I'm an eager amatuer, and am rolling around an idea to use to 'sharpen my saw'. I want to start an app to allow;
creation of forms by the userbase
management of those forms
filling in of those forms
storing of forms
These forms would require some level of scripting (i.e add Field 1 to Field 2 and put the result in Field 3), Ideally it would be a web or very thing client (like Java), and store data in some form of DB.
I've got lots of ideas rolling around, but the first one, that I'm least qualified to answer, is which language (or languages) could be used for this, and include user configurable scripting ?
You can probably use any language you feel comfortable with for developing such an application as (for the scripting part) you "only" need to implement some interpreter for whatever scripting language you devise.
To reduce the number of wheels to reinvent, you should probably look out for a language that...
has a either a unified API for dealing with embedded scripting languages (like javax.script), implements the concept of homoiconicity or otherwise provides strong scripting support
brings a web application framework that you feel comfortable with
provides bindings for your favorite database
comes with good documentation
As there are lots of languages out there that will meet those demands, it's basically a matter of taste and / or occupational reasonableness. The usual suspects would probably be:
Java EE-based stacks (either best-of-breed or "integrated" solutions Seam)
Alternative JVM-based languages (like Groovy with Grails as web application framework)
Ruby with a web application framework like Ruby on Rails or Sinatra
PHP for easy hosting
Lua is a very powerful, general-purpose, easily embeddable scripting language that might be what you're looking for. Have a look here.
io is a small, fast and embeddable prototype-based language.
Related
We are looking to build a website on top of an existing Eiffel business-tier core, which is sitting over a MS SQL Server database. I am presently considering the advantages and disadvantages of writing the web and mobile tiers either purely in Eiffel, purely in typical web-stacks, or some hybrid.
For us, there are clear advantages to pure Eiffel, not the least of which are:
Inheritance and other language notation mechanisms not found in other languages.
The compiler cannot see into code from other languages, so we are at the same disadvantage one we cross out of Eiffel into something else.
Auto-Test is something we heavily rely on in our Eiffel code, which takes clear advantage of Design by Contract. In other languages, we lose this power and are left with TDD (e.g. their version of Auto-Test in Eiffel).
We now have to learn more than: Eiffel, HTML-5, CSS-3, JS, and whatever JS framework(s) we use.
Every new language and tool adds more complexity to the project.
Eiffel programs are compiled to C --> EXEs, which are far faster than their scripted and interpreted counterparts.
I think there are also some clear advantages to existing, non-Eiffel languages as well:
Existing frameworks and tools can develop simple to moderate web sites and mobile applications rather quickly.
Existing "best-practices" are not terrible and producing reasonably reliable and maintainable code.
I am not sure what all of the advantages and disadvantages are, so I am asking. However, at the end of the day: Our core business suite is pure Eiffel. That will never change.
Thanks in advance for the feedback!
Here is what I can say from my own experience (I have create several web applications in different frameworks including one in Eiffel). First, the Eiffel Web Framework is quite usable right now. The advantage of other frameworks are their features. Here is a list of the major problems I encounter when I created my web application with Eiffel:
I had to create the MVC design myself (other frameworks like Django, Rails or Laravel does that automatically).
Eiffel lack is a good templating system. The Smarty library is ok, but it really lack some really good template features that other has. Also, trying to work with UTF-8 file in Smarty can be quite difficult (this has been a pain for me).
I had to do some session management based on cookies because the one in Eiffel Web Framework was quite primitive.
The release process (removing Nino) was not easy and lack good documentation (I was using Apache, I don't know about IIS)
That's it, other than that, every thing went quite smoothly.
The next list of disadvantages is from my naïve point of view:
The EWF package is not finished, it's going to have more nice capabilities in the future, therefore you may need to follow the new development to take advantage of new functionality.
Eiffel compiler makes it impossible to update a web program on the fly, it needs to be recompiled and redeployed.
If the program is going to be multithreaded, you need to learn a structured way to deal with concurrency based on the SCOOP model.
Some tools (e.g., XSLT processors) are not readily integrated into EWF, you may need to do this yourself.
The current EWF API is rather low-level, so before higher-level frameworks built on top of EWF become widespread, you may need to do more low-level programming than expected (by low-level I mostly mean the way to generate HTML/XML/or some other format your web service is going to produce).
Having to use just one language to do both application logic and HTML generation, that allows for easy debugging, may lower the requirements for the developers and their skills, that may affect your business model.
There are several tools that address specific needs like wiki, simple web-page creation, authorization, etc., but you may need to enhance them to get richer functionality as well as to design the architecture of your software, because some idioms and usage patterns are not established yet.
