Tuesday, June 20, 2006

ODTUG - P3: APEX Q&A, 10g Security & Tuning

The real start shot is given at ODTUG today (Monday). A lot of interesting parallel sessions during the day... it's a pity that I *must* choose!

My first session: Oracle Application Express (HTMLDB) Panel (Moderator: Scott Spendolini)

This was an interactive session about APEX. We could ask questions to a team of four persons: Scott Spendolini, Michael Snyder, Greg Jarmiolowski and Patrick Cimolini. They all had different kind of experience using APEX. Most experienced, of course, was Scott.

The audience was very lively! Here're some of the questions which get fired:

1. Is APEX a toy or is it a real development environment?
They all agreed that APEX is a real development environment and serious business. From little to big application. Scott Spendolini: "The creation of Metalink in APEX says it all. Oracle would never create something so big if it would disappear..."
Michael Snyder from CASEtech also explained what they have been doing in their firm. They redeveloped all their forms applications in APEX.

2. How much effort does it take to learn APEX?
Patrick Cimonline from Cayman Islands Government told about what he did with his team (some COBOL developers). In no time they worked with APEX! You can read more about this on Scott's Blog.
Scott told a good one too! The record to build an application is 15 minutes! Basically an Oracle sales consultant went to a customer, were he took a specific Excel of them and put that in APEX. The client immediate said, Ok, let it there - it was production -.

3. A comment from the audience that some "Error Messages" in APEX aren't yet translated in other languages.
To make the APEX dev team aware of it, we all should log about it in Metalink, the more the better!

4. APEX in production? And what are the security issues?
Take attention:
- to not display debug information
- to lock development down for developers - in prod - (= do a "run-only" deployment)
- http before firewall, db after
- redirect admin login to workspace screen
- secure session state (url)
- Use best practices
Depends on application; secure or not, internal or not
VPD, SSL, ...

5. Are there some best practices for APEX?
Here're some things you can look at:
- business rules in packages instead of anonymous rules
- simple validation via APEX, complex validation through packages
- use of updateable views
- bp of forms can be used for APEX
The data model is really important. APEX is about 90% preparation and 10% painting!!

6. How to work with Reports in APEX?
There's a whitepaper available of Scott (see OTN).

7. What about a version control system in/together with APEX?
You can do an export of your application and put it into cvs.
Scott makes an export every day of his schema/workspace via an automatic script (example how to do it on OTN and APEX studio, search for window job). Next to that, as everything is in the database you can use your backup strategy for ex. once a week taking a cold backup.

8. On the ODTUG website how does the download of the docs work.
Store the blob's in your own schema/tables and use the standard functionality of APEX.

9. What about PDF's in APEX?
Some possibilities:
- PL/PDF: good; cheap, pl/sql no Oracle AS needed, but contra; pl/sql api, a lot of code, no gui to develop the layout...
- Reports,
- 3rd Party reporting tool. I use for ex. CutePdf
- XML Publisher, see speech of Mark Rittman on ODTUG
- It's foreseen that Oracle will include something to create pdf's in the 3.0 release.

10. What about really big projects... Do you use a methodology? or Way of working?
Apparently at Oracle they had some discussions about including a sort of cvs... but they decided not to do it as it would be too complicated.
You should have good understandings with each other and communicate. In APEX you can use for ex. Page locks to prevent working on the same pages.
In version 2.2 or 3.0 there'll probably be some more features (cross application page export etc.)

11. What about the hype round Fusion?
The choice between using Java or PL/SQL depends on your inhouse talent. Webservices for ex. are also possible with pl/sql.

12. % of using PL/SQL packages, standard APEX, custom features (javascript, css)?
Depends on project and customer.

13. XML? XPath - not out of the box
This should be improved, but it's already possible to do it yourself. There 'll be a talk about this later on at ODTUG. (Google MAP - xml + javascript)

14. Interface improvements?
in 3.0 AJAX (drop down column etc.)

15. Why APEX?
In the news was something about a stolen laptop. In the Access app were some important personal information (of more than 10.000 persons!). This shows again that you should use something else for critical applications! I'm saying... APEX for ever!! But hey, I'm completely Oracle minded ;-)

I also followed some other sessions...

There was the scary presentation of Donald Burleson about Oracle 10g Privacy Security Auditing Techniques. Don explained very well, with lots of tonation, what could go wrong... The part, I found was missing, were the solutions to handle all these threads!
I suppose it's in one of his books (he gave some away for free, but I didn't have the luck to get one).

I also followed the presentation of Rich Niemiec about Tuning Oracle 9i/10g using Statspack! I found it a really good presentation: clear, nice overview, good slides, lots of detail in the hands-outs, digestible information, evolution of B/ESTAT - Statspack - AWR - OEM & ADDM etc.

But I'm more a DBA (or something between a DBA and a DEV, I call myself a DBA4DEV), maybe for some developers it was too complicated, but I find that they should know this too!

The last presentation of today for me was Application Development Tuning Best Practices.
Personally I didn't like this presentation, as I don't believe that you've some "best practices" in app dev tuning which you should follow every time! It depends on what you're doing...
Maybe I'm a scientist... there're some good articles on the site of Tom Kyte about "rules of thumb" etc.

I found it a beautiful day with lots of interesting things to learn!
The pictures of Monday are here.

1 comment:

Partha said...

Thanks a lot for the updates. Quite helpful. With so many people in Apex these days, it is quite surprising that there are so few of them who blog on APEX.., guess it's still quite a close community with most of the talk in the forums itself :-)

By the way, do you have the link for Scott's technical paper about the reports. I searched in technet with some keywords but couldn't find them.