[erlang-questions] newbie web-development advice / guidance
Wed Aug 3 07:31:06 CEST 2011
On Wed, Aug 3, 2011 at 3:54 AM, Benson Wong <mostlygeek@REDACTED> wrote:
> My background is a web developer (~15 years), done PHP for about 11 years.
> So I know it pretty well.
> etc). So a PHP developer, in the Erlang pool here :)
> I think an imperative language like PHP would be a lot easier (and more
> agile) to build the web app in than Erlang. I would choose erlang if I need
> long lived connections (web sockets, long-poll, etc). Frameworks like Django
> (Python)/Rails (ruby) would also make life easier.
> If you want scalability/reliability/performance, add more PHP processes /
> PHP is shared nothing, so it is easy to scale. Just add more. Using Nginx +
> PHP-FPM. Solves a lot of slow request issues.
> Put them behind an HTTP load balancer, HAProxy is a very popular choice.
> Performance is usually database bound than it is app server bound.
> On Fri, Jul 29, 2011 at 6:16 AM, Icarus Alive <icarus.alive@REDACTED>
>> Would appreciate if my thread wasn't hijacked :-)... although gotta
>> agree that our scenarios are quite similar.
>> On Fri, Jul 29, 2011 at 6:31 PM, Banibrata Dutta
>> <banibrata.dutta@REDACTED> wrote:
>> > Thanks @Marc, for taking time to reply this this mail.
>> > On Fri, Jul 29, 2011 at 5:38 PM, Marc Worrell <marc@REDACTED> wrote:
>> >> It mostly depends on what kind of web development you want to do.
>> >> Is it more of a mobile application than a publishing web site?
>> In my case, content characteristics are:
>> 1. Always originating from single source
>> 2. Always consumed by single user
>> 3. Content has short lifetime - once consumed, will be archived
>> 4. Each user has several hundreds of content display to her in "newest
>> first" fashion
>> >> Does is have specific authentication schemes?
>> >> Etc. Etc.
>> > Honestly, haven't given this enough thought. One of the requirements is
>> > to
>> > ensure privacy of user data, and that of the interaction. I'm yet to
>> > figure
>> > out the "how" part.
> Security/Privacy, this is more of an operation and application design than
> it is a Erlang/OTP vs PHP/Ruby/Python+framework.
> Generally you'd want to:
> * firewalls, no SSH access, web servers are only web servers, ie: only port
> 443 open.
> * use cookie based sessions. Don't use HTTP basic authentication.
> * Server has controls all access based on the cookie.
> * Use HTTPS. Always.
> * There are lots of other techniques:
> -- use bcrypt for passwords
> -- sessions can be limited to one IP address at a time
> -- sessions have short expire times (controlled on the server)
> -- etc.
>> Well in my case it has to be some strong authentication. Storage,
>> archival and access has to conform to HIPAA compliance. So we know we
>> are dealing with EMR type content.
Really appreciate your descriptive & informative response, especially
so for the part on security.
My inclination towards Erlang stems from the fact that I was intending
to do much of the backend in Erlang as well. The backend does lot of
other things than just bridging between FE client request/responses
and a DB, s.a. converting content format, managing archival policies,
do some data analysis for reporting etc. Maybe some of that via ports.
I wish I'd seen your mail few days back, because having tried both
Nitrogen and Zotonic, which are I am sure excellent products, I think
I've found peace in settling for ChicagoBoss. I found it lot easier to
work with, as a beginner, maybe because the FP guts are almost hidden
away from sight, and much of the developer/user coding is done in an
imperative fashion. Also, I found it's documentation (although quite
light) to be simple & just-enough to get me started and get me going.
However, I might have to come back to PHP unless I am able to train my
team on Erlang. Being a beginner, I find it hard to imagine being a
good teacher / coach for rest of the team.
Thanks again, everyone, for responding on this thread.
More information about the erlang-questions