Forms—A better way

The better form processing that I propose is inspired by Drupal, but furthers the idea to improve on it. In order to properly understand the approach, though, you should understand how Cryptographic Signing (specifically, Authenticated Encryption) and the Galois Counter Mode (GCM) operate.

A quick overview of the GCM cipher goes like this: Given a secret key, a plaintext, and an initialization vector (IV), a GCM cipher should return a ciphertext and an authentication code. The ciphertext, IV, and authentication code is then given to the user. When the user returns, the GCM decrypt function takes in the secret key, the ciphertext, the IV, and the authentication code, and returns the plaintext. This may sound a bit complicated, so let me break it down a bit more.

The secret key is something that is stored serverside, and is preferably unique to each user. The IV is a short string that is unique to that encryption. The uniqueness is a requirement to a counter-type of encryption like GCM. In short, the IV must be different every time that the encryption is called, otherwise the ciphertext is vulnerable. Lastly, the authentication code is a string which validates that the contents of the encrypted text has not been tampered with. It does not matter if the end user is given the encrypted text, IV, and authentication code, because if the user changes any part of any one of these, then they will not validate when combined with the secret key.

Image from nodejs.org.

tl;dr

Is there a non-MVC node.js framework with Drupal-like plugin power and flexibility? If not, is anyone interested in working on one?

A very quick background about myself.

I have developed websites professionally with Drupal since 2004. I have worked as a freelancer as well as salaried and hourly programmer (not just with Drupal, but you get the idea). I have worked on several HA projects and have worked on large dev teams. Academically, I am currently working on a PhD in Comp Sci (already have the MS, and am 2 years in to doctorate). Why do I say this? Just to establish that I'm not a noob suffering from NIH, neither do I think that all web apps are a nail. I do, however, have experience and opinions. It doesn't mean I'm right, but it doesn't mean I'm wrong, either.

cron: The Unix clock daemon that executes
commands at specified dates and times according to
instructions in a "crontab" file.
Image from openclipart.org.

Drupal is an amazing system, there is no denying it. Every once in a while, however, small problems come up that no one anticipates, and your entire system grinds to a halt. This recently happened with me when needing for Drupal to run some heavy processes in cron. It croaked. Drupal got stuck in a loop of trying to run the same ill-fated task over and over, and my site stopped updating. Drupal needs cron, and all the normal ways of running cron were failing me.

Cron is an interesting creature. Many new sysadmins are mystified by its cryptic symbology and voodoo-like power, so they avoid it. Some shared hosting environments don't even allow users to set cron jobs! Back in the old days (Drupal 5 & 6), we solved this problem by using the Poorman's Cron module, which worked by starting the cron jobs at the end of a page load, after information was already sent to the user. It was virtually transparent to the end user, and this method was so popular that it made its way into Drupal 7 as a core module.