In the interest in full disclosure, I was sent this book by Packt Publishing in hopes that I would review it. I’m reviewing this book, however, in the interest of my audience.

Unless you live under a rock or simply check my site for Christina Ricci pics every morning, you know I’m a bit of a MooTools fanboy. I spend hours every day writing MooTools tutorials, getting in touch with the MooTools community and development team members, and oh yeah…coding a bit too. When it was brought to my attention that Jacob Gube and Garrick Cheung had written a MooTools book for beginners, I was really excited to check it out. The following are my thoughts on their book.

The Authors

Jacob Gube, Garrick Cheung

The Tagline

Learn how to create dynamic, interactive, and responsive cross-browser web applications using this popular JavaScript framework.

Shooting From the Hip

Instead of giving you this super long review that you wont read, I’ve decided to put my thoughts into bullet format. How clever!

• What I really love about this book is that it’s not a bunch of “theory” information — it’s no-nonsense, code-based learning. I LOVE these style of books.
• The book is ~ 150 pages, which is about right for a beginner’s guide. Making it too long would be a huge mistake.
• The price point is $40. Reasonable.
• The book covers a large array of sample projects and code examples — you aren’t looking at the same code snippets everywhere. Awesome.
• One gripe is that I don’t recall the book ever discussing the difference between MooTools and similar libraries like jQuery, Dojo, etc. MooTools’ object-oriented architecture and the idea of modifying native object prototypes is core to the framework and differentiates MooTools from other libraries. That really should be included in a “version 2″ book.
• I was not included as a MooTools resource — clearly an oversight. Hahaha.
• The book *does* cover creating a unique build of MooTools Core and -More. This is very important as beginners should know that MooTools is built to be incredibly modular and Moo programmers should code with that same idea in mind.
• The book flows very well and the progression of difficulty is perfect. Beginners will really appreciate the pace of the book.
• While Jacob isn’t a member of the team, he co-authored with contributor Garrick Cheung and asked Christoph Pojer, a MooTools Core Developer, to be technical reviewer. Involving people very close to the team was a great idea; it helps the book’s credibility and allows for all options to be considered. * I don’t mean to say this to discredit Jacob — he’s done a great job with this book and you certainly don’t need to be a team member/contributor to be a MooTools expert.
• I know it’s Packt’s style, but the “Impact”-style heading fonts are ugly.
• The book doesn’t try to explain or gloss over basic JavaScript. Thank you, thank you, thank you!

The Verdict

I was very impressed with this book and I believe it’s the perfect book for any developer looking to enter the MooTools pastures. My only major desire is that the book cover MooTools’ native object prototype modification; beside that oversight, I’d recommend this book to both rookie and novice MooTools developers. MooTools 1.2 Beginner’s Guide should be required reading for MooTools developers looking to master the basic of MooTools.

Follow Me! Twitter | Facebook | LinkedIn | MooTools Forge.

Full David Walsh Blog Post: Book Review: MooTools 1.2 Beginner’s Guide

Related posts:

1. Book Review: Wicked Cool PHP
2. Book Review: Enterprise AJAX — Strategies For Building High Performance Web Applications
3. Book Review: PHP5 CMS Framework Development
4. Book Review: AJAX Security
5. Free SitePoint Ruby on Rails Book!

PHP5 CMS Framework Development

Written By
Martin Brampton

Published By
Packt Publishing

Publisher Summary:
This book takes you through the creation of a working architecture for a PHP 5-based content management system, stepping you through the design and major implementation issues. This book is for professional PHP developers who either already use an in-house developed CMS, or are developing one, and want a thorough explanation of solutions to the common issues faced in CMS development, or simply want a working framework on which to build. The reader needs to be confident working with PHP 5 object-oriented programming.

The Review

When I was first contacted about reviewing PHP5 CMS Framework Development, I was very excited. I’m at the point right now where simple to moderate content management system authoring isn’t very challenging. Keep in mind that I’m responsible for knowing every piece of the development puzzle for every site I oversee so developing an enterprise-level PHP framework has not been a required skill. In order to grow as a PHP developer, however, this is a skill I would need to learn.

The book begins by outlining some of the important aspects of creating a good system, including PHP best practices, critical features, classes and objects, as well as patterns. The explanation of these ideas is essential to the lessons learned in subsequent chapters.

