CPTTM software developer newsletter issue #1

Topics in this issue:

• Modern approach to web services
  
• Great software for FREE
• Book review: Writing secure code

Modern approach to web services

The approach to web services has changed significantly in the last couple of years:

1. In the past, people tried to expose their existing software as web services. So the RPC style web service was the choice. But nowadays, people design web service interfaces using XML (i.e., describe the information to be transferred as XML documents) before they implement it using a programming language. So the document style is the choice. As such it is now the only choice to ensure interoperability.
2. Standardization of encrypting and signing SOAP messages (WS-Security). Mature products are available so that it's much easier to do that.
3. The wrapped convention used by .NET.
4. Better IDE support for graphically developing web services (e.g., Eclipse Web Tools Platform).
5. Others...

CPTTM's Java web services course (starting on Jan 19) will reflect all these new approaches. If you have attended this course before, you may want to refresh your skills by taking this one again. Of course it is also suitable for those new to web services. For more info, see http://www2.cpttm.org.mo/training/sdb/showCourse.do?courseCode=CM188-01-2006-C.

Great software for FREE

• Microsoft Visual Studio Express (http://msdn.microsoft.com/vstudio/express). You can use it to develop ASP.NET or WinForm applications using VB.NET or C#, even for commerical purpose.
• Microsoft SQL Server 2005 Express (http://www.microsoft.com/sql/editions/express). Free to use, free to redistribute. Limited to 1 CPU, 1G RAM and 4GB databases.
• Oracle 10g Express (http://www.oracle.com/technology/products/database/xe). Free to use, free to redistribute. Limited to 1 CPU, 1G RAM and 4GB databases. Beta only at the moment.
• PHP Designer (http://www.mpsoftware.dk/phpdesigner.php). Open source. Edit, run, debug and upload your PHP code using this IDE. Supports syntax highlighting for HTML, PHP, CSS, JavaScript.

Book review: Writing secure code

This book is full of good practical advice on how to write secure code. For example, we all know that user inputs are dangerous and must be validated. But it is just too easy to forget to do that. This book shows a great solution: Use a class UserInput to store a user input string. When you get the string from this object, it will perform validations on that string and it will require that you have set the validators beforehand. Then in your UI layer (JSP, ASP, Servlet, PHP, Tapestry), make sure you work with a UserInput object instead of a string.

In addition to practical generic techniques like this one, this book also covers many specific areas such as database, web, encryption, signing, random numbers, .NET, preventing DoS.

The above techniques are most useful to programmers. In addition, this book also introduces security principles in the design, testing and maintenance phases of development. Great reading for team leads, architects and project managers.

This book is available for borrowing at CPTTM Cyber-Lab. Many other books on software development are also available. Please see http://www2.cpttm.org.mo/cyberlab/mslib.

Feedbacks

Have any questions, ideas or experiences regarding software development? Contact me at 781313 or kent at cpttm dot org dot mo.

Until next time, 

Kent Tong