Java Ranch Book Reviews

Chris Date is the main authority on all things relational -- the Relational Model, relational DBMS, relational languages etc. -- worldwide. I remember studying his "An Introduction to Database Systems" in the Soviet Union in late 1980-s. This book is a compilation of his articles published mostly on http://www.dbdebunk.com site, which he runs with Fabian Pascal.

The main topics of this book are the Relational Model and its implementations, where you will learn not only that all existing imlplementations suck, and that SQL does too, but how exactly they do it. (An unrelated yet pertinent quote from Wittgenstein, "Logic takes care of itself; all we have to do is look and see how it does it."). Then, some attention is given to the basics of OOP -- he might be the last man still not sold on the wonders of it. He precedes his collection of quotes from "the object world" with this comment, "My aim is partly to edify, partly just to amuse."

It's clear thinking, accent on fundamentals, and subtle, well-applied sarcasm that makes his writings so enjoyable. When working on this review, I would start reading a certain article to check some point, and then couldn't stop. The book is both entertaining and mind-broadening, thus recommended.

"Test Driven" is geared toward Java developers interested in writing better JUnit tests. Despite the title, it is useful whether you want to write test first or test last.

The first part of the book covers the softer aspects of testing such as how to decide what tests to write first and spikes. The rest of the book covers writing tests for common Java components including servlets, data access code and Swing. Examples were for things that we frequently want to test. They included "hard" things such as testing times and threaded code.

I particularly liked the sections on design and testing patterns. There was good coverage of different JUnit extension libraries with examples including dbunit, jmock, easymock, jemmy and abbot. There was also a full chapter on FIT.

I got a sense of "in the trenches" realism from the book. Tradeoffs of techniques were clearing mentioned. The chapter on adopting TDD shows the experience of someone who has done it many times. The section on how to fight resistance really spoke to me.

This is the first book I have read using JUnit 4, which was useful for reading well written tests. While there is an appendix "tutorial" on JUnit 3.8 and 4.0 (two page annotated classes), you really should feel comfortable with one version of JUnit before reading this book. While a few sections pertained to specific technologies, such as Spring, the concepts apply to everyone. I highly recommend this book.

Anyone involved in developing/testing AJAX should read "AJAX Security." It covers preventing a hacker from attaching your application. The audience includes developers, QA and penetration testers. While there are code snippets, they are explained well. While managers aren't in the target audience, I think they could benefit from understanding the concepts presented in the book.

The book begins with a brief review of AJAX architecture with an emphasis on security. The writing style is quite engaging including a chapter walking you through an attack from a hacker's point of view. All the major known categories of attacks are included including resource enumeration, parameter manipulation (with SQL and XPATH injection), session hijacking, JSON hijacking, XSS, CSRF, phishing, denial of service, etc.

I particularly liked the analogies to things that happen in the physical world such as resource injection into a roommate's "to do" list and hijacking another customer's paid order in the deli. These made it easy to visualize the problem even for people who don't code often.

The authors were realistic and included the limitations and drawbacks of each tool/framework mentioned. I liked the chapter analyzing two major JavaScript worms including the source code. This really hit home on the importance of certain practices!

All information was up to date as of printing including comments on all four major browsers (IE, Firefox, Opera and Safari.) They even mentioned the HTML 5 specification. The book is not server side language specific, which was nice.

I was really impressed with this book and felt like it had been written with my requirements in mind. The other Tomcat books I have read felt like they were paraphrasing the online help; additional material was provided, but little of it was new. While reading the first few chapters of this book, several of my ongoing queries had been answered, and there were a bunch of other gems as well - it sorted out my AJP and APR queries, gave options for running Tomcat on privileged ports without running as root, and dug further into the server.xml configuration than I.

Professional Apache Tomcat 6 is aimed at the serious Tomcat user. It will be useful to people that do serious tinkering at home, but it is a an absolute bible if you have Tomcat running production code or other critical uses.

Personally I found that the level of information did not always provide 100% coverage but, for example, the level of detail provided covering server.xml, web.xml and context.xml configuration will be of great use. The descriptions go into plenty of detail but rarely goes overboard. Examples of places to hook into or extend the existing functionality are pointed out, but the authors don't get distracted in providing sample implementations when the defaults are sufficient. The information is full of the sort professional advice and directions that I would expect from a book of this name, and that has been sadly missing from the other offerings I have seen.

As a short description, it covers topics like AJP connectors, Apache Portable Runtime libraries, configuring Tomcat behind IIS or Apache servers, clustering, shared hosting, oodles of configuration options, and also takes two chapters to look at testing the performance and then tuning applications running Tomcat.

If I had to provide negative comments, I would say that the book was written by three authors and at times it doesn't mesh well and it is clear that one section had a different author to another. There were also a couple of areas that didn't have the coverage I had hoped, but in most cases an explanation was given as to why this was done.

Realistically I find it difficult to fault this book and look forward to migrating our own servers to Tomcat 6 and tweaking the behaviour using the information provided. With this book in hand I feel completely confident that I have the know-how to set up the environment correctly.

"Advanced AJAX" is targeted towards AJAX application architects. Note that readers should be comfortable learning by reading code. For example, chapter 1 has two pages of code for a GUI widget. This seems heavy for a conceptual book. Elsewhere, the main idea got lost in six pages of view code.

I liked the non-technology specific sections. Browser tools included Safari and Opera plugins. All the "hot" security topics were covered (SQL injection, XSS, CSRF.) Tradeoffs were listed for different alternatives. Performance included CPU, memory and bandwidth. Trying out examples on the companion website was nice.

Many server side techniques were PHP specific, such as SQL injection. While six pages of code is good for PHP developers, I was surprised. The code was readable without being fluent in PHP, but unnecessarily narrows the audience. The 15 pages of screenshots/description on the PHP documentation tool could have been used for another topic. Wouldn't a PHP developer already know how to use PHP?

While I liked the presence of an accessibility chapter, I was confused. WCAG/Section 508 were introduced clearly early in the chapter. For the rest of the chapter, I wasn't clear on what pertained to WCAG, what was 508 compliant and what was coming in the future.

If you are a hands on PHP AJAX developer interested in architecture, this is an excellent book. Non-PHP developers or people who want to focus on architecture (rather than code) are better off with a different book.