fos
10-11-2007, 11:24 AM
I am trying an application that relies on the Smarty PHP Templating System. It is based on PHP but the templates do not directly include php code. The poor security of PHP has been debated here.
According to the Smarty website, http://smarty.php.net, the reasons for using Smarty include:
*) Designers can't break application code. They can mess with the templates all they want, but the code stays intact. The code will be tighter, more secure and easier to maintain.
*) Errors in the templates are confined to the Smartys error handling routines, making them as simple and intuitive as possible for the designer.
*) With presentation on its own layer, designers can modify or completely redesign it from scratch, all without intervention from the programmer.
*) Programmers aren't messing with templates. They can go about maintaining the application code, changing the way content is acquired, making new business rules, etc. without disturbing the presentation layer.
*) Templates are a close representation of what the final output will be, which is an intuitive approach. Designers don't care how the content got to the template. If you have extraneous data in the template such as an SQL statement, this opens the risk of breaking application code by accidental deletion or alteration by the designer. *) You are not opening your server to the execution of arbitrary PHP code. Smarty has many security features built in so designers won't breach security, whether intentional or accidental. They can only do what they are confined to in the templates.
Does anyone here have experience with Smarty. It looks pretty good.
fos
According to the Smarty website, http://smarty.php.net, the reasons for using Smarty include:
*) Designers can't break application code. They can mess with the templates all they want, but the code stays intact. The code will be tighter, more secure and easier to maintain.
*) Errors in the templates are confined to the Smartys error handling routines, making them as simple and intuitive as possible for the designer.
*) With presentation on its own layer, designers can modify or completely redesign it from scratch, all without intervention from the programmer.
*) Programmers aren't messing with templates. They can go about maintaining the application code, changing the way content is acquired, making new business rules, etc. without disturbing the presentation layer.
*) Templates are a close representation of what the final output will be, which is an intuitive approach. Designers don't care how the content got to the template. If you have extraneous data in the template such as an SQL statement, this opens the risk of breaking application code by accidental deletion or alteration by the designer. *) You are not opening your server to the execution of arbitrary PHP code. Smarty has many security features built in so designers won't breach security, whether intentional or accidental. They can only do what they are confined to in the templates.
Does anyone here have experience with Smarty. It looks pretty good.
fos