Customer Reviews

Professional Java Security (Programmer to Programmer)

5 star:		(6)
4 star:		(2)
3 star:		(1)
2 star:		(1)
1 star:		(0)

 

 

The cover of this book has photos of the authors, who have the boyish good looks of candidates for a 1990's boy band. The contents of the book belie the apparent youth of the authors. They both know the topic well and how to explain it. The not only know about how Java security works now, they also know about the quirks and peculiarities of the history of Java security. They don't seem to mention it anywhere in the book, but the authors created a nicely modified version of the GPL version of the Terraterm ssh client. Having read some of the Terraterm code I admire them for even making sense of it.

Unlike many of the Wrox technical books this is not a million page, multi author, multi topic tome but 520 pages that keep strictly to the title topic. There is plenty of information on the net about Java security but it is often hard to find and not explained well. This book goes right from the basics of explaining algorithms to giving substantial code examples for creating secure tunnels to manage database connections. I have read about public and private key algorithms several times in the past but the analogies used in this book really re-inforced my understanding. They explain the ideas behind some of the different encryption algorithms by using analogies with the characters in Hamlet the Shakespearean play. They go through the various permutations of how Hamlet could send a message to the king of England using a box locked with various key combinations. The analogies get longer and more involved with each algorithm, but they worked well for me.

Chapter 10 has a long example and explanation on how to create an SSL tunnel server, whereby they JDBC calls are redirected between a client machine. The idea is that you configure your client system to refer to a database on a local machine but the SSL tunnel server intercepts these calls and transmits them over the secure connection to the machine running the database. A matching program on the remote machine then redirects the calls to the actual database. This is a very similar concept to using an ssh tunnel, but you can run both portions on any machine that has a java system. This is a little like having a Java based VPN.

In one of my jobs we used the example code as the basis for a system for synchronizing files and directories between two different machines. This was an alternative to using rsync over ssh, as it it gave us operating system portability "out of the box". If we had not had the code from this book for the key ideas it would have either taken much longer, or we probably would not have started it at all.

One thing that would be good in a revised version of this book would be a step by step guide to installing SSL in Tomcat. It is not hard, and you can find how to do it easily on the net, but many people who buy this book will want to do it.

If you are thinking of putting Java applications on the web you will want them to be secure. Knowledge is the key to security and this is the shortest best informed route that knowledge. You probably need this book.

This book starts with a great overview of security, both in theory and implementation in Java. The examples are consise and easy to follow.

The authors then show how you can apply the concepts to secure certain parts of an application, like how you can secure just about any JDBC connection to prevent the information from being sent over the network unencrypted.

Later, the authors give an example application and show one way you might secure it, giving complete source code and configuration instructions. It's nice to see how the various pieces might fit together into a real system.

As a final bonus, the authors include a JCE provider that supports the RSA cipher and show how it works. Much more useful than the XOR ciphers some other books provide.

Overall, a great book for Java developers looking to learn something about security.

The book 'Java Professional Security' by Garms and Somerfield is one of the best technical books that I have ever read.

Since my current project is to provide secure communications for all of our internet programs, I have spent a lot of time trying to glean information from the internet. After 3 months of this, there were several 'missing parts' for a good understanding of the subject. This book has everything that I was looking for!

In both content and presentation, the book is superb. I look forward to getting many more books from Wrox.

The cover of this book has photos of the authors, who have the boyish good looks of candidates for a 1990's boy band. The contents of the book belie the apparent youth of the authors. They both know the topic well and how to explain it. The not only know about how Java security works now, they also know about the quirks and peculiarities of the history of Java security. They don't seem to mention it anywhere in the book, but the authors created a nicely modified version of the GPL version of the Terraterm ssh client. Having read some of the Terraterm code I admire them for even making sense of it.

Unlike many of the Wrox technical books this is not a million page, multi author, multi topic tome but 520 pages that keep strictly to the title topic. There is plenty of information on the net about Java security but it is often hard to find and not explained well. This book goes right from the basics of explaining algorithms to giving substantial code examples for creating secure tunnels to manage database connections. I have read about public and private key algorithms several times in the past but the analogies used in this book really re-inforced my understanding. They explain the ideas behind some of the different encryption algorithms by using analogies with the characters in Hamlet the Shakespearean play. They go through the various permutations of how Hamlet could send a message to the king of England using a box locked with various key combinations. The analogies get longer and more involved with each algorithm, but they worked well for me.

