Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management (Core Series)

Customer Reviews:

Best Java Security Book for J2EE and Web Services........2007-09-23

This is a great book - by far the best security design book for Java and J2EE (including Java SE 6 and Java EE 5) I have read to date. When I first heard about my coworkers talking about this book, I thought "oh great, another J2EE book!" Much to my surprise, this book is not just a how-to security API or patterns recipe book but much more than that - I see it as a collection of valuable suggestions and examples on how to choose security mechanisms and use them in J2EE applications and web services. Moreover, it tells you what the bestpractices, pitfalls and tradeoffs are for each design pattern option you take. Particularly, You will find this book as an ideal companion for CORE J2EE PATTERNS - Deepak Alur et al, which is my favorite for designing J2EE applications.

This book is as close to size of a pillow and I do understand why the authors gave only code snippets for selected examples instead of full implementation. The case study is just right, it discusses the scenario and how to incorporate the patterns right in to the application design..which is just right for a Java developer who is involved with Java enterprise applications and web services. The best practices and security checklist detailed in this book - helps a lot during development and when you want to deploy a J2EE application/web service in production.

Having said that, I prefer this book as a must-have for any serious Java developer/designer/architect who wants to build Security from understanding basics of WHAT and know WHY you should architect your J2EE system in a particular way using best practices (a long list) and not just HOW. Ultimately you will find this book as an onestop reference for building security in J2EE applications and web services.

Java security made easy. Excellent title worth investing on........2007-09-18

If you ever want to understand about security and its role in the development of J2EE enterprise-level applications, then you should consider buying this book from your local bookstore.

The authors have done an excellent job in explaining the basics of security as it applies to the most common business practices, as well as deliver intricate details on the inner workings of the Java platform security architecture. Even though this book covers in its majority Java technologies, you don't have to be a Java developer or architect to appreciate it.

The book is divided in 7 major parts:

Part 1: Introduction and Basics of Security

Part 2: Java Security Architecture and Technologies

Part 3: Web Services Security and Identity Management

Part 4: Security Design Methodology, Patterns, and Reality Checks

Part 5: Design Strategies and Best Practices

Part 6: Putting it all together

Part 7: Personal Identification using Smart Cards and Biometrics

Parts 1-5 provide reams of detail about the fundamentals of security, the J2EE security architecture, and the technologies used to enable Web services security. In addition, there is a comprehensive explanation of patterns and practices for J2EE developers, as well as design strategies and best practices for securing J2EE Web components and web-based applications.

Web developers might want to pay special attention to Part 3 of the book because it gives an insight on fortifying Web services, authenticating and authorizing end users, and applying the latest cryptographic techniques. XML is described in detail as the encoding for messages between parties using a Web Service.

Note that this book does not explain the specific JAVA APIs needed for basic J2EE application development. Twenty-three proven security architectural patterns are discussed and presented through several realistic scenarios, covering architecture and implementation and presenting detailed sample code.

Part 6 of the book describes how to use this newly acquired knowledge in the implementation of real-world security scenarios.

Finally, we found the last part of this book as the most intriguing. It provides an in-depth coverage on Personal Identification using Smart Cards and Biometrics, their role in physical and logical access control, and the different technologies used in their implementation. Best practices and common pitfalls that might arise when implementing security using smart cards and biometrics are also discussed.

Overall we believe this is excellent book for the security enthusiast who wants to build robust end-to-end security into J2EE enterprise applications.

Excellenet book for Java Security architects.......2007-07-22

Like any Sun core book, this "reference" manual is cut above the rest. Personally I use it more as a reference manual helping me to understand and design security requirements for a project.

The reference book of the java security.......2007-07-19

A fantastic book that each java developer should have. Today, the security is becoming a real requirement of each java based enterprise application, and this book, in my opinion, represents the best reference. It is a very exhaustive and complete book for both beginner and advanced levels.

I don't think this is an awesome book.......2007-05-09

I am amazed by the 5 star ratings everybody has given this book! And I have implemented several enterprise level security implementations/integrations supporting hundres of thousands of users.

In my opinion, this book is really feeding the buzzwords frenzy of security domain. It certainly "talks the talk", but can it "walk the talk"?

I can think of numerous glaring examples where the book falls short. To name a few:
- Smart Cards (lots of power point and management level sales fluff here)
- JAAS (I have seen it being described much better in fewer words)
- SAML (huh?)

I think the book does a below average job of providing practical information. Even the content does not flow very smoothly and coherently.

Swing Hacks: Tips and Tools for Killer GUIs (Hacks)

Average customer rating:

finally a useful book with no bla-bla
Spruce up your Swing!
Some dubious hacks.
Belongs In Your Swing Toolkit
Excellent

Swing Hacks: Tips and Tools for Killer GUIs (Hacks)
Joshua Marinacci , and Chris Adamson
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Hacking | Business & Culture | Computers & Internet | Subjects | Books

Security | Business & Culture | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

General | Programming | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0596009070

Book Description

Swing Hacks helps Java developers move beyond the basics of Swing, the graphical user interface (GUI) standard since Java 2. If you're a Java developer looking to build enterprise applications with a first-class look and feel, Swing is definitely one skill you need to master. This latest title from O'Reilly is a reference to the cool stuff in Swing. It's about the interesting things you learn over the years--creative, original, even weird hacks--the things that make you say, "I didn't know you could even do that with Swing!" Swing Hacks will show you how to extend Swing's rich component set in advanced and sometimes non-obvious ways. The book touches upon the entire Swing gamut-tables, trees, sliders, spinners, progress bars, internal frames, and text components. Detail is also provided on JTable/JTree, threaded component models, and translucent windows. You'll learn how to filter lists, power-up trees and tables, and add drag-and-drop support. Swing Hacks will show you how to do fun things that will directly enhance your own applications. Some are visual enhancements to make your software look better. Some are functional improvements to make your software do something it couldn't do before. Some are even just plain silly, in print only to prove it could be done. The book will also give you give you a small glimpse of the applications coming in the future. New technology is streaming into the Java community at a blistering rate, and it gives application developers a whole new set of blocks to play with. With its profusion of tips and tricks, Swing Hacks isn't just for the developer who wants to build a better user interface. It's also ideally suited for client-side Java developers who want to deliver polished applications, enthusiasts who want to push Java client application boundaries, and coders who want to bring powerful techniques to their own applications. Whatever your programming needs, Swing Hacks is packed with programming lessons that increase your competency with interface-building tools.

Customer Reviews:

finally a useful book with no bla-bla.......2007-02-17

Along with Swing Hacks I bought Swing Second Edition by Robinson and Vorobiev. What a contrast! Marinacci gives concise, fascinating, and useful examples. He leaves out the junk that you can get from reading the API. His hacks are short and remarkably clear. And if a hack doesn't interest you, you can just skip it.

In contrast, R&V dump a ton of junk on you, and you have to sift through it. Most of it is a rehash of the API, plus deadly boring chit-chat about what extends what. You can read and read and read and not learn anything useful.

I'd rank Marinacci up at the top with the Effective Java, the Swing Tutorial and Thinking in Java.

Spruce up your Swing!.......2006-06-26

The Swing library is what makes Java usable for most users; ask them to interact with a purely text interface, and they'll look at you like you grew a set of antennae. But the Swing library is difficult to absorb due to its size, and to tell the truth, the results I have seen with simple Swing were less than inspiring.

Swing Hacks takes this to the next level, showing how to make your interfaces shine. It does assume a fairly good understanding of Swing, so no newbies should get this imagining they'll be Swing gurus in no time. But learning Swing, and then applying the hacks in this book, you'll set yourself apart from the rest of the bunch.

Some dubious hacks........2006-05-20

Some of the hacks are, well, very hacky. The auto-completion class here is worthless, more of a bare starting place to mabye make something useful with a lot of work. But why bother when there is better code out there on the web (google "swinguistuff completion", or check out swinglabs).

Belongs In Your Swing Toolkit.......2006-05-07

Simply put, this is an incredibly useful book for Swing programmers. I've written a fair amount of GUI code and have needed several all-encompassing Swing books strewn about my desktop while doing so. Each had their own strengths and weaknesses, so if you had the right collection you could pretty much figure out how to do anything. (Except GridBagLayout of course :-)
This book belongs in that collection. It's unlike the other Swing books because it doesn't attempt to walk its way through the entire Swing framework. Instead, it's a collection of 100 neat and useful things one might want to try while implementing a GUI. The beauty is that each "hack" is pretty much self-contained, so if you're interested in something, check it out; if not, don't. (Although I found myself checking out more stuff than I thought I would. Kinda like, "Oh, so that's how you would do that!" It's almost addicting.) This also means you can jump around without being penalized for skipping intervening pages.
One more thing I like: They don't just give you the hack; they explain *why* you need to do certain things. There's so much going on behind the scenes in Swing - especially with things like layout, sizing, and painting - that you can waste a lot of time just because you don't know the one or two lines of code necessary to get something just right. If you *understand* what's going on your quest to discover those couple of all-important lines can be shorter and more enjoyable.

Excellent.......2006-02-01

Having been a software developer for many years, I have accumulated boxes and boxes of computer books - some are better than others. This book is simply outstanding. All of the "hacks" are relevant and useful in their adaptability and applicability to real-world use; and they are organized intelligently, meaning that it generally takes only a few moments to find and match a hack that is applicable to a given problem.

The book is written in a conversational tone rather than the dry reference style of many other books. The authors describe the problem space that each hack is intended to address, and then present the solution in words that make you feel like they are speaking directly to you. This makes the book a very easy, almost entertaining read.

Finally, each hack is presented as a free-standing solution. When you find a hack that looks interesting, it can be used without requiring endless references to other sections of the book. For example, there are numerous points where the authors (briefly) re-describe the glass pane, but it is clear that they purposely took this approach to support the free-standing nature of each hack, saving the reader the effort of raffling through the book for supporting information.

If you work with Swing, you'll find yourself reaching for this book on a regular basis.

Average customer rating:

Very Nice but not for everyone
Gentle Introduction to Ruby on Rails for the Experienced Java Developer
If you know Java and are curious about Rails, buy this book.
Excellent overview of Rails ~and~ Java technologies
Attention Java Developers - A Must Read Book!

Rails for Java Developers
Stuart Halloway , and Justin Gehtland
Manufacturer: Pragmatic Bookshelf
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books
Similar Items:

ASIN: 097761669X

Book Description

Many Java developers are now looking at Ruby, and the Ruby on Rails web framework. If you are one of them, this book is your guide. Written by experienced developers who love both Java and Ruby, this book will show you, via detailed comparisons and commentary, how to translate your hard-earned Java knowledge and skills into the world of Ruby and Rails.

If you are a Java programmer, you shouldn't have to start at the very beginning! You already have deep experience with the design issues that inspired Rails, and can use this background to quickly learn Ruby and Rails. But Ruby looks a lot different from Java, and some of those differences support powerful abstractions that Java lacks. We'll be your guides to this new, but not strange, territory.

In each chapter, we build a series of parallel examples to demonstrate some facet of web development. Because the Rails examples sit next to Java examples, you can start this book in the middle, or anywhere else you want. You can use the Java version of the code, plus the analysis, to quickly grok what the Rails version is doing. We have carefully cross-referenced and indexed the book to facilitate jumping around as you need to.

Thanks to your background in Java, this one short book can cover a half-dozen books' worth of ideas:

Programming Ruby

Building MVC (Model/View/Controller) Applications

Unit and Functional Testing

Security

Project Automation

Configuration

Web Services

Customer Reviews:

Very Nice but not for everyone.......2007-07-07

I had started this book awhile ago, but then got distracted with various things and left it. I recently started reading it again and just finished it.
I have been puzzled by the relatively lower ranking of this book in the Amazon sales rankings compared to other Ruby/Ruby on Rails books. What is even more puzzling is the fact that amlost everyone who has bothered to write a review has given it full five starts including myself. Here is my guess on why is it so (I may be wrong):
This book assumes certain experience, skill set, knowledge, and sophistication on the reader's part. This means that the person should have a good deal of Java and more importantly J2EE knowledge and real-world experience both as a developer and architect. Unless one has suffered through the baggage that goes with "Enterprise Java", it is very hard to understand and appreciate what the authors are trying to say. Merely having played with J2EE/Java is not sufficient to enjoy this book and get something out of it. You have to lived through at least one complete life-cycle of a typical J2EE project to appreciate the fine points that the authors are making in this book.
One thing is clear to me: even though they try very hard to maintain a neutral posture throughout the book, given a choice, they would rather code Ruby and RoR than Java and J2EE (who wouldn't?).
If you have the necessary experience, knowledge, and skills; then the book becomes very useful. I have particularly enjoyed the later chapters of the book dealing with Testing, Rake, Web Services, and Security.
I hope that they continue to "push" the boundaries of Ruby on Rails knowledge and share it with the rest of us in their excellent writing style.

Gentle Introduction to Ruby on Rails for the Experienced Java Developer.......2007-05-20

In "Rails for Java Developers", Stuart Halloway and Justin Gehtland provide an introduction to Ruby and the Rails web application framework aimed at the Java developer more familiar with frameworks such as Struts and Hibernate. There's a lot of buzz in the Java community surrounding Ruby and Ruby on Rails so this title is quite timely.

Halloway and Gehtland provide a tutorial to learning Ruby and Rails by examining similarities with Java. The tutorial progresses by providing examples in both Ruby and Java using popular Java frameworks. The introduction of Ruby and Rails concepts by juxtaposing them with similar concepts implemented in Java is comforting for the developer who may feel a little intimidated by the differences between the languages. Working through the book, the Java developer will learn the basics about creating and deploying Ruby on Rails applications, picking up an exciting new language along the way.

The first three chapters introduce the Ruby programming language. This is the best Java-centric Ruby introduction that I've seen and it's something I wish I had available to me when I was first learning the language. The rest of the material covers the basics of Rails applications as well as web services and security issues. I found the chapters on testing and automating the development process to be particularly good.

The approach this book takes may not be suitable for everyone. After a certain point, I found that the constant juxtaposition of the Java way of accomplishing a task with the Ruby on Rails way of accomplishing a task wore a bit thin. I found myself just trying to skip past the Java bits to get on with the Ruby. Still, I found the book to be quite good overall. If you are an experienced Java developer seeking a gentle introduction to Ruby on Rails, you can't do better than "Rails for Java Developers".

If you know Java and are curious about Rails, buy this book........2007-04-12

Simply put, I wish that I had been able to read Stu Halloway and Justin Gehtland's Rails For Java Developers before I began on my own journey of learning Ruby and Rails after a professional life of Java development. If you are looking for a book that cuts through the hype to a commendably unbiased comparison of the web development environment in these two great languages, look no further.

With "Rails is not for everything" on the first page of the preface, the book identifies its audience as informed Java developers who haven't necessarily made up their minds about Ruby and Rails. To paraphrase the authors, however, Java programmers have lived through a lot of the struggles that Rails attempts to address. Through showing how and explaining why this is the case, this book serves as an excellent guide for those of us willing to investigate a new technology for web development.

When you buy a new car, the first step is the test drive. In the same way, Chapter 1 is like a test-drive of a "car" unlike any you've ever been in as a Java developer. The tour is as brief as possible while still exposing the reader to all of the ideas that the rest of the book fleshes out. In fact, for those who found any particular topic instantly appealing, the book provides an instant reference for where to turn next.

After any test drive invigorating enough to get you to purchase the vehicle, the dealer will often sit you in the drivers seat and point out where everything is in the unfamiliar cockpit. Chapter 2 is much the same, showing how familiar concepts in the Java language are expressed in the Ruby language. The chapter contains ten sections on topics ranging from the basics of primitive types and arrays to control flow and exception handling. This sets the stage for Chapter 3 where the authors explore those aspects of Ruby that either have no clear analogue in Java or are essentially unrecognizable.

In Chapter 4, the authors crack the hood and show you just how different Hibernate and ActiveRecord are from a developer's perspective. There are a lot of differences, and I feel this chapter will be the first that begins to give the reader an idea about whether they'll enjoy the Rails framework as a whole. The "Rails Way" begins to become visible and stands in stark contract to the choices that Hibernate makes in its own implementation. The authors' aim is to compare these two frameworks without bias, and they succeed.

A comparison of Struts and ActionController is the focus of Chapter 5. Struts' status as the lowest-common-denominator of the Java frameworks that specialize in communication with web forms led to its inclusion in this chapter. Again the authors walk through a simple example, illustrating the differences in approach. Many of Rails' optimizations towards developer simplicity come at a cost of application performance. An investigation at the end of this chapter provides an estimation of the ultimate cost of those tradeoffs.

Chapter 6 focuses on rendering HTML, where the Java developer space is somewhat more fragmented. As a result, a lot of the Java material focuses on general concepts, while the Rails material is focused on some of the most advantageous elements of the Rails stack-- specifically AJAX and RJS. I do find it to be a bit strange that the authors took the time to discuss Markaby, which, to my knowledge, is not very widely used at all.

Testing is the focus of Chapter 7. Although treatment of rcov and the "dummy objects" make this a useful section even for intermediate Rubyists, I'm a bit surprised that the authors did not focus more specifically on Rails testing. One of the central tensions in the book (and between outspoken practitioners of both languages) is the attitudes that the respective communities have towards choice. Perhaps more than in any other area, the submission to "opinionated software" reaps considerable rewards when testing Rails code.

Chapter 8 deals with the development process itself, focusing on build tools like Rake and Ant, and continuous integration tools like Cerebus and CruiseControl. The authors do not spend as much time on the inner workings of those libraries as they do on the Rails libraries. That's understandable, because uses of a build tool are myriad; this book is meant to be an introduction. If build tools and deployment are areas of interest for you, you'll likely need other resources to become more familiar with the breadth of offerings on both the Java and Ruby sides. My experience tells me that Rake is more expressive than Ant, but there's certainly a learning curve for both.

Chapter 9 concerns Web Services and XML. There are many ideas discussed in this short chapter, because this topic is getting attention in different ways among leading Ruby and Java programmers. There is a lot of enthusiasm for REST on the part of many Rails developers, and so the authors provide a brief overview of what REST is, and how Rails supports it. Java developers have to parse XML in many different contexts, and there's a lot of work that has gone into developing a useful and highly efficient stack for processing XML data. As a result, comparisons and contrasts dominate the chapter.

Chapter 10 deals with security and doesn't include too much treatment on the Java side. It seems to be a defense of Rails against some common attacks. While I do feel that's useful information, especially for any reader in a discussion with his manager, it seems that Ruby security libraries are not yet as mainstream as those of Java, such as Acegi.

