Customer Reviews

Java Security (Java Series)

5 star:		(9)
4 star:		(3)
3 star:		(4)
2 star:		(1)
1 star:		(1)

 

 

The best book on Java security in the market . Assumes that the reader has a fair understanding of Java programming. Provides clear differences between Java 1.1 and Java 2 models . Exhaustive coverage of basic java principles like built in language security features and byte code verification. Good examples on class loaders . Covers various security managers ex AppletSecurity Manager , RMI Security manager . Provides solid foundation for features like code signing , digital signatures , encryption etc. In a nutshell , book for security enthsiasts.

If you wish to become an in-depth expert in Java security, this book is for you. But if you just want to find out how to add specific aspects of Java security to your applications, this book is the long way around the block. It would be better to have some how-to examples early in each chapter, followed by the background and theory of each concept. Instead, you have to figure out "how-to" based on the discussion.

This book was my first introduction to Java Security. After reading the book, I was able to gain exposure to many complex areas of the Java Security/JCA/JCE APIs to include Class loaders, Byte Code Verifiers, Policy Files, Security Manager, Access Controller, Permissions, Message Digests, Data Encryption, Key Agreements, Digital Signatures, and Digital Certificates. My only negative comment was that the author did not provide any examples using the Secure Sockets Library (SSL). I am currently working on implementing security related issues associated with B2B data exchange and felt that this book was extremely helpful. I would highly recommend this book for any serious Java Developer.

If you are looking for information about cryptography and examples on different implementation and usage of the API:s this is not you book.
The author goes throught the standard stuff about the classloader and JVM security. There are very little examples and discussion for every day programmer. Most of the examples are for those planning to write their own classloaders and security managers. Furthermore, the areas of Cryptography is poorly covered, most of the text is just method explanation from the API documentation. There are very few examples that you migth be able to use.

JDK 1.5 has many updates to platform security as well as APIs. I bought this book recently and it does not have updates after jdk 1.4.

A good introduction and explanation of the Java language security (sandbox, security manager, access controller and class loaders). The same for criptography, it is clearer than Java criptography. It includes great chapters for SSL and JAAS. God job Scott (Oaks). I really recommend this book both for introduction and guide.

Like the stimulating brew with which it shares its name, Java is a rich programming language that offers vast functionality. Many organizations have prohibited Java from their networks due to its supposed security risks. While Java does, of course, pose risks, such risks exist in every programming language. Anyone interested in taking an honest look at the risks of using Java to see whether it meets security needs should consider Java Security required reading.

Author Scott Oaks does an excellent job in showing the deep security functionality afforded by Java, taking the often abstract Java security concepts and explaining them in a clear and understandable style. As a senior software engineer with Sun Microsystems, Oaks has focused on Java for a number of years, and his expertise shows.

While directed at Java programmers, the book has significant value for any programmer or system administrator who needs to understand how Java security works. Those who may want to exploit Java's rich blend of features should gulp down this book.

The content of this book is dated now and this book needs a revision. The book does not cover Java security from JDK 1.4 and above. I suggest to use Core Security Patterns by Steel, Nagappan, Lay, which covers Java and J2EE security todate.

One thing for sure that this book is well structured, chapters are properly segregated and closely linked to each other. It makes introduction to java security seems easy.

I used to find java security a bit complicated, got pieces of information from articles that I read, but I ended up having more questions.

Some of the APIs shown in the examples are deprecated for JDK 1.4, but you can easily replace them with the new classes.

This is a dense and detailed work. I liked the concise examples of how to use JAAS for identification, JSSE for SSL, and JCA for general cryptography, but this book doesn't stop there: if it's related to security, it's in there. I can't imagine many people wanting to change how Java uses policy files or write a keystore or a security provider, but it's in there. And who knew that the class loader was so involved in how security works? All in all, lots of good info.