Chapter’s 2 – 14 include:

• Administrators, Users, and Guests – Discusses SQL injection prevention and ensuring that users will be given proper capabilities within the CMS.
• Organizing Code – Outlines a suggested filesystem and theoretical structure to the code.
• Sessions and Users – Solves issues with regard to user login and session storage.
• Database and Data Objects – Demonstrates code to be used to interact with the database safely and efficiently.
• Access Control – This chapter outlines methods of allowing permissions to specified areas of the system for each user.
• Handling Extensions – Covers methods of adding functionality to the CMS while retaining its structure.
• Caches and Handlers – To keep the system fast and efficient, strong caching methods must be available.
• Menus – Discusses ideas for making site navigation easy.
• Languages – One great addition to any site is multi-language capabilities. This chapter discusses solutions to accommodate for this task.
• Presentation Services – A strong back-end is nothing without a good presentation layer. This chapter provides insight into creating and managing the presentation layer.
• Other Services – Discusses the addition of widgets to the system.
• Error Handling – The best way to maintain any system is to build in strong error handling. Learn how to incorporate strong error handling into your system.
• Real Content – Oh, there’s that too. Delve into the front-end side again.

Favorite Chapter

My favorite chapter in PHP5 CMS Framework Development was chapter chapter 3: Organizing Code. Organizing the code is a critical component of a good CMS and unfortunately structuring the CMS is always a challenge for me. Seeing as the rest of the system relies on the organization of code, if you don’t take the time to build a good structure you could be up a creek a year later. I learned quite a bit from Brampton’s explanation.

The Verdict

Martin Brampton has written an outstanding book about a difficult topic. PHP5 CMS Framework Development provides detailed, logical insight into creating your own advanced Content Management System. I would recommend this book to any moderate to advanced PHP5 developer looking to learn how to create an advanced CMS or a developer open to an alternate method of building an enterprise-level system.

Follow Me! Twitter | Facebook | LinkedIn | MooTools Forge.

Full David Walsh Blog Post: Book Review: PHP5 CMS Framework Development

Related posts:

1. Book Review: Enterprise AJAX — Strategies For Building High Performance Web Applications
2. Book Review: AJAX Security
3. Book Review: Wicked Cool PHP
4. Book Review: MooTools 1.2 Beginner’s Guide
5. Free SitePoint Ruby on Rails Book!

Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems

Written By
William Steinmetz with Brian Ward

Published By
No Starch Press

Publisher Summary:
PHP is an easy-to-use scripting language perfect for quickly creating the Web features you need. Once you know the basics of how the language works, wouldn’t it be great to have a collection of useful scripts that solve those tricky problems and add interesting functionality to your site? We thought so, too.

Instead of starting at “Hello World,” Wicked Cool PHP assumes that you’re familiar with the language and jumps right into the good stuff. After you learn the FAQs of life-the most commonly wished for PHP scripts-you’ll work your way through smart configuration options and the art of forms, all the way through to complex database-backed scripts.

Wicked Cool PHP contains a wide variety of scripts to process credit cards, check the validity of email addresses, template HTML, and serve dynamic images and text. The 76 easily implemented scripts will also teach you how to:

• Send and receive email notifications
• Track your visitors’ behavior with cookies and sessions
• Override PHP’s default settings
• Manipulate dates, images, and text on the fly
• Harness SOAP and other web services
• Create an online poll, ecard delivery system, and blog

But it’s not all fun and games: Security is a big concern when programming any web application. So you’ll learn how to encrypt your confidential data, safeguard your passwords, and prevent common cross-site-scripting attacks. And you’ll learn how to customize all of the scripts to fit your own needs.

Dynamic Web content doesn’t have to be difficult. Learn the secrets of the craft from two experienced PHP developers with Wicked Cool PHP.

The Review

One of the reasons that I prefer short tutorials and articles over programming books is that books generally give you five pages of theory and one page of actual code. Many times, they assume that the reader is a noob to the language (I understand that the publisher requires this and that it’s not the author’s fault). Not this book. Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems is a no-nonsense, “here’s-the-code-here’s-the-solution” type of book.

Wicked Cool PHP covers the basis of the most used facets of PHP: configuration, string manipulation, form validation, file handling, security, and more. Each code snippet is preceded by a short explanation as to the strategies used in the code. The code is presented very well and is easy to understand. Some code snippets are followed with candid explanations as to the disadvantages of using the given code.

