(no title)
mantrax3 | 12 years ago
We live in an age when having a complementary iOS/Android app for your site is not the exception anymore. Without a service layer you'll have coupled your services with your web pages. Connecting your server with your apps will be quite painful. You don't want that.
Done right, your service layers keeps your code simple, secure, and easy to debug, even if it's web-only. I'd argue that anything else is just due to lack of experience.
A service layer also makes the work on a project more parallelizable in terms of number of developers that can work together on it, each focusing on their part of the puzzle, without breaking each other's code all the time.
tensor|12 years ago
mantrax3|12 years ago
And moving the problem actually helps, when the original place was the wrong place to solve the problem.
Security is one problem when you write queries all over the place. The other two problems are data integrity, and maintenance.
In a service layer you have exactly three concerns:
1) Validate abstract input (and permissions of the caller).
2) Perform the transaction.
3) Return abstract output (and/or errors).
No routers, no controllers, no views, no templates, no CSRF, no XSS, no HTML escaping, no GET, no POST, no nothing.
Just input, transaction, output. Pure data. Pure business logic.
And suddenly things that seemed hard to get right, or things you had to repeat all over the place in your code, get done simply, and just once. And all your web code calls the service layer.
All your iOS and Android app code - also calls the same service layer.
And they're both secure because you need to get the service secure just once - then all interfaces (web, mobile, desktop, API) use the same service.
And when you don't isolate the service, you'll be running SQL all over the place, and use every framework's souped up solutions to avoid SQLi.
Which one do you feel is better?