Java's most striking claim is that it provides a secure programming environment. However, despite lots of discussion, few people understand precisely what Java's claims mean and how it backs up those claims. Java Security is an in-depth exploration aimed at developers, network administrators, and anyone who needs to work with or understand Java's security mechanisms. It discusses in detail what security does and doesn't mean, what Java's default security policies are, and how to create and implement your own policies. In doing so, Java Security provides detailed coverage of security managers, class loaders, the access controller, and much of the java.security package. It discusses message digests, certificates, and digital signatures, showing you how to use Java's facilities for signing classes or to implement your own signature facility. It shows you how to write a class loader that recognizes signed classes, verifies the signature, and cooperates with a security manager to grant additional privileges. It also discusses the problem of managing cryptographic keys and shows you how to implement your own key management systems. Java Security is an essential book for everyone using Java in real-world software. If you're deploying software written in Java, you need to know how to grant your classes the privileges they need, without granting privileges to untrusted classes. You need to know how to protect your systems against intrusion and corruption. Java provides the tools; this book shows you how to use them.

Amazon.com® Reader Reviews (Ranked by Helpfulness)

Average Amazon.com® Rating:  Based on 18 Ratings

Good Overview of Java Security - 2002-09-25
Reviewer Rating:
The term "security" means many different things. This book deals with the built-in security features of Java, which most programmers access through the Security Manager and Access Controller. Overall, I liked this book and found it a really good introduction to secutiry. However, for the price of this book, I expected a lot more infomation. For example, I would have liked it if the author explored the cryptographic package in depth and gave more real world examples of using ciphers and encryption. ALthough this is not technically what the book is about, most people think of cryptogrophy in terms of security.

This book needs a revision. - 2006-04-27
Reviewer Rating:
JDK 1.5 has many updates to platform security as well as APIs. I bought this book recently and it does not have updates after jdk 1.4.

Excellent JAVA book covering all security issues - 2005-08-27
Reviewer Rating:
A good introduction and explanation of the Java language security (sandbox, security manager, access controller and class loaders). The same for criptography, it is clearer than Java criptography. It includes great chapters for SSL and JAAS. God job Scott (Oaks). I really recommend this book both for introduction and guide.

Good Structure - 2004-11-26
Reviewer Rating:
One thing for sure that this book is well structured, chapters are properly segregated and closely linked to each other. It makes introduction to java security seems easy.

I used to find java security a bit complicated, got pieces of information from articles that I read, but I ended up having more questions.

Some of the APIs shown in the examples are deprecated for JDK 1.4, but you can easily replace them with the new classes.

Good on intro...needs an update to JDK 1.4 and above. - 2007-07-29
Reviewer Rating:
The content of this book is dated now and this book needs a revision. The book does not cover Java security from JDK 1.4 and above. I suggest to use Core Security Patterns by Steel, Nagappan, Lay, which covers Java and J2EE security todate.

Browse Similar Topics

Top Level Categories:
Internet/Online
Programming
Security

Sub-Categories:
Internet/Online > Java
Internet/Online > Security
Programming > Java
Security > Software Engineering