If you've read this far, you should definitely buy the book.

Excellent overview of Rails ~and~ Java technologies.......2007-03-26

This is more than a typical "We love Rails!" book. Instead Justin and Stuart put their years of experience to good use and point out where Java and Ruby paradigms overlap, and how to decide which technology you should use for a particular problem. In addition to being a great introduction to the Rails arena, it's also a very good "compare and contrast" text.

If you're a Java programmer who wants to get a great overview of the Rails space, of a Java programmer who wants to get a handle on many of the Java front-end technologies, this book would be a great purchase.

Attention Java Developers - A Must Read Book!.......2007-02-24

Stu and Justin hit a sweet spot with this rails book. Unlike other Ruby and Rails books, this one specifically focuses on learning Rails, Ruby, Rake, and ActiveRecord from a Java Developer's standpoint. In my opinion there is no better way to learn Rails than the methods and techniques used in this book. Stu and Justin use practical techniques and examples thoughout the book that you can easily use to code along side the book while reading it.

The other thing I like about this book is that they cover the complete picture, not just Rails. There are chapters devoted to Ruby, ActiveRecord, Rake, security and testing - all from a Java Developer's point of view. Through this book Stu and Justin correctly point out that it doesn't have to be an either-or situation. This is not a "one-size-fits-all" world. They are right - and that is the main reason you should read this book. Read this book to expand your knowledge, grow in your career, and learn not only how to code in Rails but how to be a better Java Developer as a result.

J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)

Average customer rating:

Good book, with reservations
Comprehensive Java Security Book
Not a Hacking Exposed book at all
Security for advanced Java developers
Real Help for J2EE Programmers

J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)
Art Taylor , Brian Buege , and Randy Layman
Manufacturer: McGraw-Hill/OsborneMedia
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Hacking | Business & Culture | Computers & Internet | Subjects | Books

Security | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0072225653

Book Description

Written in the same exciting and informative style as the international blockbuster Hacking Exposed, this book provides comprehensive coverage of the tools and techniques for testing and correcting J2EE and Java security issues. Includes examples of J2EE attacks and countermeasures, risk ratings throughout the chapters and case studies.

Customer Reviews:

Good book, with reservations.......2004-03-16

This book has some nice examples and is fairly complete, but some sections are basically a regurgitation of the java.sun web site!
In many technical books, it is common to find multiple authors, each writing a section based upon his/her expertise. Since each author has a specific writing style and personality, there is usually a person (or persons) charged with proofing and approving the sections as well as working to make the transitions seamless and consistent. This book was written by three different authors and it would appear to me that at least one of the authors turned in work that is remarkably similar to existing sources!

Here is a sample of the JCE section in HackingExposed:
"The Java Cryptography Extension (JCE) package provides a framework for encryption and decryption, key generation, key agreement, and MAC. Encryption allows symmetric, asymmetric, block, and stream ciphers, with additional support for secure streams and sealed objects."
Now here is the verbage from the java.sun.com website:
"The JavaTM Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects."

To be fair, it appears that the problems are confined to the first section of the book. The final 2/3 of the book are closer to what I expect from the Hacking Exposed series.

Comprehensive Java Security Book.......2003-11-11

This is a very good book on java security that starts pretty much from the ground up so you have to know much about security to read it. The first part of the book starts out with
some of the java security basics (classloading, protection domains, etc.) and then goes through the JAAS, JCE, and JSSE modules.

The second part of the book goes through how to use security in stand alone java applications and what pitfalls you need to watch out for. The book also details where security is lacking or not mature and what the alternative are.

The third section of the book goes through security in the J2EE environment and where the J2EE containers can help out the developers by doing most of the work for them.

Overall this book provides a very good overview of security in all the java environments while not requiring previous security knowledge. I highly recommend it.

Not a Hacking Exposed book at all.......2003-02-06

If this book had been titled differently, I would have had no
reason for complaint: it gives a good introduction to Java
Security, and how to deploy it in various forms.

But it *is* titled 'Hacking Exposed'. That is now taken
to be an indication of a particular approach to security,
... The blurb acknowledges it: 'The proven Hacking Exposed
methodology' is the first thing mentioned under 'What You Learn'.

And I bought this title without second thought -- I have
nothing but praise for the previous books, and expected
to find the same approach and the same quality here.

In this book you find a lot of information on prevention, but
very little on actual vulnerabilities. As a result the
message is far less urgent. If I can demonstrate a 'hack'
the message gets across very quickly: we have to do something
about it now. But if all I can do is point to a text that
says 'attackers can potentially attach a debugger to our
application and watch the code as it runs', urgency is gone.

There's another point there as well: 'our application'.
Those words probably sum up the difference from, say, 'Hacking
Exposed Web Applications'. This book is not from the point of
view of the hacker that the previous books used so well to get
their message across. This is 'we', protecting our assets from
a considerably more nebulous hacker than has appeared earlier.

The difference is the same as between an actual security
incident on one hand, and the report of a threat analysis on
the other.

In short, this is not a Hacking Exposed book. It's a Java
Security Exposed book. As such it probably merits four stars.

But ... as it is marketed as a Hacking Exposed book, and,
in my opinion, doesn't live up to the expectations that goes
with that trademark, I'm afraid I can't give any rating at all.
(1 star seems to be the lowest possible, so that is what I give it.)

I'll be very careful about purchasing the next red book
with "Hacking Exposed" all over the front cover. I just
might find that I have bought 'Hacking Exposed - ISO 17799'.

Security for advanced Java developers.......2002-11-12

The book uses an example Java application which is intially very unsecure, and throughout the book the vulnerabilities of the example are discussed and countermeasures are written. Then the application is webenabled, creating new vulnerabilities which are fixed again, and so on. This way the complex material is covered in an easy accessible yet comprehensive way, without becoming lengthy. This book is a must have for any serious Java web developer interested in application security. Not recommended for beginners, though.

Real Help for J2EE Programmers.......2002-10-23

This is one of the best books I've read on J2EE security. The recommendations in this book improved my exisiting production applications and development designs.

Inside Java 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition)

Average customer rating:

Good book - Needs a complete revision from J2SE 1.4.2
Go and buy this book
Required Reading for Java Security
Guardrails for JDK 1.2
Not an easy read, but well worth the effort

Inside Java 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition)
Li Gong , Gary Ellison , and Mary Dageforde
Manufacturer: Prentice Hall PTR
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Design & Architecture | Hardware | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0201787911

Amazon.com

An expert tour of security on the new Java 2 platform, Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography.

