Java Security (Java Series) [Englisch] [Taschenbuch]

The second edition of Java Security is intended to help you build and deploy secure Java programs on private and public networks. It covers Java 1.1, Java 2, JCE 1.2.1, JSSE and JAAS (the last two absent from the first edition) and combines coverage of the core Java security features with the three optional security APIs. They will be combined in the next Java release--so you're ahead of the curve.

Security has different meanings depending on context. Java's core sandbox security model was originally intended to defeat viruses and trojans. Authentication, encryption and other security models were added to provide different kinds of security. The authors explain how Java components work so they can show how they might be subverted. Without knowing what the risks are you can't apply effective security measures.

The Java security features examined include class loaders, cryptography, certificates, key management, signatures, SSL, authentication and permissions. The authors explain where and how particular security features are best implemented and explain their limitations in the real world. For example, many people routinely grant signed Java applets permission to read and write files on their system believing a signed certificate somehow makes the application safe. In practice, as anyone can create and sign a Java applet or application it proves nothing of the kind and can still be setting you up for a fall.

Java security is non-trivial. Security is an arms race in which the two sides constantly leapfrog each other. Java Security is well written with many examples but it's a fairly technical read. If you're serious about Java application development, however, you need to read it. Because you can be sure the bad guys will. --Steve Patient

Scott Oakes' Java Security is extraordinary both for its technical depth and its readability. It provides the Java programmer with a complete overview of the Java security architecture and security classes, plus a wealth of detailed information and code examples for specific implementations. The book opens with a clear discussion of what Java security is, how the various Java sandbox models work, and how Java applications and applets execute within the security model. The following chapters look in depth at the elements of the Java security architecture: language rules, class loaders, the security manager, the access controller, and permission objects. All these chapters provide detailed information on implementation, as well as an excellent explanation of the role of each feature within the entire security picture. The second half of the book covers cryptographic features in the Java security package (much enhanced in Java 1.2) and how Java programs work with code that performs authentication and encryption. Here, you'll find detailed chapters on message digests, keys and certificates, key management, digital signatures, and the Java Cryptography Extensions. Anyone who needs to understand Java security, but especially those who will implement security features in Java applications, will want to own this book. -- Dieser Text bezieht sich auf eine vergriffene oder nicht verfügbare Ausgabe dieses Titels.

'This is a great book about Java Security. If you are a Java programmer who want to write secure applications or a system administrator, you should read this book'. Evgeny Gesin, JavaDesk, Israel.

One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need. Java Security, 2nd Edition, focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration. The book is intended primarily for programmers who want to write secure Java applications. However, it is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.

One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, this text provides an in-depth exploration. It focuses on the basic platform features of Java that provide security - the class loader, the bytecode verifier, and the security manager - and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). The text aims to provide a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration.

Intended primarily for programmers who want to write secure Java applications, it is also a valuable resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.

Scott Oaks is a Java Technologist at Sun Microsystems, where he has worked since 1987. While at Sun, he has specialized in many disparate technologies, from the SunOS kernel to network programming and RPCs. Since 1995 he has primarily focused on Java and bringing Java technology to end users.