Blog

YOU ARE NOW IN :: HOME :: BLOG

A Reimagined Website Strategy

By Danny Foo - March 21st 2017 13.38 PM GMT+0800

Web88 is a dynamic approach to designing, building and managing websites. It gives your website a giant boost in performance while enabling it to meet the ever-increasing demands on bandwidth and performance.

Web88

Improve Your Quality of Experience

Laravel is a web application framework with expressive, elegant syntax which fuels digital transformation by delivering a simplified customer experience, comprehensive built in security and a universal app platform. Web88 CMS with Laravel's MVC framework can help achieve your unique business needs by delivering intelligent content management, purpose-built to get the best performance, availability and efficiency from day one.

We believe viewing and surfing your website must be an enjoyable, creative experience to be truly fulfilling. Web88 attempts to take the pain out of development by easing common tasks used in the majority of web projects, such as authentication, routing, sessions, queueing, and caching.

#1. Protection from data breaches and business disruptions

Today for an online business website or application, security is the biggest concern. Hackers try to find ways to attack a website, to destroy or to change the way the website looks. This can decrease the value of a business website.

Most CMS are open source and the code base is open to everyone. There are various communities who develop plug-ins, widgets or modules for CMS. When developers find vulnerabilities they launch a newer version of that feature with a safe code. It is important to install a reliable plug-in on a CMS site, from trusted sources.

Websites developed using PHP frameworks are more secure in comparison to CMS. Since they use custom code, it is more difficult to breach their security. Most frameworks also have built-in functions for encrypting and protecting against common vulnerabilities including:

  • SQL Injection

    Laravel's Eloquent ORM uses PDO parameter binding to avoid SQL injection. Parameter binding ensures that malicious users can't pass in query data which could modify the query's intent.

  • Cross Site Scripting (XSS)

    Laravel's "syntax will automatically escape any HTML entities passed along via a view variable. This is a very big deal, considering that a malicious user might pass the following string into a comment or user profile:

    My list <script>alert("spam spam spam!")</script>

    If this string were allowed to be saved to the database without filtering, and then subsequently displayed in a web page without escaping, it would in fact display an annoying alert window. This is an example of an attack known as cross-site scripting. In the grand scheme of things this is but a minor annoyance compared to more sophisticated attacks which might prompt the user to supply some sensitive information via a JavaScript modal which was subsequently sent to a third-party website.

    Fortunately, when a variable is rendered within the "escape tags, Laravel would instead render the string like so, thus preventing the possibility of cross-site scripting:

    My list <script>alert("spam spam spam!")</script>

  • Cross Site Request Forgery (CSRF)

    Imagine a situation in which a malicious third-party crafts a special link (or a form masquerading as a link) which when clicked initiates a request to another site where you are registered and happen to be authenticated into (by way of a session cookie). Suppose this link endpoint performed a sensitive task such as updating your profile to include a spam message. Because you are authenticated, the site will presume the request is indeed coming from you, and update the profile accordingly.

    CSRF (cross-site request forgery) tokens are used to ensure that third-parties cannot initiate such a request. This is done by generating a token that must be passed along with the form contents. This token will then be compared with a value additionally saved to the user session. If it matches, the request is deemed valid, otherwise it is deemed invalid.

    If you are constructing forms using standard HTML (which I do not recommend), then you will need to supply the token to your form like so:

    <form ...>
    {!! csrf_field() !!}
    </form>

Conclusion: Well-developed PHP framework websites are more secure. There are pre-enabled tools to protect from injection and xss attacks, which help the developers save their time from complex coding for site security.

#2. Greater flexibility

Based upon business requirements, your website may need to have various functions and integration with third-party applications. Sometimes you need your website to perform operations which are independent of each other and connect with various systems as well.

For example:

  • Your website needs to integrate with a CRM, like Salesforce, to send contact registration data
  • Your website needs to connect with an order-processing system, like FileMaker, where your customer orders need to be processed independent of your website but the actual orders are generated from your website.

While CMS sites can have a variety of functions in applications, those applications are not very flexible. Since the applications are pre-made, creativity can sometimes be limited. A number of modules and plug-ins within a CMS website may require making a lot of custom development as well. Frameworks contain various library functions and can be easily customized based upon the requirements of the business.

Conclusion: When it comes to flexibility, PHP frameworks are ahead of CMS. Web88 contributed to its flexibility and made it robust in all facets.

#3. Upgrades

Getting your business website updated with the latest code functions is really important. Upgrades help with website security.

CMS has updates almost every month. The website should be updated with the latest upgrades as soon as it is available. Even if not updated, the website would function, but the site would not be as secure or user-friendly. The following are upgrades common in CMS:

Frameworks do not have very frequent updates compared to CMS. Most PHP frameworks have updates regarding new features, but not every month. Some can go six months without updates and still be secure and functional.

The recommended method of upgrading is to create a new install and then to copy your existing site's unique application files into the new application. This would include controllers, routes, Eloquent models, Artisan commands, assets, and other code specific to your application. Alternatively, Laravel Shift is a new project aimed at automatically upgrading out of date Laravel apps up to the current version. The way it works is you sign-in with either Github or BitBucket, purchase a shift (an upgrade package), and then review the pull request it automatically creates.

Conclusion: In regard to upgrades, choosing CMS or PHP frameworks depends on the business owner's preference regarding updates. Either choice has its benefits and drawbacks.

#4. User Experience (UX)

CMS are built with the website manager in mind. Most CMS make it very simple to manage the website content. The business owner can change information on the website without a problem. CMS mostly provides responsive themes so that any module or plug-in placed on the website functions on a mobile device as well.

A PHP framework usually does not have the default standard user interfaces, which makes CMS so user-friendly. But developers can create an interface using the available library functions. CSS frameworks like Bootstrap or SASS can be used with PHP frameworks in order to develop a site for the best user experience. Users can develop responsive sites using these front end frameworks.

#5. Out-Of-The-Box Authentication

In the 5.2 release of Laravel, we got the make: auth artisan command, which, with a single command, will create all of your auth views, including login, register, and forgot password. That's a lot of code generation from a single command, and it is a pleasure to use.

Before you run the command, you already have the controllers and traits in place, since those ship with the framework. You also have a User model and the corresponding migrations for both the users and create_passwords tables.

The bottom line is that you can this all working within a matter of minutes, and you are getting a robust solution that includes login throttling.

Danny Foo is Bootstrap and HTML5 expert. When he is not in the office, you can usually find him running on his treadmill and coding on his laptop at the gym bar.



MOST READ