Developing trusted Magento extension
-
Upload
aheadworks -
Category
Business
-
view
1.741 -
download
0
description
Transcript of Developing trusted Magento extension
DEVELOPING TRUSTED MAGENTO EXTENSION
6/15/2012
Meet Magento Belarus 2012
Yurii Pochtovik
Meet Magento Belarus 2012 2
Outline
Trusted Extension
– What is it?
– Restrictions
– Recommendations
– Automated Analysis
Q&A
6/15/2012
Meet Magento Belarus 2012 3
Trusted Extension
Trusted Extensions – Extensions, that have been reviewed by Magento and found to meet or exceed specifications for security, performance, and developer support.
6/15/2012
Meet Magento Belarus 2012 4
Trusted Extension. Main Principles
6/15/2012
Compatibility
Security
Performance
Meet Magento Belarus 2012 5
Extension Compatibility. What is it?
Native Magento Functionality isn’t broken
Compatible with Magento Architecture Specifications
Compatible with Magento Technologies
Ability to use other Extensions
6/15/2012
Meet Magento Belarus 2012 6
Magento Compatibility
Specify Module Dependencies
Do not physically override core files
Do not create references from core database tables to
extension ones
6/15/2012
Meet Magento Belarus 2012 7
Magento Compatibility. How to
Minimize rewrites. Event-Observer functionality
Minimize controllers overrides
Try to extend controller from abstract one
Use layout functionality to extend front-end
Try not to remove native blocks
Use Zend-style SQL queries
6/15/2012
Meet Magento Belarus 2012 8
Magento Naming Conventions
community code pool
frontend/base/default package
adminhtml/default/default package
js second nested folder
skin/frontend/base/default package
skin/adminhtml/default/default package
6/15/2012
Meet Magento Belarus 2012 9
Magento Naming Recommendations
Templates in folder named by module namespace and
name
Layouts named by module namespace and name
DB tables named by module namespace and name
Admin controllers and blocks in Adminhtml subfolder
JavaScripts in js subfolder named by module or library
name
Skin files in subfolder named by module namespace and
name
6/15/2012
Meet Magento Belarus 2012 10
Extension Security
Escape data before inserting into database
Escape data before output
Validate incoming data
Implement ACL restrictions
6/15/2012
Meet Magento Belarus 2012 11
Extension Performance
Use caching whenever it’s possible
Use database indexes
Don’t change database structure “on-fly”
Minimize file system usage
6/15/2012
Meet Magento Belarus 2012 12
Extension Automatic Analysis Tools. Goals
Unify certification flow
Decrease certification timing
Check native Magento compatibility
Check another extensions compatibility
Allow community developers found problems by
themselves
6/15/2012
Meet Magento Belarus 2012 13
Extension Automatic Analysis Tools. Examples
Coding standards
Conflict checker – rewrites, layouts
Database consistency
Security scanner
6/15/2012
Meet Magento Belarus 2012 14
More Information
http://www.magentocommerce.com/
https://www.x.com/
6/15/2012