CakeDC Blog


Jeff Loiselle - Authentication & Autho...

Why authorize and authenticate? Authorization ensures someone is who they say they are. Restricting access is a separate process. Authorization is done in CakePHP with Auth Component. Auth works with a database by default, but it can be changed to work with anything. LDAP, Radius, and OpenID are some examples of alternate authentication sources. Auth component has a number of benefits. It hashes passwords, and it provides one API for all authentication sources.

Setting up AuthComponent

Need to setup a users table and create a user model. You should have a username and password field. This will help you make the most of the intelligent defaults built into Auth. After that you need to add Auth to you controllers var $components.

Acl component

Has an easy to use API, identifies, create nodes, checks permissions. The ACL component handles hierarchies with ease, which allows inheritance permission systems.

Auth modes and simple auth.

Auth component has a number of modes, each handles authorization in a different situation. Jeff did a live demo of setting up the ACL tables. Jeff setup the acl tables with cake acl initdb. After the acl tables were set up Jeff covered creating a simple login form and easy Auth.

Using Auth and Acl's together.

Before you can start using Auth and Acl together, you need some aros and acos. Jeff used his Acl management plugin to quickly create some aros and acos, as well as set the permissions for his new user and controllers. Jeff then demonstrated how to use to the AuthComponent in crud mode. Jeff ran out of time, but covered a few good options for handling Auth and ACL.

Jim Lerza - Origami - Automating the p...

Jim is from Expungement Assitance Services. They run which helps people get their criminal records expunged. Origami is a proposed solution for automating criminal records relief in the United States. The application helps manage all the different types of forms that need to be filled out. All these forms need to be collected and standardized so that the data can be normalized. This helps to automate future applications, and streamline the the user experience. There was an existing application that had a pile of legacy code. This legacy code was partly written in mandarin, and had a difficult to understand naming convention. The database was a mess, and the identification system was jumbled and difficult to follow. There were many challenges and requirements that led them to choose CakePHP, including needed features, time, funding and other constraints. Their team faced a few Cake specific challenges. They had trouble with OOP practices, getting sandboxes setup, and some members of their team had challenges with the API documentation and the contents of the book. They also had difficulties figuring out how to implement specific features. Afterwards there was a quick demonstration of the clearMyRecord application and a sample form was filled out. Even though the team at EAS seemed to face a lot of challenges. Jim seemed to be fairly happy with their choice in frameworks, and would make the same choice again.

Ryan Petersen - Collective Intelligence

Collective intelligence is a shared or group intelligence that emerges from the collaboration and competition of many individual. Some examples would be Amazon's book recommendations. Netflix uses collective intelligence to track their stock and supply changes, and more accurately allocate their resources. Recommendations requires something to track like sales, or user preferences. A group of users is also required, the larger the group the better. A research survey found that a random sample of less that 1500 people will be the ideal and most efficient sample size. There are many ways to estimate preferences. The most simple and basic one is Euclidean distance scoring. Pearson Correlation Score, also uses 2 axis to plot out the points, this method is used by amazon and delicious.

Stochastic Optimization

Theory of being able to optimize things. Requires a cost function, it is the most important part of optimization as it gathers the dataset used. Ie. Execution time of a request, time used for data integrity, error handling/logging, client bandwidth, data queries/filtering. When doing metrics and calculating cost you can use a unit cost and parts to unit. This will allow you to control and manage the final output. Depending on what you are measuring, you need to control different weighting. Random searching is an inefficient process, as it is difficult to determine whether you are moving toward or away from where you want to be. Writing unit costing functions is a specific to the task you want to achieve. When doing optimization with cost optimization, you need to be aware of local minimums. Once you have reached a new minimum or optimized level you need to do additional testing by expanding the range in either direction. By expanding your test range you help to ensure that you have found a more accurate low cost point, and aim to ensure that you haven't found a local low point. Genetic Algorithms, and Hierarchal Grouping are other statistical methods to look into. Ryan is going to be releasing both Pearson Correlation and Euclid distance scoring will be released on the The bakery and SerenitySoft So check back for some code.

Martín Sarsale - Death of Apache Long ...

Lighttpd runs as one thread there are no forks, and only one thread. Lighttp is not good for large virtualhosts. It also bottlenecks on the disk speed. It is however good, when you have a single large application or need to total control. Lighttpd has several modules that are analogous to Apache such as Rewrite, Auth, Expires etc. Configuration files in lighttpd are very dynamic and allow for variables, regular expressions and if blocks. By using caching well you can reduce the number of requests made. By using Asset.timestamp = force you will get query strings that contain a querystring with the last modified datetime. You can use a configuration script to set the expiry time for these requests.

Lighttpd and PHP.

Lighttpd doesn't use a PHP module like Apache. Instead it connects to PHP via a socket or TCP/IP. Often this is done with FastCGI. This decoupling of PHP processor and webserver allows you to scale horizontally easily by adding more PHP servers. You can implement this with static resources as well. Static files can be easily routed to alternate machines based on regular expressions done in the config files. Unlike apache which handles and processes each request Lighttpd works more like a pipe connecting inputs to outputs, or between the client and the servers. LUA scripting is a simple scripting language that is built into lightttp. For example sending a random image. This can be done with raw PHP, PHP and X-Sendfile, or by using a LUA script. The LUA script is ~400% faster when compared to PHP. This demonstrates one of the many advantages that Lighttpd can offer over Apace There are similar performance gains to be made when using LUA scripts with full page caching. Lighttpd gives you a lot more control on how you configure your severs. You can easily fix problems with CPU use or HDD disk by adding more resources to the appropriate area. And since you can have multiple file servers attached to one Lighttpd process. Swapping out or adding extra disk server is not a difficult thing to do. Lighttpd seems like a viable and exciting alternative to Apache that I would consider using in the future.

Garrett Woodworth - CakePHP console ba...

Garret's talk focused on getting command line tools setup. Before getting started on that he covered how to setup a virtual host for a cake project. Once he got into the cake shell, he covered the basic core shells and how to call shells. Garret then used bake to create a new project and a database config file. Using cake bake project and cake bake db_config. Up next was creating a schema file with cake schema generate. The schema file was populated with a few tables to store some information about restaurants. A question was raised about adding and removing columns. Garret demonstrated that as well. Baking models controllers and views was up next. Using the previously created restaurants table, garret walked through baking a model, controller, and some views. At first a scaffold was used but the views were made concrete very quickly. The talk ended with a quick tour of the API and TestSuite shell, and how to look up different methods on different classes. Testing was up last and garret ran the freshly baked tests from the CLI. Garret will be continuing this talk later this week.

We Bake with CakePHP