This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.

Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.

A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan

Book Description

"The book is of enormous consequence and potential value. The Java(TM) 2 Platform Security represents an advance of major proportions, and the information in this book is captured nowhere else." --Peter G. Neumann, Principal Scientist, SRI International Computer Science Lab, author of Computer-Related Risks, and Moderator of the Risks Forum

"Profound! There are a large number of security pearls. I enjoyed and was very impressed by both the depth and breadth of the book." --Stephen Northcutt, Director of Research for Intrusion Detection and Response, SANS Institute

Inside the Java(TM) 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java(TM) security architecture and describes security tools and techniques for successful implementation.

This book features detailed descriptions of the many enhancements incorporated within the security architecture that underlies the Java 2 platform. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture. For those new to the topic, the book includes an overview of computer and network security concepts and an explanation of the basic Java security model.

You will find detailed discussions on such specific topics as:

* The original Java sandbox security model * The new Java 2 Platform permission hierarchy * How Java security supports the secure loading of classes * Java 2 access control mechanisms * Policy configuration * Digital certificates * Security tools, including Key Store and Jar Signer * Secure Java programming techniques * Ways to customize the Java security architecture with new permission types * How to move legacy security code onto the Java(TM) 2 Platform

In addition, the book discusses techniques for preserving object security-such as signing, sealing, and guarding objects-and outlines the Java cryptography architecture. Throughout, the book points out common mistakes and contains numerous code examples demonstrating the usage of classes and methods.

With this complete and authoritative guide, you will gain a deeper understanding into how and why the Java security technology functions as it does, and will be better able to utilize its sophisticated security capabilities in the development of your applications.

Customer Reviews:

Good book - Needs a complete revision from J2SE 1.4.2 .......2006-03-22

This book is certainly gives good introduction to the fundamentals of Java security. For those new to Java security, there is also brief intro to security of the Java language and platform. The coverage on Java Security APIs are bit narrow and needs lot of update on JCE, JAAS, JSSE etc.
Frankly speaking this book is a bit obsolete and now it's for the authors to come out with a new edition including Java 5 and Java 6 !

Go and buy this book.......2003-10-06

If you are new to Java, then you shouldn't buy this book.
If you are new to security, then you shouldn't buy this book.
If you prefer loads of examples instead of dense and precise explanations, then you shouldn't buy this book.
If you are looking for a pictorial guide on Java security, then you would probably have to go somewhere else as well.

However...

If you know your Java basics,
If you like completeness,
If you like preciseness,
If you want to know why the APIs look the way they do,
If you take nothing for granted,
If you want an update on latest changes,
If you like things to be drawn in a historical perspective,
If you want a book that you can pick up and read a chapter without having to go through it in a linear way,
If you are serious about security,
In that case you should now pick up your coat, and run to the nearest bookstore to buy this book.

The only thing I found odd in this book is the introduction into security, covering a discussion in general, and an overview of different types of security and access control models. The weird thing is that it introduces a lot of concepts, without actually refering to any of them in the chapters later on.

Required Reading for Java Security.......2003-08-04

The second edition is the most up-to-date Java security book for j2se v 1.4.x. A must-required reading for Java security platform written by Sun's Java security team. It describes the nuts and bolts in a readable language. Highly recommended.

Guardrails for JDK 1.2.......2003-07-29

If you are a Java developer, please read this book. It is complete in terms of the security hooks and accurate. It is a great book, deserving of five stars.

Not an easy read, but well worth the effort.......2002-01-04

I'm not surprised this book has drawn so many negative reviews. This book is indeed difficult to digest but then the Java Security model itself is rich, subtle and takes time to master. The book does an admirable job of explaining the motivation behind the complete overhaul of the Java 1.1 security architecture, the Java 2 security API design nuances, the flexibility of the fine-grained access-control model in Java 2 and how the backward compatibility concerns with code written with 1.1 style security checks were addressed in the new design. The book also has an intersting chapter addressing security needs of objects in transit (RMI) and a short chapter on cryptography, which anyway is a vast subject in its own right. The key chapters to read are the 3,4 and 5, especially for people who have some background in Java 2 security.

On the negative side, I have to say, the book is inconsistent in parts - I have trouble believing that Li Gong wrote the entire book himself. It's amazing to see chapters discussing at length how you install Java 2, change your CLASSPATH on different platforms etc. while in the same book elsewhere, you see terse, packed explanations about how the classloader hierarchy works in 1.2 or how the basic access control algorithm is extended for privileged operations and some very concise but useful discussions about possible design alternatives in the core library itself. The code samples are very insightful in that they illustrate the workings of some of the core library classes itself with the new security infrastrucure and not some toy samples. However, this also makes the book an unlikely candidate for gleaning ready to use code samples from, which means, if you are looking for how to's and not whys this is probably not the book for you, you might want to consider the Oreilly book.

For people well experienced in Java and OO design, if you want to learn insights about why the security apis are designed the way they are, you might well consider giving this book multiple reads. It's well worth the effort.

Amazon.com

Java Enterprise in a Nutshell gives advanced Java developers a one-stop resource for programming with the disparate APIs required for today's enterprise development, including JDBC, RMI, servlets, and EJBs. Beginning with JDBC database programming, the book gives a chapter-by-chapter tour of various enterprise development APIs, including program strategies for each API. For JDBC, the book includes new Java 2 JDBC enhancements like batch and recordsets.

Next comes Java's Remote Method Invocation (RMI) classes for calling remote code. Then it's on to using Java IDL and CORBA basics. A chapter on Java servlets will get you started delivering dynamically generated HTML using Java on Web servers, including useful material on cookies and session management. After coverage of the Java Naming and Directory Interface (JNDI) comes a solid exploration of EJBs with material on both session and entity beans. Specifics here include home and remote interfaces, EJB containers, stateless vs. stateful session beans, and entity beans for accessing corporate databases.

Overall, this handy and readable guide to the latest in Java APIs can be truly invaluable to the developer bringing Java to the corporate enterprise for the first time. --Richard Dragan

Book Description

Nothing is as constant as change, and this is as true in enterprise computing as anywhere else. With the recent release of Java 2 Enterprise Edition 1.4, developers are being called on to add even greater, more complex levels of interconnectivity to their applications.