Wicked Cool PHP also covers some little-discussed topics including cURL, PHP web services, and creating images with PHP. With web services becoming more and more popular every day (social networking and bookmarking APIs), the cURL and web services scripts in the book will be a great starting point for web service/XML noobs. Wicked Cool PHP wraps up with a few intermediate projects: creating a poll, e-greeting card, and basic blogging system.

Overall, Wicked Cool PHP is a solid, code-packed book for the rookie or intermediate-skilled PHP programmer that understands the basic principles of programming and security. The code provides real world problem/solution scenarios that every PHP programmer will need to know. The book also includes some less-known gems that will spark the inquisitiveness of the reader.

My only criticism of Wicked Cool PHP is that the “difficult problems” the book promises to solve aren’t that difficult. The book covers strategies for keeping your web apps secure, using regular expressions, and session/cookie issues, but many other code snippets would be considered basic for any experienced PHP programmer. I would’ve liked to have seen topics like storing the session in a database, creating a basic MVC framework, and large form strategies.

Favorite Chapter

My favorite chapter of Wicked Cool PHP is chapter five: Working with Text and HTML. Regular expressions are extremely powerful and the amount of information you can acquire from simple page scraping and processing is amazing. Chapter five shows the user how to scrape a XHTML document for links, substring replacement, and converting plain text into XHTML markup.

The Verdict

Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems is a wicked cool publication for rookie and novice PHP programmers. The collection of useful PHP scripts provided in Wicked Cool PHP can serve as a great library for a noob or a quick reference to fix the nagging issue plaguing a novice developer’s web application. If you’re looking for a book that’s less theory and more straight-to-the-point code, Wicked Cool PHP belongs on your bookshelf.

Follow Me! Twitter | Facebook | LinkedIn | MooTools Forge.

Full David Walsh Blog Post: Book Review: Wicked Cool PHP

Related posts:

1. Book Review: PHP5 CMS Framework Development
2. Book Review: Enterprise AJAX — Strategies For Building High Performance Web Applications
3. Book Review: MooTools 1.2 Beginner’s Guide
4. Book Review: AJAX Security
5. Free SitePoint Ruby on Rails Book!

AJAX Security

Written By
Billy Hoffman, Bryan Sullivan

Published By
Addison Wesley / Pearson Education

Publisher Summary:
More and more Web sites are being rewritten as AJAX applications; even traditional desktop software is rapidly moving to the Web via AJAX. But, all too often, this transition is being made with reckless disregard for security. If AJAX applications aren’t designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. AJAX developers desperately need guidance on securing their applications: knowledge that’s been virtually impossible to find, until now.

AJAX Security systematically debunks today’s most dangerous myths about AJAX security, illustrating key points with detailed case studies of actual exploited AJAX vulnerabilities, ranging from MySpace’s Samy worm to MacWorld’s conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing AJAX applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails. You’ll learn how to:

• Mitigate unique risks associated with AJAX, including overly granular Web services, application control flow tampering, and manipulation of program logic
• Write new AJAX code more safely—and identify and fix flaws in existing code
• Prevent emerging AJAX-specific attacks, including JavaScript hijacking and persistent storage theft
• Avoid attacks based on XSS and SQL Injection—including a dangerous SQL Injection variant that can extract an entire backend database with just two requests
• Leverage security built into AJAX frameworks like Prototype, Dojo, and ASP.NET AJAX Extensions—and recognize what you still must implement on your own
• Create more secure “mashup” applications

AJAX Security will be an indispensable resource for developers coding or maintaining AJAX applications; architects and development managers planning or designing new AJAX software, and all software security professionals, from QA specialists to penetration testers.

The Review

Though the ideas of AJAX and security aren’t exactly oxymorons, they don’t go hand in hand either. I’ve always felt that PHP <-> AJAX scripts have more potential for security problems than most other scripts. AJAX scripts have the tendency to assume too much. AJAX Security aims to show readers how to tighten up your AJAX code, both server side and client side.

The book begins with defining AJAX-related terms: XHR, XML, JavaScript, and DHTML. The first chapter also covers AJAX web application flow. Most experienced developers could safely skip this chapter.

Chapter two presents an example website and case of AJAX hijacking. A very basic example but sets the tone for those that don’t have much experience with AJAX.

