[ISN] Book Review: "Java Security", Scott Oaks

From: mea culpa (jerichot_private)
Date: Thu Jul 23 1998 - 23:41:41 PDT

  • Next message: mea culpa: "[ISN] Book Review: "Web Security", Rohit Khare"

    From: "Rob Slade" <rsladet_private>
    BKJAVASC.RVW   980520
    "Java Security", Scott Oaks, 1998, 1-56592-403-7, U$32.95/C$46.95
    %A   Scott Oaks scott.oakst_private
    %C   103 Morris Street, Suite A, Sebastopol, CA   95472
    %D   1998
    %G   1-56592-403-7
    %I   O'Reilly & Associates, Inc.
    %O   U$32.95/C$46.95 707-829-0515 fax: 707-829-0104 nutst_private
    %P   456 p.
    %T   "Java Security"
    As the author notes, security means many different things to many
    different people.  In the general public, Java security tends to mean
    browser and applet security, and the default applet "sandbox."
    Therefore I feel obliged to point out that this book is primarily
    concerned with the programming of security into systems, and the
    security APIs (Applications Programming Interfaces) built into the
    language to ease that task.
    Chapter one looks at the overall security model for Java, and
    particularly at the invocations of programs.  Basic enforcement and
    verification is covered in chapter two.  Class loaders, in chapter
    three, provide the programmer with a means to specify an almost
    arbitrary level of security protection for a program.  Chapter four
    details the workings of the security manager, again providing the
    programmer with the ability to set specific protections.  The access
    controller is new to Java 1.2, is the mechanism that the security
    manager now uses to actually permit or deny use of resources, and the
    object calls are discussed in chapter five.  Implementation of access
    and security policies through the class loader and security manager is
    covered in chapter six.
    Chapter seven looks at the need for authentication over open networks,
    and the security provisions of digital signatures.  The discussion of
    cryptography itself is essentially non-existent since, as Oaks notes,
    it is not necessary to understand it in order to use it.  Those who
    wish to test or implement strong encryption will need to go elsewhere.
    Implementation of standard cryptographic protection is via security
    providers, reviewed in chapter eight.  Some simple message digest
    implementations are described in chapter nine.  Key management is an
    important part of cryptography so chapter ten deals with keys and
    certificates while chapter eleven reviews the handling of them.
    Chapter twelve looks at the functions provided for dealing with
    digital signatures.  Specifics for encryption are listed in chapter
    Appendices deal with security tools, identity based key management,
    resources, and a quick reference chart.
    While the book is well written it is not light, and is probably best
    suited to those who are well familiar not only with Java programming,
    but also the internals of the language.  On the other hand, dealing
    with security is a great way to learn the internals of a language.
    copyright Robert M. Slade, 1998   BKJAVASC.RVW   980520
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:37 PDT