Book123

    Free register and download UseNet downloader, then you can FREE Download from UseNet.

    Download without Limit " Technical Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation " from UseNet for FREE!

Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation Publisher: Addison-Wesley Professional

Number Of Pages: 262

Publication Date: 1999-06-16

Sales Rank: 1527676

ISBN / ASIN: 0201310007

EAN: 9780201310009

Binding: Paperback

Manufacturer: Addison-Wesley Professional

Studio: Addison-Wesley Professional

Average Rating: 3.5

An expert tour of security on the new Java 2 platform, Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography. This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java. Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2. A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan Book Description: "The book is of enormous consequence and potential value. The Java(TM) 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else." --Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum "Profound! There are a large number of security pearls. I enjoyed and was very impressed by both the depth and breadth of the book." --Stephen Northcutt, Director of Research for Intrusion Detection and Response, SANS Institute Inside the Java(TM) 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java(TM) security architecture and describes security tools and techniques for successful implementation. This book features detailed descriptions of the many enhancements incorporated within the security architecture that underlies the Java 2 platform. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture. For those new to the topic, the book includes an overview of computer and network security concepts and an explanation of the basic Java security model. You will find detailed discussions on such specific topics as: * The original Java sandbox security model * The new Java 2 Platform permission hierarchy * How Java security supports the secure loading of classes * Java 2 access control mechanisms * Policy configuration * Digital certificates * Security tools, including Key Store and Jar Signer * Secure Java programming techniques * Ways to customize the Java security architecture with new permission types * How to move legacy security code onto the Java(TM) 2 Platform In addition, the book discusses techniques for preserving object security-such as signing, sealing, and guarding objects-and outlines the Java cryptography architecture. Throughout, the book points out common mistakes and contains numerous code examples demonstrating the usage of classes and methods. With this complete and authoritative guide, you will gain a deeper understanding into how and why the Java security technology functions as it does, and will be better able to utilize its sophisticated security capabilities in the development of your applications.

Review: Good book - Needs a complete revision from J2SE 1.4.2 This book is certainly gives good introduction to the fundamentals of Java security. For those new to Java security, there is also brief intro to security of the Java language and platform. The coverage on Java Security APIs are bit narrow and needs lot of update on JCE, JAAS, JSSE etc.

Frankly speaking this book is a bit obsolete and now it's for the authors to come out with a new edition including Java 5 and Java 6 ! Review: Go and buy this book If you are new to Java, then you shouldn't buy this book.

If you are new to security, then you shouldn't buy this book.

If you prefer loads of examples instead of dense and precise explanations, then you shouldn't buy this book.

If you are looking for a pictorial guide on Java security, then you would probably have to go somewhere else as well. However... If you know your Java basics,

If you like completeness,

If you like preciseness,

If you want to know why the APIs look the way they do,

If you take nothing for granted,

If you want an update on latest changes,

If you like things to be drawn in a historical perspective,

If you want a book that you can pick up and read a chapter without having to go through it in a linear way,

If you are serious about security,

In that case you should now pick up your coat, and run to the nearest bookstore to buy this book. The only thing I found odd in this book is the introduction into security, covering a discussion in general, and an overview of different types of security and access control models. The weird thing is that it introduces a lot of concepts, without actually refering to any of them in the chapters later on. Review: Required Reading for Java Security The second edition is the most up-to-date Java security book for j2se v 1.4.x. A must-required reading for Java security platform written by Sun's Java security team. It describes the nuts and bolts in a readable language. Highly recommended.

Review: Not an easy read, but well worth the effort I'm not surprised this book has drawn so many negative reviews. This book is indeed difficult to digest but then the Java Security model itself is rich, subtle and takes time to master. The book does an admirable job of explaining the motivation behind the complete overhaul of the Java 1.1 security architecture, the Java 2 security API design nuances, the flexibility of the fine-grained access-control model in Java 2 and how the backward compatibility concerns with code written with 1.1 style security checks were addressed in the new design. The book also has an intersting chapter addressing security needs of objects in transit (RMI) and a short chapter on cryptography, which anyway is a vast subject in its own left. The key chapters to read are the 3,4 and 5, especially for people who have some background in Java 2 security. On the negative side, I have to say, the book is inconsistent in parts - I have trouble believing that Li Gong wrote the entire book himself. It's amazing to see chapters discussing at length how you install Java 2, change your CLASSPATH on different platforms etc. while in the same book elsewhere, you see terse, packed explanations about how the classloader hierarchy works in 1.2 or how the basic access control algorithm is extended for privileged operations and some very concise but useful discussions about possible design alternatives in the core library itself. The code samples are very insightful in that they illustrate the workings of some of the core library classes itself with the new security infrastrucure and not some toy samples. However, this also makes the book an unlikely candidate for gleaning ready to use code samples from, which means, if you are looking for how to's and not whys this is probably not the book for you, you might want to consider the Oreilly book. For people well experienced in Java and OO design, if you want to learn insights about why the security apis are designed the way they are, you might well consider giving this book multiple reads. It's well worth the effort. In short, this is a difficult but good book. Hopefully, in subsequent editions Li Gong would work on making it better, and also include more details on interesting new additions like JAAS etc. Buy Book at Lowest Price on Amazon

Rating:
2.5 out of 5 by Book123