Chapter three covers basic web attacks including CSRF, phishing, and DoS attacks. Pretty basic but inexperienced developers will find this information helpful.

Chapter four does a masterful job of covering the “AJAX surface area.” AJAX hackers have many ways of disrupting the data and intended flow of your AJAX: manipulating form (visible and hidden) values, cookies, headers, querystring parameters, and uploaded files. The best defense against AJAX hacks is knowing thy enemy and AJAX Security makes sure you know what you’re up against.

In chapter five, AJAX Security addresses code complexity. String operations, code comments, and JavaScript quirks are recognized. The chapter is really quick and not as important to the book as most others.

Chapter six discusses “black box” applications versus “white box” applications — both being different views and flows of websites. AJAX tends to blur the lines between white and black and how you protect your gray website is extremely important.

Chapter seven, titled “Hijacking AJAX Applications,” discusses “clobbering” AJAX functions. The chapter covers exploiting JavaScript AJAX functions and JSON APIs.

Chapter eight, “Attacking Client-Side Storage,” naturally gives on attacking information you’ve given to the client — most notably cookies. Since we don’t have control over cookies between page requests, we can’t completely trust the information stored in them. Unfortunately, cookies can be an necessary evil. The key is to not put too much information in them.

Chapter nine covers the rare offline AJAX application. Offline AJAX isn’t nearly as popular as traditional online AJAX, but the offline counterpart is just as prone to attack. Don’t leave your offline application open to attack!

Chapter ten, titled “Request Origin Issues,” covers “robots, spiders, browsers, and other creepy crawlers.” As you know, with Firefox plugins like User Agent Switcher, you can switch the user agent you provide to the server. Not anticipating attacks for “meant-to-be-harmless” user agent sources can leave your application wide open to attack.

Chapter eleven discusses the current popular rage on internet: mashups. With social networking and bookmarking applications providing APIs to anyone that will use their service, everyone and their mother are looking to frankenstein an application together. Programmers who create mashups need to understand the responsibility of keeping data they receive safe.

Chapter twelve, titled “Attacking the Presentation Layer,” covers just that. My favorite line from this chapter: “Consider a website that has 1,000 pages–all of which have some common styling information that is stored in style.css.” One of the best ways to attack website is to try to gather information that is common to the site as a whole. Accessing stylesheets is as simple as a “view source.”

Chapter thirteen discusses JavaScript Worms, a topic not mentioned often among developers as much as CSRF attacks or parameter manipulation. XSS worms have the ability to completely cripple a website.

Chapter fourteen, “Testing AJAX Applications,” provides great information on how you should test your web application. Due to the number of ways that AJAX applications can be penetrated, testing your AJAX apps is extremely important. Like any application, fixing errors before deployment is ten times easier than after.

Chapter fifteen examines popular AJAX frameworks for ASP.NET, PHP (Sajax), Java EE, and the popular JavaScript framework Prototype. Unfortunately Prototype is the only JavaScript framework that receives mention. I was hoping that more frameworks like jQuery and MooTools would get play.

Favorite Chapter

My favorite chapter of AJAX Security was definitely Chapter 4, “AJAX Attack Surface.” As I said earlier, the best way you can start to combat the enemy (Mr. AJAX Hack) is to know him. AJAX applications have so many point of hacker entry: cookies, querystring parameters, headers, and form inputs leave holes in your AJAX and how you plug them is the measure of security for your website’s usage of AJAX. Know thine enemy!

The Verdict

AJAX Security is an important read for those looking to create any level of rich AJAX application. There’s a lot of flash and awe that comes with AJAX but it can also leave your website vulnerable. It’s important for the user to be in awe of the application, not the developer. Hoffman and Sullivan have authored a great book for developers with little to slightly above moderate experience with AJAX, the anti-flash.

Follow Me! Twitter | Facebook | LinkedIn | MooTools Forge.

Full David Walsh Blog Post: Book Review: AJAX Security

Related posts:

1. Book Review: Enterprise AJAX — Strategies For Building High Performance Web Applications
2. Book Review: Wicked Cool PHP
3. Book Review: PHP5 CMS Framework Development
4. Book Review: MooTools 1.2 Beginner’s Guide
5. Free SitePoint Ruby on Rails Book!