I've looked around some of the asked questions and I noticed many questions dealing with THE best web application language. I'm curious into looking into a combination of web application languages, possibly some that would compliment each other well. At the moment my list of possible web app languages at the moment are:
PHP
Ruby on Rails
JavaScript
AJAX (not really a language on its own)
Grails
I know that certain ones like JavaScript and AJAX work well together but I'm curious about the rest. What about PHP and JavaScript? Does Rails play well with others? Is looking to use a combination of languages even a possibility? I know that some may be used for different kinds of applications but I would like to focus on more than just 1 of them. Thanks for the help. Any and all comments are appreciated.
You are mixing everything up.
PHP and RoR (Ruby on Rails) are server-sided scripting technologies (and Rails is not really a programming language). They can generate content that is served to the user (ie: HTML files), but they can do a lot more. You NEED a server-side language if you want to interact with your users (ie: allow them to leave comments, and etc.).
Javascript (and AJAX, partially) on the other hand runs completely on the client side. You'll mainly use JS and Ajax to improve user experience, but remember to code your site in such a way it works even if JS is off.
Generally, as a complement to your server-side scripts you need a database, and among them the most popular ones are relational DB's that support SQL (Structured Query Language), like MySQL, SQL Server, Oracle, etc.
So, what's the "best" combination for you? It really depends. Hosting with PHP+MySQL is widely available and it's cheap, and PHP has a massive user community, and many freely available libraries and frameworks for you to use. So if you are just getting into web development, I'd suggest starting with PHP+MySQL.
Rails is not a language, it's a framework. Ruby is the language.
Grails is not a language, it's a framework. The language is Groovy.
Ajax is not a language, it's a marketing term coined to describe DHTML, which was a marketing term coined to describe using JavaScript to manipulate DOM elements and styles.
Regardless if it's PHP and Python, Perl and Java, JavaScript and Erlang, you can use any languages together depending on what you're trying to accomplish.
If you're looking for something learn, I'd say JavaScript (and get down and dirty and really learn it... don't rely on a framework as a crutch) because it's the primary front-end language in the web-world. But that's just my preference.
If you could give us a little more insight into what you're working on then maybe someone can give you a better suggestion of languages to pair up.
A programming language is just a means of achieving a goal, hence the focus should always be on the goal. Just as human languages the goal is communication, hence the languages is relatively not important.
Javascript is client side scripting language, while rest of the things that you have mentioned are serverside scripting languages. No matter what server side language you use you would have to use Javascript for client side scripting.
The rest of the 3 languages are opensource languages. Personally I would choose the most popular technology because
a. There is a big community, which ensures that the technology is widely adapted because I would like other third party applications gelling well with my application.
b. Lesser no. of flaws, since someone or the other would report it and the community would try to fix.
c. Dynamic future release: Since the community would like to see feature which are there is some competitive technology they would always want to add the feature. An excellent technology which has very less community built around it dies its own death since there are no future release and slowly it falls behind the competition.
The next important criteria would be is the tech really suits my application. Like if I am using a very slow embedded system processor, I cannot use python I will have to use C.
Well in all above cases I personally love PHP. PHP has some of the best CMS s/w, which makes life easy and there is lots of code available for free and widely adapted by even enterprises.
I'm interested in how I could use a scripting language to execute simple blocks of code in a sandboxed manner. The host language/environment could be c#/ruby/python/java (anything but c). But the scripting language could equally be something obscure such as javascript/python/ruby/perl etc.
What I want is a way of executing script with traditional programming constructs i.e. conditionals/loops/date manipulation/arrays etc. But what I don't want is to expose things such as IO, connectivity to http streams, databases etc.
I'm currently looking at spidermonkey using the python adapter, but I wondered if there were other options that I should consider.
Lua is very easy to sandbox code in. Here's a reference on the Lua wiki. It's a terrific minimalist scripting language, easy to embed in other (C or C++) code. So your host would be Lua embedded in some other code (or just the factory-installed Lua interpreter). Your scripting language would be Lua.
If you don't know it, though, I'm sure there are other good solutions that don't require you to learn a new language.
You could do it with .NET (VB, C#, any language) via Code Access Security - set the policy on the machine to not allow access to any Framework classes you like.
See Setting Security Policy.
By default the policy allows code that originated on the local machine to do anything; you can set it so that by default, code cannot call into the I/O classes, cannot do HTTP connections, and so on.
Looking around the horizon of the web server side, I see that scripted languages like PHP are quite popular,
probably due to the speed of development and ease of programming.
However scripted languages are human readable so isn't code security would be an issue here.
I would like to know that if I am keen of security of my code on the server what server language/technology would be most suitable.
