Bug #196

Framework comparison details

Added by Tobias Schlitt over 14 years ago. Updated over 11 years ago.

Status:
Resolved
Priority:
Should have
Assignee:
Category:
Content
Target version:
-
Start date:
2008-02-11
Due date:
% Done:

100%

Estimated time:

Description

Hi all!

I found your framework comparison (http://flow3.typo3.org/about/comparison/) quite interesting and have some input about eZ Components, where I think some entries are missing or maybe I just got it wrong.

I don't knwo what "Package Repository" exactly means, but I guess that is a PEAR channel, right? If so, eZ Components also have one at components.ez.no. "l18 & l10n" is supported Translation component (see http://ezcomponents.org/docs/tutorials/Translation). The "Security Framework" seems to be supported by multiple of the eZ Components: UserInput (http://ezcomponents.org/docs/tutorials/UserInput) is a component to secure any type of incoming data by properly validating and escaping it. The PersistentObject (http://ezcomponents.org/docs/tutorials/PersistentObject) component automatically prevents SQL incjections and the Template (http://ezcomponents.org/docs/tutorials/Template) components allows to avoid XSS by its XHTML-Context, which performs proper escaping on evrry output made. Or did I get the term "Security Framework" wrong? In addition, eZ Components make heavy use of DI in terms of their "Tie-In" components, which are used to create optional dependencies between components instead of making them hard-depend on each other.

Most important: eZ Components are not realeased under a proprietary license (and actually have never been), but under the "New BSD License" (see: http://ezcomponents.org/about).

Thanks in advance for updating! :)

Best regards,
Toby

#1

Updated by Robert Lemke over 14 years ago

  • Status changed from New to Accepted
  • Assignee set to Robert Lemke
#2

Updated by Tobias Schlitt over 14 years ago

Hi again!

I also noticed that the company and product name are misspelled a bit. It should be "eZ Systems" and "eZ Components."

Thanks in advance again for fixing this, too!

Cheers!
Toby

#3

Updated by Robert Lemke over 14 years ago

Hi Toby,

thank you for reporting the changes.

I don't knwo what "Package Repository" exactly means, but I guess that is a PEAR channel, right? If so, eZ Components also have one at components.ez.no.

No, a PEAR channel was not what we have in mind. It's rather that you can download and install single components from a repository and, more importantly, that you can upload and share your own components in a public repository. If each eZ component was available via PEAR separately and if there were user contributed components, then this criteria would match. The Ruby Forge is another example of such a repository (or the TYPO3 Extension Repository).

"l18 & l10n" is supported Translation component (see http://ezcomponents.org/docs/tutorials/Translation).

I read the tutorial from end to end. It certainly is a good solution for translation, but translation is only one part of localization. What I'm missing is internationalization - support for different number formats, timezones, date / time formats etc. - But as most of the other frameworks have their weaknesses in this field, too, I set the mark to "yes" for eZ components.
See also http://en.wikipedia.org/wiki/Internationalization_and_localization

The "Security Framework" seems to be supported by multiple of the eZ Components: UserInput (http://ezcomponents.org/docs/tutorials/UserInput) is a component to secure any type of incoming data by properly validating and escaping it. The PersistentObject (http://ezcomponents.org/docs/tutorials/PersistentObject) component automatically prevents SQL incjections and the Template (http://ezcomponents.org/docs/tutorials/Template) components allows to avoid XSS by its XHTML-Context, which performs proper escaping on evrry output made. Or did I get the term "Security Framework" wrong?

Okay, so that's easy: The fact that security is spread over different components tells me that you don't have a security framework. I really appreciate the security features you have built into the components, but what we mean is a framework which centrally manages security from outside. That's also why the Zend Framework is marked as having only partly support for that (same like eZ components: Input Filtering etc.).
Symfony for example does have a dedicated security component which allows for managing access to controllers and actions. It's not really extensive but I guess it's okay.

In addition, eZ Components make heavy use of DI in terms of their "Tie-In" components, which are used to create optional dependencies between components instead of making them hard-depend on each other.
eZ's tie-ins are really not dependency injection. They aim for looser coupling of the components, which is good, but most of the code refers to other classes directly. I just picked a class randomly: http://ezcomponents.org/docs/tutorials/EventLogDatabaseTiein - the code is referring directly to ezcLog:: and ezcDbInstance::. With dependency injection, these instances would be injected from outside. That gives you the opportunity for example to use fooBarLog:: class instead the eZ logger.
Se also: http://martinfowler.com/articles/injection.html

Most important: eZ Components are not realeased under a proprietary license (and actually have never been), but under the "New BSD License" (see: http://ezcomponents.org/about).

Sorry, we only had a look at http://ezcomponents.org/overview/license - and there the BSD license is not mentioned anywhere.

In total, it's of course difficult to compare so different projects just by setting some marks in a grid. But I still think that it still has some significance and can help developers to classify the different frameworks.

Thanks again for reporting,
Robert

#4

Updated by Robert Lemke over 14 years ago

  • Status changed from Accepted to Resolved
  • % Done changed from 0 to 100
#5

Updated by Tobias Schlitt over 14 years ago

Hi Robert!

Thanks for taking care here, for your detailed answers and for updating the comparison page. I still have some remarks:

If each eZ component was available via PEAR separately and if there were user contributed components...

Our PEAR channel supports to install each component independently and to update those automatically. We also have 2 user contributed components in experimental/ which still need some incubation before being released. Beside that, the idea of providing a "forge" for user contributed components and additions is in our mind for a longer time, but I can't say if and when it will be realized.

Thanks for the hint about the license. I will take care that this gets updated ASAP.

Best regards,
Toby

#6

Updated by Robert Lemke over 14 years ago

Toby,

Our PEAR channel supports to install each component independently and to update those automatically. We also have 2 user contributed components in experimental/ which still need some incubation before being released. Beside that, the idea of providing a "forge" for user contributed components and additions is in our mind for a longer time, but I can't say if and when it will be realized.

Okay, I set it to "partly supported" then - I guess that's describing it best.

robert

#7

Updated by Tobias Schlitt over 14 years ago

Thanks a lot. :)

Also available in: Atom PDF