arch bash cakephp conf dauth devops drupal foss git golang information age life linux lua mail monitoring music mysql n900 netlog openstack perf photos php productivity python thesis travel uzbl vimeo web2.0

Bye CakePHP, bye dAuth... Hello Drupal!

I'm afraid the time has come to say goodbye to CakePHP, and to the projects I've been working on for it.
I still like Cake ... In fact, the further development of 1.2 goes the more I like it (well, generally spoken that is ... because there are some minor things I don't like but that's not important now). The truth of the matter is I like to develop, I like the php language and I enjoy working with Cake.
But .. all the sites I currently work on are all community sites or blogs, and although some of them have some specific requirements, in the end it's all very generic and a full blown content management system like Drupal proves much more useful and feature full then developing my own application in a web application framework such as Cake. (even if that's becoming easier and easier to do)

I think Drupal is a magnificent CMS because it is plug and play (I need that because my time is getting pretty sparse lately!) but also because it has a pretty active community: there are so many 3rd party modules being developed, and usually you can just upload the module in your modules folder , enable it from your control panel and presto!

Also Drupal seems to have a pretty slick API, this is important for me because I will still need to program some stuff every once in a while because not everything I need is available yet.

If I would ever use Cake again, I would probably abuse it as a console application framework (especially for it's simple datalayer), or of course if I would have to create a very customized web application such as I did recently, but none is planned in the forseeable future.

A special note about dAuth:
CakePHP 1.2 will have an auth component included, I don't know the current state but as far as I know it's not (and never will be, judging my talks with a cake dev) as advanced as dAuth. However, this is not necessarily a bad thing:
The further I've tried to perfect the safeguarding of the confidentiality of the password (trough hashing it, using the challenge response paradigm, etc) the more I've come to realize you can never get a perfect result on plain http using js/php. Just switch to https and you get great encryption where you don't need to bother about the confidentiality of a password, and it's almost no hassle. So these are things that shouldn't be in your php/js code, which saves you a lot of efforts and is perfectly secure (at least: the aspect of confidentiality!

But.. another part of the system were the "added bits" of security such as the brute force detection. I hope the cake guys will include something like that in their auth component because I think this is a must.

Comments

You'll miss the kitchen faster then you can say 'bake' ...

Maybe Drake (http://drupal.org/project/drake) will become your new friend, as with it you can combine both worlds, CakePHP and Drupal.

Hi Dieter,

I know you're not developing dAuth any more and I know I'm late in implementing the v0.3 updates but I have a very strange issue and I can't find any answers on the Google Group or #cakephp on irc.Freenode.net and really hope you can help.

Simply put: my $this->Session->read('salt'); is always empty when attemptLogin is called. If I do print_r($this->Session->read()); in attemptLogin, I only have:

Array
(
[Config] => Array
(
[userAgent] => 7a98565405c4c8c1b17961f9f9edd2fd
[time] => 1200631921
[rand] => 52815838
)

)

But if I do the same print_r from the Users/login action I have:

Array
(
[Config] => Array
(
[userAgent] => 7a98565405c4c8c1b17961f9f9edd2fd
[time] => 1200631921
[rand] => 52815838
)

[salt] => 282191378
)

I'm very confused why the salt is disappearing... :( I basically did a fresh install of you v0.3 files from bakery.cakephp.org and wanted to get them all working as-is before customizing (to make sure there was nothing in my project interfering, I grep'd the entire source tree for references to 'salt' and only found yours). Obviously this means "Credentials mismatch" is the only result attemptLogin ever yields because it can never successfully compare the passwords. I'm baffled!

I'm sorry to hijack your blog like this; I really did try to find the solution elsewhere.

Thank you for any input you may have - I really appreciate it!
-VolVE


Name:


E-mail:


URL:


Comment:


What is the first name of the guy blogging here?


This comment form is pretty crude. Make sure mandatory fields are entered correctly.
Basic html tags (a,i,b, etc) are allowed, others are sanitized