Newbie scaffolding question

#1
[eluser]Doug Lerner[/eluser]
One thing that I thought was "wow, cool!" when trying out RoR was scaffolding.

But in reading the CI documentation on scaffolding it seems to be a technique that is not recommended except for development and that it is considered a security risk otherwise.

But having the ability to use scaffolding to quickly set up CRUD for table data is one of the key things I thought was useful about having a framework, like Rails or CodeIgniter.

Is something like that for an actual production app in CI not available? If you have to set up all the forms and db queries manually anyway, it seems like a big potential time saver is lost. Is that not the case?

Thanks,

doug

#2
[eluser]Pascal Kriete[/eluser]
Scaffolding is a really cool feature - for about two weeks.

The problem with scaffolding are many:
a) more often than not you don't understand what it just did for you - I hit this snag with rails, and had to go back and relearn quite a bit. Frustrating.
b) it all hits the fan when things get complicated - any larger application has database table relationships, which scaffolding doesn't do.
c) It doesn't do anything that a phpMySql or a similar application can't do (this is only true for CI as RoR will generate code)
d) It's insecure - obscurity (secret word) can enhance security, but isn't very secure by itself

That said, quite a long time ago I made something called sparkplug that fills a very basic gap.

More in depth options would be CodeExtinguisher or BackendPro (look in the IgnitedCode section, should be near the top) which will pretty much administer your app for you.

#3
[eluser]Doug Lerner[/eluser]
Just out of curiosity - why is scaffolding insecure? Do you think it is insecure in Rails too?

I did notice that in Rails I had to set up the database table relationships manually by going in and adjusting the class definitions in the models. But even so, just having the ability to (1) instantly get basic forms created in the view and (2) not have to create the db queries myself seems like it would be a huge timesaver in getting thins initially set up. Why is that not a good start? Or insecure?

I will check out the links you mentioned.

Thanks,

doug

#4
[eluser]Pascal Kriete[/eluser]
Scaffolding is insecure because you're making all CRUD actions for a table public. For RoR this works fine if you generate and then add an authentication layer, but CI only does dynamic scaffolding - no code generation. So if someone guesses the secret word they have can do anything with the table.

I'll give you the forms part, I hate creating those, but I have some pretty good textmate snippets to do that. And they work at any time, not just once.

Writing the db queries yourself may take some time (although it takes about 3 minutes for the basic crud that scaffolding generates), but it makes you much more familiar with the whole thing. The 3 minutes you didn't spend writing will be spent learning the generated code when it comes down to expanding it. It's like having another person write the basics and then taking over for the rest - it doesn't feel as familiar.

Cheers

#5
[eluser]Doug Lerner[/eluser]
Ah, I didn't realize there was no way of adding authentication to the CRUD that CI generates. Or rather that it is just dynamic and there is no actual code generation to add an authentication later to later on. I hope that is improved in the future.

I grant you that actually *knowing* what is in your code can be a timesaver in the long run. But the scaffolding in RoR is cool. A friend and I are both simultaneously studying frameworks - I decided to concentrate on CI and she is doing RoR. I don't want to grant her any "cool points" while we are comparing notes. Smile

What I like so far about CI compared to what I tried in RoR is (1) it isn't so mysterious and the documentation seems clear, (2) it is trivially easy to port an app you develop from your Mac to your hosted ISP - just plop in the application folder hiearchy, (3) the naming conventions seem easier to understand (RoR does weird conventions sometimes using singular names and sometimes plural), (4) I don't have to run all these scripts in the terminal in the middle of my development.

What I don't know enough yet is how it will help me in creating cool web-based applications.

doug@still studying

#6
[eluser]sophistry[/eluser]
also, scaffolding is deprecated in CI. check the change log for exactly when that happened.

#7
[eluser]developer10[/eluser]
[quote author="Doug Lerner" date="1215440271"]Ah, I didn't realize there was no way of adding authentication to the CRUD that CI generates. Or rather that it is just dynamic and there is no actual code generation to add an authentication later to later on. I hope that is improved in the future.

I grant you that actually *knowing* what is in your code can be a timesaver in the long run. But the scaffolding in RoR is cool. A friend and I are both simultaneously studying frameworks - I decided to concentrate on CI and she is doing RoR. I don't want to grant her any "cool points" while we are comparing notes. Smile

What I like so far about CI compared to what I tried in RoR is (1) it isn't so mysterious and the documentation seems clear, (2) it is trivially easy to port an app you develop from your Mac to your hosted ISP - just plop in the application folder hiearchy, (3) the naming conventions seem easier to understand (RoR does weird conventions sometimes using singular names and sometimes plural), (4) I don't have to run all these scripts in the terminal in the middle of my development.

What I don't know enough yet is how it will help me in creating cool web-based applications.

doug@still studying[/quote]

about scaffolding - i made a simple CMS for several minor clients of mine. what did they wanted their CMS to do? just edit text on the site, and also to have the ability of uploading images.

so, i combined CI (sites are NOT even made in CI, those are small sites, so i just uploaded and set up CI for this purpose) with FileThingie (only 1 file script used for uploading images and other files, and it HAS AUTHENTICATION. of course).

So, since FileThingie allows for .txt files to be uploaded, i extracted this from routes.php

Code:
$routes['scaffolding'] = "";

and simply put it in .txt file. Then i simply included the text file into routes.php

That way, my clients have control over secret word for scaffolding by logging with FileThingie, opening .txt file and entering secret word. when done, they simply remove secret word and save the file again.

May sound complicated a bit, but still, a lot of work was saved!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.