been
launched and billing well before.

ActiveRecord isn't notoriously efficient, but so long as appropriate indexes
are in place on the database, tends of millions of records shouldn't cause too
much of a problem, unless you're putting an inordinate amount of those records
on each page, or have odd query patterns.

The one good bit of scalability advice I can give you for a large dataset like
that is "Don't use the database for searching data." It took me years to learn
that one, which is sad, because SOLR is so easy to drop into a project, and is
so well suited to the task that it's just silly to not use it. The exact usage
patterns of when to query and when to search will depend on the application,
but use SOLR, or something like it, where it makes sense to do so.

Beyond that, make a product that works, and isn't too ugly. Faster is better
than slow, so make it snappy if you can, but ultimately, if you offer value,
save someone time or money, you'll have a product that should be able to be
marketed into sales.

