Saturday, June 01, 2002
The first book is Translucent Databases. This book contains an innovative and viable approach to securing databases, and one that I've not encountered anywhere else. In a nutshell the author provides techniques, based on standard SQL and Java, for securing sensitive data without restricting general access of less sensitive data to authorized users. The core of this approach is based on encryption and one-way functions, including PKI and secure hashing, and accepted authentication techniques such as digital signatures.
What makes this book unique is that while it's based on solid theoretical ground, the material is practical. As the techniques are discussed they are illustrated by 15 different scenarios, all of which contain problems faced by e-commerce, HIPAA and other high security environments, and code examples that show how to solve the problems. I like the way the author shows how to implement his solutions in common database environments (PostgreSQL, MySQL and Oracle - the approach should also work in the MS SQL Server environment). As I read this book I saw interesting possibilities for implementing role-based access controls and securing against SQL-based statistical attacks using the author's approach.
This book is essential reading for DBAs, system architects and IT security professionals, especially those in healthcare who are struggling with meeting HIPAA requirements, and in e-commerce who are challenged by protecting credit card and account information. This book shows the DBA how to secure his or her database, and the system architects and security professionals what is possible using SQL and Java. The book also has an associated web site which is supposed to have soft copies of all of the source code contained in the book. As of this entry the link to the source code is on the site, but the code itself is not yet available. When it is the value of this book will increase even more because of the time it will save by not having to manually create the code from scratch.
If you are new to the cryptographic techniques introduced in this book I recommend Cryptography Decrypted by H. X. Mel and Doris M. Baker, which is one of the best introductions to this complex subject. I also recommend reading Secrets and Lies: Digital Security in a Networked World by Bruce Schneier, which covers the technical, organizational and social aspects of security and gives a clear description of the technical underpinnings discussed in this book.
The second book is XML Security. Given the fact that XML is a key component of web services, and extensively used in e-commerce and enterprise applications integration, this book addresses a genuinely important topic. For one reason, XML is text-based and can expose proprietary information, which is a vulnerability for competitive intelligence specialists and corporate spying.
Before going into what the book contains it's important to know that much of the material is based on RSA's view of the security. This isn't a criticism, but an up-front statement of fact because if you're looking for a book that is 100% vendor neutral you are going to have to wait until one is written - this is the only book I know of that is solely about XML security.
The book starts with primers on security and XML to set the context. It then covers, in succession, digital signatures (chapters 4, 5 and 6), and XML encryption. These chapters are consistent with work and specifications produced by XML Signature WG (joint the Working Group IETF and W3C for digital signatures) and the W3C working group for XML Encryption.
Chapter 8 is specific to RSA products. It shows how to implement XML encryption using RSA BSAFE© Cert-J, which can be downloaded in a trial version from RSA's website. Chapter 9 covers XML key management specification, which are consistent with the W3C working group's specifications, and how XML security relates to web services.
Despite the slight bias towards RSA this book is an invaluable reference. It provides an in-depth discussion of major security issues, as well as how they are being addressed by the W3C. It goes without saying that anyone who is responsible for system architecture, design and/or security should carefully read this book.
Friday, May 31, 2002
Since this book's goal is to explain Oracle's SQL Plus and PL/SQL languages instead of getting you through an examination with a passing grade it goes into details that my training missed. I especially like the way that database concepts, design and modeling are covered in the first chapter, and the step-by-step approach to teaching SQL and PL/SQL by actually performing useful tasks such as creating tables and working with tables.
In addition to the basics, this book covers advanced topics such as row locking, performance and joins and set operations. PL/SQL is given the same thorough treatment as SQL Plus and as you read through the book and actually perform the tasks on a real Oracle instance your understanding and skill level increases greatly. Since PL/SQL is rich in features and programming constructs the care with which the author explains the basics and how to apply them in a real environment made learning fun and builds your self confidence.
I also liked the attention given to database administration tasks in the final part of the book, and found the SQL Plus and PL/SQL quick reference in the back of the book useful on many occasions.
If you don't have the luxury of attending Oracle training this book is an excellent substitute, and even if you're going through OCP training this book will fill in the gaps that will surely arise since the course is fast paced. Note that this book uses Oracle 8i as the example environment, but the material works with the newer 9i version too.
The ideal audience for this book is the new Oracle DBA or UNIX system administrators who have either inherited DBA responsibilities or who want to gain cross-functional skills. Experienced DBAs will find much of this book too basic, and may complain that it doesn't cover the full range of database administration topics.
In my opinion the relatively narrow scope of this book is one of its strengths. Instead of overwhelming the new DBA with hundreds of pages it sticks to the essentials. Another point in its favor is that the author doesn't attempt to go into gory details about how things work (information that you can get from other books as your comfort level and self-confidence improve), but remains focused on what you need to do in order to effectively manage and support an Oracle 9i instance.
