[Seaside] Some questions about Seaside architecture

Oleg Mürk oleg.myrk at gmail.com
Tue Dec 13 14:01:36 CET 2005 

Hello,

On 12/13/05, Cees De Groot <cdegroot at gmail.com> wrote:
>
> >  * Do You think it is possible to enforce proper back-button support
> rules
> >     in say 10-developers 2-years project?
>
> No. But that's mostly a management issue. You cannot enforce anything
> in a 20 man year project. Not if you don't want to turn it into a 40
> man year project. You can try to motivate developers into wanted
> behaviour at best :)


I agree, that this is a management issue, but then again most
projects fail because of management issues ;)

I think that there are practices that You don't need to enforce, because:
* they are the most natural thing to do
* they don't require outstanding analytical skills every time you want to
apply them

For instance: using blocking calls of components is very natural to
programmers,
so You won't have to enforce it. I think that with back button I would
have lots of trouble enforcing proper handling. [Yes, I have tried it]

Actually, I think this is the a very good criterion for comparing paltforms,

frameworks, languages, features, etc.

>  * How easy it is to make mistakes and how easy it is to debug & find
> them?
>
> Did you actually try?


No, not in Smalltalk. That's why I ask for Your experience/opinion.
But I DO have comparable experience from Java world.

>  * Wouldn't mistakes with back-button support be dangerous for application
> > security?
>
> Do you have a specific example?


Forgetting to invalidate request that has some side-effect:
* send mail
* pay money

Returning to application state, that is not valid any more:
* Edit record, archive record (so that one cannot edit it any more),
back-back, edit archived record.
* Return to a page that checks some quota (money?),but the quota is used up
now (yes the right
   solution is to check quota each time the action is executed).

These examples are especially worrying becase the DEFAULT is to allow using
back-button
and not even restoring mutable state.

It is possible that I don't understand Seaside enough yet, but then You can
enlighten me :)

>  * My personal opinion is that on a larger project it makes sense to
> forbid
> >     using back-button, because it is infeasible to ensure that everyone
> uses
> >     this functionality correctly, and potentially this creates security
> > holes.
> >
>
Fine. But as long as you do not give examples, all I can do is note
> your opinion. Of course, I have another opinion :-)


Thank You for Your opinion.

OM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://liststest.squeakfoundation.org/pipermail/seaside/attachments/20051213/aae2613c/attachment.html

More information about the Seaside mailing list