When you use any server side language, only people with access to the FTP protocol (or SSH), can see the files. When you are regularly browsing the web, you cannot see PHP, or any other scripting language.
In terms of the actual language security, little bugs can be found, but you will get that in every language.
The security of your script depends on how you design it.
For the most part, every language is secure, but not every programmer is.
scripted languages are human readable
so isn't code security would be an
issue here.
No, users on the web will never see the code of your serverside programms - unless you publish the source.
Some security problems in web applications stem from the type of language used on the server side: buffer overflow is a security problem typical of C. So a scripting language would actually be more secure in this regard.
Typical security problems in web apps today stem from the interaction of client, server, database and user-entered data:
SQL Injection
Cross Site Scripting
Cross Site Request Forgery
...
A modern Web Framework like Ruby on Rails (or many others) will help you avoid some of these problems. But you still will have to learn a lot about web security!
"Staying away from Javascript" is a bit like "staying away from cars" because they are dangerous. Javascript is an integral part of modern web applications.
All serious (ignoring Piet, Malbolge, etc) programming languages are human-readable. Whether or not an explicit compilation step is required has no effect whatsoever on application security.
If you want to be very careful about security, use a language which supports easy verification and/or proofs, such as Haskell or Ada. A typical web application probably would be OK with a modern dynamic language, such as Python or Ruby. Java and C# are also popular, for performance reasons. Any of these will make developing secure applications significantly easier than in legacy platforms such as PHP, Perl/CGI, or classic ASP.
Lastly, as a small pet peeve -- PHP, Python, Ruby, Perl, etc, are not scripting languages.
I would say that the only really safe way to protect your code is by using ISAPI or CGI, and developing the application with some hard compiled language like C, C++, VB 5 or higher but any .NET, Delphi 5 or higher and so on. Any bytecode or interpretated language can be decompied, no matter what you do. New obfuscation methods may hold the crackers for a while, but they will always find a way to get the source. The source is there, the decompilation routine is there, the source must be revealed to be used by the framework, so all the crackers have to do is to catch it on the way.
the language has a small part to do with it. however, a lot has to do with how you actually design and write the code.
ASP.NET get compiled into dll's, so the code is not human readable on the server. But even in PHP, the code gets executed on the server.
Just stay away from JavaScript as that is visible on the client, and human readable.
My main preference is .NET, however even with the scripting languages like PHP they are not seeing your raw code unless you're giving people access to read the raw code files. I've seen some very secure PHP sites. If you're concerned about what people can see and access, then you need to watch what you are putting into the client side scripting languages like Javascript.
For 'hiding' the code there are a few different languages that support this. .NET languages can be compiled, which generates DLLs without containing the original source code on the server. These, however, can be read with something like .NET Reflector, so to escape that you would run something like Dotfuscator on your code, making it more difficult to read.
For PHP, there are solutions such as ionCube that encode your script and they must be ran with an additional decoder on the server to execute them. Usually this is used when reselling scripts, so clients can't look at or modify the source.
Are there any open source or commercial web programming language that function much like Fog Creek's Wasabi? As in you write your web app in this parent language and it then compiles down to php for Linux hosts and ASP.NET for Windows hosts.
Haxe is the closest I've seen, but it only compiles to PHP (and mod_neko), not to ASP.
Genexus is a commercial development tool that does that. It can generate several other languages. Its oriented toward database apps, it generates database schemas and queries from its internal language.
That said, I have worked with it, and I don't like it. It's quite buggy and its programming language is very archaic.
Before you bother, consider whether it's really worth it.
Supporting one platform with multiple configurations is bad enough; do you really need to support both ASP.NET and PHP? If you're writing an in-house application, then you probably want to stick to as few technologies as possible. If you're writing software to sell, then is it really a problem if your product requires a particular platform?
As far as I know, Fog Creek had to develop Wasabi because there wasn't such a tool. There are a few toolkits trying to be portable, but none that compiled to ASP or PHP that I know of (besides Wasabi, that is).
People act like Joel went mad with Wasabi, but I think it makes perfect sense if you put all the pieces together.
FogBugz was originally written in VB.
Joel hates to throw out working code to start over.
Joel was faced with a server market split between MS and Apache w/PHP servers.
Given the circumstances, it's a rational decision to say, "OK, then, we'll just write a VB to PHP translator."
And once you've taken that step, to say, "Well, since we've essentially have a compiler here, why not extend it with the features we want that Microsoft has never added to VB?"
Thanks to Wasabi, code that would have to be written twice (or more, given some duplicated server/JavaScript code) is written only once.
Multitarget development is pretty common. It's the reality when you can't dictate your target environment.
Pick a real mature application server platform like Java. It runs everywhere...