Enterprise Security with EJB and CORBA(r) [Paperback]

Bret Hartman (Author), Donald J. Flinn (Author), Konstantin Beznosov (Author)

Book Description

Publication Date: April 6, 2001 | ISBN-10: 0471401315 | ISBN-13: 978-0471401315 | Edition: 1

Building secure applications using the most popular component technologies
Did you know that most corporate computer security breaches are inside jobs by trusted employees? This book addresses the need in the era of multi-tier systems to implement security solutions across all enterprise applications, not just firewalls that target intrusion from the outside. With nationally recognized CORBA security experts Bret Hartman, Donald J. Flinn, and Konstantin Beznosov, this book shows application developers how to build secure, real-world applications that deliver tightly integrated security at all system levels using the latest component technologies and tools. Coverage also includes a sample e-commerce system built using Java with EJB and CORBA as well as case studies of implementations in finance, manufacturing, and telecom.

Editorial Reviews

From the Back Cover

"Leveraging their strong implemention and standards committee experience, the authors have delivered the definitive guide to enterprise distributed object security."
—Wing K. Lee, Sprint, Enterprise Security with EJB and CORBA

With e-business and distributed components comes the need for a bold new approach to security solutions. Setting out to resolve the security challenges of today's networked world, this book shows developers how to harness the power of EJB and CORBA to secure each and every system level—from Web browsers to mid-tier components to legacy systems.

You'll get real-world techniques for building secure applications using EJB and CORBA components and learn about existing and emerging technologies, architectures, and implementations, including how to choose the right ones for your specific needs.

You'll also find an e-commerce example that will help you understand the various topics discussed, including:

• Security technologies, from Web security to mid-tier and database security
• Interoperability of cross-domain components, and how to modify architectures for security
• Interoperability of EJB and CORBA components, and how to make them work together securely
• How to protect applications using the RAD architecture
• Using rights, attributes, domains, and delegation
• The companion Web site contains:
• The code for the e-commerce example in the book
• Additional examples and product information

About the Author

BRET HARTMAN, nationally recognized expert on CORBA security, is Chief Technology Officer of the Hitachi Security Software Unit. He is a regular speaker and expert panelist on secure distributed systems and CORBA security.
DONALD J. FLINN is a security architect at Iona Technologies with over 25 years' experience in distributed object systems, including CORBA and Java security. He is chair of the Security SIG at the Object Management Group.
KONSTANTIN BEZNOSOV, PhD, is a Security Architect at Concept Five Technologies. As a coauthor of security-related CORBA standards and a former cochair of OMG's Security SIG, he has written widely on architectural issues of engineering secure enterprises.

Product Details

• Paperback: 400 pages
• Publisher: Wiley; 1 edition (April 6, 2001)
• Language: English
• ISBN-10: 0471401315
• ISBN-13: 978-0471401315
• Product Dimensions: 9.2 x 7.5 x 1 inches
• Shipping Weight: 1.4 pounds
• Average Customer Review: 4.7 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #4,260,140 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

5.0 out of 5 stars A must have for a security engineer, July 23, 2001

By 

Andreas Meister (Bussigny, Schweiz) - See all my reviews

This review is from: Enterprise Security with EJB and CORBA(r) (Paperback)

Up to now, this book is unique in its kind, as it really covers the security aspects of distributed applications as we see them more and more these days. The authors do not only cover (very new) technologies and standards from the domain of EJB and CORBA, they also make us aware of their integration with legacy systems and network security. I liked the way they try to pass their knowledge and experience to the reader. Despite the fact that it is written by three persons, the book is of a consistent style. An example application serves troughout the book to explain the coved topics. Altough it is a small and simple application (real world is tougher...), it shows amazingly well what problems have to be dealt with in the enterprise. The book won't give you answers to all your question, but will certainly help to find your own. I recommend it reading from cover to cover, later chapters do refer to earlier ones. Definitely a useful book!

2 of 3 people found the following review helpful:

4.0 out of 5 stars Highly Recommended, May 15, 2002

By 

Srinivas Nedunuri "capthaddock" (austin, tx USA) - See all my reviews
(REAL NAME)   

This review is from: Enterprise Security with EJB and CORBA(r) (Paperback)

I've been using this book for a couple of months now and I have found it pretty invaluable. It manages to give a good technical explanation (I mean at the designer/programmer level) as well as include information on the big picture. It covers, in considerable detail, role based security, RBAC, RAD, both EJB and CORBA solutions, and ends with a discussion of how you might build an integrated security system for a fictitous company called eBusiness.com

On the downside there are several minuses which will hopefully be corrected in a future edition
1. The UML diagrams are incorrect, in that they nearly all have the aggregation symbol at the wrong end
2. The fact that the book was written by several authors shows, in that the same idea shows up in several places in the book, without correlation. Not that there's anything contradictory about that. It would be nice if the different "definitions" or explanations were somehow collected in one place. For example, there's two discussions of security servers, with neither one aware of the other. The second discussion (p. 331-332) is not even referenced in the index.
3. There's very little discussion of performance issues. This is a particular sore point, considering they spend considerable amount of space discussing (even promoting) EJB security with no mention of its downside (its too slow)

All in all, though, I highly recommend this book be read by architects, and app developers as well as product managers before diving into security development for your application

5.0 out of 5 stars Unique guide for security of enterprise solutions, January 23, 2003

By 

Aleksey (Russia) - See all my reviews

This review is from: Enterprise Security with EJB and CORBA(r) (Paperback)

More than a year passed since i reviewed this book and still it remains 5 stars.
It is kind of unique book which gives not just authentication, network security or protocols, but the security of application-server based solution.
It is a reality that modern enterprise application runs in a sort of application server - be it .NET, J2EE or CORBA-based. It implies quite different approach to the security aspects, comparing to stand-alone application. And this book completely covers this aspect. It contains little source code, but in the security world the less you code the more you secure.
One of minus is lack of .NET security and integration with J2EE security... may be this will be next book?
I would recommend this book to software architects, project managers and professionals working on enterprise systems integration.