File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Welcome to our guest author! Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Welcome to our guest author!" Watch "Welcome to our guest author!" New topic
Author

Welcome to our guest author!

Thomas Paul
mister krabs
Ranch Hand

Joined: May 05, 2000
Posts: 13974
A big JavaRanch welcome to Pankaj Kumar, author of J2EE Security for Servlets, EJBs, and Web Services. He will be with us this week to talk about his book and answer our questions about security in Java.
We will be giving away a copy of the book to four lucky winners. So check the book promotion page for the rules and you may win a copy of the book!


Associate Instructor - Hofstra University
Amazon Top 750 reviewer - Blog - Unresolved References - Book Review Blog
Vijay S. Rathore
Ranch Hand

Joined: Oct 29, 2001
Posts: 449
Welcome Pankaj,
I read the review of the book on Amazon, it indicates more of positive aspects than negative. Where can I get the Index of the book. I was curious about the detailed topics/contents covered in the book.
One more thing, what is the coverage of security with respect to Websphere App Server?
Vijay


SCJP, SCJD, SCWCD1.4, IBM486, IBM484, IBM 483, IBM 287, IBM141, IBM Certified Enterprise Developer - WebSphere Studio, V5.0
Author of IBM 287 Simulator Exam
Vad Fogel
Ranch Hand

Joined: Aug 25, 2003
Posts: 504
Not much of promotion activity has been going on so far... Have the authors arrived at the forum at all? :roll:
Ernest Friedman-Hill
author and iconoclast
Marshal

Joined: Jul 08, 2003
Posts: 24166
    
  30

Pankaj is actually a regular contributor to the 'Ranch. He'll be here, don't worry!


[Jess in Action][AskingGoodQuestions]
Pankaj Kr
Author
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
Originally posted by Thomas Paul:
[QB]A big JavaRanch welcome to Pankaj Kumar, author of J2EE Security for Servlets, EJBs, and Web Services. He will be with us this week to talk about his book and answer our questions about security in Java.
QB]

Hi Tom,
Thanks for the warm Welcome!
And yes, I will be around this week. And next week. And next week ...


Pankaj Kumar
Home - WebLog - J2EE Security
Pankaj Kr
Author
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
Originally posted by Vijay Rathore:
I read the review of the book on Amazon, it indicates more of positive aspects than negative. Where can I get the Index of the book. I was curious about the detailed topics/contents covered in the book.

Hi Vijay,
You can find the table of contents, the free sample chapter and a lot of goodies at the book's home page http://www.j2ee-security.net.
One more thing, what is the coverage of security with respect to Websphere App Server?

The book focuses on Java/J2EE standards and doesn't cover specific products. However, it does use specific products for illustrating examples -- Apache Tomcat for web applications, Apache Axis for Web Services and BEA WebLogic for EJBs.
Vijay S. Rathore
Ranch Hand

Joined: Oct 29, 2001
Posts: 449
Pretty impressive, I would definitely like to win the book.
Do you have any plans to incorporate JSSE (Java Secure Socket Extensions) and JGSS (Java General Security Services) in near future in your book?
How tough it would be for a person to implement all the programs using any other App Server. Means can the sample programs be easily ported to any App Server.
Pankaj Kr
Author
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
JSSE is already covered. In fact, the chapter on JSSE is available for free download at java.net.
And I will certainly include JGSS if my publisher ever decides to come out with a 2nd edition (which depends on how much money they make from the 1st edition.
Porting the examples to different app servers should not be too difficult -- I tried to use standard APIs and descriptors wherever possible.
Vijay S. Rathore
Ranch Hand

Joined: Oct 29, 2001
Posts: 449
Usually is there any cost involved while implementing the security at various levels in an application?
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
Originally posted by Vijay Rathore:
Usually is there any cost involved while implementing the security at various levels in an application?
Implementing something always costs money... I guess you're asking whether it has some unexpected risk factors that can explode your budget, am I correct?


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Vijay S. Rathore
Ranch Hand

Joined: Oct 29, 2001
Posts: 449
Obviously there will be some budget for the design, coding admin and implementation. But apart from that do we have to pay for using these APIs or most of them are free with open license.
Or once you start using them in future you have to pay to use these APIs apart from ‘ unexpected risk factors that can explode the budget’
Pankaj Kr
Author
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
The basic capabilities and APIs are part of the J2SE/J2EE SDK. Open source implementations like Bouncy Castle add more capbilities and are free. However, if you want to use a commercial implementation (for support reasons), you got to pay for those.
With opensource implementations, you always have the risk that someday some company will claim patent/copyright infringement and may ask to be compensated. Think Linux and SCO.
Another potential risk is of that of violating export/import laws -- there are usually country-specific laws on what cryptograhic s/w you can export or import.
Another hidden cost could be the cost of managing security (like the cost of hiring a person who issues new passwords on reported lost passwords, or buying and managing certificates).
In nutshell, there are costs associated with security. As an enterprise, what one needs to do is to take a "risk management approach" -- balance the cost of security with the risk of no-security.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Welcome to our guest author!
 
Similar Threads
Recommended books/readings for OOP
Welcome to Vincent Massol
Welcome!
Welcome to Daryl Wilding-McBride
* Welcome OWASP