Articles by Duncan Mills

Effective Page Authorization In JavaServer Faces

Thu, 10 Aug 2006 17:15:00 EDT

Application security - the art of applications defending themselves - represents an important line of defence in an overall in-depth security strategy. Web applications that follow the Model-View-Controller (MVC) architecture can, and should, have security implemented on all three layers. Normally it's the controller component that handles page authorization in MVC, the view layer that hides controls and information based on user authorization, and the model that enforces the business rules and input validation. However, it's up to the developer, based on an individual security policy and the programming technology used, to decide where to put security. Using pluggable validator components in JavaServer Faces (JSF), for example, developers may decide to verify user input on the view layer as well as on the model layer.

i-Technology Viewpoint: Thoughts on the Java Community

Fri, 08 Jul 2005 06:00:00 EDT

'Is it reasonable to insult and mock those with differing viewpoints? To publicly denigrate a fellow community member or group because they use the wrong IDE, Framework or design pattern (in your opinion) shows ignorance and lack of respect?' Duncan Mills thinks not. Read his essay here and join in the debate below.

J2EE vs .NET: Where Is Application Development Going?

Fri, 15 Apr 2005 00:00:00 EDT

The reason .NET 'presses a lot of the right buttons,' writes Duncan Mills, is that: 'It's a Meta-Framework - a one-stop shop.' In the J2EE world, on the other hand, while there is no doubt that there are a lot of fantastic point solutions and frameworks out there, as standalone islands of functionality they have a much harder sell in the corporate market. 'Are fully fledged meta-frameworks possible in the open standards J2EE space?' Mills asks, then goes on to show why in his view the answer is yes.