Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Buy Used
+ $3.99 shipping
Used: Acceptable | Details
Condition: Used: Acceptable
Comment: FREE TRACKING ON ALL ORDERS! Support Your Planet. Buy CLEAN EARTH BOOKS. Shipping orders swiftly since 2008. A used book that may have some cosmetic wear (i.e. shelf-wear, slightly torn or missing dust jacket, dented corner, pages may include limited notes and highlighting) All text in great shape! Comes with our 100% Money Back Guarantee. Our customer service can't be beat! Tracking included on all orders.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Inside Java(TM) 2 Platform Security: Architecture, API Design, and Implementation Paperback – June 16, 1999

3.5 out of 5 stars 13 customer reviews

See all 2 formats and editions Hide other formats and editions
New from Used from
Paperback, June 16, 1999
$3.43 $0.39

Top 20 lists in Books
Top 20 lists in Books
View the top 20 best sellers of all time, the most reviewed books of all time and some of our editors' favorite picks. Learn more

Editorial Reviews

Amazon.com Review

An expert tour of security on the new Java 2 platform, Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography.

This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.

Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.

A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan

From the Inside Flap

Give me a lever and a fulcrum, and I can move the globe. --Archimedes

Since Java technology's inception, and especially its public debut in the spring of 1995, strong and growing interest has developed regarding the security of the Java platform, as well as new security issues raised by the deployment of Java technology. This level of attention to security is a fairly new phenomenon in computing history. Most new computing technologies tend to ignore security considerations when they emerge initially, and most are never made more secure thereafter. Attempts made to do so typically are not very successful, as it is now well known that retrofitting security is usually very difficult, if not impossible, and often causes backward compatibility problems. Thus it is extremely fortunate that when Java technology burst on the Internet scene, security was one of its primary design goals. Its initial security model, although very simplistic, served as a great starting place, an Archimedean fulcrum. The engineering talents and strong management team at JavaSoft are the lever; together they made Java's extensive security architecture a reality.

From a technology provider's point of view, security on the Java platform focuses on two aspects. The first is to provide the Java platform, primarily through the Java Development Kit, as a secure, platform on which to run Java-enabled applications in a secure fashion. The second is to provide security tools and services implemented in the Java programming language that enable a wider range of security-sensitive applications, for example, in the enterprise world.

I wrote this book with many purposes in mind. First, I wanted to equip the reader with a brief but clear understanding of the overall picture of systems and network security, especially in the context of the Internet environment within which Java technology plays a central role, and how various security technologies relate to each other.

Second, I wanted to provide a comprehensive description of the current security architecture on the Java platform. This includes language features, platform APIs, security policies, and their enforcement mechanisms. Whenever appropriate, I discuss not only how a feature functions, but also why it is designed in such a way and the alternative approaches that we--the Java security development team at Sun Microsystems--examined and rejected. When demonstrating the use of a class or its methods, I use real-world code examples whenever appropriate. Some of these examples are synthesized from the JDK 1.2 code source tree.

Third, I sought to tell the reader about security deployment issues, both how an individual or an enterprise manages security and how to customize, extend, and enrich the existing security architecture. Finally, I wanted to help developers avoid programming errors by discussing a number of common mistakes and by providing tips for safe programming that can be immediately applied to ongoing projects. How This Book Is Organized

This book is organized as follows: Chapter 1. A general background on computer, network, and information security Chapter 2. A review of the original Java security model, the sandbox Chapter 3. An in-depth look at the new security architecture in JDK 1.2, which is policy-driven and capable of enforcing fine-grained access controls Chapter 4. An explanation of how to deploy and utilize the new security features in JDK 1.2, including security policy management, digital certificates, and various security tools Chapter 5. A demonstration of how to customize various aspects of the security architecture, including how to move legacy security code onto the JDK 1.2 platform Chapter 6. A review of techniques to make objects secure and tips for safe programming Chapter 7. An outline of the Java cryptography architecture along with usage examples Chapter 8. A look ahead to future directions for Java security

This book is primarily for serious Java programmers and for security professionals who want to understand Java security issues both from a macro (architectural) point of view as well as from a micro (design and implementation) perspective. It is also suitable for nonexperts who are concerned about Internet security as a whole, as this book clears up a number of misconceptions around Java security.

