Download Ebook Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo
Never ever mind if you do not have sufficient time to go to the book establishment and hunt for the preferred e-book to review. Nowadays, the on the internet e-book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo is pertaining to provide simplicity of reviewing habit. You could not should go outdoors to search guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo Searching as well as downloading the e-book qualify Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo in this write-up will provide you better solution. Yeah, online publication Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo is a type of digital e-book that you could enter the link download offered.
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo
Download Ebook Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo
Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo. In what situation do you like reading so considerably? What about the type of the publication Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo The demands to read? Well, everybody has their very own factor why should review some e-books Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo Primarily, it will connect to their requirement to get understanding from guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo as well as desire to check out merely to obtain amusement. Novels, story book, as well as other entertaining books end up being so prominent today. Besides, the scientific publications will also be the finest factor to choose, particularly for the students, teachers, medical professionals, businessman, and also other careers who love reading.
As known, experience and also encounter concerning session, entertainment, and also expertise can be obtained by only checking out a publication Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo Even it is not straight done, you could recognize even more concerning this life, about the world. We offer you this appropriate and simple method to acquire those all. We offer Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo as well as several book collections from fictions to science in any way. One of them is this Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo that can be your companion.
What should you think more? Time to obtain this Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo It is easy then. You could only rest and remain in your area to get this publication Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo Why? It is on the internet publication shop that give numerous collections of the referred publications. So, just with net link, you can delight in downloading this book Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo as well as numbers of books that are hunted for currently. By checking out the link page download that we have provided, guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo that you refer so much can be discovered. Simply save the requested publication downloaded and install then you could delight in guide to review whenever as well as place you desire.
It is really simple to check out guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo in soft data in your gizmo or computer. Once again, why ought to be so difficult to obtain guide Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo if you can select the less complicated one? This website will relieve you to pick and also choose the best cumulative books from one of the most needed vendor to the released book lately. It will certainly consistently update the collections time to time. So, link to internet and also see this website constantly to get the new book every day. Currently, this Inside Java¿ 2 Platform Security: Architecture, API Design, And Implementation (2nd Edition), By Li Gong, Gary Ellison, Mary Dagefo is all yours.
In this text, the architects of the Java security model illustrate the J2SE security system. This second edition is fully updated to chronicle J2SE v1.4 security model enhancements that will allow developers to build safer, more reliable and more implementable programs.
- Sales Rank: #2295416 in Books
- Published on: 2003-06-06
- Released on: 2003-05-27
- Original language: English
- Number of items: 1
- Dimensions: 9.00" h x .90" w x 6.60" l, 1.62 pounds
- Binding: Paperback
- 384 pages
Amazon.com Review
An expert tour of security on the new Java 2 platform, Inside Java 2 Security will find an enthusiastic audience among advanced Java developers and system administrators. As the author notes during the general discussion on network security, safeguarding your system goes far beyond mere cryptography.
This book reviews multiple security threats and the strategies used to combat them, such as denial of service attacks, Trojan horses, and covert channels. In addition, it touches on the evolution of Java security from the restrictive days of the JDK 1.0 sandbox to the sophisticated security features available in Java 2, including a section that presents a list of 11 security bugs found in early versions of Java.
Because Java 2 security is now policy-based, it must be managed by system administrators as part of enterprise security. A chapter on Java 2 security presents the "big picture" as well as the classes used to implement policy-based security where developers can control access to an entire system like files, network resources, or runtime permissions on code. The book also discusses the rather primitive tools used for Java 2 security management such as the policytool utility. For advanced developers, further sections demonstrate how to create new permission classes and how to make JDK 1.1 security code migrate to Java 2.
