Related
The only place where I found informations on G-WAN web server was the project web site and it looked very much like advertisement.
What I would really know is, for someone who is proficient with C, if it is as easy to use and extend that other architectures. For now I would mostly focus on scripting abilities.
Are C scripts on GWAN easy to write ?
Can you easily update and upload new C scripts to the server (say as easily than some PHP or Java pages on other architectures) ? Do you have to restart the server when doing so ?
Can you easily extend it with third party or existing C libraries ?
Any other feedback welcome.
Well, now G-WAN is available under Linux, I am using it for more than 6 months.
The C scripts are fully-ANSI C compatible so there is no difference for any seasonned C programmer.
To update them on the server, you can edit them directly in the /csp folder (remotely via SSH) or locally on a test machine (and copy them later): G-WAN reloads scripts on-the-fly when they have been changed on disk (no server stop required).
G-WAN C scripts can use any existing library (starting with all those under /usr/lib) without any configuration or interface: you just have to write a '#pragma link' followed by the name of the library at the top of your script.
What I found really useful is the ability to edit C scripts and refresh the view in the Internet browser to see how my code works.
If there is a compilation error, then G-WAN outputs the line in the source code (just like any C compiler).
But where it enters the extraordinary area, is when you have a C script crash: here also it gives you THE LINE NUMBER IN THE SOURCE CODE (with the faulty call and the backtrace).
Kind of black-magic when you are used to Apache modules.
My experience with G-WAN and its C scripts are:
The G-WAN community is very small. Questions you have are mostly answered by its single developer.
I consider the API not mature: it's not as "clean" as Java APIs.
The limitation, but at the same time the power, of C: it's a systems programming language. So writing application logic in it must be done carefully.
You generally need to be a good developer to get good results: if you do something wrong, the server crashes fast and hard (Unix-style).
I've written some scripts now, to try out G-WAN. Overall, it's been very "productive": not much bugs and it works if you follow the guidelines and don't want to do too much funky stuff you expect it to have, like mature web servers. However, I have got the feeling I'm reinventing the wheel a lot of times.
G-WAN also support scripts written in other programming languages (C++, Objective-C, Java, etc.) so you will benefit from whatever native libraries each language implements.
For C scripts, well, the /usr/lib directory lists more than 1,500 libraries that G-WAN can re-use with a simple #pragma link "library".
I found it neat to be able to write a Web application with a part in C, another in C++ and a third one in Java!
Benchmark shown how G-wan fare poorly at handling these tests.
http://joshitech.blogspot.sg/2012/04/performance-nginx-netty-cppcms.html
I have been using G-Wan for about two years. I consider it highly stable and production ready for static files. I have a number of static sites running for over a year with no issues.
I have built some small scale dynamic sites in C with it as demos/test projects. A bittorrent tracker and a real time analytics platform both using the KV Store for data backing.
In my view building large scale dynamic sites in G-Wan is possible but only with a significant investment in development and support. G-Wan is better suited to building robust highly scalable "enterprise grade" applications than tossing something together over a weekend.
I use G-Wan for a CMS http://solicms.com but for now, I use Ruby as primary language.
I have used G-wan for some preliminary testing and it does benchmark well. I have found a few points of concern that make it so that I will not likely use it for any of my projects. I have found that it seems to cache responses for about 0.5secs to speedup the responses/second and I can't have only some of the responses hitting the application code. Also the key/value store is great for cache and temporary data storage but I'm not sure how well it will work as a real back-end storage method.
I've recently been learning perl and am wondering what frameworks are available for creating a web app. I'm mostly concerned about security, so if there are any security-specific web frameworks you'd recommend, I'd be more interested in those.
Currently accepted answer from thread below
This thread on perlmonks has some info regarding Catalyst (which is the most modern/powerful Perl Web development framework) in security context.
For overall comparison, there are several of them linked in "Comparisons" section of Web Frameworks/Perl5 Wiki
Also, please remember that the main problem security wise is the developer - you can write hole-ridden code in the most secure framework if you don't have proper security-centric outlook in your development (that was the main point given to us in our secure web development training, and I happen to agree).
Also, as per Brian's question in the comment, these are a couple of helpful general "web security in Perl" links:
CGI Programming with Perl book (Duh) - Chapter 8. Security
W3C CGI Security FAQ - especially Q14 and Q15 (exec and taint checks)
Security Issues in Perl Scripts
Perl Security and Regular Expressions
There are plenty of frameworks, some of the more popular ones are Catalyst, Web::Simple and CGI::Application. Catalyst is the more complex and powerful one, well suited to big web applications.
There's a few others that I can think of, too:
Mojolicious, a small and powerful framework, with descriptions on their website.
Dancer, a framework similar to Mojolicious that is designed to make it easy to get started with nothing other than its framework.
