Learning Joomla! 1.5 Extension Development By Joseph LeBlanc.

Note: This book is for experienced PHP developers who wish to develop extensions for Joomla.

Netshine review:

An invaluable introduction to developing extensions on the Joomla 1.5 framework. The model/view/controller philosophy is nicely illustrated, and the author guides us step-by-step through every aspect of developing extensions using a real life example, which even includes adding advanced Javascript effects such as lightboxes and integrating with Google maps, jQuery, and MooTools.

It is often difficult to know where to start when teaching someone how to develop a Joomla extension, but LeBlanc rises to the challenge admirably, leading the reader down a logical path with a thorough and progressive explanation of everything involved, from toolbars to form output to packaging the extension for deployment.

The copious code samples are well presented and thoroughly explained, allowing a PHP developer without any prior knowledge of Joomla to begin turning their ideas quickly and confidently into functioning components, modules, and plugins. Even those with some knowledge of Joomla extension development will find this volume a handy reference guide to dip into. 

Joomla! Web Security By Tom Canavan. 

Netshine Review:

I was really looking forward to reading this book, as there is certainly a need for an authoratitive and easy-to-use volume on Joomla site security. Unfortunately, I was rather disappointed.

Whilst this book will point you in the right direction as far as securing your site is concerned, it lacks the clarity and detail I was hoping for. Sometimes it is assumed that you already have a strong and thorough technical knowledge. In my opinion, many items were not explained thoroughly or clearly enough for the average Joomla site owner, or even the budding extension developer, although the later chapters do provide a little more detail. I also found myself disagreeing with the author's opinion at times.

The good bits:

It makes mention of all the most important strategies for securing a Joomla site. Even if the clarity and detail is lacking at times, you at least have a starting point for further research. I liked the description of the steps that a browser and server go through to establish an SSL connection (although that information is not particularly useful, it was one of the few things that I thought was well presented). The book also introduces the reader to a number of very useful software tools.

Chapter 10, about incident management is excellent, and gives you plenty to think about. My only complaint about that chapter is the US-bias when talking about law enforcement. The appendix is also very good, providing a quick reference guide to dip into when you need it.

The bad bits:

MD5 hashes on software downloads - we are told to check that the hash matches the file, but not told what the hash is exactly, nor how to check it!

php.ini - told to check certain settings, but not told exactly what php.ini is, where to find it, or what to do if you don't have access to it (a later chapter provides a little more information, but still not enough).

In some parts of the book (in particular, dealing with file and folder permissions and .htaccess), it is assumed you are running on a Linux operating system with Apache. If this is not the case for you (eg. if you are running IIS on Windows), some of the material in this book may leave you feeling very confused, as it will make no sense whatsoever unless you have some familiarity with Linux.

Insufficient warning is given about the impact logging tools can have on your site (I was going to say no warning is given, but finally, on page 183, we get a small mention of performance degradation). If you install a Joomla component that logs statistics in your database, this can have a huge impact on the performance of your site, in particular, it could cause significant difficulties in creating backups, restoring backups, or moving your site to a new location. Some balance must be achieved between optimum security and performance and usability. In my opinion, a Joomla component is not the right tool for logging statistics - use a dedicated script with file logging, not database loggging.

A quote (about death and taxes) is incorrectly attributed to Mark Twain rather than Benjamin Franklin. I was also doubtful about the accuracy of an anecdote about messengers, tatoos, and beheading - but I'll let you make your own mind up about that!

Several attack examples are mentioned and even bogus sample code presented, but without any real explanation of how they work or why the code is being shown. Just showing a page full of obscure hex code does nothing to educate the reader on how an attack works or what to do about it.

In summary, if you are complete novice, this book will probably just frustrate you. If you are technically competent and have time to do further research, this book will provide a good, if at times confusing, basis for further investigation. If you are already fairly well clued-up on server configuration and security, you probably won't need this book, but it might help fill in some of the gaps and inform you about the security needs and tools peculiar to Joomla sites.