A section on the Java Cryptography Architecture (JCA) shows that Java 2 supports the latest in encryption standards like SHA, DSA, RSA, and X.509 certificates. The text concludes with some well-considered predictions for the future of security on the Java platform. In the meantime, this book shows you what you will need to know about security when committing to Java 2 on the enterprise. Security is now part of the picture and will require both extra development time and administrative effort. --Richard Dragan
From the Inside Flap
Give me a lever and a fulcrum, and I can move the globe. --Archimedes
Since Java technology's inception, and especially its public debut in the spring of 1995, strong and growing interest has developed regarding the security of the Java platform, as well as new security issues raised by the deployment of Java technology. This level of attention to security is a fairly new phenomenon in computing history. Most new computing technologies tend to ignore security considerations when they emerge initially, and most are never made more secure thereafter. Attempts made to do so typically are not very successful, as it is now well known that retrofitting security is usually very difficult, if not impossible, and often causes backward compatibility problems. Thus it is extremely fortunate that when Java technology burst on the Internet scene, security was one of its primary design goals. Its initial security model, although very simplistic, served as a great starting place, an Archimedean fulcrum. The engineering talents and strong management team at JavaSoft are the lever; together they made Java's extensive security architecture a reality.
From a technology provider's point of view, security on the Java platform focuses on two aspects. The first is to provide the Java platform, primarily through the Java Development Kit, as a secure, platform on which to run Java-enabled applications in a secure fashion. The second is to provide security tools and services implemented in the Java programming language that enable a wider range of security-sensitive applications, for example, in the enterprise world.
I wrote this book with many purposes in mind. First, I wanted to equip the reader with a brief but clear understanding of the overall picture of systems and network security, especially in the context of the Internet environment within which Java technology plays a central role, and how various security technologies relate to each other.
Second, I wanted to provide a comprehensive description of the current security architecture on the Java platform. This includes language features, platform APIs, security policies, and their enforcement mechanisms. Whenever appropriate, I discuss not only how a feature functions, but also why it is designed in such a way and the alternative approaches that we--the Java security development team at Sun Microsystems--examined and rejected. When demonstrating the use of a class or its methods, I use real-world code examples whenever appropriate. Some of these examples are synthesized from the JDK 1.2 code source tree.
Third, I sought to tell the reader about security deployment issues, both how an individual or an enterprise manages security and how to customize, extend, and enrich the existing security architecture. Finally, I wanted to help developers avoid programming errors by discussing a number of common mistakes and by providing tips for safe programming that can be immediately applied to ongoing projects. How This Book Is Organized
This book is organized as follows: Chapter 1. A general background on computer, network, and information security Chapter 2. A review of the original Java security model, the sandbox Chapter 3. An in-depth look at the new security architecture in JDK 1.2, which is policy-driven and capable of enforcing fine-grained access controls Chapter 4. An explanation of how to deploy and utilize the new security features in JDK 1.2, including security policy management, digital certificates, and various security tools Chapter 5. A demonstration of how to customize various aspects of the security architecture, including how to move legacy security code onto the JDK 1.2 platform Chapter 6. A review of techniques to make objects secure and tips for safe programming Chapter 7. An outline of the Java cryptography architecture along with usage examples Chapter 8. A look ahead to future directions for Java security
This book is primarily for serious Java programmers and for security professionals who want to understand Java security issues both from a macro (architectural) point of view as well as from a micro (design and implementation) perspective. It is also suitable for nonexperts who are concerned about Internet security as a whole, as this book clears up a number of misconceptions around Java security.
Throughout this book, I assume that the reader is familiar with the fundamentals of the Java language. For those who want to learn more about that language, the book by Arnold and Gosling is a good source. This book is not a complete API specification. For such details, please refer to JDK 1.2 documentation. Acknowledgments
It is a cliche to say that writing a book is not possible without the help of many others, but it is true. I am very grateful to Dick Neiss, my manager at JavaSoft, who encouraged me to write the book and regularly checked on my progress. Lisa Friendly, the Addison-Wesley Java series editor, helped by guiding me through the writing process while maintaining a constant but "friendly" pressure. The team at Addison-Wesley was tremendously helpful. I'd like particularly to thank Mike Hendrickson, Katherine Kwack, Marina Lang, Laura Michaels, Marty Rabinowitz, and Tracy Russ. They are always encouraging, kept faith in me, and rescued me whenever I encountered obstacles.
