Looking for a question that combines the understanding of few web technologies

Question

I am teaching a web development course at a CS department, I wrote most of the final test by now, each question focus on a specific feature or a specific technology,

I wonder if you can think of/recommend a question that combine the knowledge of few technologies..

The course mostly covers: HTML, CSS, JS, HTTP, Servlets, JSP and JDBC. (as well as AJAX, ORM, basic security issues like SQL-Injection and XSS, HTML5, REST APIs)

EDIT: I will super appreciate questions with answers :-) thanks!

I'll give the bounty to the question with the highest rank, so please vote! I honestly like most of the questions here, thank you all :-)

Answer 1

Fun question :-) How about...

On web development you need to separate content, style and behavior. Describe why this is done and what different technologies you use in which layer. Every acronym should be written in full text on first time use. (10 p)

or...

Describe what happens in a Web Browser (step by step) when a web page is transferred on the internet from a Web server through HyperText Transfer Protocol to a Client. Consider all the different technologies you have used in this course. (10 p)

Answer 2

You can ask to explain how to implement MVC pattern. And in this MVC pattern where does each technology come in use. Rather How and Why ?

Answer 3

Explain the relationship of the DOM to each of the following technologies: HTML, CSS, JavaScript.

The goal here is for the answer to make clear the student understands that HTML generates a DOM structure, CSS affects how that structure is rendered, and JavaScript affects how that structure is modified. If you understand how it all ties back into the DOM, all client-side coding becomes straightforward.

Answer 4

Well, putting on my "evil" hat for a moment, you could ask how the back end data model should dictate the layout of the front end, and any answer other than some variation of "It doesn't" gets to take the class over again. >:-)

Answer 5

Explain what happens, and which technologies could be used, when a user logs in to a protected web site using form based login that sets a HTTP cookie. (Starting from the HTML form all the way to the database and back to the browser.) Bonus question: What changes, when using AJAX for the login?

Answer (main points):

• HTML: Form (using POST) with text input fields and a button. Security: Form sends via HTTPS. The login page itself should also be a HTTPS page (otherwise, the form could be replaced by mallory -> MITM)

• Javascript: Performs some basic validation (e. g. empty password), and displays error message before sending to server.

• Servlet: Receives POST request, takes username/password parameters (in plaintext), calculates (salted) hash from password, discards plaintext password.

• JDBC: Selects hashed password from DB. Used to compare with the transmitted password.

• Servlet: On success, creates a new session (leads to the creation of a cookie header). Prepares objects that will be used in the JSP page (and stores them in the session or request scope).

• JSP: Prepares the HTML page that will be sent to the browser.

• Browser: Receives HTTP response, sets cookie and displays the page.

Bonus (AJAX): The server doesn't have to prepare the entire page, but only sends the necessary data and/or HTML snippets to the client. The browser doesn't reload the entire page, but modifies the current page using JavaScript. Security: AJAX can't perform Cross-Site requests, so it's impossible to have a HTTP page submit the login data via HTTPS.

Caution

It should be noted, that this is not meant to be used as a HOWTO for building a secure login mechanism. This description is simplified and doesn't cover every security aspect. OTOH, as an exam question, it should probably be simplified further and adjusted to the content of the curriculum.

Answer 6

Why should any framework you use generate HTML, CSS and JS?

DRY

Answer 7

Imagine you work for a security agency and were given the task of developing a web-site. The field agents specifilly requested that the site could swap colors so that they could use it both on night-vision and at the office. With what you learned describe how you would separate content from structure to allow night/day switching and what security measures you would implement to prevent another enemy agency from stealing your data.

A spiced up question. I always find my students more interested when I put them in the middle of a plot.

Answer 8

Since students have already developed simplified twitter during their course, you may ask a question like what additional steps they would do to make it a real twitter website or a clone of it and ask to describe each steps staring from html to ORM / database. You may explicitly specify the technologies to be used.

Answer 9

Something along the lines of...

Explain how you would display the results of a call to an offsite XML feed when the user performs some action in the browser. The browser must not navigate.

A good answer would address the need for client-side scripting, the XSS issue, and the server-side component necessary to get around the XSS issue, possibly with pseudocode or snippets.