In fact, there's a bit of a competition going on between Mojolicious and Dancer right now to be the new framework to build the new CPAN Top 100 website:
Competition Announcement
Week 1: Install, Support, Hello World
Week 2: Templates
In addition to just the web frameworks, check out the perlsec doc in your perldoc kit. It talks about all the features Perl has for creating secure, protected code. The biggest one is taint mode, in which strings from any insecure place are marked internally, and if used without being processed (usually with a regex), throw warnings or errors. This language feature can help you catch possible problems with reading from untrustable locations.
Another resource is the Template Toolkit. This gives you a formatting / templating tool for your webpages. From their site:
The Template Toolkit is a fast, flexible and highly extensible template processing system. It is Free (in both senses: free beer and free speech), Open Source software and runs on virtually every modern operating system known to man. It is mature, reliable and well documented, and is used to generate content for countless web sites ranging from the very small to the very large.
Ruby on Rails has a screencast presentation they use to promote their framework that shows how to code a basic weblog system in 15 minutes with RoR. Does the Zend PHP Framework have a similar screencast/presentation/whatever demonstrating something similar? It doesn't have to be a blog specifically, but I would definitely like to find a presentation that shows some rapid application development using ZF.
Where I'm coming from: I have been programming on and off for years now. I started out with QBASIC waaaaay back in the day making little programs (text adventure games, screensavers, simple little things). I then moved to C++ but never really did anything too impressive with it. Since then (probably 5 years or so now) I have started to use C# for my desktop development and PHP for my web development. I've made some pretty cool tools here and there, but am certainly not a professional programmer by any stretch of the term as it has always simply been a hobby of mine.
Right now I have two major web applications that I will start work on shortly. (Like tomorrow, or later tonight ideally.. :) ) Both will be database-driven apps that will require user registration, the ability to manipulate data that is specific to their account (their posts, listings, user account details, etc), amongst other things.
Currently I am evaluating different frameworks to help me develop these web apps more quickly. I've been looking at, and have heard good things about Ruby on Rails. Hulu and YellowPages.com using it is an obvious endorsement - Of course, I have heard about the scalability issues that it potentially has; but that shouldn't be an issue with what I am working on. I don't expect millions of users per day for either project.
I am also seriously looking at the Zend Framework for my needs because I already have some experience with PHP. Ideally I would like to find a ZF screencast that shows an app being written quickly so that I have a roughly equal comparison between the two options I am exploring and can see first-hand how things get done in both.
That said - I am not opposed to considering frameworks other than RoR or ZF. The only research I've done on the subject has been over the past couple of days so I am quite certain that there are other excellent options out there that I've not even looked at - or heard of. Of course, it'd be awesome if there is a rapid app dev presentation that I can watch for whatever else is suggested.
So - Suggestions? Links to good screencasts that show rapid application development in other frameworks? Are there other PHP frameworks that I should be considering? (Ones that are easy to deploy would be ideal, so I don't have to purchase a dedicated server that I have full control over. I'd like to keep my hosting costs down assuming that it's reasonable)
Thanks in advance!
-Sootah
You can checkout ZendCasts.com
However, when deciding between ZF and RoR, you should be aware that they are very different from each other. RoR is a full stack with integrated ORM built on AR and a rather rigid structure. It's powerful and there is lots of magic inside and I'd say it's RAD capabilities are above ZF due to rake being more powerful than Zend_Tool
ZF, on the other hand, is first and foremost a loosely coupled component library with a use-at-will architecture for maximum flexibility. You can use it's components together, but you don't have to. While it does feature convention over configuration, ZF doesn't take you by the hand too much. It expects you know how to walk. Also ZF has no full fledged ORM and no AR, but you can very much integrate Doctrine or Propel or whatever library you like to use.
You often hear folks new to ZF complain about it is hard to get into it, simply because they expect ZF to work like RoR or Symfony or Cake, e.g. a full stack framework
EDIT:
Cake aims to be a port of RoR to PHP. It is built around ActiveRecord. Like CI < v2, it is backwards compatible with PHP4, which means it doesn't fully utilize the OOP capabilities you get in PHP5. I'd say both are easier to get in than ZF though.
This is a common question on SO.
I posted some valuable links in my response to this post
If you Google for such tutorials, look for Zend Application or Zend Tool, not ZF.
The difference between the other frameworks and Zend Framework is that Zend Framework is rather a general purpose framework, not application framework (not only for MVC, HTTP). E.g. Google uses ZF to provide access to their services.
You may easily use Symfony or CodeIgnitier with Zend Framework together.
BTW, To be precise, tutorials you ask are not blogs, but just a simple CRUD controllers. You may use Wordpress to create blog in 15 minutes, (then customize it) but not a PHP Framework.
A job came in to me that's built with CodeCharge - had a look at it and seems to be a pretty basic point-and-click site builder tool. Has anyone got any in-depth experience with it? My first reaction is one of horror and to just rebuild the code in Rails or PHP but I thought I'd ask the question first, maybe i'm missing something...
I'm currently evaluating it for use in quickly producing a back-office environment, and it seems a very comfortable way of getting an interface up and running quickly.