This book is centered around JDK 1.2 security development, a project that lasted fully two years, during which many people inside and outside of Sun Microsystems contributed in one way or another to the design, implementation, testing, and documentation of the final product. I would like to acknowledge Dirk Balfanz, Bob Blakley, Josh Bloch, David Bowen, Gilad Bracha, David Brownell, Eric Chu, David Connelly, Mary Dageforde, Drew Dean, Satya Dodda, Michal Geva, Gadi Guy, Graham Hamilton, Mimi Hills, Larry Koved, Charlie Lai, Sheng Liang, Tim Lindholm, Jan Luehe, Gary McGraw, Marianne Mueller, Tony Nadalin, Don Neal, Jeff Nisewanger, Yu-Ching Peng, Hemma Prafullchandra, Benjamin Renaud, Roger Riggs, Jim Roskind, Nakul Saraiya, Roland Schemers, Bill Shannon, Tom van Vleck, Dan Wallach, and Frank Yellin. I also appreciate the technical guidance from James Gosling and Jim Mitchell, as well as management support from Dick Neiss, Jon Kannegaard, and Alan Baratz. I have had the pleasure of chairing the Java Security Advisory Council, and I thank the external members, Ed Felten, Peter Neumann, Jerome Saltzer, Fred Schneider, and Michael Schroeder for their participation and superb insights into all matters that relate to computer security.
Isabel Cho, Lisa Friendly, Charlie Lai, Jan Luehe, Teresa Lunt, Laura Michaels, Stephen Northcutt, Peter Neumann, and a number of anonymous reviewers provided valuable comments on draft versions of this book.
G. H. Hardy once said that young men should prove theorems, while old men should write books. It is now time to prove some more theorems. Li Gong
Los Altos, California
June 1999 0201310007P04062001
From the Back Cover
Inside Java™ 2 Platform Security, the definitive and comprehensive guide to the Java security platform, has been thoroughly updated to reflect key additions and revisions to Java security technologies currently in use by leading technology companies. This second edition, penned by the Java experts at Sun Microsystems, provides a detailed look into the central workings of the Java security architecture and describes tools and techniques for successful implementation on even the most demanding network computing environment.
While Java has always provided a stronger security model than other platforms, this book reviews all the methods and practices required to improve security without sacrificing functionality. With tips on how to customize, extend, and refine the Java security architecture, users will have everything they need to protect their information assets from both external and internal threats.
This book's in-depth coverage encompasses security architecture, deployment, customization, new developments, and much more.
Security fundamentals Secure class loading Specifying fine-grained security policy Enforcing security policy with AccessController, SecurityManager, and more Digital certificates, certification paths, signed code, JAAS, and other authentication measures Java-based cryptography with code examples JSSE, Java GSS-API, and RMI for network security Previews of other platforms for security, including Java Card, J2ME and Jini Designed for both the system administrator and software practitioner, this book delivers vital knowledge for building and maintaining a secure system using the Java 2 platform. With detailed code and usage examples throughout, Inside Java™ 2 Platform Security, Second Edition , is an indispensable resource for all platform security needs.
The Java™ Series is supported, endorsed, and authored by the creators of the Java technology at Sun Microsystems, Inc. It is the official place to go for complete, expert, and definitive information on Java technology. The books in this Series provide the inside information you need to build effective, robust, and portable applications and applets. The Series is an indispensable resource for anyone targeting the Java™ 2 platform.
Most helpful customer reviews
15 of 16 people found the following review helpful.
Go and buy this book
By Wilfred Springer
If you are new to Java, then you shouldn't buy this book.
If you are new to security, then you shouldn't buy this book.
