An expert tour of security on the new Java 2 platform,
Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography.
This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.
Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the `big picture` as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.
A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan
User review
A complete coverage, but very complex and bad organized book
In fact this book is a complete coverage of the java security.
It is true, that the subject is quite complex and needs concentration
to be understood perfectly. However I believe this books lacks suitable examples.
In my personal point of view, providing sufficient clear examples in a book,
will help the reader to understand better the subject.
I didn't find this important quality in this book.
If somebody wants to buy a book about Java security, this
means that he/she didn't understand completely the whole subject, just
by reading the API on Sun web site and therefore he/she is looking for
a better source of information that illustrates the subject in a more
convenient and clear way. Unfortunately this book, although complete
in the coverage of the topics, is too far a way to be considered as a clear
and easy understanding book, particularly, for those who are not already
seniors in Java security.
User review
Good book - Needs a complete revision from J2SE 1.4.2
This book is certainly gives good introduction to the fundamentals of Java security. For those new to Java security, there is also brief intro to security of the Java language and platform. The coverage on Java Security APIs are bit narrow and needs lot of update on JCE, JAAS, JSSE etc.
Frankly speaking this book is a bit obsolete and now it's for the authors to come out with a new edition including Java 5 and Java 6 !
User review
Go and buy this book
If you are new to Java, then you shouldn't buy this book.
If you are new to security, then you shouldn't buy this book.
If you prefer loads of examples instead of dense and precise explanations, then you shouldn't buy this book.
If you are looking for a pictorial guide on Java security, then you would probably have to go somewhere else as well.
However,,.
If you know your Java basics,
If you like completeness,
If you like preciseness,
If you want to know why the APIs look the way they do,
If you take nothing for granted,
If you want an update on latest changes,
If you like things to be drawn in a historical perspective,
If you want a book that you can pick up and read a chapter without having to go through it in a linear way,
If you are serious about security,
In that case you should now pick up your coat, and run to the nearest bookstore to buy this book.
The only thing I found odd in this book is the introduction into security, covering a discussion in general, and an overview of different types of security and access control models. The weird thing is that it introduces a lot of concepts, without actually refering to any of them in the chapters later on.
User review
Required Reading for Java Security
The second edition is the most up-to-date Java security book for j2se v 1.4.x. A must-required reading for Java security platform written by Sun's Java security team. It describes the nuts and bolts in a readable language. Highly recommended.
User review
Guardrails for JDK 1.2
If you are a Java developer, please read this book. It is complete in terms of the security hooks and accurate. It is a great book, deserving of five stars.