Once the code is generated it is simple, but easily modified for any special needs you have.
In short it is a very good tool (though it would seem that Iron Speed Designer is much better though much more expensive) for what it does - fast prototyping and almost no coding approach to developing a web application. In my opinion, not much different than a Ruby On Rails application in terms of functionality, and, I can generate the code in any language I want.
You have to realize, it is all about speed - some quality is thrown in, but it is a very generic of quality - this is NOT a custom application, mind you, the resulting code you get here might not be pretty but it is a few level higher than your average script kiddie code.
I'm seriously considering this tool for creating back-office applications for sites I develop - a fast and easy solution instead of mucking around in tables of data and useless and repetitive SQL code.
Codecharge is a powerful tool that I have used for over 10 years to build very large content management systems, CRMs and many other management type tools.
Its far from simple once you get into it, and honestly when you use a tool like Codecharge to cleanly generate your user interfaces, you end up with a healthier application that can last many many years.
For instance, I have three clients that have been running Codecharge created portals for over 10 years and they always comment how bug free they have been.
There is a learning curve to learning CodeCharge but it will also teach you what entire applications should have in place and it will please the executives every time because they can get functionality within hours or days rather than weeks or never.
Development teams will often not like it though, because they would rather hand code everything or use the latest and greatest approach to development.
So, there are several languages which will allow you to create a website, as long as you configure the server(s) well enough.
To my knowledge, there is:
PHP
ASP.NET
Ruby(on rails, what is
that all about?)
And thusly, my knowledge is limited. Ruby and ASP, I've only heard of, never worked with. If there are other languages, I suppose they have some way to make files containing the needed html. It would then suffice to add a line to the Apache config to associate the file-extension.
And if other languages: are there any notable characteristics about the one(s) you mention?
ANY language can be use to make a dynamic website - you could do it in COBOL or FORTRAN if you were twisted enough. Back in the olden days (about 10 years ago) most dynamic websites were done with CGI scripts - all you needed was a program that could read data from standard input and write data (usually HTML) to standard output.
Most modern languages have libraries and frameworks to make it easier. As well as the languages you have already mentioned, Java, C# and Python are probably the most common in use today.
Typically a web framework will have:
a way of mapping URLs to a class or function to handle the request
a mechanism for extracting data from a request and converting it into an easy to use form
a template system to easily create HTML by filling in the blanks
an easy way to access a database, such as an ORM
mechanisms to handle caching, redirections, errors etc
You can find a comparison of popular web frameworks on wikipedia.
How can you forget Java ? :)
Python
It runs on Windows, Linux/Unix, Mac OS X, and has been ported to the Java and .NET virtual machines.
Python is a perfect scripting language for web applications, e.g. via mod_python for the Apache web server. With Web Server Gateway Interface a standard API has been developed to facilitate these applications. Web application frameworks or application servers like Django, Pylons, TurboGears, web2py and Zope support developers in the design and maintenance of complex applications. Around libraries like NumPy, Scipy and Matplotlib, Python is a standard in scientific computing.
Among the users of Python are YouTube and the original BitTorrent client. Large organizations that make use of Python include Google, Yahoo!, CERN, NASA,and ITA.
This could be for your interest.
Virtually thru CGI all programming languages that produce output may use for web page generation.
Basically, you can use any language (if you are hosting your own server)
Very closely related and very interesting is this article where LISP has been used to build a very succesfull website.
Python has a 3rd party module CherryPy which can be used with or without a http server.
Amongst others: Erlang (YAWS, Mochiweb), Python
JSP has the advantage that it automatically wraps your code in a servlet, compiles that to bytecodes, then uses the just-in-time Java compiler to recompile critical sections into native object code. Not aware of any alternative which allows optimizes your work automatically in this way.
Also allows you to develop and deploy on any combination of Windows, Mac OS X, or Linux.
If you'd like to choose one for the beginning, you should check out PHP first. It gives you the basic clues about how dynamic sites work in general.
After you've become familiar with the basics, I recommend ASP.NET.
Fist off, you should know that ASP.NET is a technology and not a language. (It actually supports any language that can be used on the .NET platform.) Also it is not to be confused with classic ASP. (The old ASP was much more like PHP.)
ASP.NET is very easy to begin with, and after you have some clues about its concepts, you can always dig deeper and customize everything in it. The http://asp.net site is a very good starting point, if you are to learn it. I think it is really worth the effort, because even if you choose not to stick to it, it will give you some interesting ideas and concepts.
I tell you its most important advantages:
The code is compiled (and NOT interpreted like PHP), and it has a very good performance. (In a performace comparsion, it is 10-15 times faster. http://www.misfitgeek.com/pages/Perf_Stat_0809.htm)
It can be run on Windows without effort, and on Linux / Mac / etc using the Mono project.
It implements the Separation of Concerns principle very well.
It has most of the general functionality you'll need built-in. (Such as membership, roles, database management, and so on.)