General question for the future
| Bender |
|
|---|---|
|
I'm currently in a testing stage with Cotonti(0.9.7) and i am exited what i have seen so far. I would like to use only stored procedures and views from a 2nd table instead directaccess to the cms-table. Its security releated and the query-account has only proper rights to use view's and sp's Now it seems like it will be an hard way to change every query after updates.
Is there maybe something planed for the future?
Thanks Bender
|
|
| This post was edited by Bender (2012-03-31 18:18, 12 years ago) |
| Trustmaster |
|
|---|---|
|
An account which can only use Views and SPs sounds quite ridiculous to me. Why is it so restrictive? I'm afraid it is an overkill if you try to convert all queries into SPs and Views. There are over 500 different queries in the core package alone, not to mention third-party extensions. We don't plan moving onto SPs as our goal is to keep things simple. Even if we planned using SPs, we surely wouldn't enforce using only SPs. May the Source be with you!
|
| Bender |
|
|---|---|
|
Different benefits but a few points i have in mind - security layer : different access for webserver and developer webserver has only access to the db with sp/views while the developer has access to the 2nd db with real cms tables when needed - easier cms-development/bugfix , change the sp/views in a central place instead hundred files - less traffic : complex queries are shortened to a minimum ( eg joins, select 1,2,3...-n from and so on ) - less cms-sourcecode - can reduce the amount of queries in total ( how many queries do the same thing where just the colums/tables are different ) - logging/errorlog/exceptions inside mysql sp's - more security in general
or maybe just because its 2012 and not 19xx Just a point of view
Bender
|
| Trustmaster |
|
|---|---|
|
It's 2012 and not 19xx, but there is still a lot of legacy around. Switching all the SQL into stored procedures at once would have the same effect as if we switched to MongoDB: very modern and beneficial (though, not for everyone), but most of sites would just stop working all of a sudden for unpredictable amount of time. Hosting providers around the world, coder minds, habits and hundreds of custom extensions don't change that quickly. May the Source be with you!
|
| Bender |
|
|---|---|
|
Still relevant. Legacy is the pain in the ass for everyone and thats the biggest problem everywhere currently. "Hosting providers around the world, coder minds, habits and hundreds of custom extensions don't change that quickly." They will change quickly if you force them but, counts for everyone in the same way, hey aslong it works why change... Modify the history and go arround the mainproblem instead start the new propper way.
Please do not see security as a "addon". It must be the first priority of every webdeveloper at all costs even if we loose the legacy. If something like in the daily news happens then they are all innocent.
The damage hits everyone the one more the other less. It starts in the brain somwhere ....
Bender |
