Home Archive RSS/XML Subscribe Shop

[ISN] Book Review: "Java Security", Scott Oaks

From: mea culpa <jericho_at_dimensional.com>
Date: Fri 24 Jul 1998 - 01:41:41 CDT
From: "Rob Slade" <rslade@sprint.ca>

BKJAVASC.RVW   980520

"Java Security", Scott Oaks, 1998, 1-56592-403-7, U$32.95/C$46.95
%A   Scott Oaks scott.oaks@sun.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   1998
%G   1-56592-403-7
%I   O'Reilly & Associates, Inc.
%O   U$32.95/C$46.95 707-829-0515 fax: 707-829-0104 nuts@ora.com
%P   456 p.
%T   "Java Security"

As the author notes, security means many different things to many
different people.  In the general public, Java security tends to mean
browser and applet security, and the default applet "sandbox."
Therefore I feel obliged to point out that this book is primarily
concerned with the programming of security into systems, and the
security APIs (Applications Programming Interfaces) built into the
language to ease that task.

Chapter one looks at the overall security model for Java, and
particularly at the invocations of programs.  Basic enforcement and
verification is covered in chapter two.  Class loaders, in chapter
three, provide the programmer with a means to specify an almost
arbitrary level of security protection for a program.  Chapter four
details the workings of the security manager, again providing the
programmer with the ability to set specific protections.  The access
controller is new to Java 1.2, is the mechanism that the security
manager now uses to actually permit or deny use of resources, and the
object calls are discussed in chapter five.  Implementation of access
and security policies through the class loader and security manager is
covered in chapter six.

Chapter seven looks at the need for authentication over open networks,
and the security provisions of digital signatures.  The discussion of
cryptography itself is essentially non-existent since, as Oaks notes,
it is not necessary to understand it in order to use it.  Those who
wish to test or implement strong encryption will need to go elsewhere.
Implementation of standard cryptographic protection is via security
providers, reviewed in chapter eight.  Some simple message digest
implementations are described in chapter nine.  Key management is an
important part of cryptography so chapter ten deals with keys and
certificates while chapter eleven reviews the handling of them.
Chapter twelve looks at the functions provided for dealing with
digital signatures.  Specifics for encryption are listed in chapter
thirteen.

Appendices deal with security tools, identity based key management,
resources, and a quick reference chart.

While the book is well written it is not light, and is probably best
suited to those who are well familiar not only with Java programming,
but also the internals of the language.  On the other hand, dealing
with security is a great way to learn the internals of a language.

copyright Robert M. Slade, 1998   BKJAVASC.RVW   980520

-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
Received on Fri Jul 24 10:42:50 1998
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy