46 of 57 people found the following review helpful
Well written but of little actual value,
This review is from: Effective Enterprise Java (Paperback)
I feel kind of lonely here; everyone else seemed to love this book. Looking at the table of contents, I was very excited when I started reading the book. However, while reading it cover to cover I slowly became more and more dis-illusioned with it.
The book is divided up into a number of recommendations, called items, in a manor similar to Effective C++ and Practical Java. The problem is that most of the items appear to fall into one of a few general catagories:
1) Intro level generalities of good design for the web.
- pass data in bulk - multiple asynchronous calls out of process are more expensive than one big call
- make deployment as simple as possible - exactly what it says!
- use [...] sparingly - this is web application design 101
- always validate user input - my personal favorite; who today is not validating user input received from the web?
2) Using a pair of items to represent a classic design best practice.
- Lazy-load infrequently used data & Eager-load frequently used data
- Consider using optimistic concurrency for better scalability & Consider using pessimistic concurrency for explicit concurrency control
3) Re-statements of some of the principals of secure coding
- Security is a process, not a product
- Remember that security is not just prevention, aka "fail securely"
- Assume insecurity, aka "grant minimal trust necessary"
- Establish a threat model
My copy of this book has long been in the trash. Save your money. Here are a couple of free online articles to get you started:
Secure coding: [...]
Article on stopping SQL injection: [...]
Sort: Oldest first | Newest first
Showing 1-1 of 1 posts in this discussion
Initial post: Jan 23, 2007 1:52:00 AM PST
Yujun Liang says:
You are not alone. I totally agree with you.
‹ Previous 1 Next ›