Why MVProc? Aug 6th, 2015   [viewed 200 times]

Ok, we've all seen a lot of different web platforms. Let me make my case for why MVProc is truly better.

Faster

MVProc really is faster. The inter-process communication is reduced to ONE database transaction per request. (Yes, that assumes you're running in production mode with full Caching of procedure information.) The typical web request, in my experience using PHP, .NET, FCGI, etc. can run 5-10 database transactions. Seriously! There's authentication & authorization, pulling in user data, pulling dynamic configuration, and THEN the data the web page gets used for. And that's for transactions that don't even modify data. That's 5-10 times the database has to parse the request, SELECT the result, marshall the data, send it out to the client library, which then un-marshalls the data for use in the web application.

MVProc moves all the manipulation and retrieval of data into the database process. One transaction, period.

I think it's time for an anecdote. I was tangentially part of a project that needed to handle a high load on a predictable periodic basis. The web app was written using LAMP, and was not poorly written. Some database procedures were used, more for transactional purposes than to reduce load on PHP, but again, it was not a poorly written, or even particularly complex application. I watched as the traffic came in. Watched as 10 (YES, TEN) web servers were sweating with loads all well over 2, with one database server behind them all posting a whopping 0.2 load. Amazing. Now, who wouldn't think at that point, "Maybe we need to have the database do a little more?"

Another thing that makes for speed improvement is the templating system. Written in C and delibrately kept minimal in scope, MVProc templates are unbelievably fast. Configuring MVProc with caching (and seriously, outside of active development, there's no reason not to) provides blazing speed with a very small footprint. 10K worth of templates = 11K worth of memory footprint on average (some templates have a lot of tags, some not so many).

More Secure

Security is a passion of mine. I'm a Certified Ethical Hacker, so I'm aware of the many types of attacks that must be headed off. Web apps seem to be particularly vulnerable, probably because of the constantly changing requirements that plague the developers during development.

There will be user inputs that aren't properly scrubbed. MVProc scrubs every bit of input from the web. The procedure code never has to worry about damaging the data with malicious input because by the time the procedure takes over, all input is already automatically escaped.

The webserver can be compromised, revealing the login credentials the webserver uses for database access. The MVProc module can easily be set up to have only EXECUTE priviledge on the procedures of one database. (You can, of course, get even more specific and grant execute only to specific procedures.) So if someone compromises the webserver, they can only do with the database what they could do by url hacking. Much, much more secure. Your real database credentials don't need to be known by any software on the server. Sweet. The procedures themselves run with the DEFINER's priviledge, so they'll have controlled access to the data.

Now, obviously, User-Defined Functions (UDFs) are necessary with MVProc. How else can you send email, scale uploaded images, and on and on? This is where you'll have to be careful with security. If your UDF makes a system call, just make sure the input is good. MySQL UDF cURL is an example of a handy UDF for communicating with other servers.

Better

MVProc truly forces separation of concern. This is mainly useful in preventing a tangled mess of code that's difficult to alter or debug. Debugging becomes so much easier when you can just "turn off" the templating and just look at the data directly. And stored procedures and functions can easily be unit tested from the database command line. The Model-View-Controller methodology is elegantly represented with MVProc.

And as an AJAX server, you'll find nothing easier. With several options for built-in JSON or XML output, and even more options via templating, MVProc provides a stable, blazing fast, easy-to-implement web solution.