A few questions about Yii

Hello everybody,

Some friends and I are working on a web project at the moment and we are still at the solution studying phase. Right now, we have to compare 3 solutions and to do so, I would need some information about Yii. Please take in consideration that we are not programming genius nor anything of the sort.

One of the aspect which is extremely important to us for our project is the solution life. By this I mean, how well will the solution choosed do in the future. With this in mind, I would like to know what are the dangers of using Yii. Taking as example PRADO, when they decided to migrate into the solution now known as Yii, what were the consequences for the web applications built on PRADO ? What would happen if Yii was to disappear in, say, 10 years. Also, I’ve seen on the website that the version 2 of Yii was in development, what does it mean for those currently using Yii 1.1 ? I have already seen huge problems with CMS caused by a change of version, so I would like to know the risks of using Yii compared to using self-made PHP code.

Second, I would like to have an approximation about how hard it might be to get comfortable with Yii. Let’s say that I hire a few programmers who just graduated a few months ago and tell them to learn Yii. While I know it is really relative to each, how much time would be an “acceptable” expectation to be ready to build clean and flexibles projects ?

Third, I get a lot of pressure to go on the CMS path with something like Drupal. Having studied in programmation a while ago, I can only remember how CMS were paint as the devil products. I’ve told to other members that CMS were usually presenting security risks by being open source (permanent scan for breaches), how it could become quite complex to adapt the CMS to our needs and how it might make the site slower due to tons of functions unused. Now I would need to know the benefits of going for a framework such as Yii over a CMS like Drupal. (I already got the “But frameworks are open source too, so they are not secure either” which left me at a “I’ll get more information” status. I might also be wrong on all the line heh…)

Thanks !

  1. There are no guaranties for any software that it will be available for 10 years. But your website will still work, no matter if there are no support for framework behind it. And because code is pen source, you can always modify core, if needed.

  2. It can take much time for just graduated students, they need to learn PHP first, then db system, then Yii. So, we can’t talk about exact times here, but generally speaking Yii is not hard to learn, if you are good with PHP and OOP.

  3. Depending what you need. I always prefer developing websites from scratch(using some MVC framework) then using CMS system, simple because I have more control, less unused code, and better security.

Hi there,

Could you explain more in-depths how Yii v2.0 will affect current Yii project, just like how PRADO user were affected by Yii. What happened ? Did they have to remake their whole site on Yii etc.

In most of the cases, I can take for granted that freshly graduated students knows basic PHP and Database (SQL queries, PL/SQL and so forth) considering how these subjects appears on the course plan of the programming program (sounds weird, not sure if it’s right… My main language isn’t english, sorry). However, your comment made me realize that it might be important for me to make sure that they are competent in these fields.

For the third point however, what you says follows what I’ve been saying to my team members, however it lacks some details for example, Yii is said to be secure, but most CMS are considered to lack security… Why is that, both are open source, etc.

Thanks !

Is there nobody around who can give more detailed, explicit informations about these subjects ?

Saying that Yii is more secure than another product is fine, but not being able to give the details to explain why makes it hard to get any credibility…

Being in the mist about how Yii 2.0 will affect Yii 1.1 is also a major point in choosing a solution as it will give insight on the methods of the framework (if Yii is concerned about the solution persistance over time or if the users will always have to start from scratch to fit the new versions).

In short term: Yii 2.0 won’t affect current projects. Yii 1.x won’t stop work just because 2.0 is released, so you don’t need to immediately rewrite anything.

In long term: Trends and technologies of web change over time. Your websites will need a redesign/rewrite after a while, regardless of the framework used.

I don’t think so. The codebase of a popular CMS (or framework) is monitored and tested continously by a large community. It makes them a much more secure option than any in-house developed solution - unless you have a team of security experts at your disposal.

So saying that frameworks are more secure than CMS is not really true… I often heard that the open source nature of CMS was a big breach in the security and was wondering how this was different for frameworks. Each time, it would stop at "Frameworks are more secure", but the "because" never followed lol.

I guess I will have to find some other reasons to go for Frameworks. So far, I’ve found information about how frameworks were better for project scalability and execution speed.

If you happen to have some other advantages of Frameworks please let me know.

Thanks !

Do you think that Linux OS is insecure? It’s open source…

And Apache? The PHP language itself?

Personally I am of the opinion that Open Source software is often more secure than the equivalent proprietary software. A quick search in Google for "why open source is more secure" will give you many articles and discussions. IE: http://www.google.com/search?client=opera&rls=en&q=why+open+source+is+more+secure&sourceid=opera&ie=utf-8&oe=utf-8

In the end it depends on the person and the company if Open Source is a good fit vs proprietary software. Paid for support vs community support, out the box features vs learning curve and manual setup. I am a big fan of open source and if it was all up to me I would always go for the open solution. With that said, with the company I work for there are a few things I would never suggest the open source equivalent because they would not know what to do with it because the skills required are not their and the current propitiatory solution is considered the best by the decision makers.

With CMS vs Framework EG: Drupal vs Yii. I think it is more dependant on your application requirements and your in-house skills. I believe a CMS like Drupal can do a lot without knowing to much programming, but with a framework like Yii you are doing most of the coding. The biggest downside to CMS’s is that you are forced to it their way. There will be times that you cant make something work 100% the way you would want to but you trade this for turnaround time. With a framework you build your app 100% the way you want to. If your app is small and not to complex then ether should be fine. The bigger and more complex your app becomes the more a framework is more appropriate. Again all this depends on the skills of your team.

Just my two cents.