- Paperback: 192 pages
- Publisher: Wiley; 1 edition (December 31, 1996)
- Language: English
- ISBN-10: 047117842X
- ISBN-13: 978-0471178422
- Product Dimensions: 7.5 x 0.5 x 9.2 inches
- Shipping Weight: 13.6 ounces (View shipping rates and policies)
- Average Customer Review: 4 customer reviews
- Amazon Best Sellers Rank: #3,299,558 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Java Security 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
There is a newer edition of this item:
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Customers who viewed this item also viewed
What other items do customers buy after viewing this item?
Right at the beginning the authors admit that " ... there is no black-and-white answer to the question, should I use Java?," and that the purpose of this book is to help you make your own decision. As an aid to systems administrators who are judging whether to enable Java on their company's computers, this book is worth the short time it takes to read it.
Java Security begins with a description of the aims and features of the Java language and its security model, a description that will hold no surprises for the moderately experienced Java programmer. Authors Gary McGraw and Edward W. Felten, both professional hunters of Java security flaws, then spend a little too long detailing their past glories: the flaws in Java that they and others have found, but have long since fixed. They also list ongoing nuisance problems, suggestions and predictions for Java's future, and a short list of "antidotes" users can take to avoid risks.
Read the full review for this book.
Securing Java, a successor volume by Gary McGraw and Edward W. Felten to their 1997 Java Security, is an ambiguous book. Securing Java is really about insecuring Java. It's about errors, errors of strategy and tactics, errors existential in nature, errors which potentially allow the malevolent cracker to code what is literally a killer Java applet.
McGraw and Felten are part of the security research community. They know whereof they speak and describe the taxonomy of nearly every recorded Java security lapse, whether inherent in Sun's design or resultant from vendor miscues in virtual machine implementation. While many of the holes in the model have already been patched, the emphasis is on what types of things to look for, from what directions one might anticipate finding a security hole. "Security holes can be likened to pitons," the book says, "Sometimes one piton is enough to help a climber make it to the top ... other times, more than one piton may be needed."
Securing Java is excellently edited and designed, a gripping technical "whatdoneit" that should have Dilbert sitting on the edge of his seat.The publisher is daringly operating under the theory that you will like what you see and need a copy to carry with you on the airplane. The authors do not believe that the free web version will impact sales of the printed book. In any event, you can order the paper book from the web page. --Jack Woehr, Dr. Dobb's Journal -- Dr. Dobb's Journal
Browse award-winning titles. See more
Top customer reviews
At under 160 pages of text (not counting the appendices), Java Security provides a superb overview of security issues involved with using Java. The authors are security veterans. Felton heads up the Princeton University Safe Internet Programming Team and is famous for discovering quite a few holes in the Java security model.
One might think that two security experts who know the depths and implications of Java security may come out with a reference with suggestions that are overly restrictive and perhaps paranoid. That is not the case here. The recommendations that the book suggests are rational and reasonable. Java Security provides commendable guidelines on how to use Java more safely and what the future holds for Java security features.
The 6 chapters of the book provide an excellent and comprehensive analysis to all aspects of Java security. Chapter 2 provides a significant amount of detail about the Java Security Model, with in-depth coverage of the 3 prongs (as they call it) of the security model, namely: the Byte Code Verifier, the Applet Class Loader and the Security Manager.
Chapter 3 follows with a discussion detailing serious holes in the security model. The authors consider a flaw to be serious when the breach has the potential to corrupt data, reveal private information, or infecting the workstation with a virus. They fittingly note that all of the flaws detailed in the chapter have been fixed by Netscape and Microsoft. The function of the chapter is to show what sort of things can go wrong. Chapter 3 concludes with a summary of 8 significant security problems that were discovered last year in implementations of Java.
The book also goes into great detail on what developers and end-users can do to make Java much more secure. Their six guidelines for Safer Java use are:
1. Know what web sites you are visiting 2. Know your Java environment 3. Use up-to-date browsers with the latest security updates 4. Keep a lookout for security alerts 5. Apply drastic measures if your information is truly critical 6. Access your risks
Fenton has his doctorate in computer science, nonetheless, the book is written in a very clear and coherent manner. Add this to your bookshelf.
This book was written 6 years ago in the days of NN 2.0 and IE 3.0 .. Although it's more then
outdated by now it clearly explains what security risks exist for Java-enabled browsers
and answers my (and may be your) question "How the hell applets can break through Security Manager ?!"
It's main idea is to explain readers what harm applets can do, why is it possible at all
and what is done about the subject by the browser manufactures. Good work for 1996.
Note that it's not "Java security book" in the terms you may think today - in 1996 Java
was only understood as a flashy applets popping-up in the Web.
world today, and the odds of striking a Netscape user are
in your favor. The odds are even better that this person
either knows nothing of Java or believes that it is safe.
Pick up almost any book on Java programming, and you will
see the same superficial and misleading treatment of
security issues. This important book is the first one to
address the myriad problems raised by Java. It clearly and
concisely explains past problems, current issues, and future
risks. McGraw and Felten grab the high and mighty Java
industry by the ear, and they offer sane and sensible advice
to every level of Java programmer and user. One can only
wish that this book had appeared a year earlier and had been
widely read by Java's cheerleaders and hucksters. Perhaps
then more of the problems would have been solved by now,
and fewer risks would remain.
information. It would be useful for anyone from novice users to managers to Java Programmers who are concerned about security. In fact, I
strongly recommend them buying a copy to read as this is one of the best technical books I've read in a long time. The only audience I wouldn't
recommend it for are the people who are doing very advanced Java Security work such as writing their own Security Manager, but they may
even learn something from it.