The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Web Security, Privacy and Commerce'

Cover of Web Security, Privacy and Commerce
TitleWeb Security, Privacy and Commerce
Author(s)Simson Garfinkel, Gene Spafford, Debby Russell
ISBN0596000456
LanguageEnglish
PublishedJanuary 2002
PublisherO'Reilly & Associates
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Back to shelf Privacy
Amazon.com info for Web Security, Privacy and Commerce

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Web Security, Privacy and Commerce':

Reviewer Rob Slade wrote:
Anyone who does not know the names Spafford and Garfinkel simply does not know the field of data security. The authors, therefore, are well aware that data security becomes more complex with each passing week. This is, after all, the second edition of what was originally published under the title "Web Security and Commerce," and, while it is still recognizable as such, the work is essentially completely re- written. The authors note, in the Preface, that the book cannot hope to cover all aspects of Web security, and therefore they concentrate on those topics that are absolutely central to the concept, and/or not widely available elsewhere. Works on related issues are suggested both at the beginning and end of the book. A greatly expanded part one introduces the topic, and the various factors involved in Web security. Chapter one is a very brief overview of Web security considerations and requirements, with some material on general security concepts and risk analysis. The underlying architecture of the Web is examined in chapter two, although this is basically limited to Internet structures. (While the material is quite informative, perhaps some examples of HTTP [HyperText Transfer Protocol] would add value.) Cryptography is explained reasonably well in chapter three: there is no in-depth discussion of cryptographic algorithms, but these details can be readily found in other works. Chapter four deals with cryptographic uses, and also with legal restrictions. The concepts and limitations of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are given in chapter five, although the operational details are not covered. Chapter six starts out with a general discussion of identification and authentication,but then gets bogged down in the details of using PGP (Pretty Good Privacy). The coverage of digital certificates, in chapter seven, is likewise constricted by a dependence upon system technicalities. Part two concerns the user. Chapter two looks at the various possible problems with browsers, not all of which are related to Web page programming. Chapter eight looks analytically at the possible invasions of privacy that can occur on the Web. Some non-technical techniques of protecting your privacy, such as good password choice, are described in chapter nine, with various technical means listed in chapter ten. Chapter eleven reviews backups and some physical protection systems. ActiveX and the limitations of authentication certificates, as well as plugins and Visual Basic, are thoroughly explored in chapter twelve. Java security is only marginally understood by many "experts," and not at all by users, so the coverage in chapter thirteen is careful to point out the difference between safety, security, and the kind of security risks that can occur even if the sandbox *is* secure. Part three details technical aspects of securing Web servers. Chapter fourteen looks at physical security and disaster recovery measures. Traditional host security weaknesses are reviewed in chapter fifteen. Rules for secure CGI (Common Gateway Interface) and API (Application Programmer Interface) programming are promulgated in chapter sixteen, along with tips for various languages. More details on the server- side use of SSL is given in chapter seventeen. Chapter eighteen looks at specific strengthening measures for Web servers. You legal options for prosecuting a computer crime is reviewed in chapter nineteen. Commercial and societal concerns in regard to content are major areas in Web security, so part six reviews a number of topics related to commerce, as well as other social factors. Chapter twenty discusses a number of technical access control technologies, by system. Obtaining a client-side certificate is described in chapter twenty one. Microsoft's Authenticode system is reviewed yet again in chapter twenty two. Censorship and site blocking are carefully examined in chapter twenty three. Privacy policies, systems, and legislation are reviewed in chapter twenty four. Chapter twenty five looks at current non-cash payment systems, and the various existing, and proposed, digital payment systems for online commerce. Having already studied criminal problems earlier, the book now turns to civil and intellectual property issues, such as copyright, in chapter twenty six. Although it has almost nothing to do with Web security as such, I very much enjoyed Appendix A, Garfinkel's recounting of the lessons learned in setting up a small ISP (Internet Service Provider). (I suppose that this could be considered valid coverage of Web commerce.) The other appendices are more directly related to the topic, including the SSL protocol, the PICS (Platform for Internet Content Selection) specification, and references. Although the material has been valuably expanded and updated, some of the new content is less worthwhile. The extensive space given to specific products will probably date quickly, although the surrounding conceptual text will continue to provide helpful guidance. Certainly for anyone dealing with Web servers or running ISPs, this is a reference to consider seriously. copyright Robert M. Slade, 1998
Add my review for Web Security, Privacy and Commerce

Book description:

Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers--is this what the World Wide Web is really all about? Web Security, Privacy & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book. Topics include: User safety--browser vulnerabilities (with an emphasis on Netscape Navigator and Microsoft Internet Explorer), privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins. Digital certificates--what they are, how they assure identity in a networked environment, how certification authorities and server certificates work, and what code signing all about. Cryptography--an overview of how encryption works on the Internet and how different algorithms and programs are being used today. Web server security--detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming. Commerce and society--how digital payments work, what blocking software and censorship technology (e.g., PICS and RSACi) is about, and what civil and criminal issues you need to understand.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement