Is it safe, secure and sophisticated enough?

hi, I am new to programming and want to start several start-ups.
I learned a little C and java for android development before, then decided to work on the web. so I choose to go after drupal, but it seems to me working on drupal in order to reach a high-quality outcome is not actually simpler than programming itself due to the flexibility I need. and drupal 8, to me doesn’t seem really fast. so I started learning the web development on (I had some prior knowledge of HTML, CSS, and very basic PHP) then it turns out for the things I had in mind I need to know back-end well(search, users to be able to sign in and create contents etc in a safe environment) till I learned about grav yesterday(and still continuing to learn more coding too). but I have some questions. is it flat-file safe? especially for user informations that I need my users to provide(personal information)? is it grav as safe and secure as drupal? can I do things easier than drupal? is it good for a project might someday have millions of users and billions of contents? I am askig these becaus e it doesnt seems to me reasonable to have that amount of data out of database and i dont know how safe is it? and am i able to convert those data one day to a mysql or not? I am stuck, i dont know what to do? which path to go? can you plz give me suggestions? i have lots of idea, which i dont know they gonna be groundbreaker or trash and i also dont have money to hire poeple to do things for me. I am on my own. thanks for the helps to come. :slight_smile:
p.s: i think it is good if some one creat a plugin that can conect it with databse if needed.

Please excuse me if I missed something, but that is a very long paragraph to digest. Flat-file, by its nature, is considered safer than many more complex and extensive setups, because there are fewer attack-vectors for injecting malicious code. Compared to Drupal, there are no qualitative measures available. However, Drupal is a much more mature CMS but also much more targeted by “hackers” - this is a by-product of the popularity of any system. In essence, Grav is as safe as you make it, as with any CMS, but being flat-file you’ll have an easier time of it.

Grav is in some sense “easier” than Drupal, in that the code-base is lighter and more flexible because you do not need to account for the larger ecosystem that any change will affect. If you can know CSS and HTML, then you can easily learn Twig, which together are some of the easiest and most popular building-blocks for websites today.

No, and I do mean no, CMS can credibly claim to support “millions of users and billions of contents”. There are extremely few cases of such systems actually in existence, and their success relies far less on the CMS than their IT-departments managing server loads and balancing traffic. In comparison to other CMS’, Grav is much lighter, and thus produces less overhead - but no CMS in existence will effectively handle files on the magnitude of millions, because no OS will.

There is not currently an interface between Grav and a database, likely because there is little need for it currently and it would introduce more, not less, overhead. Markdown, however, the content that Grav stores, is easily convertible to any format.

In closing, if you imagine any or all of your ideas to result in projects with millions or more users and orders of magnitude more content, you would actually need money. Managing them, adapting a CMS, and preventing attacks (which will occur) requires a solid organization with a solid financial structure.

1 Like

tnx for the reply sir :slight_smile:
I know I need money to manage a web site that big, but consider that in the time it takes for a website to have that amount of popularity it makes lots of money which can be used to hire professionals.
so, is it safe and possible to start with grav, and when it made money and grow, if needed convert the site to an entirely written (programmed) one?
I especially tried to compare it with drupal because, base on most things I read on the web, developers introduce drupal as the most secure CMS and able to handle very large websites (at least before recent time which grav seems to become more popular).

Drupal, from my limited experience with it and research on later versions, is no more secure or capable than any other popular CMS. Notably, when the user-base or traffic grows you will inevitably depend on load-balancing. However, at the point that a site reaches a critical mass of activity load-balancing can only do so much, and the architecture of the CMS comes into the equation.

At this point a flat-file system would not be advantageous, because file-operations will be slower than database-operations. That said, by the time any project started today reaches that point Grav may well have developed to a point where database vs flat-file has less of an impact, for example by leveraging GraphQL-interfacing and partial caching of content.

Websites, even moderately popular ones, do not generally make much money: You either have advertising, financial sponsorships, or a payment-model for content. Payment for content almost by default limits what a site can achieve, advertising only benefits with huge traffic, and financial sponsorships are only given to projects that with time and probability will make returns on investment.

Hence, when considering a long-term project with the aims of being profitable and popular, good planning and a solid foundation in an organization is necessary. Time is an essential factor here, as any CMS worth considering will develop just as the project develops. Currently Grav is an excellent platform for starting a project, and just as the project and site develops so will Grav. If and when the critical mass of activity is reached, you’ll be aware of the needs of the site and which CMS’ can handle those needs.

tnx a lot :slight_smile:

FYI, we have a lot of Drupal folks who use Grav for small -> medium sites where developing in Drupal is too much effort and the speed/simplicity benefits of Grav are more important. Grav actually uses a lot of similar technologies (Yaml, Twig, Symfony libraries, Doctine cache, etc) to Drupal8 so it’s an easy switch., a long-time Drupal hosting company even uses Grav and offers it as part of their stack.

I’m one of those Drupal guys that uses Grav for small and medium sites. I think you are making one of the classic mistakes I see many startup entrepreneurs make. You are trying to identify your technology stack before you know what your architecture is. The challenge is that discovering your candidate architecture takes some serious specialization and expertise. Given that you want to get up and running with something that gives you the flexibility to grow and adapt, I say go with Grav and develop what you need in order to test the core of your business. While you’re doing that you could also get to know some Drupal folks online or by going to Drupal User Group meetups. If your idea is successful and you see some growth, you’ll be able to approach the Drupal folks with something that they can help you with.

1 Like

Douglas Gough
tnx, it was a good suggestion. I am actually trying to do something similar to what you said, but what actually make me doubt is the question “it is not better to start with something and continue? is it easily possible to transfer your data to another technology? it is more like to change the glass that holds the water you want to drink or changing your car for Ex?”. take facebook as an example, if Zuckerberg was made it with grav, could he easily change it to drupal or a completely written site without losing all those blog posts?(have that in mind, it is not gonna be as profitable as facebook probably, :slight_smile: I mean look at the structure, not the number of users)

In my experience it’s always better to build the tool you need now, or you risk spending precious time and resources building something to support the business that you think you’ll have in the future, only to arrive at the future and find that your business model has changed so much you don’t need the features you built and you don’t have the features you need. The architecture of Grav (and Drupal 8) make it very flexible and extensible so that you can start simple and grow as you need. But it will be much easier for you to get up and running and test your business ideas with Grav than Drupal 8 unless you have access to experienced Drupal 8 help (it’s expensive to get something developed in Drupal 8). When you get to the point of needing a more sophisticated or scalable platform, Grav’s flat file system will make it pretty easy to migrate your content. From what you’ve said so far, my professional opinion is this: decide what features you MUST have in order to pr ove your core business idea, and then build it yourself in Grav. You’d benefit from doing a bit of reading about MVP (Minimum Viable Product) before you decide on your core features.

1 Like

Douglas Gough
tnx a lot for the help, :slight_smile: I think you made it clear for me. I just wish I didn’t have to learn twig. I just finished with js recently :smiley: and I was looking to wrap it up by node and MySQL. but at least I am done with drupal I spend a lot of time on it and still can’t do in drupal what I can do with js, it really is complicated and confusing. :slight_smile:
tnx for all bits of help from all of you guys. :slight_smile:

Many people seem to be put off by Twig, but I think perhaps it’s sold as more advanced than it really is. Its syntax is virtually the same as in the well-known Jinja and JS counterpart Nunjucks, and its functionality very much mirrors PHP. If you know a bit of PHP, a bit of JS, and almost any popular templating-language from the past 4-5 years the transition into Twig should be painless. The docs are excellent, and there are plenty of good examples of more sophisticated uses around the web.

tnx :slight_smile: I am going to study docs