Bye CakePHP, bye dAuth... Hello Drupal!

I'm afraid the time has come to say goodbye to CakePHP, and to the projects I've been working on for it.
I still like Cake ... In fact, the further development of 1.2 goes the more I like it (well, generally spoken that is ... because there are some minor things I don't like but that's not important now). The truth of the matter is I like to develop, I like the php language and I enjoy working with Cake.
But .. all the sites I currently work on are all community sites or blogs, and although some of them have some specific requirements, in the end it's all very generic and a full blown content management system like Drupal proves much more useful and feature full then developing my own application in a web application framework such as Cake. (even if that's becoming easier and easier to do)

I think Drupal is a magnificent CMS because it is plug and play (I need that because my time is getting pretty sparse lately!) but also because it has a pretty active community: there are so many 3rd party modules being developed, and usually you can just upload the module in your modules folder , enable it from your control panel and presto!

Also Drupal seems to have a pretty slick API, this is important for me because I will still need to program some stuff every once in a while because not everything I need is available yet.

If I would ever use Cake again, I would probably abuse it as a console application framework (especially for it's simple datalayer), or of course if I would have to create a very customized web application such as I did recently, but none is planned in the forseeable future.

A special note about dAuth:
CakePHP 1.2 will have an auth component included, I don't know the current state but as far as I know it's not (and never will be, judging my talks with a cake dev) as advanced as dAuth. However, this is not necessarily a bad thing:
The further I've tried to perfect the safeguarding of the confidentiality of the password (trough hashing it, using the challenge response paradigm, etc) the more I've come to realize you can never get a perfect result on plain http using js/php. Just switch to https and you get great encryption where you don't need to bother about the confidentiality of a password, and it's almost no hassle. So these are things that shouldn't be in your php/js code, which saves you a lot of efforts and is perfectly secure (at least: the aspect of confidentiality!

But.. another part of the system were the "added bits" of security such as the brute force detection. I hope the cake guys will include something like that in their auth component because I think this is a must.

Trackback URL for this post:

http://dieter.plaetinck.be/trackback/19
Submitted by Dieter_be on Thu, 07/19/2007 - 00:34. categories [ ]

Noooo

Submitted by the_undefined (not verified) on Thu, 07/19/2007 - 02:43.

You'll miss the kitchen faster then you can say 'bake' ...

Drake

Submitted by Daniel Hofstetter (not verified) on Thu, 07/19/2007 - 09:21.

Maybe Drake (http://drupal.org/project/drake) will become your new friend, as with it you can combine both worlds, CakePHP and Drupal.

dAuth v0.3 Plea for help...

Submitted by VolVE (not verified) on Fri, 01/18/2008 - 06:47.

Hi Dieter,

I know you're not developing dAuth any more and I know I'm late in implementing the v0.3 updates but I have a very strange issue and I can't find any answers on the Google Group or #cakephp on irc.Freenode.net and really hope you can help.

Simply put: my $this->Session->read('salt'); is always empty when attemptLogin is called. If I do print_r($this->Session->read()); in attemptLogin, I only have:

Array
(
[Config] => Array
(
[userAgent] => 7a98565405c4c8c1b17961f9f9edd2fd
[time] => 1200631921
[rand] => 52815838
)

)

But if I do the same print_r from the Users/login action I have:

Array
(
[Config] => Array
(
[userAgent] => 7a98565405c4c8c1b17961f9f9edd2fd
[time] => 1200631921
[rand] => 52815838
)

[salt] => 282191378
)

I'm very confused why the salt is disappearing... :( I basically did a fresh install of you v0.3 files from bakery.cakephp.org and wanted to get them all working as-is before customizing (to make sure there was nothing in my project interfering, I grep'd the entire source tree for references to 'salt' and only found yours). Obviously this means "Credentials mismatch" is the only result attemptLogin ever yields because it can never successfully compare the passwords. I'm baffled!

I'm sorry to hijack your blog like this; I really did try to find the solution elsewhere.

Thank you for any input you may have - I really appreciate it!
-VolVE

I replied on your thread

Submitted by Dieter_be on Sat, 01/19/2008 - 13:40.

Hi,
I looked up your thread and replied there
http://groups.google.com/group/cake-php/browse_thread/thread/9d67b0cbeb8...

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. Beside the tag style "<foo>" it is also possible to use "[foo]". PHP source code can also be enclosed in <?php ... ?> or <% ... %>.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Security question, designed to stop automated spam bots