To do this, Java developers today need a clear understanding of how to apply the new APIs, use the latest open source Java tools, and learn the capabilities and pitfalls in Java 2 Enterprise Edition 1.4 -- so they can plan a technology and implementation strategy for new enterprise projects.

Fortunately, this is exactly what they get with the new Java Enterprise in a Nutshell, 3rd Edition. Because most integrated development environments (IDE) today include API lookup, we took out the main API sections from our previous edition to make room for new chapters, among others, on Ant, Cactus, Hibernate, Jakarta Struts, JUnit, security, XDoclet, and XML/JAXP.

Revised and updated for the new 1.4 version of Sun Microsystems Java Enterprise Edition software, Java Enterprise in a Nutshell, 3rd Edition is a practical guide for enterprise Java developers.

Customer Reviews:

Disappointing.......2007-10-05

Warning to all buyers, the 3rd edition of this book does not include the J2EE library reference. While I realize this information is available online, having a printed form of library references is the primary reason I buy the "in a nutshell" series. Included in this book is a very general overview of various enterprise technologies, which unlike the very useful language reference include in other "in a nutshell" books, seems to broad and shallow to be useful. Any developer serious about working in JSP, for example, would be better served buying a book on JSP. Admittedly I just received this book so I can provide a cursory commentary on the usefulness of the material, but the lack of library details alone would have made me not purchase it if I was browsing in a store.

Very good.......2007-03-15

I'm very happy, i have got "java in a nutshell" too and I was very satisfied of my purchase, the book is simple and written very well, a "must" for a Java programmer.

VERY VERY HIGHLY RECOMMENDED!!.......2006-08-06

Do you have all of the tools you need to build enterprise-class applications? If you don't, then this book is for you! Authors Jim Farley, William Crawford, Prakash Malani, Justin Gehtland and John G Norman, have done an outstanding job of writing the third edition of a book that provides a pragmatic introduction to the latest release of Java 2 Enterprise Edition (J2EE).

Farley, Crawford, Malani, Gehtland and Norman, begin by presenting the general model that J2EE supports for assembling components and resources into full services or applications and how they are deployed to their runtime environments. Then, the authors demonstrate the basic techniques that are used to write servlets using the Sevlet API, including some common web development tasks such as cookie manipulation and session tracking. Next, they look at JSP from a Java programmer's perspective as opposed to that of a web site designer. The authors then provide a whirlwind introduction to programming with JavaServer Faces. They continue by providing a basic introduction to Enterprise JavaBeans. Then, the authors take a quick look at Sun's Java API for XML Processing (JAXP) Version 1.2, which provides a standardized approach to processing XML files in Java. Next, they focus on the JDBC 3.0 API, which includes a modest yet variable set of new features. The authors then provide an overview of transport and application security as well as defining the important concepts of authentication and authorization. They continue by focusing on developing, deploying, and using web services in your enterprise applications. They also examine the Java Remote Method Invocation (RMI) API--Java's native scheme for creating and using remote objects. Then, the authors look at an overview of the CORBA architecture and how it allows you to create, export, access, and manage remote objects. Finally, they give a brief overview of transaction terminology, including ACID properties and transaction isolation levels as well as the concepts of local and distributed transactions.

This most excellent book provides concise, fast paced tutorials on a broad range of enterprise Java tools and APIs. More importantly, this book is both a practical guide and quick reference for Java programmers who are writing enterprise applications.

Java developers will want this as an essential desk reference.......2006-05-02

Jim Farley and William Crawford's Java Enterprise In A Nutshell: A Practical Guide packs in tutorials on a number of enterprise Java tools, offering new material covering Xdoclet and Java 5.0 Annotations, JavaServer Faces, and the Hibernate API. Also included are open source testing and build tools, tips on writing SOAP-based web services, J2EE security issues and operations, and much more. Serious Java developers will want this as an essential desk reference.

Great reference for an immense topic.......2006-02-16

Java Enterprise in a Nutshell tries to do the impossible - fit Enterprise Java into a nutshell. I don't think it matters how big of a nutshell you have, it would be a truly impossible task. Farley and Crawford, though, do a nice job shoe-horning as much Enterprise Java as they can into an 800+ page book. They go over many topics including all the J2EE standards like EJBs and JSPs to open source tools like JUnit, Cactus, and Hibernate. The book goes into enough detail to get more than just the gist of the subjects, but not so much detail to overwhelm someone looking for information on a particular topic. The book also has relevant code sections for the various topics outlining how that technology might be used. Overall, a compact, clear, well written reference.

Average customer rating:

Concise, no-nonsense, but framework hinders learning
For programmers: messaging basics
Very Good on Messaging Concepts and Implementation

Java Messaging (Programming Series)
Eric Bruno
Manufacturer: Charles River Media
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Intranets & Extranets | Networking | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Web Services | Web Development | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 1584504188

Book Description

LEARN TO USE JAVA MESSAGING SOFTWARE IN YOUR DISTRIBUTED APPLICATIONS! As software becomes more complex, and the Web is leveraged further, the need for messaging software continues to grow. Virtually all software written today requires at least one form of internal, and even external, communication. Java Messaging explores the various methods of intra-process and inter-process messaging for Java software, such as JavaBean events, JMS, JAX-RPC, JAXM, SOAP, and Web Services. Programmers will learn the basics of these APIs, as well as how, when, and why to use each one, including how to use them in combination, such as combining SOAP with JMS over a WAN. The book begins by walking the reader through simple intra-process communication using JavaBean events. A set of classes is constructed that extend JavaBean events beyond one JVM, transparently using JMS. The messaging paradigms of JMS are explained thoroughly, including in-depth discussions on the theory and mechanics of message queues. Design patterns and helper classes are also explored, which ultimately combine to form a generic messaging framework that helps programmers avoid common pitfalls. This framework, explained throughout the book, provides for the seamless integration of JMS with SOAP Web Services that is required to build distributed applications. Starting from the first chapter, a comprehensive sample application (an online stock trading system) is built using the framework and messaging paradigms discussed in the book. By the end of the book, programmers will not only understand the various messaging paradigms, but they will also understand how to architect complex distributed applications that use them together - with a framework that provides a running start.

