Pixelpost

Authentic Photoblog Flavour

« Help Wanted Benchmarking The New Config »

v2.0 – The New Config June 14, 2009

Posted by jaywilliams

I’m sure some of you are wondering how things are progressing on the brand new v2.0. Well, first of, let me assure you that progress is being made, it may be slow, but it is progress! (We’re still looking for one or two developers to help speed things up, BTW)

Just recently, I’ve finished setting up a new configuration API, which will allow developers to easily configure Pixelpost, as well as create and save their own configuration options. The draft API looks something like this:

    // Change the active template to "Simple"
    Config::set("template", "simple");

    // Returns the active template "simple"
    Config::current()->template;

    // Create a new option, which contains an array:
    Config::set('my-option',array('value1','value2'));

    // Delete the option:
    Config::remove("my-option");

For the developers out there, you’re probably thinking, OK, this is nice, but it’s not really that big of a game changer. Well, here is the twist, rather than saving the options in a database table, like we’ve done in the past, these options would simply be saved in the pixelpost.php configuration file, as a php array. And since the configuration, generally speaking, only changes when you’re using the admin interface, the file won’t need to be updated that often. So, why should we store all the options in a database, only to require that it be queried on every page load by both guests and admins? Besides the speed benefit, both power-users and people who have are migrating their blog to a different server, can easily adjust the options for their entire blog by simply editing the pixelpost.php file, rather than firing up the admin interface.

This is a major change, we’d like to get some feedback you all, to make sure the development community agrees with this change. Because, after all, we’re building this for you! (And ourselves too of course!)

Posted in Pixelpost, v2

You can follow any responses to this entry through the RSS 2.0 feed. Trackback from your own site.

33 Responses to “v2.0 – The New Config”

  1. Jaroslav June 15, 2009 @ 2:38 am

    My first thought was: “What about security? Configuration file will have to be writable.” I worked with many CMS systems and in all of them it was not recommended to leave config file writable after installation in shared hosting environment. But all of these systems kept just database connection related information in config file.

    I thought about it for a while and I must admit that I am not sure what is the security benefit having config file unwritable. When attacker uses same shared hosting he can read your database config file even when it is not writable and I am almost sure that he can also connect to your database with credentials read from this file. So finally he can modify application configuration in database. Maybe someone else know what is the security benefit?

    Lets move from security to speed :) How big is the speed benefit you mentioned? I know that question of speed cannot be answered in general because it depends on database workload and many other things but I think that many people have put significant effort into MySQL optimization. No offense but did you perform any specific measurements that can prove that new config file parser is faster than reading from database?

    And finally I have also one question about API. Is there any mechanism that will prevent addon X to use configuration option with same name as addon Y uses? Without such mechanism there can be a lot of conflicts. Maybe you should introduce some kind of namespaces or just addon specific prefix that will be prepended to the name of option.

    It would be also very nice if addons could discover new versions of themselves just like they do in wordpress.

  2. jaywilliams June 15, 2009 @ 11:39 am

    @Jaroslav

    You bring up some valid points. As far as security is concerned, ideally, the file would only be accessible to the web server/PHP. This will be possible on some servers, as an install script will attempt to create the file in the most secure manner, but alas, on quite a few shared servers, the file will most likely have to be saved as 755 or 777. This does pose a possible security issue, but as you mentioned, if the file is still readable by an attacker, they can simply read the database credentials and attack it directly. Needless to say, if an attacker can read your files, you’ve got a problem, period.

    Speed, as it stands, I can’t see how mySQL could possibly read the configuration faster than PHP’s internal include function, but I’m definitely going to run some benchmark tests at varying levels of load to compare, and I’ll post the finding on the blog after I’ve completed the tests.

    Namespace conflicts could possibly be an issue. With v1.7, we don’t really have any standards published as far as naming conventions. But with the new version, it would be a good idea to recommend that addon creators use an addon-specific prefix to help prevent any possible conflicts.

    Also, addon version checks will be a possibility, thanks to the extend section on the Pixelpost website. It should be easy enough to simply compare the latest version on extend vs the installed version, and display a notice next to any addon that is applicable.

    Thanks for the reply!

  3. Steve Procter June 16, 2009 @ 7:34 am

    I for one welcome the changes if they speed things up, and the new idea of the configuration saved to PHP sounds great as long as the above mentioned issues are addressed.

    It is also something positive for us all to look forward too in these bleak times :)

    Thanks everyone

    Steve Procter
    http://www.stephenprocter.co.uk

  4. morison dony September 12, 2009 @ 2:47 pm

    Come on dude, these facts* and proof* i mean who is posting* lol :P

  5. Jowah September 14, 2009 @ 11:52 am

    For the whole security issue, i’d suggest to be able to put this file above root directory, that most likely wont be accessible from the web.
    That would be awesome!