Throughout this book, I assume that the reader is familiar with the fundamentals of the Java language. For those who want to learn more about that language, the book by Arnold and Gosling is a good source. This book is not a complete API specification. For such details, please refer to JDK 1.2 documentation. Acknowledgments

It is a cliche to say that writing a book is not possible without the help of many others, but it is true. I am very grateful to Dick Neiss, my manager at JavaSoft, who encouraged me to write the book and regularly checked on my progress. Lisa Friendly, the Addison-Wesley Java series editor, helped by guiding me through the writing process while maintaining a constant but "friendly" pressure. The team at Addison-Wesley was tremendously helpful. I'd like particularly to thank Mike Hendrickson, Katherine Kwack, Marina Lang, Laura Michaels, Marty Rabinowitz, and Tracy Russ. They are always encouraging, kept faith in me, and rescued me whenever I encountered obstacles.

This book is centered around JDK 1.2 security development, a project that lasted fully two years, during which many people inside and outside of Sun Microsystems contributed in one way or another to the design, implementation, testing, and documentation of the final product. I would like to acknowledge Dirk Balfanz, Bob Blakley, Josh Bloch, David Bowen, Gilad Bracha, David Brownell, Eric Chu, David Connelly, Mary Dageforde, Drew Dean, Satya Dodda, Michal Geva, Gadi Guy, Graham Hamilton, Mimi Hills, Larry Koved, Charlie Lai, Sheng Liang, Tim Lindholm, Jan Luehe, Gary McGraw, Marianne Mueller, Tony Nadalin, Don Neal, Jeff Nisewanger, Yu-Ching Peng, Hemma Prafullchandra, Benjamin Renaud, Roger Riggs, Jim Roskind, Nakul Saraiya, Roland Schemers, Bill Shannon, Tom van Vleck, Dan Wallach, and Frank Yellin. I also appreciate the technical guidance from James Gosling and Jim Mitchell, as well as management support from Dick Neiss, Jon Kannegaard, and Alan Baratz. I have had the pleasure of chairing the Java Security Advisory Council, and I thank the external members, Ed Felten, Peter Neumann, Jerome Saltzer, Fred Schneider, and Michael Schroeder for their participation and superb insights into all matters that relate to computer security.

Isabel Cho, Lisa Friendly, Charlie Lai, Jan Luehe, Teresa Lunt, Laura Michaels, Stephen Northcutt, Peter Neumann, and a number of anonymous reviewers provided valuable comments on draft versions of this book.

G. H. Hardy once said that young men should prove theorems, while old men should write books. It is now time to prove some more theorems. Li Gong
Los Altos, California
June 1999 0201310007P04062001


Product Details

  • Series: Java Series
  • Paperback: 262 pages
  • Publisher: Addison-Wesley Professional; 1st edition (June 16, 1999)
  • Language: English
  • ISBN-10: 0201310007
  • ISBN-13: 978-0201310009
  • Product Dimensions: 9.2 x 7.4 x 0.5 inches
  • Shipping Weight: 1.7 pounds
  • Average Customer Review: 3.5 out of 5 stars  See all reviews (13 customer reviews)
  • Amazon Best Sellers Rank: #5,364,461 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Top Customer Reviews

