• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

To author: What types of security measurements are used?

 
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Among those existing security measurements, like SSL, JAAS, ACL, digital siguature, etc, in what extend you think a J2EE system should adopt, that can regard as a robust system?
In addtion, what is the focus of the book? In management view (what measurements to be adopted), in technology view (what algorithms should be used, like ECC, AES, etc) and in business view (what degree of security level should be archived)?
Thanks.
Nick
 
Author
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Nick,
My answers are below.
Among those existing security measurements, like SSL, JAAS, ACL, digital siguature, etc, in what extend you think a J2EE system should adopt, that can regard as a robust system?
ANSWER: Well, I think it all depends on the requirements of the system. J2EE fits well with many security technologies and standards. So, for example, if there is the need for authentication, JAAS should be used. If authentication and confidentiality is an issue, then JSSE should be used.
In addtion, what is the focus of the book? In management view (what measurements to be adopted), in technology view (what algorithms should be used, like ECC, AES, etc) and in business view (what degree of security level should be archived)?
ANSWER: We worked very hard to meet the requirements of different categories of readers. The book starts in a light way (to introduce the topics, mainly for managers, business people, or people who are not familiar with J2EE security). Then the book explains the architecture of J2EE and J2SE security, which is something that developers and researchers should all know if they are going to work on Java security. The last chapters cover advanced topics. This last part is good for people who are intereted in enhancing Java security.
Thank you for your interest,
Marco
 
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there any free chapters to download?
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Marco,
How about the technical details? How deep will the book covered?
For example, you mention JAAS and JSSE, but to what extend the book discusses them?
Besides Java standard APIs, are there any other APIs to cover? Such as changing in security provider, algorithms, etc
Thanks.
Nick.
 
Marco Pistoia
Author
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Nick,
The book covers those topics in great details. Some of our reviewers told us that they will keep the cryptography chapters as a treasure (in particular, the JCA/JCE chapters, and the JSSE chapter). All these chapters have tons of sample code. Some programs are even 5 pages long. The JAAS chapter explains every detail of authentication and authorization. One of our reviewers on amazon.com said that he finally understood JAAS only after having read that chapter, even though he had worked with JAAS for two years already.
We spent a long time (nights and weekends ) writing this book, so hopefully you will find it useful.
Thanks,
Marco
 
Marco Pistoia
Author
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nick,
I forgot to mention that yes, we do cover the concept of security provider, including how to replace providers etc.
Marco
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Which providers the book used?
I am sure SUN's JCE is one of them, any others? Due to the export restriction, SUN's provider has limited support on *powerful* algorithms.
Nick
reply
    Bookmark Topic Watch Topic
  • New Topic