Customer Reviews:

Concise, no-nonsense, but framework hinders learning.......2006-08-21

Excellent introduction to messaging, including healthy portions on JMS and web services.

The writing style is clear, consistent, and to the point. Probably what I liked most was this no-nonsense writing style. If it's on a page, it's important to understand. The author doesn't waste your time with irrelevant discussions or out of scope topics.

Editing and code presentation are top notch, making it easy to follow, and build upon from one example to the next. The author also shares some gotchas and considerations that I wouldn't have expected to see in an introductory discussion which were particularly valuable.

Another great feature is one of the drawbacks of the book. The framework presented in the book is elegant, but in many of the examples, there is too much cognitive overhead involved in grokking the level of abstraction in the framework, and this takes away from actually learning the concepts. I would have liked to see more non-framework code for the introduction, which is then tied together with the framework.

For programmers: messaging basics.......2006-03-17

Eric Bruno's JAVA MESSAGING explores different ways of messaging using Java software, from JavaBean events and JMS to SOAP. Web programmers receive all the basics to using these features, tips on how and why to use each feature and when to choose something else, how to combine features, and more. The basics of Java communication processes are revealed in chapters which form 'classes' to link related information in a logical progression. An excellent, basic foundation for Java users.

Very Good on Messaging Concepts and Implementation.......2006-01-07

As we look at how much we use the web, it is sometimes hard to remember just how new this concept of worldwide packet switching really is. Java was started as a new language before a lot of the new concepts like XML and SOAP were conceived. But as a new language it has been able to move into using these new concepts faster than nearly any other language.

What I especially liked about this book was the first chapter. So often computer books start with programming. This one starts with a description of what we're trying to do here. He gives several examples of the types of communications that he is going to cover in the book. I had a particular application in mind when I got the book, but in reading the first chapter I began to see several other ways that messaging would help our system.

After the first chapter, I've go to say that it's a pretty regular computer software book. It tells you how to do the things that you want to do. It is quite clear on all the different software protocols, packages, and philosophies. Basically it is all that a Java programmer needs to implement messaging in Java.

The CD included with the book gives you all the sample code from the book, as well as the complete messaging toolkit and several open source tools.

Average customer rating:

Good, but maybe not for experienced people
Straight-forward and helpful
Huh?
An accessible and pragmatic resource for working developers
a must read for technology professionals

Translucent Databases
Peter Wayner
Manufacturer: Flyzone Sr Llc
ProductGroup: Book
Binding: Paperback

General | Databases | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0967584418

Customer Reviews:

Good, but maybe not for experienced people.......2006-11-23

If you work in security and databases; skip this book.

It touches on column-level encryption, mixing plaintext data and hashing to secure data (i.e. hash a password then store it and compare against the hash when people log in) without sacrificing the usefulness of data.

I don't want to say the book is bad, it just doesn't have any real new concepts for experienced professionals. If you're new to securing data (that resides in databases or not) then this book might be a good resource.

This sort of information isn't really covered in another book that I know of, and believe me, I have a lot of tech books (roughly 5 bookshelves worth).

Straight-forward and helpful.......2003-07-02

You can skip this book if you're a super crypto geek as the other obnoxious reviews make clear. If you've got sensitive information to store, check this out. The book is filled with several dozen examples worked out in raw SQL and Java. It could use a bit more crazy examples like his other book, Disappearing Cryptography, but at least the book is crisp, helpful and to the point.

Huh?.......2003-04-17

I was very suprised by this book. After reading some of the other reviews it seemed the author may have hit on a new idea or something midly profound. Unfortunately, no.

This book is 13 chapters of Hashing functions and encryption functions. By hashing/or encrypting specific columns you can protect the data... Ok. No new concepts here. I could have read that in 3 paragraphs and saved myself an afternoon of reading and a few dollars.

This book is *not* essential for DBA, developers or anyone else with a basic understanding of hashing or encryption functions.
Perhaps this would be more appropriate in a college environment or for a beginer.

An accessible and pragmatic resource for working developers.......2003-02-21

Translucent Databases deals with the issue of building applications that store and manipulate sensitive data in a very accessible and pragmatic fashion.

It provides working developers with a practical understanding of the fundaments of cryptography and stenography as applied to the specific needs of data storage, retrieval and manipulation.

The author has been careful to support major concepts with examples, discussions, real-world rationales, supporting mathematics and recommendations for additional reading. In particular, developers who do not have formal computer science background will appreciate the clear explanations of the base mechanics of the various hashing and private/public key schemes.

Given the profusion of applications that store sensitive data, this book is a timely guide that helps developers quickly solve problems in time-constrained development environments.

Additionally, the author writes in a highly-readable style that makes the topic material less fearsome for timid readers who fear daunting subjects like cryptography.

The book is not perfect - it contains more than its fair share of typos and could benefit from tighter editing. However, these are minor flaws that do not compromise the utility of the book.

a must read for technology professionals.......2003-01-01

Peter Wayner gives insight on storing, protecting and managing data, with a strong focus on privacy. This book is an easy read for anyone familiar with SQL based db systems, cryptography and an understanding of basic application architecture. Additionally, if one plans on working towards HIPAA compliance (term used loosely), this is a must read.

The concept of translucent databases is a step in the right direction for any entity interested in storing useful data without holding the overwhelming burden of liability over their own head. Working on the "other end" of the software development chain, it is clear to me that this concept will be a hard sell to business that aren't under the (HIPAA) gun.

Wayner's writing is extremely readable, with great emphasis on explanation. My lack of java experience was not a hindrance at all while reading this book.

Amazon.com

Scott Oakes' Java Security is extraordinary both for its technical depth and its readability. It provides the Java programmer with a complete overview of the Java security architecture and security classes, plus a wealth of detailed information and code examples for specific implementations. The book opens with a clear discussion of what Java security is, how the various Java sandbox models work, and how Java applications and applets execute within the security model. The following chapters look in depth at the elements of the Java security architecture: language rules, class loaders, the security manager, the access controller, and permission objects. All these chapters provide detailed information on implementation, as well as an excellent explanation of the role of each feature within the entire security picture. The second half of the book covers cryptographic features in the Java security package (much enhanced in Java 1.2) and how Java programs work with code that performs authentication and encryption. Here, you'll find detailed chapters on message digests, keys and certificates, key management, digital signatures, and the Java Cryptography Extensions. Anyone who needs to understand Java security, but especially those who will implement security features in Java applications, will want to own this book.

