Each week from now until the Fusebox conference (Aug
31 - Sep 1), we're talking with one of the conference speakers.
WEEK 3: John Quarto-von Tivadar
FB: We're talking with John Quarto-vonTivadar this week.
speaking on plugins and security at the upcoming Fusebox conference.
John is also one of the authors on the upcoming "Discovering
book from Techspedition Press (techspedition.com). So, John,
JQ: It's a way of extending the core functionality of Fusebox.
Fusebox 3 was released, we saw that people had special needs
they wanted handled by the Fusebox core files. They had to
core files to meet those needs and of course, that introduced
FB: What sort of problems?
JQ: Well, one of the advantages of Fusebox is that it is
standard. It means that my code can work with your code, pretty
seamlessly. But if, when we say "Fusebox", we're
talking about two
FB. Which happens if you have different core files.
JQ: Exactly. And when that happens, it means that interoperability
out the window. It also means that the code you write for
almost certainly won't work with the next version.
FB: You're talking about versions of Fusebox?
JQ: Yes. If you write your code counting on some functionality
Fusebox that's there because you changed the core files, then
version 4 comes out-
FB: Which is out now.
JQ: Yep, officially released. Anyway, when Fusebox 4 was
then the old code wouldn't work with the new version.
FB: And plugins solve this?
JQ: Yes. They solve it because Fusebox 4 is made to accommodate
those changes. Fusebox 4 has "plugin points"-different
phases of the
code which will include any plugin code you write, making
effect, part of the core files. When there's a new version,
you just drop
your existing plugins in and you're up and running.
FB: That does sound like a great idea. What exactly is a
JQ: There are certain points in the processing of a Fusebox
we identified as points where someone might want to insert
For example, there's a "preprocess" plugin point.
Any plugins that are
registered to run in the preprocess phase will be included
anything else happens in the processing of a fuseaction request.
FB: So there's probably a "postprocess"?
JQ: Right. We identified all of the points we thought would
There are a total of six of them. One thing that will interest
that one of the phases is "fuseactionException".
When an exception is
thrown, the core files will check to see what plugins are
will pass control to those plugins. That means that we have
a really nice
way of doing exception handling-something that was lacking
FB: That's very nice.
JQ: It does work very well. We're really pleased with Fusebox
FB: So what about security? How did that get built into the
JQ: We thought for a long time about security. The problem
there is no universal security model. But we didn't want to
just punt the
ball. Security is too important. What we did was introduce
to the new <fuseaction> tag called "permissions".
That allows architects
to provide a value that will be available to the core files.
FB: And the core files then check the value of "permissions"
database of user permissions?
JQ: Well, that might be the way that you would want to handle
then again, you might have a completely different mechanism.
It's why I
say there's no universal security model that fits everyone.
Fusebox trying to impose a one-size-fits-all solution, we
this "permissions" attribute and then let the architect
determine what to
do with that in a.
FB: In a what?
JQ: That's your cue. Your supposed to jump in with the right
FB. Oh. Um.in a "security module"?
JQ: Yes-sort of. And how would that security module be implemented?
FB: In a plugin!
JQ: Exactly. It's a perfect application for a plugin. Security
can be as
simple or as complex as you wish it to be. And you only write
security module, as you called it, and it will be applied
that you wish.
FB: What if I don't want any security applied at all?
JQ: Just don't register any security plugin. It's not like
you'll pay any
performance penalty. The value, if any, of the "permissions"
will just be ignored. For that matter, the "permissions"
FB: I'm seeing that plugins can be very powerful.
JQ: Yes, and just as importantly, they are very simple to
Plus, there are already pre-built plugins available.
FB: You're going to be sharing tips and tricks on plugins
and security at
JQ: Yes, I've got a fun application that graphically shows
how to create
a pretty involved security model. And we'll see how plugins
phases-all sorts of cool stuff.
FB: Where do people sign up?
JQ: That would be at www.cfconf.org/fusebox2003.
FB: And if people want to buy a copy of your new book?
JQ: It will be available at the conference or you can buy
techspedition.com. People preordering the book will get a
Of course, there's a way to get the book for free.
FB. What's that?
JQ: Hal and I are doing a "FastTrack to Fusebox 4"
class in Las Vegas
immediately prior to the conference. Come to the class (halhelms.com)
and you'll get a free book AND a pass to the conference.
FB: Thanks, John.
Week 1: Ben Edwards
Week 2: Michael Smith
Week 4: Hal Helms
Week 5: Jeff Peters