No comments about Handbook of Database Security: Applications and Trends.

3 comments about Developer's Guide to Web Application Security.

1. With the increasing number of incidents of crime that is occurring on the world wide web it behooves every programmer to become fluent in all aspects of information security. This book provides a great overview of the various methods a hacker uses to penetrate various forms of web architectures. The author's goals it seems was to cover a broad subject by touching on all important aspects of securing a website.
   
   Throughout the book a hacker mindset is presented and how to design your website to overcome the tools and tricks of the hacker. For instance in many of the chapters the manner of attack that a hacker would use to exploit a piece of technology is covered. Overall I believe this book to be a good introduction to the field of securing websites. Since security in of itself is such a broad subject and the Internet is also a broad subject it is unfair to expect one book to cover all aspects of a complex and dynamic environment



2. When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both.
   
   Each of the chapters in this book seem to follow a pattern of first defining the topic, second giving real world examples, and finally providing the reader with solutions. The book begins by providing a history of the hacking methodology and defining the various types of hacking. It was interesting to learn about some of the various hacks and hackers. For example, I had no idea Steve Jobs (Apple Computers) used to be a hacker.
   
   In chapter two the author discusses what he calls a "Code Grinder", and how to not become or produce a code grinder. A code grinder is someone who works in a highly regulated environment where creativity is discouraged. I found it interesting that a code grinder environment typically produces more unsecure code then an environment that is open and promotes creativity.
   
   Chapter three discusses the risks associated with mobile code. Chapter four covers vulnerable CGI scripts and introduces the reader to some tools such as Nikto and Web Hack Control Center to scan your website to find vulnerabilities. The author goes on to discuss the issues faced by the various CGI scripting languages, and then provides an outline of rules to writing secure CGI scripts.
   
   Chapter five covers hacking techniques and tools. This section gets you into the mind of a hacker, what are their goals, how are those goals achieved and what tools do they use. In chapter six the topic is "Code Auditing and Reverse Engineering." This chapter I found exceptionally interesting and helpful. The author takes you through various types of vulnerabilities and with each weakness explains how it affects each of the more popular programming/scripting languages. And to take it a step further the author also provides the reader with the functions/methods for each programming/scripting language that are vulnerable to attack and then explains either how to use those functions securely or gives an alternative function/method that is more secure.
   
   Chapters seven through ten cover securing code in specific languages; Java, XML, ActiveX, and ColdFusion. Chapter eleven discusses developing security enabled applications using such technologies as PGP, SSL, and PKI. Finally in chapter twelve the author wraps up the book by taking the reader through creating and working with a security plan.
   
   CONCLUSION
   --
   I found this book to be interesting and a good read. I plan to make use of some of the tools it introduced in hardening applications I work with and develop. And as I mentioned before, the chapter on code auditing will be extremely useful to me in cleaning up existing apps and developing new ones. I liked this book and I would recommend it to anyone who is writing code.



3. More recent books on web application security are welcomed. The publication date of 2006 suggests it might fall into that category.
   
   The focus on the programmer is also welcomed. Many security books deal with threats, but the actual practice of programming to ameliorate those threats may not be readily apparent. One would like support for a programmer "security mindset" and specific strategies to implement that.
   
   The book is addressed to programmers and written in a fashion that is engaging. And, as a more general work to highlight the importance of security at the development stage, it's OK.
   
   But, there's just not much depth here for it's intended topic. And, the content appears to reflect lectures presented in the 90s. There's some significant reference to C, which is not typically used in contemporary web programming. The focus tends towards the *nix world, but again a fair amount of emphasis, as I recall, on cgi, where again, PHP is more commonly used today. References in the Microsoft world are exclusively to ASP -- a technology which was superseded in 2002 by ASP.NET.
   
   There's some appropriate programming advice here. But, it's soft rather than hard, and diffuse and general rather than focused and specific.
   
   I would rate it 3 stars for that content if it were more appropriately titled.

5 comments about Mastering SQL.

1. I bought this book 3 weeks ago and must say it covers everything in great detail. I would recommend it to MS exam 70-029 candidates, as well.



2. I did not like this book at all I found it to be hard to read. The CD it comes with only has example tables for linux. It would be nice if sybex, would have included some tables usable with Microsoft or Oracle. I found that Sams SQL in X days and many others books to be more helpful and a better reference. From the rateing of 4 stars that I saw which induced me to buy the book makes me wonder if I will trust them in the future. Keep looking.



3. This book was extremely useful in learning SQL. I had virtually no SQL background prior to reading this book, but Gruber's writing soon made interacting with this powerful database easy. The book starts off with an introduction to databases and then quickly delves into how to query, insert and update data into a database.

   The examples in the book are down to earth and illustrate what the author is attempting to show. The result sets are also clearly displayed. Helpful questions and answers appear at the end of each chapter. Gruber also covers more complex searching and eventually gets into the more complicated portions of SQL: rights management, indices, optimization and Java interaction. There is also a helpful (and lengthy) appendix at the end that covers SQL commands.