  6. Jay Williams September 14, 2009 @ 1:11 pm

    @Jowah
    The current v2 folder structure has an “application” directory, which stores all of the core files, including the config file mentioned above. This entire directory will be inaccessible to the web by using the included .htaccess file. Additionally, we will be adding support so people can move the application folder to another location outside of the public_html, for additional security.

  7. money making ideas September 23, 2009 @ 11:12 pm

    As a Newbie, I am always searching online for articles that can help me. Thank you

  8. Georgia SEO Options November 12, 2009 @ 8:32 pm

    Hi, I can’t understand how to add your site in my rss reader. Can you Help me, please :)

  9. Good to Great Hedgehogs January 21, 2010 @ 9:25 pm

    GR8 Blog, You must have spent a lot of time researching this, TY.

  10. Kelly Caribo January 23, 2010 @ 1:22 am

    Hello, great info!! bookmarked :) Thx and regards from Italy!

  11. Adriaens January 23, 2010 @ 5:30 am

    Good Post. Can you email me back, please. Thank you.

  12. super bowl 2010 stream January 28, 2010 @ 10:30 am

    What a wonderful blog! Please continue this great work I will be sure to check back regularly…

  13. Blogger Templates February 4, 2010 @ 1:09 pm

    That’s Too nice, when it comes in india hope it can make a Rocking place for youngster.. hope that come true.

  14. Chantay Dama February 6, 2010 @ 9:47 am

    Pretty superb post, very educational stuff. Never considered I’d obtain the info I need in this article. I have been looking throughout the net for some time now and had been starting to get irritated. Fortunately, I happened across your blog and received precisely what I was struggling to find.

  15. Dating Guru February 11, 2010 @ 6:02 am

    I pray that someday I will have a blog as good as yours! :)

  16. Carlita Nakhle February 11, 2010 @ 8:14 am

    Super Blog, Bro! Admitedly I’m a home security aficionad0 and am constantly on the lookout for new and interesting sites and postings about stylish home security related stuff… which is what led me here. At any rate i just wanted to check in as I certainly plan on visiting again! Adios

  17. Emerson Gordon February 11, 2010 @ 10:31 am

    Wow! Thank you! I always wanted to write in my site something like that. Can I take part of your post to my blog?

  18. Wm Heyward February 11, 2010 @ 6:24 pm

    This is really a excellent source of information and facts, Im glad I read this information. I will be returning soon to see more that you have.

  19. Sydney February 12, 2010 @ 2:24 am

    I am glad that I found this web site. Congratulations on your helpful article. That’s a Thanks a lot ! I have checked over a few of your other articles and found some great information too.

  20. Daniel Millions February 12, 2010 @ 9:08 pm

    Do you mind if I quote you on my blog if I link back to this page?

  21. Gadhadhraya February 15, 2010 @ 11:19 pm

    Hi

  22. Blogs February 17, 2010 @ 8:30 am

    Wow! Thank you! I always wanted to write in my site something like that. Can I take part of your post to my blog?

  23. SriMathe February 18, 2010 @ 12:15 am

    Hi

  24. Evette Corvin February 21, 2010 @ 5:32 pm

    Nice post. Keep up the good work

  25. Tes Francis February 21, 2010 @ 6:21 pm

    I couldn’t agree more…thanks for your post.

  26. John George February 21, 2010 @ 6:57 pm

    I couldn’t agree more…thanks for your post.

  27. Natilie Wausori February 21, 2010 @ 8:16 pm

    I couldn’t agree more…thanks for your post.

  28. Glynis Fugua February 22, 2010 @ 10:04 am

    Hi, discriminative posts there :-) through’s recompense the interesting advice

  29. Dannette Bunke February 22, 2010 @ 10:10 pm

    This been quite some time since im searching for some way to answer my qestion on to make income online. Now i found it it your post. I add this to my favorites.

  30. Jack Cabugos February 24, 2010 @ 1:55 pm

    I really like the fresh perpective you did on the issue. Really was not expecting that when I started off studying. Your concepts were easy to understand that I wondered why I never looked at it before. Glad to know that there’s an individual out there that definitely understands what he’s discussing. Great job

  31. Earline Querta March 6, 2010 @ 9:47 pm

    Fantastic post! This could aid lots of people find out about this matter. Do you want to incorporate video clips together with these? It could undoubtedly help out. Your reason was spot on and owing to you; I probably won’t have to describe everything to my pals. I can simply direct them here

  32. Mauro Duce March 8, 2010 @ 12:27 pm

    Interesting post. Keep publishing more super stories. Been watching your web logs for 4 days at present and I should tell I am beginning to like your post. I require to acknowledge how do I support to your web logs?

  33. Facebook Skins March 12, 2010 @ 12:58 am

    I think that any company that takes their online presence seriously should look into having a blog. It is a way to engage with your customers on a more personal level.

Leave a Reply