This discussion is archived
7 Replies Latest reply: Apr 26, 2011 5:19 PM by EEG RSS

Should Plugins Be Used In A Production Environment?

EEG Newbie
Currently Being Moderated
Hello All.

I am seeking your opinion on an issue that recently was raised in my work environment.

We are heavy users of Apex 4.x. I recently introduced Apex plugins to several of my fellow developers. They all were astounded.

However, someone questioned if we should incorporate a plugin into our production apps. The concern here is that, despite their usefulness, plugins are not officially supported by Oracle. If we run into an issue with a plugin, our only support would come from the person who authored the plugin. I would not be able to call Oracle/Apex Tech support to ask my question. And so, if the plugin author, for some reason, was not available, the problem would not be addessed. Furthermore, because the plugin code is not available to me (at least I think so; please correct me if I'm wrong), I would be forced to either remove the plugin from my app or come up with custom code to do what the plugin is doing.

Another concern is would the plugin code "survive" an Apex upgrade. I would hate to upgrade, say, from 4.0.2 to 4.1 and find that my previously installed plugins had disappeared. Frankly, I'm not sure this is a realistic concern, still I'm mentioning it because I don't have a sure answer.

Of the two concerns, the former is the biggest. In a "play/test" environment, not having the author answer or correct an issue with their plugin is frustrating but not critical. But in a production setup, this would be a big problem.

These concerns are giving my management pause as to whether or not to incorporate plugins into our production Apex apps.

It's my understanding that several of the popular open source software tools (Linux, perl, mySQL, JQuery, etc.) each have a core team of people who "maintain" the tool. There's a psuedo company giving oversite to the code. And so, such tools sort of have a critical mass of people supporting the tool. On the other hand, an Apex plugin has just one person (the author) maintaining the code. And that sole supporter may, for whatever reason, stop supporting it, making production support dicey.

I would appreciate your opinions about this?

Thank you.

Elie
  • 1. Re: Should Plugins Be Used In A Production Environment?
    trent Expert
    Currently Being Moderated
    Hi,

    That concern is not limited to plugins only. Install any third party library, and run into an issue the support you receive is by the author of said library, and not by oracle themselves - as they didnt author it! In the end, you need to assess, should something go wrong, can you either get the support you require, or have the ability to fix the code your self.

    The plugin code is available, in shared components -> plugins -> you can normally see how a particular plugin works. However, this is not always the case - some authors want to keep their code hidden well (probably if they have released the plug in under a commercial license), so wrap their code.

    Anyway, if you're still worried- just code it yourself? In the end, you should be thoroughly testing your apps to ensure their will be as little issue as possible. If you test it well, you reduce the risk down the line of anything going wrong. If the tests fail, don't use the plugin and look at another solution. Plugins are not limited to those released open source. For instance, your organisation may have a common functionality in all your apps, so then you can create a plugin for your dev's to use. By documenting the plugin well, down the track if there are issues, you should be able to fix it.
    And so, such tools sort of have a critical mass
    I like to think APEX has a large population - that is every growing - helping out too. Look at this forum, their are people helping out every day.
    Another concern is would the plugin code "survive" an Apex upgrade. I would hate to upgrade, say, from 4.0.2 to 4.1 and find that my previously installed plugins had disappeared.
    Of course, I'm not an Oracle employee, so can't speak for there future. But i'd be quite surprised if they didn't make the upgrade path for plugins as seamless as possible, in the event they had some core changes.

    Just some of my thoughts.

    Ta,
    Trent

    Edited by: trent on Apr 14, 2011 11:07 AM

    Also, Martin made some posts on his blog about some other concerns of plugins. Perhaps you'd like to have a read of them too:

    http://www.talkapex.com/2011/04/malicious-code-in-apex-plugins.html
    http://www.talkapex.com/2011/04/malicious-code-in-apex-plugins-feedback.html
  • 2. Re: Should Plugins Be Used In A Production Environment?
    EEG Newbie
    Currently Being Moderated
    Hi, Trent.

    Thanks very much for your thoughts.

    I also followed the included links and read through the articles (including associated comments) on Martin's site.

    The common thought in all of these posts is to be "cautious and, if possible, examine the code" and "test - test - test for scalability and correct function" before placing a plugin into a production app.

