Minimize Dynamic Parameters in URL’s

Minimize Dynamic Parameters in URL’s

23.Nov.2021

URLs should contain information about exactly what your webpage is about. If you need to pass dynamic parameters to the server, use query string or GET method. POST method could be used for passing data that contains no sensitive information (for example username/password).

 

 

 

For more details read Jeff Atwood’s article on Dynamic Parameters in URL’s.

 

 

 

 

 

URLs should be descriptive. They should look like file paths, not like search queries. Also try to use shorter URLs (fewer parameters) if possible.

 

Example: http://localhost/register?username=somename&password=123456

Example: http://localhost/register-user?username=somename&password=123456

The second example is much better and informative because the client has a clear understanding of what he will see when opening that URL without having to go and read it in some other place on the website. It’s also much easier for search engines to understand your content and index it properly without having strange query strings appended to each request by various third party tools such as analytics and social plugins.

As mentioned previously, using POST method for passing dynamic parameters containing sensitive information is not a good idea. This will be stored in server logs or even in browser history/cache which can be compromised quite easily. If you really need to use GET-based query string, try adding random tokens/numbers at the end of it so it’s harder to guess what your URL was actually about.

 

Google’s webmaster blog has a very good article on this subject.

 

URLs should be descriptive. They should look like file paths, not like search queries. Also try to use shorter URLs (fewer parameters) if possible.

 

Example: http://localhost/register?username=somename&password=123456

Example: http://localhost/register-user?username=somename&password=123456

The second example is much better and informative because the client has a clear understanding of what he will see when opening that URL without having to go and read it in some other place on the website. It’s also much easier for search engines to understand your content and index it properly without having strange query strings appended to each request by various third party tools such as analytics and social plugins.

As mentioned previously, using POST method for passing dynamic parameters containing sensitive information is not a good idea. This will be stored in server logs or even in browser history/cache which can be compromised quite easily. If you really need to use GET-based query string, try adding random tokens/numbers at the end of it so it’s harder to guess what your URL was actually about.

 

Google’s webmaster blog has a very good article on this subject.

<br />

Title: Avoiding Single-use or “Magic” Constants

 

The problem with magic numbers in code is that they combine several issues, such as long-lived scope, implicit global state and hardcoded values. What's the problem? These may change in future, thus making your code brittle and hard to maintain.

 

More in depth explanation may be found in this article by Steve Yegge.

To solve this problem in Python we can use named tuples or constants module which provides functionality for defining constants on the fly (like #define in C/C++).

 

# singleton pattern example

>>> import constants

>>> # for example your company may have list of countries where they can ship their products to

>>> COUNTRIES = (constants.Afghanistan, constants.Albania, constants.Algeria)

# now instead of magic number use exports directly

>>> export(COUNTRIES)

<br />

Title: Avoid APIs/Web Services with Dynamic Data

 

A static API endpoint is an endpoint which returns same, unchanging results. This could be done by calling your own application (e.g. when using frameworks like Django or Flask where you can load entire model directly into memory), or third party web service (e.g. a REST API endpoint).

A dynamic API endpoint is an endpoint which requests data from another source - e.g. it makes HTTP request to your application or to third party web service, and returns content of that response directly in the call. This type of APIs are mostly found on "as-a-service" platforms like Heroku, where you can deploy your application on some cloud platforms.

Static APIs are easier to test and to use, while dynamic APIs are more flexible albeit harder to maintain/use in some cases.

The problem with dynamic API endpoints is that they cannot guarantee that the data will not change during runtime of your program (e.g. when you make requests throughout the day to your web service/API endpoint, and as a response you get content that may change over time). Any subsequent calls made to same dynamic API endpoint with exact data will return different results.