Tag Archives: drawbacks

CakePHP headaches at a glance

@jose_zap has replied to me regarding a tweet of mine comparing CodeIgniter and CakePHP and the different aspects of both technologies.

Since Twitter itself is way restricted into the 140 chars (which I like most usually - less offtopic and media) I will better blog this off here as a couple of things I don't like in Cake.

First of all, I've been doing Cake for a year and a half and have several projects up and running with different web services, sync mechanisms and so on. It's usually one of my preferred platforms (right after WP and Croogo which is actually Cake based) but it doesn't mean that I adore all of the features in it.

Auto recursive models 

By default linking the models in Cake sets a recursive level of 1 - so you get a direct access to level 1 of all corelated models. it is usually nice as you don't have to join or bind models every few requests. The bad part however is that every serious project (and even non-serious ones with more than 10 tables!) gets bloated with so much insignificant data not being used anywhere in the site. When we have a product which has categories and part of an order, which has a user and so on there are lots of queries back there and tons of useless data which leads to reduced performance and page load time. 

Yet again - very useful, especially for non-technicians who have hard time joining and so, but I get different requests from oDesk or local clients with old Cake sites that need optimization and fine tuning cause the site used to work at the beginning but the previous developer uses the standard recursive=1 settings and therefore the more the database records, the more hardcore the end results.


ACL is... well, it sucks big time in my opinion. It has a wrong concepts at the beginning, it is also hard to implement (lots of years technical background and lots of hours, if not days, trying to setup something that needs to be in the core). @jose_zap - I like Croogo's way of setting the jquery matrix of roles and controller actions and predefining the actions for each role. The UI plugin for the standard ACL is too complex in a usability manner and doesn't do the work.

Another thing is the role based auth. Cake does a pretty good job restricting different roles, but the autogeneration of MVC implies that no user-based authentication would be done or so. Another few projects of mine used to fix actions accessible via URL (no controller backend checks) and protecting every single add/edit and listing as index/view from unauthorized data listing. Or in other words - user number 2 is usually able to change the URL and see the listings of user number 3 or click the edit/5 link and edit the records of another user. It is not hard to implement it manually, but it takes time and having the logic predefined and working and generating tens of MVCs from tables opens lots of vulnerabilities out there.


What I don't like here is basically using one table for all translations by default. Once I tried setting different tables for i18n for the different DB tables but it was kinda tough for me to set up the models. Also the multilingual content with the localized data (so to speak i18n with the l10n together) had to be implemented by some third party tutorials with lots of app_controller magic in between.


I had been able to fix all of the concerns above back then. It just happened for them not to be straight forward or workarounds are painful which leads to discomfort while coding or revamping an application.

These are my top concerns for Cake so far. Pretty sure I've had many more back there, but now as I do explore a framework, I usually look for several things first:

  • multilingual support
  • user management
  • security
  • design adaptiveness and plugins capabilities

I think I have some hard time with AJAX as well, but can't recall the specific projects with it. 

del.icio.us Digg DZone Facebook Google Google Reader Magnolia reddit SlashDot Technorati ReadMe.ru Dobavi.com Dao.bg Lubimi.com Ping.bg Pipe.bg Svejo.net Web-bg.com