The web application can be made more secure by using a better folder structure similar to customized layout for CodeIgniter. The main index.php file should be put into separate public folder or document root folder. Structure as shown:
├── application ├── modules ├── system ├── public_html │ └── index.php
All assets files (css, js, and img) should be also put under a folder called assets and under public_html as well.
├── public_html │ └── assets │ ├── js │ ├── css │ ├── img
We can shorten the development time of the project if Twitter’s Bootstrap was chosen as the CSS framework. Quite a lot of time was spent on tweaking the user interface and in the end, the web application still look quite butt-ugly.
Should have use Mercurial instead of Git. I was starting to learn DVCS and Git is not a proper choice for someone from Subversion background. The experience is excruciating painful and stupid as well. The reason we went for git because in term of pricing, Github is cheaper than Bitbucket for private project. But now, bitbucket is cheaper, how can you compare to unlimited free repositories?
Both authentication and authorization were hacked up work. Very rigid and painful to modify as well. Access Control List (ACL) is a damn hard to do it right.
Picking Kohana was a wrong choice at that moment. As the framework has gone through several rewrite, documentation is limited and most of the time you have to refer to the code itself. I should have picked Codeigniter and DataMapper ORM combination instead, at least I know now the development time can be shorten. This does not mean that Codeigniter is better, just more stable and more documentation available.
What’s next? Going to upgrade or rewrite the web app to the latest version 3.2.x and try to do things differently this time. I also have to relearn Kohana again as it has been awhile since I last looked at it.