Format: Paperback
The Java 2 security APIs are large, complex, and quite difficult to understand (in fact, their complexity makes me very much afraid that their use will lead to widespread security problems in deployed Java applications, as application writers and site administrators are going to have a hard time keeping track of everything).
Unfortunately, this book provides a difficult and dense coverage of Java 2 security. While it is doggedly thorough in its treatment of the security APIs, it does not ease the task of "pulling it all together" for the reader; if your understanding of Java 2 security is fragmentary when you start reading this book, it will not feel any more coherent when you are done.
Much of the book has the feel of a "laundry list" to me; it reads as if the author felt he had to enumerate absolutely every security feature in Java 2. The result is that sections that are likely to be of marginal interest to most readers, such as PKI certificate management, receive about the same amount of coverage as subtle and important topics such as domain handling and permission checking.
The prose in this book is simply leaden; on a number of occasions, I found myself having to read a paragraph several times, simply to figure out what the author was trying to say.
While this book is invaluable for the information it contains (I will grant that it is much easier to navigate than Sun's security web pages), it is a great disappointment to me.
Comment 31 of 33 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
By A Customer on September 2, 1999
Format: Paperback
This uninspired coverage of the Security API is a real disappointment considering that it comes from Sun. The Security API is not trivial and the 150 pages that cover Security API classes are not sufficient to provide the in-depth analysis needed to understand and manipulate the API. This book is a good overview of the Security API. There are some good general security discussions, and some historical perspectives on why the API is designed the way it is. I read this book after reading the O'Reilly security book which is much more thorough.
Comment 16 of 16 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
If you are new to Java, then you shouldn't buy this book.
If you are new to security, then you shouldn't buy this book.
If you prefer loads of examples instead of dense and precise explanations, then you shouldn't buy this book.
If you are looking for a pictorial guide on Java security, then you would probably have to go somewhere else as well.
If you know your Java basics,
If you like completeness,
If you like preciseness,
If you want to know why the APIs look the way they do,
If you take nothing for granted,
If you want an update on latest changes,
If you like things to be drawn in a historical perspective,
If you want a book that you can pick up and read a chapter without having to go through it in a linear way,
If you are serious about security,
In that case you should now pick up your coat, and run to the nearest bookstore to buy this book.
The only thing I found odd in this book is the introduction into security, covering a discussion in general, and an overview of different types of security and access control models. The weird thing is that it introduces a lot of concepts, without actually refering to any of them in the chapters later on.
Comment 15 of 16 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
This book provides comprehensive coverage of the Java Security Architecture.
As with all good security books, this one begins with an introduction to the fundamentals of computer and network security. For those new to Java security, there is also brief intro to security of the Java language and platform. The book quickly gets into the details of the new Security Architecture, with a detailed description of what is there, why it is there and how to use it. Sections on deploying and customizing the SA are of practical use to anyone in this situation. The book also contains a concise and useful discussion of object security and how to go about getting it. There is a detailed discussion of the Java Cryptography Architecture, a must if you plan on using the cryptographic functionality. The book concludes with a thought-provoking section on future directions. This book stands out because of the insightful discussions on why design decisions were made and the implications of these decisions. This makes the book interesting reading even if you aren't going to implement the SA in the immediate future. If you are planning on implementing the SA, don't do it without this book within grabbing distance.
Comment 4 of 4 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
I'm not surprised this book has drawn so many negative reviews. This book is indeed difficult to digest but then the Java Security model itself is rich, subtle and takes time to master. The book does an admirable job of explaining the motivation behind the complete overhaul of the Java 1.1 security architecture, the Java 2 security API design nuances, the flexibility of the fine-grained access-control model in Java 2 and how the backward compatibility concerns with code written with 1.1 style security checks were addressed in the new design. The book also has an intersting chapter addressing security needs of objects in transit (RMI) and a short chapter on cryptography, which anyway is a vast subject in its own right. The key chapters to read are the 3,4 and 5, especially for people who have some background in Java 2 security.
On the negative side, I have to say, the book is inconsistent in parts - I have trouble believing that Li Gong wrote the entire book himself. It's amazing to see chapters discussing at length how you install Java 2, change your CLASSPATH on different platforms etc. while in the same book elsewhere, you see terse, packed explanations about how the classloader hierarchy works in 1.2 or how the basic access control algorithm is extended for privileged operations and some very concise but useful discussions about possible design alternatives in the core library itself. The code samples are very insightful in that they illustrate the workings of some of the core library classes itself with the new security infrastrucure and not some toy samples.
Read more ›
Comment 6 of 7 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews