> > More later; maybe others can toss in their advice here!? > I'm reading about Xajax for the first time but I am already ready to back David up on this - it looks horrid. The first thing that amazed me is their security model. There doesn't seem to be any. There's no common way of validating and normalizing [1] the input, it just goes directly to "application logic". Also, direct usage of $_GET (somewhere under the hood), obtrusive usage "onclick" and friends... uhhuh. It promises to "get the job done fast" but you'll end up with insecure, incoherent piece of maintenance nightmare spaghetti.
-veikko [1] Emphasising normalization along with validation is one of my favourite Agavi subjects :) Although they are two different things they go very nicely hand-in-hand. I always use Finnish number format as an example: My validation has to accept both 1,23 and 1.23 as a valid float but of course PHP cannot handle 1,23. So, while the validation makes sure it's a valid float according to my definitions it also *normalizes* it to a PHP float. My models can now ignore the fact that the application user might be a weird Finn who uses comma as a decimal separator. -- Veikko Mäkinen [email protected] 044 5910 413 http://blog.veikko.fi _______________________________________________ users mailing list [email protected] http://lists.agavi.org/mailman/listinfo/users
