The process of verifying who a user is, typically by checking a
password or other credential.
authorization
The process of determining what an authenticated user is allowed
to do or access.
B
C
caching
Storing a copy of a resource (such as a file or database query
result) so it can be served quickly without re-fetching or
recomputing it.
CI event
An action that triggers a continuous integration workflow, such as
pushing code or opening a pull request.
CI job
A set of steps that runs as part of a continuous integration
workflow, typically on a fresh virtual machine.
CI step
A single command or action within a continuous integration job.
client
A program (usually a web browser) that sends requests to a server
and displays the responses.
client-side code
Code that runs in the user's browser rather than on the server.
client-side validation
Checking form input in the browser before it is sent to the
server, giving users immediate feedback without a network round
trip.
Content Delivery Network
A network of geographically distributed servers that delivers
static files (such as JavaScript libraries or images) from a
location close to the user, reducing load times.
Content-Type
An HTTP header that tells the browser what kind of data the
response body contains, such as HTML, JSON, or an image.
context manager
A Python construct (used with the with statement) that
automatically handles setup and cleanup operations.
continuous integration
The practice of automatically building and testing code every time
a change is pushed to a shared repository.
cross-site request forgery
An attack where a malicious website tricks a user's browser into
making an unwanted request to another site where the user is
already logged in.
cross-site scripting
A security vulnerability that lets attackers inject malicious
scripts into web pages viewed by other users.
CSS
Cascading Style Sheets: the language that controls how HTML
elements look in a browser.
CSS box model
The model that treats every HTML element as a rectangle with
content, padding, border, and margin.
CSS property
A named aspect of an element's presentation (such as color or
font-size) that can be set in a CSS rule.
CSS selector
A pattern in a CSS rule that specifies which HTML elements the
rule applies to.
CSS variable
A named value defined in CSS (using the --name syntax) that can
be reused throughout a stylesheet.
CSV
Comma-Separated Values: a plain-text format for tabular data where
each row is a line and columns are separated by commas.
D
database migration
A script that modifies a database's schema or data in a
controlled, versioned way.
dataclass
A Python class decorated with @dataclass that automatically
generates methods like __init__ and __repr__ from field
declarations.
declarative
Describes a style of programming that specifies what result is
wanted rather than how to compute it.
defense in depth
A security strategy that layers multiple independent checks so
that no single failure exposes the whole system.
dependency injection
A design pattern where a function or class receives the objects it
needs (such as a database connection) as arguments rather than
creating them itself.
E
encoding channel
A visual property (such as position, color, or size) used to
represent a data field in a chart.
end-to-end test
A test that drives a real browser through a complete user workflow
to verify the whole system works together.
F
f-string
A Python string literal prefixed with f that can embed
expressions directly: f"Hello, {name}".
falsy
A value that Python (or JavaScript) treats as false in a boolean
context, such as 0, "", None, or []. The opposite is
truthy.
flexbox
A CSS layout mode that arranges an element's children in a row or
column and controls how they grow, shrink, and align.
focus style
The visible outline or highlight that shows which element
currently has keyboard focus.
form encoding
The format used to package HTML form data before sending it to
the server. The default format (application/x-www-form-urlencoded)
represents fields as key=value pairs joined by &.
G
GET
An HTTP method used to retrieve data from a server without
modifying anything.
H
hallucination
A confident-sounding but incorrect or invented output from a large
language model.
HTML attribute
A name-value pair in an HTML tag (such as class="nav" or
href="/home") that provides additional information about the
element.
HTTP body
The optional data payload of an HTTP request or response, such as
form data or JSON.
HTTP header
A key-value pair sent at the start of an HTTP request or response
that provides metadata such as content type or authentication
tokens.
HTTP method
A keyword (such as GET, POST, or DELETE) that tells the server
what kind of operation the client wants to perform.
HTTP request
A message sent from a browser (or other client) to a server asking
for a resource or action.
HTTP response
The message a server sends back to a client after receiving an
HTTP request.
HTTP status code
A three-digit number in an HTTP response indicating the outcome:
200 means success, 404 means not found, 500 means server error.
I
idempotent
Describes an operation that produces the same result whether it is
run once or many times.
imperative
Describes a style of programming that specifies how to achieve a
result step by step.
input validation
Checking data received from outside the system (such as from a
form or API) to ensure it is safe, correctly typed, and within
expected bounds.
internal stylesheet
CSS rules written inside a <style> element in an HTML file
rather than in a separate .css file.
