I'm doing something similar to Tristan. I'm using Webmachine in the backend which houses all the db, business, and security logic and using SpineJS and CoffeeScript for my front-end which communicates with Webmachine using JSON. After writing a web app this way, I have to say that it is more difficult than most prepackaged frameworks, however, it allows you a complete separation of concern, forces you to really think about your security, and also forces you to focus on a solid, usable REST API. The cool thing is that you are using your own REST API and if you're looking for an API for your service/web app, you can find and fix any pain points that someone else might encounter using your API.<div>
<br></div><div>Unlike Tristan, however, I separated all my sessioning into a completely separate web app from the main Webmachine web app. I saw the Webmachine app as something I wanted to keep as a completely standalone service and so I basically wrote an intermediate app using Misultin which proxies messages from the front-end to Webmachine adding any necessary authentication tokens, dealing with sessions, and any web security features. As for web security, this is built into my Misultin app and I followed this guide: <a href="http://guides.rubyonrails.org/security.html">http://guides.rubyonrails.org/security.html</a>. It's pretty easy to implement them yourself.</div>
<div><br></div><div>I haven't used Opa, but I have used NodeJS and I was very tempted to use it for the intermediate app. You might want to look at Express for NodeJS if you're looking for more of a framework.</div>
<div><br></div><div>Hope this helps,</div><div><br></div><div>Andrew<br><br><div class="gmail_quote">On Sat, Dec 10, 2011 at 2:06 PM, Tristan Sloughter <span dir="ltr"><<a href="mailto:tristan.sloughter@gmail.com">tristan.sloughter@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">I've tried pretty much every Erlang web framework (some more than others). <div><br><div>Could you explain what you mean about Lift's security, 'ajax+html component security'? </div>
<div><br></div><div>The main frameworks are: ChicagoBoss (Railish), Nitrogen (evet-based architecture), Zotonic (a CMS/framework in my opinion, they may just say CMS), Erlang Web (the one I have least played with but does seem the most OTP fitting) and Erlyweb.<br>
<br>I haven't personally been happy with building full projects in any of these (though Zotonic has been GREAT for projects that just need a CMS like my wedding website, and Chicago BOSS looks great for MVC style Erlang web development) and now I'm doing my own which is based on Webmachine and Batman.js with security based on resource access control using Seresye (<a href="https://github.com/afiniate/seresye" target="_blank">https://github.com/afiniate/seresye</a>) and an Erlang security framework Genbu. </div>
<div><br></div><div>So the idea is the client is built completely in Batman.js and communicates (JSON) with the Webmachine based RESTful interface of the backend (which I am greatly simplifying the necessary steps needed to build). And then all security on the backend is based on the idea of writing a rules engine with Seresye which will be simplified for web resource/db use as part of Genbu (which I am moving all web session, authentication logic from Maru to).</div>
<div><br></div><div>I hope to have the pieces for Genbu and Maru and an example, for others to start using it, committed tomorrow or sometime this week, but <a href="http://claimstrade.github.com/maru/" target="_blank">http://claimstrade.github.com/maru/</a> is the "idea" -- well its more than an idea I am building this while building a real business on top of it. So it is taking what I find I need as I build the business and then adding it to the framework, or taking out and moving to the framework. Also is based on a couple years of Webmachine based web development and what I saw went wrong in some cases as we did so.</div>
<div><br></div><div>That said, and even though this is an Erlang list so I hope I'm not yelled at :), I have to also point you at Opa (<a href="http://opalang.org/" target="_blank">http://opalang.org/</a>) because I really like it for building sites. And it is very secure and statically typed (even your frontend code is compiled and type checked!).</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div>Tristan</div></font></span><div><div class="h5"><div><br><div class="gmail_quote">On Sat, Dec 10, 2011 at 3:41 PM, eigenfunction <span dir="ltr"><<a href="mailto:emeka_1978@yahoo.com" target="_blank">emeka_1978@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi everybody, i would loke to get my feet wet into erlang web<br>
development so i wanted to ask: what is the state of erlang web<br>
frameworks? i did google a little bit and found a couple of<br>
interesting projects. But having written some web applications in<br>
webobjects before, security is paramount for me. I have been playing<br>
with "scala lift" lately and wanted to know if the erlang community<br>
has something of the sort, i mean easy ajax + html component security.<br>
Or something in the line of smaltalk seaside. Thank you very much<br>
indeed.<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote></div><br></div></div></div></div>
<br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div>