SQLFusion blogs

The build once reuse everywhere web application.

PHP / Javascript web applications today are more complex than ever.
We use a framework or a CMS for the base functionalities, place in it a template system, include a few additional modules, then add some PEAR classes and a couple of javascript toolkits.
Finally we glue everything together with our custom code.
Sound familiar?

Unless you write everything from scratch using only the base PHP functions, most of the time web applications are composed from various components and libraries.

Now here is the fun part. 2 weeks after going live with one of the libraries, modules or CMS it become insecure due to a newly discovered vulnerability.

I found it hard to maintain and upgrade all those applications, modules and libraries each time there is a bug fix or security advisory.

Wouldn't it be great if you could just press one button and get that part of your project upgraded to the latest most secure version?

This is now possible for applications packaged in a Linux distribution but not for web applications.

What the perfect web application packaging system would look like:
- It would be project centric
- Manage and resolve dependencies
- Install and upgrade database data and structure
- One click upgrade or install
- Not writable by the web browser user
- 100% in PHP
- Work with all the frameworks
- Web based user interface

A few web application packaging solutions already exist.
Debian as created Debian packages for the most popular PHP web applications. Pear package is today probably the most advanced packaging system available for web applications. A lot of todays frameworks or CMS have their own packaging systems.

But they all have shortcomings that make it difficult for us to use and work with.

Debian is per server installation, so on one server you can't develop multiple projects.
We had similar problems with PEAR and found it very difficult to work with on development servers when we only wanted selected packages to be available for selected projects.
All the built-in package and update feature we found in frameworks and CMS require manual downloads and installs of modules or themes.

So a few years back we started our own web application package solution.

The goal was to meet all the above criteria, and its harder than it sounds.

The solution we created is a 2 step package installation.
All the projects are created on a development server. In the first step, we install packages of libraries, toolkits and full applications from a web based user interface. In the second step we publish the web application to a live server with a built-in synchronization application.
Then the packaging system secures all the folders and reconfigures the application to work on the live server. (converts absolute file or url path, database connection information.... )
We even added an experimental feature to update the database structure when upgrades are uploaded to the live server.

This 2 steps package installation allows us to have a secure published application with a web based package manager.

We still have a lot of work to do but we are definitely on the right track, our current packaging system is usable and most of the features listed above are implemented and working.

You can give it a try at http://radria.sqlfusion.com/