J
K
keyword argument
A function argument passed by name rather than position, such as
connect(host="localhost", port=5432).
L
large language model
A statistical model trained on large amounts of text that can
generate and transform text by predicting likely continuations.
linter
A tool that analyzes code without running it to find potential
errors, style violations, and other problems.
localhost
The hostname (equivalent to the IP address 127.0.0.1) that
refers to the computer you are currently using.
locator
A lazy reference to a DOM element in a browser testing framework;
the element is only found when the locator is actually used.
M
monkey patching
Replacing or adding attributes on an existing class or module at
runtime, typically to swap in a test substitute or work around a
bug without modifying the original source.
N
O
P
pagination
Splitting a large set of results into discrete pages so that only
a manageable chunk is displayed or returned at a time.
parameterized query
A database query that uses placeholders (such as ?) for
user-supplied values so that the database driver handles escaping,
preventing SQL injection.
partial response
An HTTP response that returns only an HTML fragment rather than a
complete page, used by HTMX to update part of the current page.
path parameter
A variable segment embedded in a URL path, such as the 42 in
/snails/42, that the server extracts and passes to the handler.
port
A number (0-65535) that identifies a specific network service on a
computer; web servers commonly use port 80 (HTTP) or 443 (HTTPS).
POST
An HTTP method used to submit data to a server, typically to
create or update a resource.
Post/Redirect/Get
A web design pattern where a POST request that modifies data
redirects the browser to a GET request, preventing duplicate
submissions on page reload.
PRG pattern
Short for Post/Redirect/Get: after a form submission, the server
responds with a redirect so the browser's next request is a GET,
preventing the form from being submitted again if the user
refreshes the page.
primary key
A column (or combination of columns) in a database table whose
value uniquely identifies each row.
pytest fixture
A function decorated with @pytest.fixture that sets up resources
needed by tests and tears them down afterward.
Q
query parameter
A key-value pair appended to a URL after a ?, such as
?page=3&sort=name, used to pass optional data to the server.
R
refactor
To restructure existing code without changing its external
behavior, in order to make it clearer, simpler, or easier to
extend.
referential integrity
The guarantee that every foreign-key value in a database table
matches an existing primary key in the referenced table.
relational database
A database that organizes data into tables of rows and columns and
uses SQL to query and manipulate them.
REPL
Read-Eval-Print Loop: an interactive programming environment that
reads a line of code, evaluates it, prints the result, and
repeats.
request handler
A Python function that the server calls when a request matches a
particular route.
route
A mapping from a URL pattern (such as /snails/{id}) to the
function that should handle requests to that URL.
S
separation of concerns
The principle that each module or function should be responsible
for one clearly defined aspect of the system.
serialization
Converting an in-memory data structure (such as a Python
dataclass) into a portable format (such as JSON) for storage or
transmission.
server
A program that listens for network requests and sends back
responses; in web development, the server runs your application
code.
server-side validation
Checking form input on the server after it arrives, ensuring
data is valid and safe regardless of whether client-side
validation ran or was bypassed.
session cookie
A small piece of data stored in the browser that identifies the
current user's session on the server.
SQL
Structured Query Language: the standard language for creating,
querying, and modifying relational databases.
SQL injection
An attack where a malicious user inserts SQL code into
user-supplied input that gets executed as part of a database
query.
static asset
A file (such as a CSS stylesheet, JavaScript file, or image) that
the server sends to the browser unchanged.
synthetic data
Artificially generated data that mimics the statistical properties
of real data, used for development and testing when real data is
unavailable or sensitive.
T
technical debt
The extra work that accumulates when quick or expedient solutions
are chosen instead of cleaner approaches that would take longer up
front.
test double
A substitute object used in place of a real dependency during
testing to isolate the unit under test from external systems or
complex behavior.
transaction
A group of database operations treated as a single unit: either
all succeed together or all are rolled back.
transitive dependency
A package that your code does not use directly, but that one of
your direct dependencies requires.
type annotation
A note in Python source code (such as diameter: float) that
declares the expected type of a variable or function parameter.
U
unit test
An automated test that calls a single function or small piece of
code with specific inputs and checks that the output matches
expectations.
V
virtual environment
An isolated Python installation for a specific project, keeping
its packages separate from the system Python and other projects.
W
web application
A program that communicates with users through a web browser using
HTTP requests and responses.
web server
A program that listens on a port for HTTP requests from browsers
and sends back HTTP responses.
workflow
A GitHub Actions configuration file (stored in
.github/workflows/) that defines automated tasks to run in
response to repository events.