Chapter 10 has a long example and explanation on how to create an SSL tunnel server, whereby they JDBC calls are redirected between a client machine. The idea is that you configure your client system to refer to a database on a local machine but the SSL tunnel server intercepts these calls and transmits them over the secure connection to the machine running the database. A matching program on the remote machine then redirects the calls to the actual database. This is a very similar concept to using an ssh tunnel, but you can run both portions on any machine that has a java system. This is a little like having a Java based VPN.

In one of my jobs we used the example code as the basis for a system for synchronizing files and directories between two different machines. This was an alternative to using rsync over ssh, as it it gave us operating system portability "out of the box". If we had not had the code from this book for the key ideas it would have either taken much longer, or we probably would not have started it at all.

One thing that would be good in a revised version of this book would be a step by step guide to installing SSL in Tomcat. It is not hard, and you can find how to do it easily on the net, but many people who buy this book will want to do it.

If you are thinking of putting Java applications on the web you will want them to be secure. Knowledge is the key to security and this is the shortest best informed route that knowledge. You probably need this book.

I've never worked with security before, and found this book to be a GREAT introduction. Only under-average chapter is the one on JAAS. Furthermore a description of every term in the back of the book would have been great (believe me there's a lot of new terms in security for new newbie).

Hi,
I'm a mid-expert in java, but did not know much about security, only by words.
I've decided to try a book that would give me an overview of the topic but at the same time I wanted a book that would "dirty" my hands in enough code to be able to try out what I was reading.
I consider this a perfect book to cover the topic for people that loves to "play" with java code.
Max Pellizzaro
http://www.maxpellizzaro.com

I did a comparison on the 'JAAS' with Oreilly's Java Security (second ed.) and found the later to be better. This book has one brief example about JAAS(same as Oreilly's), however, all the author did is to explain what is needed for the next step, then goes by the sample code. One the other end, Oreilly's book give you a better understanding on how JAAS can be used and how it is pratically deployed by admin/programmer. I prefer "Java Security" than "Profressional Java Security" by how professionally author has presented the same topic.

I have one last class to finish a graduate degree in Computer Science and a substantial paper is one of the requirements. Since I have taken several classes in security and a passing interest in Java, I decided to look into Java security constructs. I picked up several books for this and I have to say that, despite all of the other reference materials at my disposal, I kept coming back to this book! First, it is well written. IMO, anything that is going to be published should be proofread and grammatically correct. Second, I expect the examples to work given a similar environment. This book does both. I have ran 4-5 examples and they have worked as advertised. The writing is clear and concise. Professionally, I work with databases and I appreciated the coverage of database and JDBC security.
The only other book worth considering is the Inside Java Platform2 Security book by Li Gong. An excellent read. Pick them both up!

This is a very good book to get you started on issues such as encryption, public/private keys, message digests, certificates etc. The authors do know what they are talking about and I enjoyed going through it.

At the same time, I sometimes found repetitive text and code examples that are too elaborate. I find that most books these days try to cover too many topics and are unable to do justice to all of them. It almost seems like an obsession to achieve a certain number of pages or the buyer won't notice the book on the shelf. I'd probably blame the publishers and editors for that trend.

I would have preferred if the authors had added more depth than breadth to the book. For instance, I would have preferred if they had stuck to cryptography and skipped other aspects of java security. They possibly could have gone into further depth (behind the scenes) on the Java classes and their usage patterns. Also they could have dedicated a whole chapter or appendix to JCA and JCE, compared to the few pages they did.

But do not get me wrong, this is an excellent book which could have been made better by shortening some sections and elaborating some others.

I found this book to be very helpful in my quest for info. This subject is difficult to cover and I think Jess and Daniel handled it well.

Good Points: 1. I'll give it an "A" for effort. The authors tried hard to bring accurate and consise info.

2. Great for advanced users. It can get pretty techie witch makes it perfect for an advanced user.

Bad Points: 1. Perhaps a little too techie. If you are not an advanced user, you will probably get frustrated and want to sell off this book.

2. Perhaps multi-authors weren't the best idea here. In here you will see conflicting opinions between two authors that were snuck in, perhaps without them knowing it!

3. Loooooooooonnnnnngggggggggg. This book is extremely long and you need to read most of it to grasp the concept. If you can grasp the concepts before 100 pages then you are a better man than I. (no, dont email me about that statement PLEASE)

Overall: Overall, I would recommend this book to anyone looking for a reference or anyone brave enough to tackle this one.