Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

How does Vanilla handle administrative options?

edited September 2005 in Vanilla 1.0 Help
I'm attempting to roll my own CMS, so I'm trying to look around at different software and figure out how they do things. It seems that Vanilla keeps all administrative values in settings.php. It appears that every single page that is called pulls up settings.php and checks the values to see how it should display things and what should/shouldn't be enabled. My question refers to performance and also to extensions. Are saving values like this (which are rarely changed) better to put inside a flat file than a database? Are there any problems with doing this? Also, as far as extensions go. Where is their admin functionality stored? Are their values also stored in the settings file, or somewhere else? Any insight on how this system works would be greatly appreciated. Thanks

Comments

  • The settings.php file is regarded by mark to be the best way to store normal settings. Partly because it holds the database settings which obviously cant be held in the database, and also because reading a flat file is *considerably* quicker than running a query on the database (you'll notice vanilla uses as few queries as possible to aid performance). Some people dislike this method because there have been claims of security issues, but none have ever come to light. There is a fairly detailed discussion on this topic if you search for it..i'll have a dig later if you dont have any luck. Any personalised settings for extensions, i believe, are stored either in the extensions settings file if theyre extension wide, or user-unique values are stored in the database in the users row (i'm not sure if this is implemented yet, if not i think this is the way its gonna be done) I hope this helps....these issues have been discussed numerous times before and you should probably be able to find a couple with some useful searches.
  • Sounds good, it seems to be along the lines of what I was thinking. Looking through IPBs structure, they apparently do the same. If you could pull up any of those old posts, I'd be very thankful.
  • http://lussumo.com/community/comments.php?DiscussionID=748 i believe is probably the most detailed discussion regarding security issues with writable flatfiles and one of marks statements saying that db reads are the biggest performance flaw in many apps. Parts of it went over me slightly but you might be more in tune. I'd suggest if you're writing your own cms that the 'moving writeable files/dirs outside of web accessible directories' seems to be the best option.
  • MarkMark Vanilla Staff
    Also, the settings.php file is really only for application settings that are global for every user. When it comes to administrative options, those are all based on your role and are pulled from the db every time you look at a page in Vanilla. Then there are also user preferences which are user-specific (of course), which are held in the user table and also pulled in every time you look at a page (the user prefs and role abilities are both pulled in the same query to speed things up).
This discussion has been closed.