Thursday, May 10, 2007

JavaOne Day 3 - Consumer JRE, Ajax Security, Ruby in Netbeans

Todays highlights:

Roumen posted a blog entry about Sun's commitment to create "Consumer JRE". This is exactly what JavaFX needs in order to blow Flash away.

In the morning I attended Ajax Security session. The session didn't bring up anything new (un)fortunately, but it was a good recap of security pitfalls and best practices for Ajax development. The main message of the session was that Ajax makes securing web applications more complicated because of exposing more API and revealing many implementation details to the cruel world. The most important counter measures are:
  1. don't trust the client
  2. validate input
  3. encode output
  4. don't send sensitive (passwords) data in raw form over http
  5. remove comments from html and java script
Tor Norbye's session on Ruby tooling was pretty interesting. I had no idea that NetBeans was using Lucene search engine to make auto-completion and ctl(cmd)+space suggestions for dynamic languages like Ruby in NetBeans possible. Pretty smart :)

Btw, I've been using Netbeans 6 M9 as my main development environment for almost two weeks now, while working on numerious Java and Rails projects. The stability of this build is fantastic. I don't recall seeing any major or even minor issues.

No comments: