Thursday, 11 September 2008

Patterns of Enterprise Application Architecture

I have just started reading this book and was fascinated. What I loved most about was that I could start identifying patterns I was already using - just didn't know what they were called.

The book starts of as a conversation about the different types of patterns (but always gives a page number where you can get more information) as you get towards the end of the book each pattern is discussed in much more detail (including examples in mostly Java and sometimes .net)

Unfortunately Jave appears to be Martin Fowlers language of choice - the Table Data Gateway pattern has this bit of code:-

public void LoadWhere(String whereClause){
String commandString=
String.Format("select * from {0} where {1}", TableName,WhereClause);
Holder.FillData(commandString, TableName);

Now I suspect most people reading this will spot the issue with the above instantly, but if not read up on SQL injection!!! (if you are unsure how devastating a sql injection attack can be then watch this video from TechEd - scary!

Perhaps I'm being picky, this is definitely only sample code - but it worries me how many people might just use this code and not notice the potential issue.

Anyway - the book is very good and I do recommend reading it - as Martin Fowler him self says

"Since patterns are common solutions to recurring problems, there's a good chance that you have already come across some of them... I'm not claiming to present anything new in this book. Indeed, I claim the opposite, this is a book of (for our industry) old ideas.... An important part of patterns is trying to build a common vocabulary, so you can say that this class is a Remote Facade and other designers will know what you mean"

The common vocabulary is exactly what I have found most useful about this book.

You can find the book on amazon here: (ISBN: 0-32101274200)

1 comment:

