RejectedSoftware Forums

Sign up

Advice for beginners

I have followed the steps and running the vibe.d 0.7.18
The example home page runs fine on my http://localhost:8080/ but I am
not sure where to go from here..

Basically, I have been a desktop and client/server developer all my
life, but now wishing to start the web development with vibe.d for web
sites, web services and anything that vibe.d does.

Do you recommend any books / projects to study so that I can first
understand the internals / concepts of this architecture?

By the way, this is not about the language. I liked D and learning it fast.

Thanks in advance.

Re: Advice for beginners

On Wed, 27 Nov 2013 01:30:05 -0500, John J wrote:

Do you recommend any books / projects to study so that I can first
understand the internals / concepts of this architecture?

You are interested specifically in async + fiber model or some more general topics? Some of vibe.d concepts are covered by Vladimir in his DConf presentation : http://www.youtube.com/watch?v=Zs8O7MVmlfw

Re: Advice for beginners

Am 27.11.2013 07:30, schrieb John J:

I have followed the steps and running the vibe.d 0.7.18
The example home page runs fine on my http://localhost:8080/ but I am
not sure where to go from here..

Basically, I have been a desktop and client/server developer all my
life, but now wishing to start the web development with vibe.d for web
sites, web services and anything that vibe.d does.

Do you recommend any books / projects to study so that I can first
understand the internals / concepts of this architecture?

By the way, this is not about the language. I liked D and learning it fast.

Thanks in advance.

The vibed.org and
vibenews projects might
be suited as examples - they both use a mix of a few techniques.

Re: Advice for beginners

On 11/27/2013 11:37 AM, Dicebot wrote:

On Wed, 27 Nov 2013 01:30:05 -0500, John J wrote:

Do you recommend any books / projects to study so that I can first
understand the internals / concepts of this architecture?

You are interested specifically in async + fiber model or some more general topics? Some of vibe.d concepts are covered by Vladimir in his DConf presentation : http://www.youtube.com/watch?v=Zs8O7MVmlfw

I have watched that video, thanks.

Re: Advice for beginners

On 11/27/2013 12:10 PM, Sönke Ludwig wrote:

The vibed.org and
vibenews projects might
be suited as examples - they both use a mix of a few techniques.

Thanks for the links. I will run them locally and study the code.

I have a need to expose a sub-set of our sql server database to end
users as a website where each user logs in and views the information
related to them. Hopefully, I can develop that after studying these
examples, especially the first one.

I understand vibe.d creates an independent web server that runs by
itself without needing Apache or IIS.
The first question people would ask me is about the security of this
model. Is there anything I should be aware of the security when using
vibe.d?
Are there any extra (or less) steps to take with vibe.d for better security?

Thanks.

Re: Advice for beginners

Am 27.11.2013 20:28, schrieb John J:

On 11/27/2013 12:10 PM, Sönke Ludwig wrote:

The vibed.org and
vibenews projects might
be suited as examples - they both use a mix of a few techniques.

Thanks for the links. I will run them locally and study the code.

I have a need to expose a sub-set of our sql server database to end
users as a website where each user logs in and views the information
related to them. Hopefully, I can develop that after studying these
examples, especially the first one.

vibenews uses MongoDB instead of an SQL server for storing the messages,
so that's the only part that won't really fit. There is
mysql-native, but I can't
really help with that, as I haven't used it seriously up to now.

I understand vibe.d creates an independent web server that runs by
itself without needing Apache or IIS.
The first question people would ask me is about the security of this
model. Is there anything I should be aware of the security when using
vibe.d?

The low-level security should be relatively good as long as bounds
checking isn't disabled (-nobounds), thanks to D's type system and the
garbage collector. However, even though care has been taken, it surely
hasn't received a comprehensive security audit, so it shouldn't be used
for critical systems without additional measures.

Are there any extra (or less) steps to take with vibe.d for better
security?

One thing I'd recommend is to put the vibe.d application behind an NginX
proxy server. That will basically shield off all low level attacks and
leave more or less only the application level vulnerabilities to deal
with (XSS etc.). There should also be a watchdog script running in the
background that restarts the server, should it ever crash or hang for
some reason. This is more critical than for PHP or CGI because
everything happens in the same process vs. running a separate process
per request.

Re: Advice for beginners

On 11/27/2013 02:44 PM, Sönke Ludwig wrote:

Am 27.11.2013 20:28, schrieb John J:

On 11/27/2013 12:10 PM, Sönke Ludwig wrote:

The vibed.org and
vibenews projects might
be suited as examples - they both use a mix of a few techniques.

Thanks for the links. I will run them locally and study the code.

I have a need to expose a sub-set of our sql server database to end
users as a website where each user logs in and views the information
related to them. Hopefully, I can develop that after studying these
examples, especially the first one.

vibenews uses MongoDB instead of an SQL server for storing the messages,
so that's the only part that won't really fit. There is
mysql-native, but I can't
really help with that, as I haven't used it seriously up to now.

I understand vibe.d creates an independent web server that runs by
itself without needing Apache or IIS.
The first question people would ask me is about the security of this
model. Is there anything I should be aware of the security when using
vibe.d?

The low-level security should be relatively good as long as bounds
checking isn't disabled (-nobounds), thanks to D's type system and the
garbage collector. However, even though care has been taken, it surely
hasn't received a comprehensive security audit, so it shouldn't be used
for critical systems without additional measures.

Are there any extra (or less) steps to take with vibe.d for better
security?

One thing I'd recommend is to put the vibe.d application behind an NginX
proxy server. That will basically shield off all low level attacks and
leave more or less only the application level vulnerabilities to deal
with (XSS etc.). There should also be a watchdog script running in the
background that restarts the server, should it ever crash or hang for
some reason. This is more critical than for PHP or CGI because
everything happens in the same process vs. running a separate process
per request.

Thank you. This is exactly what I wanted to know about security with vibe.d

Re: Advice for beginners

On 11/27/2013 01:30 AM, John J wrote:

Basically, I have been a desktop and client/server developer all my
life, but now wishing to start the web development with vibe.d for web
sites, web services and anything that vibe.d does.

Do you recommend any books / projects to study so that I can first
understand the internals / concepts of this architecture?

As far as the books are concerned, it appears the below book will be
helpful in understanding the web internals:

"HTTP: The Definitive Guide"
http://shop.oreilly.com/product/9781565925090.do

I have started reading it..

Re: Advice for beginners

On Wed, 27 Nov 2013 01:30:05 -0500, John J wrote:

I have followed the steps and running the vibe.d 0.7.18
The example home page runs fine on my http://localhost:8080/ but I am
not sure where to go from here..

Basically, I have been a desktop and client/server developer all my
life, but now wishing to start the web development with vibe.d for web
sites, web services and anything that vibe.d does.

Do you recommend any books / projects to study so that I can first
understand the internals / concepts of this architecture?

By the way, this is not about the language. I liked D and learning it fast.

Thanks in advance.

I am not a Ruby fan myself, but this presentation is a good start http://girish-eventmachine-aio.heroku.com . VibeD seems to have similar approach.