by Anonymous Coward writes:
on Wednesday June 09, 2010 @02:04PM (#32513708)
Why would I rely on something that keeps being re-invented by everyone every month, with unknown future support?
I'm not insane. I'm writing my own web application framework. If I'm the one writing it, I know it inside-out. If I use it, I update it myself. That's the only way to be sure.
Truly, you are correct. In fact, why would you rely on a programming language that keeps being changed every few months. I am writing my own programming language. If I'm the one writing it, I know it inside-out. If I use it, I update it myself. That's the only way to be sure.
In fact, why would you rely on an operating system that keeps being changed every few months? I am writing my own operating system (written in the programming language I created of course). If I'm the one writing it, I know it inside
You don't need to worry as much about security vulnerabilities
It's mantras like these that lead to so much insecure web code being written. You should always be equally worried about security no matter if you're using a framework or homegrown code.
If you are using a popular framework, there are many people who can discover and fix vulnerabilities. If you write your own framework, you are responsible for handling that all yourself.
I think it would be better phrase "It allows you to be more confident in your application's security". You're semantically correct, a developer's level of concern for security shouldn't change.
less worried != more confident
Ok. I will make sure to be more confident that my applications are secure, while still maintaining the same level of worry that they may be insecure.
But we are not comparing PHP to Zope or Linux to Open BSD. We are comparing a solid, mature framework, built and maintained by professionals, used on hundreds or thousands of sites, with a public bug reporting system to an ad hoc collection of code written by one person so your analogy doesn't hold.
We are comparing a solid, mature framework, built and maintained by professionals, used on hundreds or thousands of sites, with a public bug reporting system to an ad hoc collection of code written by one person
I don't really get why people use a framework for php at all. The whole point of php is so you can write web app code anyway you like. Writing to CI spec is such a waste of time since you literally have to track their APIs back to the source, and the functions defining these APIs are all over the place. Inject your own modules or applications into the existing session is hours of work just to track down what the hell they did. All the customer code are sitting in an include container, that handle sessions.
Half the reason to utilize a framework based on a design pattern like MVC is to maintain organization in any decent sized web application. Sure, writing procedural code is fine for a site that has one or two web forms, however, as your code base increases, you need reliable organization and structure for your own sanity and for other developers to follow as well. Nothing worse that jumping into a mountain of procedural spaghetti code.
I beg to differ, there is no difference tracking down a piece of code in your mountain of framework definition and tracking down a piece of code in a mountain of procedural spaghetti code. In fact, it probably is easier to track down the procedural spaghetti code via grep than search recursively over 6 directories deep framework definition with the same code appear over and over again in 500+ different self inclusive source files. It doesn't matter how large your project is, as long as you maintain a sane c
Frameworks trade the time needed to learn the framework for time writing your own code. The presumption that you will learn the framework as well as your own code is questionable at best. Odds are you won't need everything in the framework. The benefits of a wide community using the framework, and, if the framework is well maintained, having it tweaked as the community reports problems, is a big plus; but it is counter-featured by problems and vulnerabilities affecting wide swaths of users (until fixed or
Philosophy: A route of many roads leading from nowhere to nothing.
-- Ambrose Bierce
Web application framework? (Score:0)
Why would I rely on something that keeps being re-invented by everyone every month, with unknown future support?
I'm not insane. I'm writing my own web application framework. If I'm the one writing it, I know it inside-out. If I use it, I update it myself. That's the only way to be sure.
Re: (Score:0, Redundant)
Re:Web application framework? (Score:5, Insightful)
You don't need to worry as much about security vulnerabilities
It's mantras like these that lead to so much insecure web code being written. You should always be equally worried about security no matter if you're using a framework or homegrown code.
Re: (Score:3, Insightful)
Re: (Score:0, Redundant)
If you are using a popular framework, there are many people who can discover and fix vulnerabilities.
And? How does this in any way entail that you should be less worried about security issues?
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
less worried != more confident Ok. I will make sure to be more confident that my applications are secure, while still maintaining the same level of worry that they may be insecure.
Re: (Score:2)
As with any programming, you can still create security problems for yourself even using a popular framework.
That's like claiming there's fewer security errors in PHP websites than Zope sites because PHP is more popular.
In fact, popular rarely equates to secure.
Linux is more popular, OpenBSD is arguably more secure. Security often offends the sensibilities that would make a thing popular.
Re: (Score:1)
Re: (Score:2)
We are comparing a solid, mature framework, built and maintained by professionals, used on hundreds or thousands of sites, with a public bug reporting system to an ad hoc collection of code written by one person
Sounds like Linux vs OpenBSD to me!
Re: (Score:2)
Your incomplete understanding of my analogy does not invalidate it.
Re: (Score:2)
I don't really get why people use a framework for php at all. The whole point of php is so you can write web app code anyway you like. Writing to CI spec is such a waste of time since you literally have to track their APIs back to the source, and the functions defining these APIs are all over the place. Inject your own modules or applications into the existing session is hours of work just to track down what the hell they did. All the customer code are sitting in an include container, that handle sessions.
Re: (Score:0)
Half the reason to utilize a framework based on a design pattern like MVC is to maintain organization in any decent sized web application. Sure, writing procedural code is fine for a site that has one or two web forms, however, as your code base increases, you need reliable organization and structure for your own sanity and for other developers to follow as well. Nothing worse that jumping into a mountain of procedural spaghetti code.
Re: (Score:2)
I beg to differ, there is no difference tracking down a piece of code in your mountain of framework definition and tracking down a piece of code in a mountain of procedural spaghetti code. In fact, it probably is easier to track down the procedural spaghetti code via grep than search recursively over 6 directories deep framework definition with the same code appear over and over again in 500+ different self inclusive source files. It doesn't matter how large your project is, as long as you maintain a sane c
Not so cut and dry (Score:2)
Frameworks trade the time needed to learn the framework for time writing your own code. The presumption that you will learn the framework as well as your own code is questionable at best. Odds are you won't need everything in the framework. The benefits of a wide community using the framework, and, if the framework is well maintained, having it tweaked as the community reports problems, is a big plus; but it is counter-featured by problems and vulnerabilities affecting wide swaths of users (until fixed or