   The first part of the book was extremely helpful to me. I felt confident in the what I was learning and Gruber's explanations made sense. However, the material was a bit a dry. The same data set was used throughout and while being helpful in the fact that it was familiar, it didn't liven up the book. I found the middle portion of book somewhat helpful; the information was sort of sketchy and wasn't as comprehensive as I would have hoped.

   If one quickly wants to learn how to manipulate an SQL, this book is a definite must-have. It is easy to find information and the material was presented in a logical format. However, I'd go to a more heavy duty book on database management rather than this one for those topics.




4. Mastering SQL caught my attention when i noticed that the same author wrote that lovely book 'Understanding SQL', so i decided to give it a trial. I got the book about 3 weeks ago and it has been of great help towards my preparation for the exam MCP 70-029. The only problem is that the example codes do not run on Windows, and that means typing in the codes manually for those of us using Windows. I hope the author puts this in mind when he starts working towards the second edition. Apart from that, its a great book, especially for beginners like me and for the database experts, its a good reference material too!



5. I have to agree with the other reviewer that it was a hard read, however, it is worth more than 1 star. I have it three because there is some good information, but it was definitely difficult to get through. It reads more like a reference book than a how to.

No comments about Pro SQL Server 2008 Reporting Services (Pro).

1 comments about Learn Microsoft SQL Server 2000 (With CD-ROM).

1. This is a great book for people beginning to learn SQL Server. There are many step by step examples of how to use, maintain, manage and program SQL Server. However, I don't think this book or it's examples were edited. THERE ARE MANY ERRORS IN THIS BOOK, mainly in program syntax (which are easy to fix if you know SQL). If they could come out with a second (edited) edition, this book could get 5 stars.

1 comments about SQL Server 2005 for Developers.

1. This is a book that has been needed for some time.
   
   When Microsoft first licensed what was to become SQL Server from Sybase it was basically just a database program. Since the split between the companies Microsoft has added a series of extensions to the package that effectively add front end packages to facilitate understanding what's going on inside the database, ease the programming task for certain applications like Data Warehousing and Data Mining, provide for notification of the manager in the event of certain events, a sophisticated reporting service and more.
   
   The problem has been that all of these additional packages are big sophisticated programs in their own right. In fact, most of them have their own book or even books describing how to use them. What this has meant is that there is so much information on each of these packages that it is difficult to decide just which of these packages is worth the time it takes to implement them.
   
   This book is sort of the first book in a series that gives you the overall view. I'd suggest that anyone starting out to implement a SQL Server system read this book first. It's more or the less the general introduction to the SQL Server system.
   
   Obviously this book doesn't cover as much detail on any of the packages as a dedicated book, but it gives you enough information to tell you if the package will do the task you need performed.

4 comments about Bases de Datos en MS Visual Basic 6.0 con CD-ROM: Manuales Compumagazine, en Espanol / Spanish.

1. En mi opinión, es un excelente libro, no solo para aprender como conectar VB a Base de Datoa, sino tambien te introduce en SQL Server, y lo más importantem la excelente atencion puesta en SQL, ADO y Programación en 3 Capas (muy bien explicado)

   Es una buena introducción al concepto .NET de Microsoft.

   Lo recomiendo no solo para desarrolladores VB , sino tambien para desarrolladores de Internet (ASP/IIS).




2. Este es un libro excelente, no pretende ser un manual de usuario,no pretende enseñar la historia de la programación visual, sino que va al grano y da las explicaciones prácticas que son las que el programador necesita para desarrollar sus tareas en forma eficiente. Enseña via un ejemplo la programación de tres capas en forma clara y concreta, explica como manejar stored procedures, también con un ejemplo concreto, trae un cd, con el sql server en versión trial (prueba) y con utilitarios variados dentro del mismo. Realmente, vale mas que los $ 20.- que cuesta. Lo tienen que tener si o si, después pueden comprar si quieren todos los de la editorial Wrox, pero empiecen con este!.

   Román Hugo Bernachea cartelera2000@hotmail.com




3. Excelente compendio de lo escencial en VB 6.0 para coneccion con bases de datos. El autor es conciso y preciso en los asuntos importantes, con un toque se sencillez que impresiona al lector.
   El libro es tan claro que puede leerse solo o junto a un computador al lado.



4. Libro muy basico, lo compre pensando que explicaba a fondo todo lo relacionado con base de datos y en realidad parecia una revista de esas que se compra en un quiosco.No se a quien le puede interesar.

5 comments about Beginning Visual Basic SQL Server 7.0.

1. Thearon Willis's approach is pretty straight forward, and that's what I like. In short this book gets a solid positive review and has minor peeves.

   In short this is a great intro to SQL server 7. Good use of explaining triggers, and stored procedures. Most important the examples are REAL WORLD BUSINESS examples that you can use. So many other books get you to do things that are totaly useless.

   While I wouldn't design and interface like he did, or make the tables, as such, and I did find his stored procedures a bit overly lengthy, it's still a great book to get started on and has a lot of usefull stuff. Knowing VB helps but not neccesary and is of course not concentrated on either..

   solid 4, Another good Wrox book.




