Web application security is a critical issue as more and more businesses deploy mission critical systems containing privileged information. Still average developer awareness of fundamental good practices in coding securely is lacking. Now a consortium of organizations has an initiative to turn the tide and acknowledge the developers who are aware of secure-coding practices and spread the knowledge.

The SANS Institute has all the details about the Secure Programming Skill Assessment (SPSA) program, including sample reports, exam blueprints, and free practice tests for different language/platform areas (C/C++, Java/J2EE, .NET/ASP, PHP/PERL, etc.). One should not shy away from looking inside: they speak about the fundamentals of secure programming in a very accessible way (identifying the three most common programming errors as not validating and sanitizing user input, buffer overflow, and handling integers incorrectly).

Hatem @ AJAX Magazine wrote a very good primer on Morfik architecture — a good read for anyone.

Dan Webb has some important thoughts about the Flash v.s. Ajax debate and the comments on his site and on the Ajaxian site are also thought provoking.

Indeed it is anyone’s guess how WPF/E, Flash/Flex/OpenLaszlo, AJAX (Backbase, YUI, Dojo, Prototype, Qooxdoo,…), GWT, Eclipse/RAP and Morfik will mature but this year will be definitely very interesting for web application development!

Just a quick, semi-compulsory blurb: Morfik WebOS AppsBuilder has reached the Release 1 state and the new version is now officially called Morfik 07!

I won’t repeat the press release at the MorfikWiki site. What’s important, though:

• Morfik has improved tremendously in the last two months;
• stability is much better;
• the Framework is streamlined and got rid of some fat (more about this later);
• there is now good documentation in the form of the Developer’s Guide by Mauricio Longo (excellent, even I could learn a few new things;-) and the MorfikWiki site (that contains some of my tips and overall will be a perfect platform for documentation).

Stoicho just released a blurb at his “The Morfik Watch” blog about the release and he is also amused by the name (Morfik 07) and how close it is to 007: IMHO it would have been more appropriate, considering the disruptive lethalness of the new technology to the current, stone-age way of developing web applications :-)

It was almost a year ago that I wrote about calling JavaScript from Morfik (in Morfik Tips: How to integrate JavaScript into the client code). That method is still valid and especially suitable for larger bodies of JavaScript (like libraries), but there is now an easier way of doing this.

Read the rest of this entry »

I had a few additional explanations and thoughts about Calendar that I put into writing for your pleasure:

• You can add new items by simply dragging on empty space (or Shift-dragging on events)
• You can move events by dragging (in the caption) or make them longer/shorter by dragging the bottom of the events.
• If you schedule multiple events at the same time on the same day, they will split the cell width nicely (better than Outlook, IMHO;-).
• While you are making the edits, they are sent to the server in the background for storage, without interrupting your work, in a true AJAX fashion (in demo mode after validation we throw away the changes, to make our life of keeping the demo in shape easier).
• As a future feature, I plan to combine this with my Chat demo to create a collaborative event scheduling calendar where if one party edits an event, those changes will be reflected immediately on the other parties’ screen. Will also add month view, etc.
• The architecture is so that the client side interfaces through Web Services (SOAP) with the server, so it should be simple for other applications to integrate with the Calendar (will also create a demo).
• The browser-server communication language is iCalendar, so other calendars will be able to import our events (tested manually with Google Calendar so far) and we will also be able to consume other iCalendar-compatible events.

Having almost 20 years of software development experience, of course, this does not seem such a big deed for me, still in the web space there are not that many really polished Calendars around (again, Google Calendar being a big example). Now taking into consideration the time it took me to get so far with the demo with relatively little hands-on web development experience (I was mostly envisioning/designing/managing our web projects, not coding) we can see what tools like Morfik can do with the web:

1. they can enable software engineers who avoided weakly object-oriented scripting languages thus far to create powerful solutions that can exceed their desktop equivalents in many ways and
2. they can enable small shops that were coding in MSAccess, FoxPro, Paradox, Visual Basic, etc., to become first-class, fully buzzword-compliant web developers without first learning (X)HTML, DOM, JavaScript, SOAP, XML, AJAX, Apache admin, etc. (they will eventually, IMHO, but it is not an up-front cost;-)

So in the end we can hope for more powerful and more productive web applications to come :-)

From time to time you will want to drop to JavaScript to perform various operations (like when you use a third-party JavaScript library). In those cases you may want to call a Morfik function or method. How can it be done?
Read the rest of this entry »

Once again, we are back with a new demo app done in Morfik! Now it is a weekly calendar view (similar to what you can see in Microsoft Outlook or Google Calendar) with drag-and-drop capability. You can take a look at the application here (it may take Morfik some time to post it, so check back if first you are not successful). At this time the source code is not available (read on to learn more).

This demo was created with Morfik technology within cca. one engineer-week’s time. Some notes on features and limitations:

• The edits to the events are sent to and are validated by the server, but they are not saved in this demo (to help us maintain the demo:-)
• The demo will always show the same week (start of March, 2007) again, to help us maintain the demo.
• You cannot add all-day events in this demo.
• This started out as proof of concept to see how easy it was to develop a complex control in Morfik. You can judge it for yourself: for one week’s time it is quite polished, IMHO :-).
• We have frozen the feature set of the demo so there are many functions missing, but we are continuing the development of the Calendar control itself, so please contact us, if you need a production quality full featured solution (including back-end logic).

PLEASE NOTE: this version of the calendar is NOT secured, there are gaping holes and can be mistreated quite easily, so DO NOT use it for production purposes.

I just stumbled upon this issue and while the solution seems very simple, I almost pulled my hair before I could fix it.

The symptoms: I had Firebird (installed with Morfik) working perfectly, then installed a Borland/CodeGear app that set up Interbase (client), and after that Firebird stopped working (“XNET error (xnet:2323) XNET server initialization failed”). Any amount of un-installations and re-installations did not help. Googling around did not reveal any pointers either.

The resolution: I had to manually replace GDS32.DLL in Windows\System32 with a version form Firebird.

The reason: both DB servers use the same file (GDS32.DLL) for client connections, but of course, different versions. Although the Interbase version was much older (6.5?, dated 2004 something) than the Firebird version (2.0, dated end of 2006) the version number inside the version resource is higher (6.5.something v.s. 6.3.something), so Windows was keeping the Interbase version, and did not allow Firebird to replace it (typical DLL hell:-) — and of course Firebird could not cooperate with this DLL.

Suggestion: I would recommend to the parties (most probably this should fall on Firebird) to use different filenames (e.g. add “fb” to all file names) OR improve the error message printed OR have a FAQ item somewhere on the Net explaining what to do (like this one :-). Of course, interoperabilitiy issues may arise (running Interbase and Firebird on the same system, using the same ports, etc.)…

As predicted, Morfik acted switftly upon my note about the (inability of the) customization of the “Loading…” message. So from 0.9.17.7 on you have a much cleaner solution. It is… Read the rest of this entry »