Book Description

One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need. Java Security, 2nd Edition, focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration. The book is intended primarily for programmers who want to write secure Java applications. However, it is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.

Customer Reviews:

Good on intro...needs an update to JDK 1.4 and above........2007-07-29

The content of this book is dated now and this book needs a revision. The book does not cover Java security from JDK 1.4 and above. I suggest to use Core Security Patterns by Steel, Nagappan, Lay, which covers Java and J2EE security todate.

This book needs a revision........2006-04-27

JDK 1.5 has many updates to platform security as well as APIs. I bought this book recently and it does not have updates after jdk 1.4.

Excellent JAVA book covering all security issues.......2005-08-27

A good introduction and explanation of the Java language security (sandbox, security manager, access controller and class loaders). The same for criptography, it is clearer than Java criptography. It includes great chapters for SSL and JAAS. God job Scott (Oaks). I really recommend this book both for introduction and guide.

Good Structure.......2004-11-26

One thing for sure that this book is well structured, chapters are properly segregated and closely linked to each other. It makes introduction to java security seems easy.

I used to find java security a bit complicated, got pieces of information from articles that I read, but I ended up having more questions.

Some of the APIs shown in the examples are deprecated for JDK 1.4, but you can easily replace them with the new classes.

Good Overview of Java Security.......2002-09-25

The term "security" means many different things. This book deals with the built-in security features of Java, which most programmers access through the Security Manager and Access Controller. Overall, I liked this book and found it a really good introduction to secutiry. However, for the price of this book, I expected a lot more infomation. For example, I would have liked it if the author explored the cryptographic package in depth and gave more real world examples of using ciphers and encryption. ALthough this is not technically what the book is about, most people think of cryptogrophy in terms of security.

Average customer rating:

Great book by an expert on the subject
Book needs update to J2SE 5.0
Very hands-on
How to Incorporate Encryption into your Programs
Avoid this book if you are looking for details

Beginning Cryptography with Java
David Hook
Manufacturer: Wrox
ProductGroup: Book
Binding: Paperback

General | Hardware | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0764596330

Book Description

Beginning Cryptography with Java

While cryptography can still be a controversial topic in the programming community, Java has weathered that storm and provides a rich set of APIs that allow you, the developer, to effectively include cryptography in applications-if you know how.

This book teaches you how. Chapters one through five cover the architecture of the JCE and JCA, symmetric and asymmetric key encryption in Java, message authentication codes, and how to create Java implementations with the API provided by the Bouncy Castle ASN.1 packages, all with plenty of examples. Building on that foundation, the second half of the book takes you into higher-level topics, enabling you to create and implement secure Java applications and make use of standard protocols such as CMS, SSL, and S/MIME.

What you will learn from this book

How to understand and use JCE, JCA, and the JSSE for encryption and authentication
The ways in which padding mechanisms work in ciphers and how to spot and fix typical errors
An understanding of how authentication mechanisms are implemented in Java and why they are used
Methods for describing cryptographic objects with ASN.1
How to create certificate revocation lists and use the Online Certificate Status Protocol (OCSP)
Real-world Web solutions using Bouncy Castle APIs

Who this book is for

This book is for Java developers who want to use cryptography in their applications or to understand how cryptography is being used in Java applications. Knowledge of the Java language is necessary, but you need not be familiar with any of the APIs discussed.

Wrox Beginning guides are crafted to make learning programming languages and technologies easier than you think, providing a structured, tutorial format that will guide you through all the techniques involved.

Customer Reviews:

Great book by an expert on the subject.......2007-05-28

By anyone's measure, cryptography is a dry and dusty subject but Hook has made it a pleasure to read this book both by trying to keep the tone light and having such a deep and thorough understanding of the topic that the discussion is effortless. While he moves through the subject matter briskly, his mastery of the area means that it's elegantly structured and easy to follow.

All the Wrox books seem to follow a pretty rigid format and I felt sometimes that had the author been given a little more flexibility there, it could have flowed more easily. That said, the consistent organisation of the book makes it easier to use as a reference.

Book needs update to J2SE 5.0.......2006-09-23

This book does a good introduction but the book needs an update to J2SE 5.x security updates. I like Core Security Patterns by Steel, Nagappan, Lai covers a lot more details on Java security apis than this book.

Very hands-on.......2006-04-26

Whether it is complete or not (of course, it is not), I would challenge anyone to point at a single alternative book covering Java cryptography at a greater level of details. The style is clear, coverage of ASN.1 is very helpful, and selection of BouncyCastle open source cryptoprovider is the most natural one. Lots more of details and code samples can be found in Bouncy Castle javadocs, but to navigate them without conceptual understanding of Java security in general and BouncyCastle implementation in particular, gained from the book like this one, would be a nightmare.

"Inside Java 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition)" would be another book to recommend, for general overview of Java Security Platform, and, also, to make sense of Java Cryptography Extension (JCE) APIs standardizing access to cryptoproviders' (such as BouncyCastle) libraries. But, of course, the two books have very little overlap.

How to Incorporate Encryption into your Programs.......2005-11-09

Cryptography is still a delicate issue with a lot of people. There are those, especially in certain law enforcement agencies, who believe that access to stong encryption should not be allowed in the hands of the general public. Indeed, there are export regulations that define encryption technology as munitions. ==At the other end of the scale, there is the simple fact that without secure data transmission, web based electronic commerce would simply be impossible.

This book is on the use of standard Java encryption libraries. This book is written for people who are Java developers and are trying to make use of cryptography in their applications. It presumes that you are familiar with the Java language, but it does not assume you have any familiarity with the encryption APIs. The book covers the recent updates in the security APIs with J2SE 5.0.

This book is very good from the programming point of view, it does not have a lot of history or the background technology of how encryption is done.

Avoid this book if you are looking for details.......2005-10-23

Before reading this book, I had in-depth understanding of cryptography.

Based on my knowledge:

PROS:
-- Covers nearly all the aspects of Java Cryptography.
-- Good for code snippets

CONS:
-- Lousy or lack of explanation given. This is a major drawback I feel, because the main point is missing. If you dont care about the underlining working, go for this book, otherwise avoid this book

Books:

Books Index

Books Home

Recommended Books