If you prefer loads of examples instead of dense and precise explanations, then you shouldn't buy this book.
If you are looking for a pictorial guide on Java security, then you would probably have to go somewhere else as well.
However...
If you know your Java basics,
If you like completeness,
If you like preciseness,
If you want to know why the APIs look the way they do,
If you take nothing for granted,
If you want an update on latest changes,
If you like things to be drawn in a historical perspective,
If you want a book that you can pick up and read a chapter without having to go through it in a linear way,
If you are serious about security,
In that case you should now pick up your coat, and run to the nearest bookstore to buy this book.
The only thing I found odd in this book is the introduction into security, covering a discussion in general, and an overview of different types of security and access control models. The weird thing is that it introduces a lot of concepts, without actually refering to any of them in the chapters later on.
6 of 7 people found the following review helpful.
Not an easy read, but well worth the effort
By Satadru Roy
I'm not surprised this book has drawn so many negative reviews. This book is indeed difficult to digest but then the Java Security model itself is rich, subtle and takes time to master. The book does an admirable job of explaining the motivation behind the complete overhaul of the Java 1.1 security architecture, the Java 2 security API design nuances, the flexibility of the fine-grained access-control model in Java 2 and how the backward compatibility concerns with code written with 1.1 style security checks were addressed in the new design. The book also has an intersting chapter addressing security needs of objects in transit (RMI) and a short chapter on cryptography, which anyway is a vast subject in its own right. The key chapters to read are the 3,4 and 5, especially for people who have some background in Java 2 security.
On the negative side, I have to say, the book is inconsistent in parts - I have trouble believing that Li Gong wrote the entire book himself. It's amazing to see chapters discussing at length how you install Java 2, change your CLASSPATH on different platforms etc. while in the same book elsewhere, you see terse, packed explanations about how the classloader hierarchy works in 1.2 or how the basic access control algorithm is extended for privileged operations and some very concise but useful discussions about possible design alternatives in the core library itself. The code samples are very insightful in that they illustrate the workings of some of the core library classes itself with the new security infrastrucure and not some toy samples. However, this also makes the book an unlikely candidate for gleaning ready to use code samples from, which means, if you are looking for how to's and not whys this is probably not the book for you, you might want to consider the Oreilly book.
For people well experienced in Java and OO design, if you want to learn insights about why the security apis are designed the way they are, you might well consider giving this book multiple reads. It's well worth the effort.
In short, this is a difficult but good book. Hopefully, in subsequent editions Li Gong would work on making it better, and also include more details on interesting new additions like JAAS etc.
4 of 4 people found the following review helpful.
Required reading for anyone planning to use the Java SA
By hhinton@ee.ryerson.ca
This book provides comprehensive coverage of the Java Security Architecture.
As with all good security books, this one begins with an introduction to the fundamentals of computer and network security. For those new to Java security, there is also brief intro to security of the Java language and platform. The book quickly gets into the details of the new Security Architecture, with a detailed description of what is there, why it is there and how to use it. Sections on deploying and customizing the SA are of practical use to anyone in this situation. The book also contains a concise and useful discussion of object security and how to go about getting it. There is a detailed discussion of the Java Cryptography Architecture, a must if you plan on using the cryptographic functionality. The book concludes with a thought-provoking section on future directions. This book stands out because of the insightful discussions on why design decisions were made and the implications of these decisions. This makes the book interesting reading even if you aren't going to implement the SA in the immediate future. If you are planning on implementing the SA, don't do it without this book within grabbing distance.
See all 13 customer reviews...
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo PDF
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo EPub
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo Doc
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo iBooks
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo rtf
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo Mobipocket
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo Kindle
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo PDF
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo PDF
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo PDF
Inside Java¿ 2 Platform Security: Architecture, API Design, and Implementation (2nd Edition), by Li Gong, Gary Ellison, Mary Dagefo PDF
