0

We plan web project (accounting software) using PHP for web frontend and MongoDB as database. Also, there will be probably mobile aps for iPhone and Android, possible REST API and more. We need to write middle layer over raw database ("model" in desing pattern MVC or MVP) with as much shared functionality as possible. What is smart way to write middle layer in such a scenario ?

Options we are considering:

1) Write middle layer as PHP library. Plus: super easy connection to PHP frontend, but not so great for other use-cases (mobile aps, REST API...). Edit: also not so great for security and isolation.

2) Write middle layer as server-side executed code on MongoDB server. But they are too many limits limits (db.eval() write lock, one shard only) as well as it seems it not recommended usage of this MongoDB functionality. I was looking for MongoDB extensions which would extend server-side code execution capabilities, but found none.

3) Write middle layer as independent web service, for example in PHP, python or Node.js. Main problem which I see - MongoDB communicate in BSON. Many middle layer functions would do simple MondoDB query. Than they would have to re-encode result in some other serialization standard (since BSON is MongoDB specific) and then send results to client - which seems to me like big waste.

Unless we find better solution, we will probably go for variant 1), but any advice would be really appreciated.

Stepan
  • 1,430
  • 2
  • 14
  • 11

2 Answers2

0

I'll put the answer here that I put on Google Groups.

The second point is not really server-side but more that it runs within the inbuilt JS engine that comes with MongoDB. As you state this would be a terrible way to do this.

The third point wouldn't be so bad, making a single point of entry using PHP or something you would just communicate to it using JSON and the PHP driver to MongoDB would do the hard work for you, no need to worry about BSON. However there are massive security flaws with it, one being that you would need to open an interface which accepts MongoDB queries directly, as such this interface immediately is a black hole in security even if "secured".

In my opinion your not even better off going with the first point since that determines that you must write your own library. Instead I would go for a PHP framework like Kohona or Lithium or Yii. Something like that would probably be your best bet.

Sammaye
  • 43,242
  • 7
  • 104
  • 146
  • I do not want middle layer to accept MongoDB queries directly, I agree that would negate security. Ad 1) - it does not implicate I do not want to use framework or base library to build it. Just that whole result is than connected to for example PHP frontend as a library. – Stepan Nov 27 '12 at 17:11
  • @Stepan What do you mean by "as a library"? It is just that is quite vague and can be used to explain many different types of layers in PHP. Also what ddi you mean by the middle layer then? I can keep throwing scenarios around but without knowing what your thinking I can't be precise with my answer on that one. – Sammaye Nov 28 '12 at 08:39
-1

I'm writing this is an answer because it's too long for a comment.

With regards to point 1), clearly you don't have an idea of how PHP works, otherwise you would have known that:

  • mobile apps is a buzzword. PHP has been serving mobile devices since at least 2004.
  • REST API.... PHP is a language for the web, a REST class can be written in under 20 lines.
  • security doesn't depend on what you use, but how you use it. With your same logic, you're insecure because you use MongDB instead of $someOtherDbPackage.
Christian
  • 27,509
  • 17
  • 111
  • 155
  • Yeah, I know PHP can serve mobile aps, just finished PHP Amf server two weeks ago. I do earn my living as web developer in PHP. I am not saying that PHP is too insecure, I am saing that isolate middle layer more than just put it into library would be safer. – Stepan Nov 27 '12 at 17:07