[Pro] Avoid the use of File Extensions.

I have recently used Silktide Nibbler to test some of the sites i have created using Freeway.

Interestingly they come up with errors ref use of the File Extension… the text they post is…

“Avoid use of file extensions wherever possible. File extensions appear at the end of web addresses, and have several negative effects. They make the address harder to remember or type (particularly for non-technical users), and can reveal the underlying technology of the website making it very slightly more vulnerable to hackers. They also tie the implementation of the website to a specific technology, which can make subsequent migration of URLs difficult. Consider URL rewriting as an effective and transparent means of creating appropriate URLs…”

I found an older thread on this Forum that refers to hiding the file extensions, as below.

http://freewaytalk.net/thread/view/85665#m_85695

Walter gave some adivce on the thread… has there been a change in thinking about the use of the File Extension since then?

Anyone know why Silktide are against the practice and does it really matter?

Thx

John

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Walter’s advice still stands: leave it alone (or use a CMS that handles it natively).

Todd

Walter gave some adivce on the thread… has there been a change in thinking about the use of the File Extension since then?

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Ditto. Nothing at all has changed here. People generally want “tail-less” URLs for one of the following reasons:

1. They look cool.
2. They are using a dodgy CMS, like anything written in Cold Fusion or ASP, and want to add a (minuscule) layer of misdirection outside of their balsa-wook core to keep someone from “rooting” their server with a single well-written URL (Not to fear, there are much simpler ways to “fingerprint” a server and determine which framework or language is being used – there’s no actual security being created here.)
3. They are a long-pants/neck-beard Apache sysadmin, and want to hedge their bets that the underlying URL scheme will change at some point in the future, and so they want to enable the content_negotiation system to allow foo.php or foo.jsp to stand in for foo.html without the URL needing to be rewritten later.
4. Mostly just #1 – or they saw it in a magazine article.

Tail-less URLs are usually the hallmark of a “search engine friendly” Content Management System (CMS), and they are nothing more than a translation from the unfriendly URLs like http://example.com/view.php?controller=products&id=42 into human-readable and rememberable ones like http://example.com/products/42 (or better, products/42-butterfly-net, or just products/butterfly-net). You will agree that the latter is a whole lot more friendly. While there was a time when “query-string” URLs were not even crawled or indexed by Google, that day is long gone, and there is very little additional value between the numerical index and the full human-readable address, so these are really more like “human-friendly” addresses after all, and that’s a very good thing.

But Freeway is not a CMS, and the URLs it writes are excruciatingly correct for a static HTML site. As I noted in the other thread, and hinted to above, by using the content_negotiation system, Apache can take an ambiguous URL and satisfy it by looking around for something that is a “fuzzy” match for the URL given. But this takes extra works, so for most static sites, absent a real reason (not vanity) to do so, your very best option is to use the actual complete URL and spare Apache the guess-work.

Walter

On Aug 24, 2014, at 10:10 AM, Todd wrote:

Walter’s advice still stands: leave it alone (or use a CMS that handles it natively).

Todd
http://xiiro.com

Walter gave some adivce on the thread… has there been a change in thinking about the use of the File Extension since then?

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Walter,

As it has been said many times in the past, and will probably be repeated many times in the future…

Thank You for your Advice…

John

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

On 24 Aug 2014, 1:59 pm, ejw wrote:

Anyone know why Silktide are against the practice and does it really matter?

I’d say they’re against it because they’re geeks examining the structural detail of a tree and missing the forest around them. It’s an ideological position, and it doesn’t quite map to reality.

Point 1: “They make the address harder to remember or type”
Perhaps, in an absolute scientific sense, but people are so used to “.html” that it’s just not a big deal.

Point 2: they “can reveal the underlying technology of the website making it very slightly more vulnerable to hackers”
Tinfoil hat time. If a file extension is .html that tells someone it is a regular web site serving HTML pages. If it is .php that tells someone that the server will parse PHP instructions in files. It’s more likely that a hacker will look for a Wordpress installation and try known exploits against that. Wordpress uses PHP, but a PHP extension doesn’t mean Wordpress; sniffing for WP will involve looking at page code, not page filename suffixes.

Point 3: something about not tying a site to a specific technology, then advising “URL rewriting”
This is mildly tech-specific in terms of server OS. Which could make subsequent migration difficult. Doh!

None of what they say is flat-out wrong (except to refer to filename extension use as “errors” – GRR!), but it blows things out of all proportion. Simple real-world advice: consider using well-named folders and make the key page filename inside those be “index.html”. For example yoursite.com/help/index.html. All someone needs to know is the yoursite.com/help part of the URL and they’ll get there just fine.

Do this for key strategic parts of your site, make it easy for someone to navigate to other parts once they’re there, and trust to search engines for people to find things otherwise. After all, a depressing number of people type URLs into Google rather than just going straight there! :-/

Also, Walter’s post that you referenced (http://freewaytalk.net/thread/view/85665#m_85695) is still spot-on stuff.

k

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

None of what they say is flat-out wrong

Long time no hear from you Keith

David

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Heh. Yep. Been busy.

Uni lecturing is full-on, believe it or not – partly because of being a year leader. And I’m still a MacUser bod. And still doing other things, including photography at Glastonbury: http://PanoramaPhotographer.com/arcadia/

But I’m still a Freeway user. (And Wordpress, etc.)

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

But I’m still a Freeway user.

Why the change of Moniker - we like thatkeith!

D

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

[offtopic] My old account seemed to have fallen through the server cracks as it didn’t know my old address. No matter, the name is restored!

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Welcome back ThatKeith

D

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options