All You Need to Know About Java 2 Network Security
Well presented, effectively explored, extensively documented, lucid exploration of Java network security technologies.
ORIGINAL DRAFT
Few programming languages can seriously claim to have taken security considerations into account at design time. Java is virtually unique in this regard but the security APIs are still evolving. Not only is it difficult to keep up with changes, but security is really a collection of interwoven technologies that can be complicated to understand and manage. This is a book that helps clarify all the salient points and provides the reader with a well presented, lucid, exploration of important issues along the way. If you’re working with application that need to support user authentication, protection from intrusion, privacy and solidity, this book is a great investment.
Written by a group of experts from IBM, this book walks through various aspects of network-based security implementation in Java. Worth noting is a full chapter dedicated to explaining various potential attacks you need to protect yourself from, presented with complimentary approaches for avoiding vulnerabilities where possible. The recently released Java SSL API is explored in chapter 16, so far the only material in print that can help you get a head start on this technology. Issues related to the Java plugin also get their own chapter and shed some light on working with Java 1.2 in modern browsers.
The book covers all the mandatory security issues you would expect, including the Java 1.2 security model, class loaders and bytecode verifiers, security managers, the cryptography API, certificates and code signing, as well as a few less common looks at safely loading servlets on a network, dealing with firewalls and proxies, configuring policies and implementing security provider classes. I loved the collection of information in chapter 12 which tells you how to sign applet code for Java 1.2, Netscape Communicator and Internet Explorer, all of which have annoying ideosyncracies you need to take in to account.
If you’re involved with Internet applications, you have to deal with security issue at some point. This book should help keep you out of trouble and provides useful insights along the way. The world of security and cryptography is confusing enough to most readers. "Java 2 Network Security" does an admirable job of clarifying important concepts without making them an ounce more complicated than they need to be. The information is effectively presented, with good examples and key answers to questions that are often difficult to address without this knowledge. Overall, a great investment for developers interested in security.