Bye CakePHP, bye dAuth... Hello Drupal!

I'm afraid the time has come to say goodbye to CakePHP, and to the projects I've been working on for it.
I still like Cake ... In fact, the further development of 1.2 goes the more I like it (well, generally spoken that is ... because there are some minor things I don't like but that's not important now). The truth of the matter is I like to develop, I like the php language and I enjoy working with Cake.
But .. all the sites I currently work on are all community sites or blogs, and although some of them have some specific requirements, in the end it's all very generic and a full blown content management system like Drupal proves much more useful and feature full then developing my own application in a web application framework such as Cake. (even if that's becoming easier and easier to do)

I think Drupal is a magnificent CMS because it is plug and play (I need that because my time is getting pretty sparse lately!) but also because it has a pretty active community: there are so many 3rd party modules being developed, and usually you can just upload the module in your modules folder , enable it from your control panel and presto!

Also Drupal seems to have a pretty slick API, this is important for me because I will still need to program some stuff every once in a while because not everything I need is available yet.

If I would ever use Cake again, I would probably abuse it as a console application framework (especially for it's simple datalayer), or of course if I would have to create a very customized web application such as I did recently, but none is planned in the forseeable future.

A special note about dAuth:
CakePHP 1.2 will have an auth component included, I don't know the current state but as far as I know it's not (and never will be, judging my talks with a cake dev) as advanced as dAuth. However, this is not necessarily a bad thing:
The further I've tried to perfect the safeguarding of the confidentiality of the password (trough hashing it, using the challenge response paradigm, etc) the more I've come to realize you can never get a perfect result on plain http using js/php. Just switch to https and you get great encryption where you don't need to bother about the confidentiality of a password, and it's almost no hassle. So these are things that shouldn't be in your php/js code, which saves you a lot of efforts and is perfectly secure (at least: the aspect of confidentiality!

But.. another part of the system were the "added bits" of security such as the brute force detection. I hope the cake guys will include something like that in their auth component because I think this is a must.

Add comment