2. I've been a software engineer for just over 20 years now, and to this date, this author is by far, the most talented author, I've encountered. The book covers all that is required, for a Visual Basic developer, to learn the tasks associated with building applications for Visual Basic using SQL. With other books, it never failed that the author would leave something important out, when demonstrating a technique, but the author of this book, Thearon Willis, covers everything, down to the intimate detail. Thearon also has reminders through out the book, that remind the reader not to forget to do something, that may have already been covered. I believe the author has the ability to convey upon the reader, in an understandable manner, like no other author has.

   Many Thanks




3. I own 2 books written by Thearon Willis, this book and "Beginning SQL Server 2000 for Visual Basic Developers". Both books are excellent. Combining this book and Rob Vieira's "Professional SQL Server 7.0 Programming", I got a very knowledgeable skill set that combines Visual Basic 6.0/5.0, SQL Server 7.0 and RDO/DAO. If you have to maintain applications written in Visual Basic 6.0 and earlier or if the database is SQL Server 7.0, you will want to read this book. Please note: if you want to use latest ADO, you may have make some minor modifications to the examples in this books.



4. I guess an 860 page book sells better than a 250 page book, that
   would explain all needless pages in this book!

   This book repeats and repeats the same description of the code
   over and over and over...

   Not to many authors are smart enought to realize when you
   teach something keep it as simple as possible ( no charge for the tip to you authors out there.)

   For example don't include a column for address1 , address2
   and address3 and then write code to test if address2 and address3
   are NULL. The Address1 column is enough to get the point across. This kind of "filler" only distracts from the main point of learning ADO and SQL.

   And the Author over does normalization - you would be looked
   at as a rank novice if you did this type of "over" normilization
   in professional code.

   Book would get 4 stars if it was not filled with so much
   fluff and filler and fluff and filler ....




5. Don't let the one star reviewer put you off. This is a good book available at a bargain 2nd-hand price. The joke below about fitting this content into a book of 250 pages shows that another reviewer doesn't know what he's talking about. But the examples are a bit OTT as the case studies are large so there's a bit of repetition. It could probably have been shrunk to about 700 pages (rather than 900) with smaller (kiddy type) case studies. Likewise it's not possible to overdo normalization - just because some so-called professionals don't bother with it as much as they should is no reason why a beginner shouldn't learn best practice.

   The writer assumes that you already know Visual Basic 6 so doesn't cover much VB code. The focus is on SQL Server 7 stored procedures which are professionally done.

   The "Beginning" title is a bit misleading too. This is a book for serious programmers who, although still beginners, want to be good - not for hackers.

   The book is well made with hardly any errors that I've spotted and the code examples work.

   I recommend Vieira's two books as well - on SQL Server 7 and 2000.

   4 stars only (nearly 5) - the case studies are a little larger than need be.

5 comments about MCSE SQL 2000 Administration Exam Cram (Exam: 70-228).

1. This book gave me the extra pieces of information I needed to pass the exam. SQL 2000 ROCKS!



2. I passed 70-228 on my first attempt, using this book in conjunction with Transcender and Books Online as my primary study resources.

   You won't get all the information you need to pass the real test from this book, but that is not its intent. It works well when used for what it is marketed as, which is a "cram" resource to supplement a sound knowledge of SQL Server 2000 administration. Especially useful for me were the practice questions, the practice test at the end, and the screenshots of Enterprise Manager dialogs. Good to have in the hours immediately before the test!

   The contents have a few errors, including referring to the model database as "modal" throughout the book, but that doesn't detract too much from the overall utility of the book.

   All in all, a good investment, considering the cost of each attempt on the real test.

   RD




3. No, no, no.. This book is a waste of time. It gives an IN DEPTH step by step, excrutiatingly detailed how-to examples on using the installation wizard, and then glosses over the more important details that actually appear on the exam (like the C2 auditing and analyzing the SQL 2000 performance counters). If you're familiar at all with the software, this book has little or nothing to offer you in terms of actually test preparation. Microsoft assumes everybody taking the certification exams already knows when to click the next button.. Don't waste your time or money on this. The Dummies book is much better.



4. I read the entire book in 2 days... there is nothing in the book to actually remember... No concepts are described... all you see in this book are the screen shots of Enterprise Manager...
   
   Honestly I don't recommend this book. I didn't try the Microsoft press book.. If I were to choose between this book and the Microsoft press book I would go for the Microsoft press book because I am very sure that any other book will have more information than this book. This book has nothing at all.. believe me.. NOTHING to read for the test.
   
   I have used several Exam Cram books before and all of them turned out to be very useful other than this book. This book is not at all comparable with other books so use other books for your preparation.
   
   GOOD LUCK



5. This book gives you alot of facts to remember and no examples to use. The test was all configuration and security scenario questions and alot of stuff in the book was hardly covered like backup and recovery, DTS, BCP, DBCC statements, replication, maybe one question each on these. No questions at all on steps to take during installation and configuration. I will be looking for something to supplement this with..

No comments about Creating SQL Server 2005 Applications with Visual Studio.