    I DO wish that Oracle would follow Apple's lead and place all plugins published on apex-plugin.com to at least some sort of security checking for malicious code (SQL injection, for example). It would make using plugins far less a case of "user beware" and save much time trying to determine if the plugin code is safe. Some of these plugins have lots ofcode and it would take alot of developer time determining its safety.

    In any case, thank you.

    I will designate my question as "Answered". Still, I do invite others to share your thoughts on this important topic.

    Thank you.

    Elie
  • 3. Re: Should Plugins Be Used In A Production Environment?
    603257 Journeyer
    Currently Being Moderated
    From a personal point of view, I would be very wary of using third-party plugins for something which is business-critical (say anything you would normally log a priority 1 or 2 SR for). If it's something which is a "nice to have" then why not? Of course you would want to verify the plugin first and ensure it wasn't doing anything undesired.
  • 4. Re: Should Plugins Be Used In A Production Environment?
    Luis Cabral Pro
    Currently Being Moderated
    Hi Elie

    Your questions are very pertinent, I think.

    I just want to share a real issue that we had (and are having) with an Apex plug-in.

    We use the DHTML Dialog plugin (http://www.apex-plugin.com/oracle-apex-plugins/dynamic-action-plugin/dhtml-dialog_49.html) to create modal windows to display an Apex page on top of another Apex page in an iframe. It works very well and users love it.

    The issue we are having is not directly related to that plugin, but rather to the JQuery Dialog plugin used by it. The JQuery Dialog plugin has a bug (or a feature if you like) in which it "evaluates" (for lack of a better word) the contents of the dialog at least twice: when the dialog is created and every time it is displayed.

    So think about it -- every time we show an Apex page in a DHTML Dialog plugin, it is requested twice! This is a waste of server resources at best, or can generate fatal errors that are difficult to trace at worse if the page does some data manipulation in a page load process for instance.

    I tried to contact the plugin author but I had no response so far. The source code is available (both JS and PL/SQL) and I tried a few hacks to fix the issue but no luck. So for the time being we decided to use that plugin only when really necessary and only for light-weight pages.

    In my opinion, plugins should be used only when really needed, not just because they are available or because they make the pages look "cool" (except of course in the case of a public application where the coolness factor is decisive). Not having someone to ask for help (as in our case) is quite frustrating.

    I like the idea in Martin's page of plugins certified by Oracle -- as long as "certified" means if there is a problem Oracle will help to solve it.

    Luis
  • 5. Re: Should Plugins Be Used In A Production Environment?
    EEG Newbie
    Currently Being Moderated
    Hi, Luis.

    Sorry to be "away" so long from monitoring this Forum. Have been so busy with work, I've not had time.

    I read your post with much interest and am glad I'm not alone in my concern over the use of Apex plug-ins in a production environment.

    As already mentioned, I wish Oracle with take "ownership" of plug-ins, similar to what Apple, for example, does with iphone apps. My understanding here (and forgive me if I am mistaken), one cannot just willy-nilly make an iphone app publically available until it has passed some testing rigor. Furthermore, Apple supports any issues with it. One need not hunt down the app owner for help.

    I wish the Oracle/Apex team would do likewise.

    Oracle created this very useful feature for Apex, incorporation of third party tool-lets. It also needs to provide oversite for them.

    Thank you.

    Elie
  • 6. Re: Should Plugins Be Used In A Production Environment?
    Vite DBA Pro
    Currently Being Moderated
    Hi Elie,

    While I agree with your desire to have only supported components for production systems, most plugins are little more than code snippets which some developer somewhere has posted as a service to the wider community. Plenty of production systems incorporate code samples and snippets with the developer involved in that system then accepting responsibility for that piece of code. How many times would have developers searched a forum such as this one for examples of how to write a particular type of query or for a particular piece of javascript or html. Incorporating pieces of code like this in production systems is part of the tool set of any professional developer. I think the important thing to remember as a developer is that if you do incorporate pieces of 3rd party code into your application you then take responsibility to understand what it does and how it works.

    I think it would be a shame to disregard such a useful feature as plugins for production systems just because they are not all produced as a supported product.

    Regards
    Andre
  • 7. Re: Should Plugins Be Used In A Production Environment?
    EEG Newbie
    Currently Being Moderated
    Hello Andre.

    Thanks very much for your thoughts.

    Truth be told, I like plugins and want to use them.

    What you've said I think is probably the best and most realistic advice -- know how the code works and, if placed into production, take responsibility for it.

    Thank you.

    Elie

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points