On Mon, 11 Feb 2008 22:25:40 +0100 Stefane Fermigier <[EMAIL PROTECTED]> wrote:
> > On Feb 11, 2008, at 8:40 PM, Richard Mahoney wrote: > > > Ken, > > > > On Tue, 2008-02-12 at 07:58, Ken Gunderson wrote: > > > > [snip] > > > >> Also just noticed this for ep-5.3: > >> > >> "*Native PHP libraries" > >> > >> Yikes. No why would they want to pollute Nuxeo with PHP?? > > > > Point taken, but if what is being suggested is something along the > > lines of Quercus: > > > > http://www.caucho.com/resin-3.0/quercus/ > > > > then many of us, who _unwillingly_ and _against our better judgement_ > > are obliged to use PHP somewhere in our sites, will no doubt be > > delighted. So this raises the question of what exactly Nuxeo is > > hinting > > at with the phrase `Native PHP libraries' ;) > > > You guessed right, Richard, so far the plan is to provide PHP access > using the Quercus JVM-based implementation. Of course, we could also > try using Rails as a front-end for Nuxeo using JRuby, or Django using > Jython, or Grails using Groovy. > > At this point, there are no definitive plans on how this will be > done, if at all, but we believe it makes sense for front-end (web) > programming to use these technologies in some cases. > > Of course feedback and discussion around these kinds of ideas is > welcome. PHP is a drag because even if the app is well coded, once the script kiddies find out you're running publicly accessible php based site you get hammered mercilessly and monitoring the ids alerts becomes a full time 24x7 job. Else it's just a matter of time before you get nailed by the PHP security hole of the week/month. Moreover, there are _soooo_ many poorly coded php apps out there that once you open the door for such integration, the temptation will be too great to pass up and "this cool extension and that" start being deployed ad hoc. Facilitates "rapid development", to be sure, but when the site gets hacked, it's going to be blamed on the host platform, Nuxeo. There are obviously some well coded php apps out there, but too much bad code from entry level web programmer wannabees who're clueless about security and just want to impress somebody where the only objectives are 1) "making it work", and 2) make it cheap. And all it takes is one poorly coded module to slip in. I first embraced php back in 2.x days, and loved 3.x, but subsequently moved away from it to the extent possible. The php based stuff I do still use runs in chroot'd jails w/a proxy front end. Yes, the bar of entry for Python, Ruby, and Java based stuff is much higher, but generally speaking, with that higher bar comes a much higher grade of programmer and professionalism. I'm primarily systems admin/engineer these days and haven't coded web apps for years, but if I were to start again, I would look to Ruby or Python first, probably in that order. My $0.02, fwiw.... -- Best regards, Ken Gunderson Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
