Thanks for the feedback. Certainly, if performance is significantly affected then that will be a major factor in the decisions. But, I will note that having already run my benchmarks with capability-verification enabled for a local server has had NO EFFECT on performance. Local is how most of the web servers will be running, so I should have asked for your feedback with the stipulation, "assuming no effect on performance," where should transparency be balanced against security..?
I'm not even sure it'd be nice to have security in Magma, and if so - please make it optional.
As long as you have the same transparency you have now and the same speed you have now, why wouldn't it be nice to have security?
Now, that's the sort of stuff that makes me cringe. Crippling local network speed by encrypting everything. It's still hard for a CPU to saturate network bandwidth on an ecrypted link, and for high-performance applications can well do without that burden.
I have worked hard to make Magma perform reasonable. Rest assured, I'm not about to throw that out the window in the name of mandatory security.
But what's the idea of exposing a database to the internet anyway? I really can't think of a reason. I'd never in my life do it.
A Maui interface to the Nags domain could be built in half the time it took to do the Seaside interface, and I get to stay in Squeak to use it (ok, so could you if you want to use Scamper). By using remote connection to Magma and opening port to the Net, you can support web and Maui users simultaneously. Not only that, Maui users can customize their UI's to their personal taste and choose to share them or not with others very easily..
Magma is not just about having centralized repositories behind "applications". Its also about using personal repositories to share objects with others.
This sort of stuff does not, IMNSHO, belong in a persistence engine. Not even an object persistence engine. Persistent objects don't usually form the application layer.
I'm not sure I understand. I think you *need* security in the db. If an attacker gains access to your db files then you become another story like we've been hearing from companies in the US lately, that had their customer personal information compromised in some way.. This cannot happen (hopefully) with what I'm doing with Magma, the only sensitive information ever exposed is in object-memory.
Three-tier is fine for corporate / web. IMO two-tier is better for personal / distributed objects.
But then, prove me wrong. I liked to be proven wrong if it makes life simpler for me ;)
Me too, and there's no ego. I want to learn here, not "prove someone wrong"..
Cheers, Chris