Level 122
yes and yes
But the security is your responsibility, not the framework
Anyone can build an insecure solution in any language on any framework
1 like
Nov 19, 2023
12
Level 1
Is Laravel suitable for a hosting billing and automation app?
Hello,
I need to rebuild and extend a billing and automation application for a small hosting company. Right now it's done exclusively in PHP and MySQL (I mean not even jQuery).
There are several highly sensitive areas:
- this app holds customer personal data (personal data <-> GDPR considerations)
- it would have access to the hosting servers so it could potentially expose customer hosting accounts with all the data in it
- it could even lead to rooted servers if compromised
- and last but not least would jeopardize access to domain resellers which could lead to stolen domains if compromised.
I am trying to find out if Laravel would help me to develop faster, better and easier/safer from a security point of view.
So I have 2 questions if you could help me with:
- Is Laravel suitable for such an application (from a security POV)?
- Is Laravel likely to help me to develop faster and better?
Thanks in advance!
Level 1
I know that insecure code can be written in any language or framework. The reason for which I asked this is that I believe Laravel offers some built in security features to HELP with security more than core PHP. I didn't believe it would enforce it.
But I also (obviously) don't know Laravel (yet) and I am asking if it's reasonable to consider learning and switching to Laravel for the rewrite of such an app (with all the security considerations mentioned in my initial post).
Thanks!
Level 122
No one can tell you that because you might be perfectly proficient in some other language or framework.
You should play to your strengths
Level 1
I am not proficient in any other framework. I have never learned nor used a framework before because I considered I shouldn't add more complexity and more potential vulnerabilities along with the framework so I kept it small. But in core PHP I feel I am dragging my feet and reinventing the wheel and I read that writing Laravel code is a speedier and more rewarding way of developing an app.
Level 75
@AndyB78 no matter the language RBAC and or authentication and authorization is a steep learning curve. Programming like any craft / trade takes time to learn.
However once learned of course it's easier on future apps.
Remember most trades are four year apprenticeship programs, not one week.
Level 1
@jlrdw Well, I was certainly not planning for one week or one month. My plan/hope were roughly 6-7 months in total to learn Laravel well enough and develop a relatively small app (but one that offers enough features) for the above mentioned purpose but I understand from all the feedback I got thus far that this is unrealistic.
Unfortunately I certainly can't afford a 4 years plan because I need a solution way sooner than that and end of June 2024 is the most generous deadline I could have afforded.
Level 1
I want to thank you all for your feedback!
Level 80
@andyb78 Frameworks like Laravel try and reduce the amount of “cookie cutter” code you need to write. So it has built-in components for things like routing, handling HTTP requests, accessing and working with data in databases, etc. But, to achieve this, it does need to be quite opinionated. Some people like this, some people don’t.
Personally, I’m a fan of it and “convention over configuration” (which Laravel borrows heavily from Ruby on Rails). It gives me less to “think” about, so I can just focus on the actual guts of whatever application I’m writing on. Could I write a router from scratch? Yes. Do I want to? Absolutely not. If I did, would it be as feature-rich and well-tested as the one Laravel ships with? Again, no.
Laravel is capable of building a billing and automation app, but also weigh up the build versus buy ratio. Is there really nothing out there that would solve your needs from the get-go, rather than spending time (and money) learning a framework to then build something from scratch? Or would it be more economical—especially in an industry such as web hosting—to just use a pre-existing solution?
Level 1
@martinbean Thank you for your feedback! I am not a tidy and well organized programmer (and I am using the term programmer with humility here). So a system that guides me how I should develop this SEEMS like a very good fit for me.
If there was a solution that was ready made I would have used it. Unfortunately due to local regulations and customs I have to develop quite a number of features that are not and will never be builtin into any ready made solution because they are too local and the local market is not that relevant money wise.
So what I would have to do is first get familiar with the ready made solution, get it wrong in some parts, write the modules (if I succeed) and when after 6 months, 1 year or 3 years after I have forgotten how and what I have done, get back to square one when the ready made app decides to release an update that it's no longer enough backwards compatible and my modules no longer really work.
And this would be the semi-happy case with WHMCS which actually has something that could pass for an API and not for instance with ClientExec which the last time I've checked had like 5-6 API calls in total that are not enough for what I need (and ver 7 that should bring an API is due to be released in Q2 2021....oops). And when I add to this the both pricey and unpredictable pricing of WHMCS and their pattern of not repairing bugs but adding new ones (reportedly), makes me very reluctant towards using a ready made app.
Level 80
@andyb78 Fair enough.
If you want, drop me an email (it can be found on martinbean.dev/contact). I’d be happy to help or answer any questions on Laravel if you are going to embark on such a project.
Level 1
yes, and yes from my prospective. I have been working with laravel for about 3 years and from dozens of applications I can say that I am satisfied. I might be a bit bias but trust me works fine
Level 51
Yes and the ecosystem (suite of tools available to you) would help with billing, such as Stripe with Laravel Cashier
Please or to participate in this conversation.