While I liked the Getting Started and Some DBA tasks (Sections I and II) that start this book, I especially liked Section III, which covers tuning. This is the essence of what a DBA does, and the basics are well covered. This section also gives some excellent scripts that the new DBA will find invaluable. Section IV, is somewhat useful, but Section V is another favorite because it shows how to begin building your own set of tools, which is the hallmark of an experienced DBA. The scripts that are provided in this section are the foundation of database administration, and will spark ideas for additional and more specific scripts. The value is that you can learn much from what is provided.
Each topic in this book is given a brief 2-3 pages, which makes it somewhat terse. In many cases you'll have to go to other books for deeper explanations, but at least you'll be quickly functional.
If I had to choose a single book with which to get started this would be it. Of course you'll outgrow this as your skills and experience evolve, but it will get you started and does so using good practices and workable techniques.
Thursday, May 30, 2002
In a nutshell, you bring your knowledge of algorithms, data structures and development methodologies, and the book will show you how to apply them to web programming.
Wednesday, May 29, 2002
What you get: This collection consists of the following books, each of which I have reviewed on their product pages. I am summarizing the reviews to save time:
- OCP Introduction to Oracle9i: SQL Exam Guide. I rated this at 4 stars - be aware of the fact that this book does have errors, make sure you read the errata and you'll find it quite helpful.
- OCP Oracle9i Database: Fundamentals I Exam Guide. Another 4-star rating - there are editing flaws and inconsistent writing that do make this book ponderous at times. There have been times when I wished the authors and editors had paid more attention to the book, and other times when I silently thanked them for clarifying a concept.
- OCP Oracle9i Database: Fundamentals II Exam Guide. 4-stars. Among the strong points of this book are the self tests and practice exam questions. Weaknesses include poor editing, which seems to plague this series, and the inconsistent writing that is at times extremely clear and others quite obtuse. I prefer OCP: Oracle9i DBA Fundamentals II Study Guide by Doug Stuns and Matthew Weishan, which is better written, consistent and complete. It is also a 'best of breed' book.
- OCP Oracle9i Database: Performance Tuning Exam Guide. Unlike the others in this set this book is a 5-star gem. All of the key elements of performance tuning are covered, the illustrations are excellent and aid in understanding, and the drills, self tests and practice questions have been a tremendous help.
Pros: price, over 2000 pages of materials and CD ROMs with practice questions and other material.
Cons: with the exception of the Performance Tuning Exam Guide the guides in this set have editing problems and errors.
After a quick introduction to the XML processing the author wastes no time getting to the meat by going into processing types in Sections II (Event-Based Processing), III (Tree-Based Processing) and IV (Declarative Processing). Each of these sections are comprised of chapters and topics that cover the strengths and weaknesses of each approach, common tools and example applications, and tips and techniques.
Section V is focused on Java development, including SAX in Java, DOM in Java and XSLT In Java Applications. This section covers APIs, tools and specific considerations for each topic.
The final section addresses XML processing in detail, and deals with alternative processing approaches (including hybrids of event-, tree- and declarative-based models), schemas, and RSS.
In addition the appendices are informative and add to the value of this book. In particular, Appendix A, A Lightning Introduction to Python, will get seasoned developers up-to-speed (augmented by Appendix C which covers Python XML Packages). Appendix B is a glossary that goes into considerable detail, making it a handy reference.
Sunday, May 26, 2002
- Charles F. Goldfarb's XML Handbook (4th Edition) by Charles F. Goldfarb and Paul Prescod. Goldfarb invented SGML, upon which XML is based and which had a significant influence on the design of HTML. At 1200 pages this book is probably one of the most complete references that one can have. It covers every conceivable topic, ranging from a good description of XML and how it evolved from SGML, to semantic web and web services (each of which are disciplines onto themselves).
Expected topics are given in-depth treatment (XML, schemas, DTDs, datatypes, XSLT, XSL-FO, XLink, XPath, XPointer, XSDL, namespaces, topic maps, RDF, SOAP, UDDI, WSDL and VoiceXML), with a focus on the following:
- integration of XML and the older EDI approaches to e-commerce and extended supply chain systems
- a sound approach to content management - how XML fits into the web services framework
- chapters on important topics such as portals, databases, content acquisition, conversion and publishing
- a series of chapters devoted to tutorials on XML basics, schemas, and transformation and navigation protocols
This is an overwhelming book for beginners, but is a valuable resource for anyone who is deeply involved in web services, XML and related technologies. If you fit the latter category this is probably the only XML reference you'll need.
- Definitive XML Schema by Priscilla Walmsley. In a nutshell this book gives a detailed description of the XML schema and associated topics. The author is a member of the W3C working group that created XML Schema, and the material in this book is consistent with W3C recommendations. See the editorial description and reviews on this book's product page for specifics.
- Definitive XSLT and XPath by G. Ken Holman. Covers everything you need to know about transforming information structured vocabularies and output formats. The author is the chair of OASIS's XSLT/XPath Conformance Technical Subcommittee. See the editorial description and reviews on this book's product page for specifics.
Subscribe to Posts [Atom]