I'm very excited about this library. I always wished for an off the shelf web
app security solution! Not sure if this is the right ML, but since the
library was announced here…
1. I read that the project was ported to GH. While there is a baseline
there, there is also a configuration on GH, but (the weird part) - it still
points to StHub instead of loading the baseline from GH
2. How does one actually use the library in practice e.g. for a web app with
protected content? The 3 blog posts cover adding a user, but I don't
understand how to tie AS in with say Seaside. Is there an example project
using it or some docs on that?
I forgot one:
3. It was not clear to me how to get libsodium.dylib, which was not
installed on my Mac. There were some old ML posts about an automatic binary
download mechanism using Dropbox, but the link seemed dead. I ended up
downloading and manually copying into the Pharo VM Plugins folder per ,
but was a little uneasy about that. It would be good to add "the right way"
to the readme!
2018-06-05 0:17 GMT-03:00 Sean P. DeNigris <[hidden email]>:
> I'm very excited about this library. I always wished for an off the shelf web
> app security solution! Not sure if this is the right ML, but since the
> library was announced here…
> 1. I read that the project was ported to GH. While there is a baseline
> there, there is also a configuration on GH, but (the weird part) - it still
> points to StHub instead of loading the baseline from GH
I just updated the README with the install script. Thanks for reporting.
> 2. How does one actually use the library in practice e.g. for a web app with
> protected content? The 3 blog posts cover adding a user, but I don't
> understand how to tie AS in with say Seaside. Is there an example project
> using it or some docs on that?
I still should test in a Pharo 6.x image but there is a Configuration
which could work: ConfigurationOfIGEVETWebSite, it uses Iliad plus
some extensions such as PureCSS, so it could take some time to load.
Maybe I should sit down tomorrow and take some time to write
- ConfigurationOfNacl - had to comment out #preload, which failed to download libsodium (apparently the dropbox link no longer works). I was able to procure the library elsewhere
- BioFormatters-HernanMoralesDurand.118 complained about missing PMVector, clicked proceed and no more problems
Since I’m not familiar with Iliad, I wasn’t sure how to run the app. I manually executed IGEVETApplication>>#startUp to get the server going, but wasn’t sure what URL to type into the browser. I tried a few things that all returned 404 like:
Also from my previous reply (not sure if you saw it):
Out of curiosity, why Iliad instead of Seaside? Would Iliad be your default/recommendation for new web apps? Is it well-supported/maintained? It doesn’t seem to have much recent activity unless I’m looking at the wrong repo.
I'll check it out. Thanks. Out of curiosity, why Iliad instead of Seaside? Is Iliad well-supported/maintained?
Of course not :)
We are like 10? in the mailing list, you could say it seems like a dead project, but it performed really well for me (some reasons below).
For people who like to feel always safe, Seaside is the best choice. However at some point after some years I felt Seaside uncomfortable, I read that Iliad picked some of the best features of Seaside and Aida, then wanted to gave a try.
Would that be your default/recommendation for new web apps?
First of all, I should say I'm not super experienced in web apps. Although I appreciate the big efforts behind Smalltalk web frameworks, I didn’t really like any of them, neither page-centric or programmatic. None of them was easily adapted to the emerging web trends for the last years like the appearance of static site generators, adaptive/responsive design, multiple competing JS libraries, semantic web, mobility, etc. not to mention they lack "standard" built-in features such as caching, template, security frameworks. However I cannot complain, we are a small community doing the best we can, and the alternative of coding in a popular PHP framework would be like going to hell... think about matching "objects" to relational table schemas here (single table inheritance).
I really love the Iliad form validation through Formula (easier than Magritte for me), the free Ajax, the simple routing, and it feels lightweight. However there a lot of things missing in Iliad by now: a Zinc adaptor is
missing, better CSS integration, more documentation, examples, updated
jQuery, etc. For other classic features, there was an old comparison table for Smalltalk web frameworks, a bit outdated but you could check it:
> I really love… However there a lot of things missing
This hints at an issue I've been thinking about a lot lately. It would seem
to be a huge boon if frameworks were designed to be more pluggable. The
driver of my thoughts were the incompatibility of OSProcess and
OSSubprocess, which can't even be loaded at the same time no less plugged in
and out! Imagine if we could use Formulas in Seaside, and plug whatever web
server into Iliad. It's a shame that each one seems to lock one into an
ecosystem - the good with the bad, especially when this kind of stovepiping
was one of the very things Smalltalk aimed to avoid! I wonder if there has
been any research/experimentation/thinking in this direction…