Back to the full dot-point answer
NSWSoftware EngineeringQuick questions
Module 2: Programming for the Web
Quick questions on Server-side programming explained: HSC Software Engineering Module 2
10short Q&A pairs drawn directly from our worked dot-point answer. For full context and worked exam questions, read the parent dot-point page.
What is routing?Show answer
A server-side framework maps HTTP method + path to a handler function:
What is validating input?Show answer
Use a schema library (Pydantic, Zod, Marshmallow) for anything beyond trivial validation.
What is database integration?Show answer
Use parameterised queries (covered in detail in databases-and-sql):
What is building responses?Show answer
A response has three parts: status code, headers, body. The framework usually handles the headers for you:
What is authentication and authorisation?Show answer
Most endpoints need to confirm the requester is logged in and then verify they own the resource they are touching. A simple decorator pattern works well in Flask: the decorator authenticates the request and attaches the user identifier so the handler can use it directly.
What is a full slice?Show answer
The complete login endpoint below combines routing, request parsing, input validation, parameterised SQL, hashed password verification, token issuance and correct status codes. This is the standard shape of a back-end endpoint.
What is skipping the response status code?Show answer
Returning the JSON helper alone defaults to 200 even for creations and errors. Set 201 for created, 400 for client errors, 401 for auth, 500 for crashes.
What is building SQL with string concatenation?Show answer
Always parameterise. The single most common cause of breaches.
What is trusting the request body?Show answer
Validate every field. Set length limits. Reject unexpected types.
What is logging sensitive data?Show answer
Never log passwords, tokens or full credit card numbers. Logs leak. :::