All entries for Thursday 30 June 2005
June 30, 2005
Nine ways to hack a web application
A useful round-up, and I now understand cross-site scripting in more depth than I did. I was in the overflow room and the sound sucked, but not as much as the non-digital camera pointed at the projection screen displaying the slides and code examples! The system we set up for the LWMS in 2000 is far superior.
Shale: the next Struts?
McLanahan and Geary made no attempt to answer this question (it might just as easily find a place in the next JSF), but stuck to providing examples of how Shale improves on JSF and Struts. Most interesting features: Spring-like web flows (called dialogs), Tapestry-like views which are very easily reusable (and which make it trivial to chain actions together, unlike in Struts), support for AJAX by including special handling for XmlHttpRequests (called remoting), integration with commons validation.
Real world experience in app scaling using JDO
International Truck already had a high-performance back office system based on Versant OODBMS ("to minimise our involvement with DBAs") when they realised the need to roll out a cut-down version to very low-spec service laptops. They implemented their own in-memory JDO database to avoid licensing issues and to be able to re-use all their back office code without change.
Spring and JSF: synergy or superfluous?
Much similarity, especially in the area of dependency injection (differences: Spring can do constructor injection, JSF can do EL injection). Rod Johnson emphasised the AOP nature of Spring, which surprised me as I've always thought its proxy based approach rather weak. The conclusion (no surprises): synergy, use JSF for its rich component set and wealth of tools, and Spring for a nice clean DAO layer.
Web framework smackdown
A fun session with representatives defending most of the main web frameworks (though not Struts), and lots of time for audience questions (quite a few of them from Struts developers wanting something better). Interesting to hear of Tapestry and Wicket next to each other, since Tapestry aims to minimise Java code and Wicket aims to minimise everything else. JSF was somewhat the odd one out for being a specification rather than an implementation.
Bottlenecks in MVC frameworks
There aren't any, was the conclusion of this comparitive test between several frameworks and a non-MVC (JSP-based) implementation. Interesting for their methodology and tips for using JMeter.
Jewels in the developer toolbox
Convinced me that I should spend more time looking for tools because there are some great ideas out there. Funniest tool: the paper napkin look-and-feel for Swing, intended for use in unfinished apps to give the tester/boss appropriate expectations.