TurboManage

David Chandler's Journal of Java Web Development

  • David M. Chandler

    15-yr veteran of Web apps residing in Atlanta with the wife of my youth and our five children. My current project is ROA, a prayer list keeper written in GWT for AppEngine. In my "spare" time, I take pictures, preferably of Rocky Mountain National Park like the one above in which I am waving from The Keyhole.

  • My Google Notebooks

    Eclipse Cheat Sheet
    Perforce Tips

  • Blog Stats

    • 41,807 hits

DMC

David Michael Chandler

dchandler ‘at’ turbomanage dot c0m
LinkedIn: davidchandler

  • 15 yrs. experience in Web + database applications with 5 yrs. as TPM / lead
  • Industry experience in Internet banking, communications, and avionics
  • Published author & speaker, inventor of a patented data model, certified ScrumMaster
  • Speaker on Web application security at ApacheCon 2006, OWASP 2007, JSFOne 2008
  • Strong knowledge of SQL, database design, and object-relational (O/R) mapping, including techniques for self-referencing (hierarchical) data and inheritance models

Recent Projects

Digital Insight, an Intuit Company (formerly Magnet Banking) Mar 04 – Sep 09

Sr. Engineer / Web Architect. Led company-wide adoption of MVC and component-based Web architecture for Internet banking applications. Evaluated Java Web frameworks and portals for security, performance, etc., and supported product groups in implementation. Developed enhancements to JavaServer Faces (JSF) to address common security and usability problems such as forced browsing / session riding, parameter tampering, information leakage, and the back button. Presented JSF security work at ApacheCon, OWASP, and JSFOne conferences. Mentored new developers, conducted design and code reviews, led internal and external JSF and security awareness training. Enhanced MyFaces portlet and bridge portlet to migrate new & legacy apps to Liferay portal. Developed JSF front-end to Apache commons-configuration which dynamically creates a UI from XML config files and associated schemas. Technical environment: Linux, JBoss, Tomcat, Maven, Spring, Hibernate, JSF + Facelets, Liferay portal, Eclipse.

Bob Adams Homes (independent developer) Jun 03 – Dec 03

Web Application Developer. Developed a lightweight object-relational mapping framework similar to Hibernate and component-based Web UI framework similar to JSF to support a business intelligence database. The MVC application uses data-driven view, model, and controller code to dynamically create HTML forms and SQL statements from class metadata. Technical environment: ColdFusion MX on IIS, SQL Server 2k, Microsoft Visual SourceSafe.

Magnet Banking (contract) Feb 03 – Jun 03

Sr. ColdFusion Developer / Architect. Developed a Model View Controller (MVC) framework for ColdFusion similar to Fusebox, but event-driven to meet security requirements. The framework eliminated spaghetti code in the UI and was adopted for the entire code base. Rewrote key modules of the commercial banking Web application to protect against SQL injection and other OWASP Top 10 attacks. Led training in MVC, security best practices, and developer roundtables. Technical environment: ColdFusion 5, SQL Server 7 and 2000, IIS 5, Harvest.

NCS Pearson (contract) Jun 01 – Nov 02

Technical Project Manager. Led a team of eight Java developers in a customer-facing role to build an e-learning portal. Led requirements definition, project planning and status activities, and coordinated team activities on a daily basis. Despite great obstacles, delivered per estimates. Technical environment: WebLogic Portal 4.0, Oracle 8i on Solaris.

Performance Engineer. Analyzed Web activity logs, application logs, and server performance data in order to predict future performance under load. Validated performance models based on network queuing theory against actual results.  Technical environment: ColdFusion 5 + MX, SQL Server 7 + 2k, JRun 3.1, IIS 5, WinRunner.

Rockwell Collins (contract) Jun 00 – Oct 00

Technical Project Manager. Led a team of five to eliminate trouble spots in a Web-based collaboration tool. Modified the SQL Server security model from tight coupling with NT to an application-enforced model in order to streamline administration and reduce overall support requirements. Technical environment: ASP, SQL Server 7, Visual InterDev.

WABTEC Railway Electronics (contract) Feb 00 – Apr 00

ColdFusion / SQL Developer and Instructor. Developed a Web-based timecard system using ColdFusion and SQL Server. Designed and implemented the data model, user and admin screens in ColdFusion, specialized GUI controls in JavaScript/DHTML, and an Excel-based query interface for reporting. Used appropriate table indexes and T-SQL stored procedures to improve database performance. Developed and taught a comprehensive Web programming course using ColdFusion, SQL Server, and IIS. Technical environment: ColdFusion 4.5, SQL Server 7, IIS.

NCS Pearson (contract) Sep 99 – Dec 99

ColdFusion / SQL Developer. Created Internet application allowing school districts to update enrollment information and upload files. Created the data model and DTS import scripts to load fixed-width data files into SQL Server. Developed search routines to work with a mainframe ODBC driver having limited query capabilities and 500,000 rows of data. Wrote summary reporting tool for Sales. Technical environment: ColdFusion 4.5, SQL Server 7, IIS.

Rockwell Railroad Electronics (contract) Mar 97 – Apr 99

Web Applications Engineer. Created a Web / Java interface for a legacy application used to maintain a railroad data communications network. The Web application communicates with multiple Informix databases and multiple railroad data switches on UNIX hosts using TCP/IP, and generates HTML, JavaScript, and data files for Java applets dynamically. Designed and developed all aspects of the Web application, including database modifications, the database middleware in ESQL/C, a CGI applications framework in C, and a C code generator in lex and yacc which automates the creation of database screens. Also developed an issue tracking Web site using ColdFusion and Microsoft Access. Technical environment: Informix 5 and Apache on Tandem UNIX, ESQL/C, lex, yacc, JavaScript, Java applet, ColdFusion 3.1, Access.

IES Industries (contract) Jul 96 – Feb 97

UNIX / Internet Administrator and Webmaster. Installed and managed T1 Internet connection, including router (Cisco 2514), firewall (Gauntlet for BSD/OS), internal and external DNS, sendmail, and Netscape proxy server. Worked with desktop managers to simplify Web and IP administration. Brought standalone HP-UX environment under configuration management using NFS / NIS, SD-UX, and RCS. Created WebSAR, a proactive Unix network monitoring portal allowing you to view all key activity summaries on a single Web page.

Collins Avionics & Communications Division, Rockwell International Jan 93 – Mar 95

Intranet Administrator and GPS Engineer. Managed HP-UX Web server running NCSA httpd 1.3 on 3,000-node network to support engineering workgroups and corporate communications. Developed log file analysis tools, full-text search capabilities, and database utilities in perl 4. Prior to IT role, analyzed GPS receiver tracking control loops for military applications, developed receiver simulation software, and implemented anti-jamming algorithm in JOVIAL.

Publications, Patents, and Conferences

Running a Perfect Web Site, 1st ed. Macmillan Computer Publishing (QUE), April 1995, ISBN 0-7897-0210-X, 457 pages.

United States Patent 6,480,857 Method of Organizing Hierarchical Data in a Relational Database, June 2001.

Controlling Page Sequencing with an Event-Driven State Machine. ColdFusion Developers Journal, October 2004.

Securing JSF Applications Against the OWASP Top Ten Attacks, presenter at ApacheCon US 2006, OWASP 2007, JSFOne 2008

Education

University of Kansas
Aug 88 – May 90, Aug 91 – Dec 92
B.S. Electrical Engineering Dec. ‘92, 3.87 cum. GPA

Iowa State University
Aug 90 – May 91