|
 |
|
 |
 |
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation (2nd...
|
by Li Gong, Gary Ellison, and Mary Dageforde
Sales Rank: 636102
|
List Price: $44.99
$35.99
At Amazon
|
|
Paperback: 384 pages
Publisher: Prentice Hall PTR; 2 edition June 6, 2003
Language: English
ISBN-10: 0201787911
ISBN-13: 978-0201787917
Product Dimensions:
9 x 7.1 x 1 inches
Shipping Weight: 1.4 pounds
Product Review
An expert tour of security on the new Java 2 platform, Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography.
This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.
Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.
A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan
--This text refers to an out of print or unavailable edition of this title.
Book Description
"The book is of enormous consequence and potential value. The Java(TM) 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else." --Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum
"Profound! There are a large number of security pearls. I enjoyed and was very impressed by both the depth and breadth of the book." --Stephen Northcutt, Director of Research for Intrusion Detection and Response, SANS Institute
Inside the Java(TM) 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java(TM) security architecture and describes security tools and techniques for successful implementation.
This book features detailed descriptions of the many enhancements incorporated within the security architecture that underlies the Java 2 platform. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture. For those new to the topic, the book includes an overview of computer and network security concepts and an explanation of the basic Java security model.
You will find detailed discussions on such specific topics as:
* The original Java sandbox security model * The new Java 2 Platform permission hierarchy * How Java security supports the secure loading of classes * Java 2 access control mechanisms * Policy configuration * Digital certificates * Security tools, including Key Store and Jar Signer * Secure Java programming techniques * Ways to customize the Java security architecture with new permission types * How to move legacy security code onto the Java(TM) 2 Platform
In addition, the book discusses techniques for preserving object security-such as signing, sealing, and guarding objects-and outlines the Java cryptography architecture. Throughout, the book points out common mistakes and contains numerous code examples demonstrating the usage of classes and methods.
With this complete and authoritative guide, you will gain a deeper understanding into how and why the Java security technology functions as it does, and will be better able to utilize its sophisticated security capabilities in the development of your applications.
--This text refers to an out of print or unavailable edition of this title.
Customer Reviews & Comments
This review is from: Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation (Paperback)
The Java 2 security APIs are large, complex, and quite difficult to understand (in fact, their complexity makes me very much afraid that their use will lead to widespread security problems in deployed Java applications, as application writers and site administrators are going to have a hard time keeping track of everything). Unfortunately, this book provides a difficult and dense coverage of Java 2 security. While it is doggedly thorough in its treatment of the security APIs, it does not ease the task of "pulling it all together" for the reader; if your understanding of Java 2 security is fragmentary when you start reading this book, it will not feel any more coherent when you are done. Much of the book has the feel of a "laundry list" to me; it reads as if the author felt he had to enumerate absolutely every security feature in Java 2. The result is that sections that are likely to be of marginal interest to most readers, such as PKI certificate management, receive about the same amount of coverage as subtle and important topics such as domain handling and permission checking. The prose in this book is simply leaden; on a number of occasions, I found myself having to read a paragraph several times, simply to figure out what the author was trying to say. While this book is invaluable for the information it contains (I will grant that it is much easier to navigate than Sun's security web pages), it is a great disappointment to me.
Comment | Permalink |
(Report this)
|
Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation (2nd...
List Price: $44.99
Available from Amazon
Price: $35.99
| |
|
|
|
|
