Write reliable Web applications

The compiler helps you to remove bugs

OCaml's rich type system makes possible to check many properties of the program and remove a large set of bugs at compile time. Ocsigen does an advanced use of these features to give many garantees and protect you against many security flaws. For example:

  • No broken links
  • Forms and links correct w.r.t. what is expected by the service (names and types of parameters)
  • Valid HTML

OCaml has a very rich type system, making possible to check many properties of the program while compiling.

This has great consequences:

  • you don't have to implement yourself such verifications
  • you save a huge debugging time! If you change something (for example a data structure) somewhere in your program, the OCaml compiler will point out every place where you need to adapt the program.

Using such strong static typing features may look too much constraint at first glance, but it actually saves a lot of time while developing large applications, and makes your programs very easy to maintain and make evolve.

OCaml's typing system also garantees that your program will never crash!

Static typing of Web applications

Ocsigen's projects are using advanced static typing in many places.

Typing links and forms

Ocsigen is using static typing to check the validity of links parameters or forms elements w.r.t. the services the point to. For example, if a form contains a checkbox, the associated service must expect a boolean value.

HTML conformance

For reasons of interoperability and accessibility, HTML pages must respect W3C recommendations. Usually, programmers are using page validators, that check the validity of html pages. But today, most Web pages are generated and a validator cannot garantee that all generated pages will always be valid.

With Ocsigen, the validity of pages is checked at compile time! This means that the compiler will tell you every point where the program may some day generate an invalid page! Thus you do not need any more to worry about validity!

Conformance of client/server applications

As client/server Eliom applications are written as a single program, these typing features will extend to the whole program, you do not need to worry about the conformance of client side w.r.t. server side code.

Typing of database access

Ocsigen's database module, is using static typing to check database access and avoid runtime errors.

Security

Ocsigen also takes in charge many security issues for you. For example it will be very unlikely to have code injection, cross site scripting or session fixation. Eliom also implements protection agains cross site request forgery, etc.