Enterprise AJAX — Strategies For Building High Performance Web Applications

Written By
David Johnson, Alexei White, Andre Charland

Published By
Prentice Hall / Pearson Education

Publisher Summary:
Writing for enterprise developers, architects, and user interface specialists, the authors explain why AJAX offers such great promise in large-scale development. Next, they systematically introduce today’s key AJAX techniques and components.

You’ll walk through developing frameworks for building AJAX applications that combine data tables, Web forms, charts, search, and filtering: the very systems businesses depend on in CRM, ERP, BI, and beyond. Then, building on this strong foundation, the authors identify proven AJAX architectural patterns, and present case studies drawn from actual .NET and Java AJAX applications. Coverage includes:

• Using AJAX to implement Model-View-Controller (MVC) in the browser
• Encapsulating user interface functionality to facilitate code reuse and reduce cross-browser development problems
• Overcoming the unique security challenges associated with AJAX Web applications
• Optimizing AJAX usability: the “back” button, caching, bookmarking, offline usage, and beyond

From security to scalability to project risk, this is the only book to cover all the issues facing AJAX developers in the enterprise. Whether you’re migrating legacy HTML interfaces or building new applications from scratch, you’ll find it absolutely indispensable.

The Review

Nothing is more important to me than credibility when it comes to programming and technical books. As any seasoned programmer knows, the reference / guide book gets you 30% there and the other 70% comes from banging your head against the wall for hours (until you read my blog, of course.) That’s why Enterprise AJAX: Strategies For Building High Performance Web Applications started off on the right foot with me. The authors of this book are the architects of Nitobi Software, creators of AJAX Components for .NET, Java, PHP, ASP, and ColdFusion.

Enterprise AJAX starts extremely slow, covering basic internet mainstays: browsers and browser versions, JavaScript syntax, the DOM, and popular JavaScript frameworks. Boring? Yes. Helpful? Probably Not. Necessary? Per the publisher’s request, probably. Luckily, the book speeds up.

The real insightful part of the book comes in when the authors begin to write about AJAX Components in chapter four, using Google Maps as its primary example. The chapter moves on to sorting tables using JavaScript and then to JavaScript templating systems.

The book then delves into design and deployment, presenting various steps of JavaScript development, including prototyping, wireframing, and other design decisions. Chapter six continues the AJAX creation process with AJAX architecture, which includes caching and other speed-related decisions that can make or break AJAX usage on your website. Other chapter six features include load balancing, clustering, and scaling.

Chapter seven, Web Services and Security, discuss keeping your AJAX scripts secure from automated and user-based attacks. Chapter eight moves on to AJAX usability. Usability is key in the web today and when it comes to AJAX, usability tends to become an afterthought. The authors of Enterprise AJAX provide many workarounds and best practices for dealing with specific browser quirks.

The book rounds out with three more useful chapters: User Interface Patterns, Risk and Best Practices, and Case Studies.

Favorite Chapter

Chapter six, AJAX Architecture, was my favorite chapter of them all. Chapter six provides strategies and examples with regards to caching and throttling AJAX code. Speed is AJAX’s main purpose, in my opinion — if not for AJAX, we could simply make clicking links refresh the page. As with most aspects of computer development and speed, caching is extremely important. For developers who obsess over optimal loading time, this book may be worth the price just for this chapter.

The Verdict

Enterprise AJAX: Strategies For Building High Performance Web Applications is a well thought out book written by experts who have been there and done that. The book starts with the foundations (boring, but necessary for web/javascript beginners and novices) and carries the developer through to the final implementation and maintenance of AJAX features.

Unfortunately for the authors of this book, JavaScript framework creators such as the MooTools, Prototype, and jQuery teams have made AJAX development so easy that starting from scratch with AJAX is no longer the norm. Most developers site on one part of the JavaScript framework fence.

This book is clearly still relevant and provides great insight into AJAX — its power and drawbacks.

Follow Me! Twitter | Facebook | LinkedIn | MooTools Forge.

Full David Walsh Blog Post: Book Review: Enterprise AJAX — Strategies For Building High Performance Web Applications

Related posts:

1. Book Review: AJAX Security
2. Book Review: PHP5 CMS Framework Development
3. Book Review: MooTools 1.2 Beginner’s Guide
4. Book Review: Wicked Cool PHP
5. Free SitePoint Ruby on Rails Book!