The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Web Security & Commerce (O'Reilly Nutshell)'

Cover of Web Security & Commerce (O'Reilly Nutshell)
TitleWeb Security & Commerce (O'Reilly Nutshell)
Author(s)Simson Garfinkel, Gene Spafford
ISBN1565922697
LanguageEnglish
PublishedJune 1997
PublisherO'Reilly & Associates
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Back to shelf World Wide Web
Amazon.com info for Web Security & Commerce (O'Reilly Nutshell)

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Web Security & Commerce (O'Reilly Nutshell)':

Reviewer amazon.com wrote:
Garfinkel and Spafford, longtime Net veterans, overturn a lot of misconceptions about online security in a commonsense book that is easily accessible to even nontechnical readers. They make it clear that any commercial Web site requires careful attention to security­-even if the site doesn't carry any sensitive information. Furthermore, the authors show that there's a lot more to security than merely encrypting transmissions. Their goal is to lay the foundation for securing the three parts of a system: the Web server and its data; the information that travels between server and user; and the user's own computer and the information stored there. Because of the rapidly evolving nature of Web security, Garfinkel and Spafford are not specific in terms of security flaws and tools to fix them. Instead, they emphasize laying out the Web-security principles that will be applicable throughout several generations of hardware and software change. In the process, they give extensive coverage to user safety, digital certificates, cryptography, Web-server security, and the larger issues of commerce and society. Appendix A shows the lessons of the book in action as it details Garfinkel's experience running and securing the Vineyard.net Internet service provider.
Reviewer Rob Slade wrote:
Anyone who does not know the names Spafford and Garfinkel simply does not know the field of data security. The authors, therefore, are well aware that data security becomes more complex with each passing week. They note, in the Preface, that the book cannot hope to cover all aspects of Web security, and therefore they concentrate on those topics that are absolutely central to the concept, and/or not widely available elsewhere. Works on related issues are suggested both at the beginning and end of the book. Chapter one, which is also part one, introduces the topic, and the various factors involved in Web security. The topic is examined from the perspective of the user and vendor, and also looks at vulnerabilities at the server site, client computer, and the network in between. Part two concerns the user. Chapter two looks at the various possible problems with browsers, not all of which are related to Web page programming. Java security is only marginally understood by many "experts," and not at all by users, so the coverage in chapter three is careful to point out the difference between safety, security, and the kind of security risks that can occur even if the sandbox *is* secure. ActiveX and the limitations of authentication certificates are thoroughly explored in chapter four. Chapter five looks briefly but analytically at the possible invasions of privacy that can occur on the Web. Part three deals more completely with the question of digital certificates. Chapter six explains the various techniques for identification confirmation. The use of certification authorities is reviewed in chapter seven, including the activity this can generate on Web browsers. Chapter eight covers the steps needed to obtain a client-side digital certificate from Verisign. Microsoft's Authenticode code signing system is detailed in chapter nine. Cryptography must be invoked at some point for any kind of data security, and particularly for security over insecure networks, so part four invests some depth in the topic. Chapter ten starts with cryptographic basics, simply in terms of the various functions cryptography can provide. Functional limitations of cryptography, various existing systems, and US and international regulation with respect to the technology are discussed in chapter eleven. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are described in chapter twelve. Part five details technical aspects of securing Web servers. Traditional host security weaknesses are reviewed in chapter thirteen. Chapter fourteen looks at specific strengthening measures for Web servers. Rules for secure CGI (Common Gateway Interface) and API (Application Programmer Interface) programming are promulgated in chapter fifteen, along with tips for various languages. Commercial and societal concerns are major areas in Web security, so part six reviews a number of topics related to commerce, as well as other social factors. Chapter sixteen looks at current non-cash payment systems, and the various existing, and proposed, digital payment systems for online commerce. Censorship and site blocking are carefully examined in chapter seventeen. A variety of legal issues are discussed, civil in chapter eighteen, and criminal in nineteen. In reviewing books I very often find that appendices are often filler. The most useful tend to be bibliographies or lists of vendor contacts. Too many seem to be mere self-indulgent filler used by the author to pad out the book. Although it has almost nothing to do with Web security as such, I very much enjoyed Appendix A, Garfinkel's recounting of the lessons learned in setting up a small ISP (Internet Service Provider). (I suppose that this could be considered valid coverage of Web commerce.) The other appendices are more directly related to the topic, including information on the installation of Web server certificates, the SSL protocol, the PICS (Platform for Internet Content Selection) specification, and references. In comparison to Stein's "Web Security" I find it very difficult to choose between the two. Each is readable, and each is aimed pretty much at the same target audience. There is little to choose between them for technical depth: each has useful information that the other does not. Both are excellent: what the heck, buy two, they're small. copyright Robert M. Slade, 1998
Add my review for Web Security & Commerce (O'Reilly Nutshell)

Book description:

Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers--is this what the World Wide Web is really all about? Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual (but concerned) Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book. Topics include: User safety--browser vulnerabilities (with an emphasis on Netscape Navigator and Microsoft Internet Explorer), privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins. Digital certificates--what they are, how they assure identity in a networked environment, how certification authorities and server certificates work, and what code signing all about. Cryptography--an overview of how encryption works on the Internet and how different algorithms and programs are being used today. Web server security--detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming. Commerce and society--how digital payments work, what blocking software and censorship technology (e.g., PICS and RSACi) is about, and what civil and criminal issues you need to understand.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement