Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By dwanta on
When I created a Drupal module for a system I was working on back in 2011, it had to be as secure as possible and fast. It's been some time since then, so I'm writing this description of the system to share and get some feedback.
To view a demo of the bunny system running, view the video at: https://www.youtube.com/watch?v=5NPIBBmBBfU
The Bunny System was created for a Commercial Card system, where Drupal is the CRM, so it has to be secure as possible, and it's replacing an existing system that is very fast, so I didn't want to sacrifice any performance for my customers. The backend is written in C++ and Android is supported in java. It's a business application with little 'end-user' access, so I haven't spent much time making it pretty with graphic design. It's mostly basic formatting at this point.
I made it very Drupally, so it has hooks of its own and allows adding "Bunny Bundles" which are like modules in Drupal, so it is extensible and flexible, supporting really any industry.
Originally I tried using the Drupal Entity function, but I found it was too heavy for what I was doing, so I created light-weight entities. I'm sure Drupal's is better now, but at the time I had to create something that would work for me.
To make it fast, I tried making as much as possible load in memory, already primed and ready to go.
Why Drupal was chosen:
I wanted to use a CMS that was actively used and that tries to be secure. Drupal worked well for what I was doing.
Describe the project (goals, requirements and outcome):
Parts of the project:
Web Server, contains Apache, the index.php file and the files directory
Bunny Farm Server, contains Drupal and Bunny Service
File Server, optionally retrieve external data with Drupal permissions
Database Server, optionally house database external to Bunny Farm
Web Server
The Web Server accepts the requests and forwards them to the Bunny Farm. The Web Server has no databases and doesn't run Drupal and should only talk through the Bunny Port to the Bunny Farm. The Bunny Farm accepts the requests from the Web Server and does the actual processing, optionally accessing a remote data server. The Bunny Protocol utilizes the same SSL authentication using session IDs as Drupal, so the system stays secure.
The Bunny Protocol shepards the _FILES, _COOKIES, response code and the headers. When a file is uploaded, it is sent to the Bunny Farm. Cookies and headers, the session identifier for instance, are copied from the Bunny Farm to the Web Server so they can be sent back to the browser. (See Figure 1)
Bunny Farm
The Bunny Farm runs Drupal and the Bunny Module as a service, which in turn runs the Bunny Bundles (Buns), and returns the results to the Web Server.
Of course the system will work on a single server, but it won't be as secure for many reasons. The latest attack on Drupal, for instance, runs code that creates a file on the Drupal server, and then uses that file to break in. But in the Bunny System, Drupal runs in the Bunny Farm, and the attacker's file gets created there, and so it is not accessible on the Web Server and so the attack fails. I don't use the files directory for uploading files on my system, but if you do, you would need to run a sync script after the upload. In the script, you could easily catch the uploaded php file and send an alert instead of copying it over.
Bunny Module
The Bunny Module itself was created to do forms processing because my system consists of lots of forms and reports, and the design idea was to make the Buns as independent of Drupal as possible, to make upgrading easier.
Requirements
The system had to function as well as the old system, while being secure and easy to maintain.
Outcome
Light-weight entities worked out really well, as did the Bunny Farm.
Each light-weight data object has their own class, which can be written as simply as:
<?php
class tz_data
extends dps {
public function __construct() {
}
}
And then a form to display the data can be:
<?php
$dps->form_init($formid, $form, $arr);
The rest of the logic is stored in the Bunny Module files and controlled by the data dictionary. Most of the time, extra code would be added to those default files for custom functions.
Each table is defined in the dictionary like:
'tz_data' => array(
'fields' => array(
'id' => 0,
'country' => 0,
'coordinates' => 0,
'timezone' => 0,
'minutes_offset' => 0,
'minutes_offsetdst' => 0,
'tzcomments' => 0,
),
'indexes' => array(
'id'=>0,
'country'=>2,
'timezone'=>2,
),
),
And each element is also defined in the dictionary:
'coordinates' => array(
'format' => FORMAT_ALPHANUMERICS,
'default' => '',
'min' => 0,
'max' => 32,
'size' => 32,
'type' => 1,
'required' => 0,
'title' => 'Coordinates',
'desc' => '',
),
Using a data dictionary helps to keep the system easy to maintain and to enforce restrictions uniformly. To make the system as fast as possible, interaction is done using Ajax and encoded using JSON. The Bunny Module uses memcache automatically for each data object, managing the cache when records are added, deleted or changed. The Bunny Module's javascript allow the creation of an infinite number of popup windows, which is used in the system to make navigation as easy and fast as possible.
In simple tests of performance using curl, I found the Bunny System responds to anonymous page requests in about 80 to 100 ms, and the forms processing time on authenticated users is also generally on the order of 100 to 200 ms per screen, which is pretty fast for the user, with very little use of CPU on the Bunny Farm. Using a higher-end server, I'm sure the times would be half that.
I've been running this system for several years, with about 2 years in production use. But that version has Drupal running on the Web Server, I tried running in split that way but recently decided to put everything in the Bunny Farm. It's been working, but I'm sure there's some issues that will be found.
Of course there are core hacks to make this work on Drupal 7, but not too bad. I converted it to Drupal 8, but only have it loading but not functioning fully due to all the changes in Drupal 8, it will need a couple weeks of work to get going, at least.
If you wanted to check out the system, there is a demo user with a password of bunny that you could try out.
Technical specifications
Drupal version:
Drupal 7.x
Key modules/theme/distribution used:
Why these modules/theme/distribution were chosen:
I wanted to use the fewest number of modules as I could. The memcache module helped with the performance, the Bunny Farm was my module that I created, and Zen was an easy to use and functional presentation layer.
Community contributions:
The Bunny Farm system probably could be contributed to the community.
Team members:
Sectors:
Banking and Financial
