Tuesday, September 23, 2008

Podcast from OOW 2008

Stirring Up Controversy

 

...Tom Kyte sits down with Oracle Magazine editor Tom Haunert at Oracle OpenWorld 2008 and stirs things up in this conversation about Oracle OpenWorld happenings, a new approach to publishing, and the trouble with triggers. ...

Friday, September 05, 2008

A new book on APEX coming out...

There is a new APEX book coming out soon - I wrote a foreword for it.  There has been some discussion of it on asktom - and I thought I'd publish the foreword here:

I consider myself a pragmatic person – one that uses the right tools for a job, one that employs the most straightforward and easy way to accomplish a task.  To that end, I’ve been a great supporter and fan of Oracle’s Application Express (APEX) from before the day it was introduced.  I say “before the day” because I’ve had the honor and pleasure of using APEX long before it was released to the public at large – my website, http://asktom.oracle.com/, is one of the first websites ever built with the software that was to become known as APEX.

APEX is one of the most pragmatic database development tools I know of.  It does one thing and one thing well – it rapidly implements fully functional database applications – applications that are used to predominantly access, display and modify information stored in the database (you know, the important applications out there).  It facilitates using the database and it’s feature set to the fullest – allowing you to implement some rather complex applications, with as little work (code) as possible.  It is possible to build extremely scalable applications with a huge user base (http://metalink.oracle.com/ for example is built with APEX).  It is possible to build extremely functional applications, with seriously powerful user interfaces (APEX itself is written in APEX, proof of this).  It is easy to build applications rapidly, the current version of http://asktom.oracle.com was developed in a matter of days by two developers – in their spare time, it was not a full time job.

While it all sounds wonderful and easy so far, APEX is a rather sophisticated tool with many bits of functionality and a large degree of control over how the generated application will look and feel.  To fully utilize the power of APEX – one needs to have a guide, a mentor show them how to do so; very much akin to what I do with people regarding the Oracle database.

This book – Oracle Application Express – is that guide, the authors – Scott Spendolini and John Scott – are those mentors.  The book walks you through the steps you need to understand after you’ve installed and started using APEX, to go beyond the sample applications.  Covering diverse topics such as “Using the database features to full advantage” (one of my favorite topics) to “SQL Injection Attacks” – what they are and how to avoid them in APEX – to “Printing”; you’ll find many real world issues you will be faced with explained, demystified and solved in this book.

For example, Chapter 5 “Data Security” covers a wide breadth of topics regarding securing your database application.  There is a section on URL injection issues – what they are, how they are exploited, why you care about them and finally how to protect yourself from them.  There is a section on Session State Protection – following the same format –what it is, how it is exploited, why you care and finally how to protect yourself.  The same mentoring occurs with data level access where the authors introduce how to use Virtual Private Database, a core database feature – not really an APEX feature, to protect your data from unauthorized access.  Lastly, a critical application feature – Auditing – is discussed in depth using the “what it is, why it is, why you care and then how to do it” approach.  Whilst some of the content in this chapter is not specific to APEX, it is needed to give you a holistic view to building database applications – which is what this book is about.

This book covers not just the nitty gritty details of building a secure application, it covers all you need to build database applications with APEX.  When they are done with security, the authors move onto other necessary topics such as how to perform screen layout and application screen navigation, how to integrate reports and charts, how to integrate web services – enabling you to perform application integration – in an APEX environment, and much more.

If you are an APEX developer just starting out, or an APEX developer with experience under their belt but want to learn more about the environment you are using – this book is for you.  It describes from start to finish how to build a secure, functional, scalable application using the APEX application development environment.

Thomas Kyte
http://asktom.oracle.com/