The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Securing Java: Getting Down to Business with Mobile Code, 2nd Edition'

Cover of Securing Java: Getting Down to Business with Mobile Code, 2nd Edition
TitleSecuring Java: Getting Down to Business with Mobile Code, 2nd Edition
Author(s)Gary McGraw, Edward W. Felten
ISBN047131952X
LanguageEnglish
PublishedJanuary 1999
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer programming
Amazon.com info for Securing Java: Getting Down to Business with Mobile Code, 2nd Edition

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Securing Java: Getting Down to Business with Mobile Code, 2nd Edition':

Reviewer amazon.com wrote:
The Java environment is relatively secure, as far as network programming languages go. Java has strong security, but not perfect security. Securing Java explains the known security problems with the language and points out steps that programmers can take to prevent bad guys from taking advantage of their Java-based systems. Authors Gary McGraw and Edward W. Felten begin with the sandbox--the original Java security model. They then explain why the sandbox, while secure, was too restrictive and was combined with a code-signing model in Java 2. After explaining how security ought to work, Securing Java reveals a menagerie of applets that have circumvented Java security to achieve a variety of noisome and damaging ends. The authors reveal enough information about these applets to show where the dangers are, and they offer security tips for programmers and network administrators. McGraw and Felten include a brief but well-informed chapter about the security issues raised by the Java Card environment and smart cards generally. A couple of question-and-answer sections toward the end of Securing Java also deserve special recognition. One, on Java security as a whole, provides succinct and accurate answers to questions about how secure Java is and what you can do to minimize your Java security risk. The other Q&A section compares--fairly and with plenty of information--the security features of Java and ActiveX.
Reviewer Rob Slade wrote:
Unlike Oaks "Java Security" (see reviews), this book concentrates on Java in the popular perception: as a means of providing active code on the Web. As such it is intended not simply for techies, but also for dedicated users. Chapter one provides a readily accessible backgrounder, covering portability, the Internet, the Web, active content, security risks, other active content systems, and a rough outline of the Java security model with particular regard to applets. The original Java applet security model, or "sandbox," is covered in chapter two. The security model is now complicated by signed code, and chapter three points out the changes made. Chapter four outlines a number of malicious applets, but also gives clear directions for disabling Java on both the Netscape and Internet Explorer browsers. The authors outline a second class of hostile applets, in chapter five, that are intended to breach system security and allow an attack to bypass normal security mechanisms. There are suggestions for improving the security model, as well as a review of third party attempts to enhance it, in chapter six. (I was amused to see the slight lifting of the skirts of ICSA [International Computer Security Association]: the history of the outfit is a lot more interesting and convoluted even than is portrayed here.) Chapter seven is directed at programmers, but the advice provided looks at practices and policies rather than APIs (Applications Programming Interfaces) and chunks of sample code. A version of Java specifically designed for Smart Cards is available, and chapter eight looks at its promises and problems. A recap and restatement of the major security issues in mobile code is given in chapter nine. Appendices provide a Java security FAQ, security resource pointers, and directions on Java code signing. The text is quite readable. The authors have made a very serious attempt to ensure that the book does not depend upon previous technical background. For the most part, they have succeeded. The diligent reader would be able to understand most of the concepts as presented, even without having worked with computers or computer security. However, the key word is "diligent:" it *feels* like a technical book, and newcomers to the topic may be put off by the style. In addition, McGraw and Felten are careful to avoid any bias. They obviously feel that Java has some worthwhile security measures, but admit to its faults and point out its shortcomings. This makes the book extremely useful: much more so than an uncritical paean of praise. An effective book on an important subject with a wide audience. But you don't have to take my word for it. You can try before you buy. The www.securingjava.com site does not simply contain a few press releases and the errata, but has the whole text of the book online. A bold step. (You can help justify it by then buying the book.) copyright Robert M. Slade, 1999
Add my review for Securing Java: Getting Down to Business with Mobile Code, 2nd Edition

Book description:

Information Security/Java "This book is mandatory reading for every user and developer of Webware." -Peter G. Neumann, Moderator of the Risks Forum, from his review of the first edition Securing Java Java security is more important now than ever before. As Java matures and moves into the enterprise, security takes a more prominent role. But as Java evolves, its security issues and architectures get more complicated. Written by the world's leading experts on mobile code security, this updated and expanded edition of the groundbreaking guide to Java security includes lessons for Web users, developers, system administrators, and business decision-makers alike. This book navigates the uncharted waters of mobile code security and arms the reader with the knowledge required for securing Java. * The Java Security Hotlist: Over 100 categorized and annotated Java security-related Web links * An e-mail list to keep subscribers abreast of breaking Java security news * A complete electronic edition of this book

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement