nickasloan's comments

It seems that Chris is just introducing this project to the community. Maybe there are flaws, I admit that I'm not the best one to judge that. But to focus on those flaws seems to miss the point.

Chris is trying to build a PHP framework where security is the prime consideration. To my knowledge, a project like this doesn't exist already. This is an open source project, and by Chris's own admission, a learning experience. This is an opportunity for the PHP community to have a discussion that is centered around the best way to solve the myriad of security issues that plague PHP frameworks and applications. The knowledge and experience generated from this project can be used to the benefit of other frameworks and applications in the PHP ecosystem.

I applaud Chris from undertaking this effort to challenge and improve his knowledge of web application security in a public way so that others may benefit from his experiences.

And shame on those who are trying to kill this project with negativity and condescension before it even starts.

Great post. I'd like to call attention to one point he makes:

"It doesn’t mean that stuff is bad, in the grand scheme of things. It doesn’t mean it has no value or is the wrong approach for many. But it’s the wrong approach for me, for sure."

Let's face it, the differences among Zend Framework vs Symfony vs Limonade vs Rails vs Django aren't really that big of a deal for most of our projects. In fact, I don't know if I've ever worked on a project that any of those frameworks couldn't solve effectively. The fact is that for the simple database web apps that most of us are writing, these decisions are not very critical.

It seems to me that Ed recognizes something that no one talks about as much as they should. The important consideration is not "Which tool is right for the project?". Most of the time "Which tool is right for the developer?" is the question that the success of a project hangs on.

Ed and his coworkers at http://gimmebar.com recognize this. They have adopted Javascript as the lingua franca that allows their frontend and backend developers to work together harmoniously. Developers working in harmony can achieve great things. The 5 Days of Gimmebar are proof enough of that (http://blog.gimmebar.com/post/12793742161/5-days-of-gimme-ba...).

Ed says that a simple framework with useful single-purpose third-party components is the right choice for him. Maybe it is for you too, maybe it isn't. I think the important takeaway from this post is that we should all strive for the self awareness that allows us to recognize what will let us work most effectively. I know I've been giving that question a lot of thought lately myself.