thinking in geek tagline’s are so web2.0

google
yahoo
bing

Posted
11 December 2007 @ 2am

Tagged
architecture, asp.net, design, rails

[ControllerAction] and sane defaults

[Ed: For anyone who's living under a bush Microsoft have released a CTP of the new ASP.NET MVC framework. ]

I’m reluctant to get involved in this – but I feel like there’s another side to this story which is worth considering.

Since it was first presented at altnetconf – the decision to require users1 to have to specify which methods on controllers are available to be routed to ([ControllerAction]) and which view (RenderView()) to render has come in for a lot of criticism.

Lots of the brightest and best minds in the .net world are screaming about this in various forums. Claiming that it violates:

  • the DRY principle
  • convention over configuration
  • best practice in other frameworks
  • commonly accepted laws of physics

Not one of the people complaining is going to use this framework vanilla. They are going to add their own layer of behavior over the top. It’s been designed to make it easy (trivial in this case) to extend and change the policy.

Sane defaults are really important for frameworks. Yes they get in the way of power users. Yes it normally takes a power user 10 minutes to work around them and add that piece of code to their toolbox from then on.

I don’t know how many people were following the emergent rails community back in 2005 when the Google Web Accelerator was released – but many of them (including the smartest2 ) got a salient lesson in GET idempotence. (i.e. GET Order?id=23&action=delete – should never delete anything).

Here was a situation where the framework (rails) came with not so safe defaults and bad example code which encouraged doing the wrong thing. These days – rails has absorbed this lesson so completely that it could be described as a REST server and in some ways leads developers into following best practices for web apps by default.

I really don’t understand what the huge deal is here? This seems as clear cut to me as the built in RequestValidation in ASP.NET or automatically escaping SqlParameters for SQL injection. Sure – if your a power user it can be a pain – but it takes 10 seconds to turn off and then your responsible when your site get p0wn’d.

It’s not like ControllerBase is sealed.

  1. by default – but easily modifiable []
  2. or is that loudest? []

No Comments Yet


There are no comments yet. You could be the first!

Leave a Comment


About

Josh Robb is a geek who sits in front of his editor pining for waves, wind and snow. When he gets the chance he loves to wave surf, kite board and snowboard. When he doesn't he helps build web apps mosting using C#. He also spends a lot of time helping out with the Castle Project. More

So I Sez

“Calling the brilliant things people create online 'user-generated content' is like sliding up to your lady and saying, 'Let's have intercourse.'”
– Death to User-Generated Content
4 April 2006

Recent Archives

View All Archives

Contact

Your info here.


Back to Home

© thinking in geek. Powered by WordPress using the DePo Clean Theme.