Scaffolding in the real world
I’ve always told people that scaffolding should NOT be used “in the wild”. Here’s proof (note the strategic cropping of beer from the frame).
I’ve always told people that scaffolding should NOT be used “in the wild”. Here’s proof (note the strategic cropping of beer from the frame).
Its due to a lack of built in security. Scaffolding is built for efficiency and “get up and running”. But not security per se. There is no datatype checking, there is no pre-validation (is this actually an email), etc.
CodeIgniter scaffolding is better then most because of the built in XSS security checks, but still in a production environment you’d want to first go through and validate everything.
Also, there is no checking for whom is editing, and there is no way to limit what gets edited specifically. If you had scaffolding, then in theory, provided I can get to it, I could delete your entire database.
CI uses a “trigger word” to make it harder to guess, but still, those triggers turn up all types of places: browser history, referrer links, etc. As the saying goes “security through obscurity is no security at all”. (Although I concede that hiding something is an important first step).
$this->load->scaffolding('tent');
$this->load->helper('beer');
$this->load->view('one_f*cked_up_tent');
:D
LOL! Eric, you just made my day!
Now stop cracking jokes and get working on that beer helper!
john wrote on
I hear this a lot for most frame works, but I have never heard anyone say why you shouldn’t use scaffolding. What’s your opinion?