I didn't sleep that bad tonight. In the morning I checked my mails and worked a bit.
On the picture, taken in the morning, from left to right: Patrick Wolf, Kris Rice, Sue Harper, ODTUG board, David Peake, Dimitri Gielis, Flavio Casetta.)
Today APEXPosed started. You had to pay extra for these sessions, so it wasn't the regular ODTUG Kaleidoscope track.
The topics they covered with a bit of explanation and my view on things.
Breakfast
The time I arrived they just had to refill all sandwiches, so that was a bummer. I'll tell you tomorrow if it's good. Today I didn't have that much, some fruit and muesli.
APEX Keynote by Mike Hichwa
Mike started to talk about the history of APEX. Let's say before 2004, and the lessons they learned from it. Then they started to build APEX from scratch again with the first release in 2004 called HTMLDB 1.5, followed by 1.6 with the Themes quickly afterwards.
The other highlights; in 2.0 you got the SQL Workshop and 2.1 was the integration with Oracle XE. 2.2 brought Packaged Applications and then you got APEX 3.0! The awesome stuff ;-)
A lot of new feature, like for ex. MS Access Application Migration, Flash Charting, BI Publisher Reporting Integration, Improved Web Services, ...
Mike also showed his 10 most "cool" features of APEX.
Then we got to the really interesting stuff! APEX in the future.
There will be first a patched version of APEX 3, called APEX 3.0.1 (foreseen for this month). This version will also be shipped with the Oracle Database 11g. As I blogged yesterday, the integration with SQL Developer will be enabled too. Mike demoed some cool things, like deploying an APEX application right from SQL Developer! As we already could see, you get some reports and more insights into the APEX dictionary too.
This version will also probably work with Oracle XE... with maybe some installation guide.
So what will be in APEX 3.1? This was absolutely fantastic! If you didn't already like APEX, you'll definitely like this version! What do you think of: Practical, Tactical, Easy, Database Centric, Declarative, Opportunistic, Super Fast, Browser Based... and Pull Down Report Columns? Mike demoed APEX Worksheet! Man!! You can't believe it! There's a lot of AJAX inside that! I was a bit too late to tape it, but I'll get some more screenshot from Mr. AJAX himself. | Video of new APEX Workspace |
Lab: Hands-On Ajax and JavaScript by John Millinger
This session were some hands on on AJAX and Javascript.
First an overview of Javascript, then where you can find Javascript in APEX and exercises like Hide/Show an item and Check all check boxes.
Later we saw where AJAX is used in APEX and got some exercises on that as well, like for ex. auto population and dynamic reports.
It's always difficult to define "Advanced". I spoke with some people and they really liked it. Personally I already played with most of this. Nevertheless it was a nice exercise and overview again.
Lunch
We got some healthy food: a salad with some cheese and ham on. Some people didn't found it enough, but the dessert (some chocolate fudge pudding or cheese cake) was quiet heavy, so I didn't complain.
UI and Design by Scott Spendolini
Scott explained the difference in Themes and Templates. And then showed how you could make another theme in APEX. He build the Apple website theme in APEX and explained while he was doing that the different steps to build it, the pitfalls and the tools who can help you with it.
I believe this was a good session, especially if you didn't build a template yourself before. The experience and best practices Scott mentioned where also useful. I believe you learn the most from the experience of others.
Security by Raj Mattamal
The main topics Raj was discussing where: Security Balance, Create & Review Example Application, Declaratively Locking Example Application, Programmatic Measures, Deployment, Considerations and Other Considerations.
Raj pretty much mentioned every possibility you have in APEX to make your application more secure. In my session on Wednesday I'm also talking about Session State Protection, Authentication and Authorisation. He was talking about that too as also the use of bind variables and some other best/worst practices.
The "Cross-Site Scripting Attacks" demo I found really interesting. I didn't try that myself before. Putting some javascript in a text field on your form and then render the report... Give it a try yourself! Something to get afraid off ;-)
Ask the Experts - Open Forum
This session was Q&A with most of the APEX Development team and the other speakers of APEXPosed. David Peake took notes, so it might be possible he'll give some feedback on that. The questions were the normal ones, as I already blogged before when we did the IOUG, OOW or ODTUG Q&A of last year.
Welcome Reception
The reception is always a nice place to meet others. I saw Mark Rittman, the AMIS guys, Peter Lorenzen and a lot of others I got to know of ODTUG of last year.
APEX Meetup
After the Welcome Reception we went to the bar to have another drink with only APEX lovers. There must have been around 30 people, which didn't make it easy. The larger the group, the more difficult it is to talk to everybody. Some pictures I took during the meetup.
4 comments:
Thanks for the update Dimitri. Did Raj mention any techniques for dealing with the XSS javascript hacking problem? One thing we have done is change a lot of our report columns to Display as Text (escape special characters) but its a pain to do for all columns where there is possible user input.
Mike
Hi Mike,
That's exactly the thing I learned!
Your solution is the same as what Raj told to do to fix it or you could make a PLSQL package that detects the when it gets inserted.
Dimitri
Thanks Dimitri,
I was hoping for a more global solution, but maybe in 3.1 and some updatable metadata views or something.
Hope you're enjoying ODTUG (looks like you are).
Mike
Hi Michael,
You can easily change all the columns in one go check here: http://wiki.shellprompt.net/bin/view/Apex/XssExamples
Post a Comment