A Web-Based App Builder With a Microsoft Twist

Now that the desktop revolution is largely over, most of the excitement lies in the counter-desktop revolution that is bringing all the flair developed by the desktop programmers back to the safe world of the server. Caspio is one of the most prominent players seeking to lure the desktop database builders away from Microsoft Access and back into the datacenter's fold. The company has been around since before the last bubble burst, and now it boasts a number of prominent companies as customers.

The process is simple and requires, as Caspio's Web site promises, "no more programming." First you specify some database tables and then you describe how these tables can be filled up with Web forms. After a bit of testing, you push a button and copy some JavaScript, and the forms are deployed on your Web site. The data your Web application captures lives in Caspio's datacenter.

(Cogheadclicks for noncoders with a flexible XML database and drag-and-drop form builder. See Peter Wayner's review in InfoWorld's Test Center.)

Caspio's solution, called Caspio Bridge, is part of a wave of Web-based applications for building Web applications. Some, such as JotForm, WuFoo, FormAssembly, and their many cousins, promise to help automate the process of turning forms into tables and CSV files (see "Application builders in the sky"). Others, such as Coghead, want to help you develop an entire Web application. The line between them is getting quite blurry, but Caspio Bridge lies much closer to Coghead because it aspires to help you build full-fledged, database-driven Web applications.

As a programmer, I'm loath to call what Caspio and Coghead let you do as "not programming" because it includes much of the architectural forethought and experience that pays my rent. You do need to think about the structure of the data and make a number of other decisions that take up many of the early meetings during a programming project. Smart database design can make a difference. After that, though, using Caspio is just filling out metaforms that specify what other forms will look like.

Wizards and Widgets

Caspio won't help you build the coolest applications, but you can accomplish quite a bit without much effort. The meat of the process comes during a fairly complex wizard for designing Web forms. Each field in the data table can have a number of basic and advanced rules for converting it into a field on the form seen by the user.

I particularly liked the way Caspio implemented the duplicate fields used by many Web sites to gather fragile information, such as new passwords. All it takes is one click on a check box; Caspio inserts a second field and automatically checks the two for consistency. All of the standard widgets are provided, plus a few somewhat novel ones, including a CAPTCHA button and Google Maps integration. The look of these widgets is vintage Microsoft, and the icons will take you back to simpler days when your real estate was going up in value. Although there's a good deal of JavaScript at work here, Caspio's designers have stayed away from the pastels, morphing blocks, and pulsing DIVs so common in Web 2.0 implementations.

After the form is built, though, comes a brick wall. There's no simple way to add your own custom validation to the server side of the application. Caspio offers a number of suggestions for how to add JavaScript to the client side, but you can't tweak any of the application logic on the back end.

This will be frustrating to a programmer who wants control over every layer in the stack, but it's easy to see why Caspio locks the server down. I've played with one reporting tool that lets you add arbitrary Java classes into the reporting logic. It's slick and programmer-friendly, but it fails badly when something goes wrong. The tool offers to compile your Java for you, but if it finds an error, it fills the screen with a stack dump. Caspio, like all of these server-based tools, must anticipate the worst that a user can do, which usually means endless loops and other simple mistakes. Exiling extra logic to the client is a simple and fairly elegant solution to malicious code, though Caspio's JavaScript customization comes with fine print: "Caspio is not responsible for the correctness, compatibility or applicability of these functionalities."

Here is where the counterrevolution starts losing punch. Pushing the logic to the client can make security much harder because a malicious person can hijack any extra JavaScript you add to your client. I don't think that this is a real concern for most of the applications built on top of Caspio, but it's something to keep in mind. Caspio does offer a good number of security features, including the option of encrypting your development sessions with SSL.

Subscribe to the Daily Downloads Newsletter

Comments