wood burning stoves 2.0*
The moose likes Security and the fly likes To author: What types of security measurements are used? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "To author: What types of security measurements are used?" Watch "To author: What types of security measurements are used?" New topic
Author

To author: What types of security measurements are used?

Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
Among those existing security measurements, like SSL, JAAS, ACL, digital siguature, etc, in what extend you think a J2EE system should adopt, that can regard as a robust system?
In addtion, what is the focus of the book? In management view (what measurements to be adopted), in technology view (what algorithms should be used, like ECC, AES, etc) and in business view (what degree of security level should be archived)?
Thanks.
Nick


SCJP 1.2, OCP 9i DBA, SCWCD 1.3, SCJP 1.4 (SAI), SCJD 1.4, SCWCD 1.4 (Beta), ICED (IBM 287, IBM 484, IBM 486), SCMAD 1.0 (Beta), SCBCD 1.3, ICSD (IBM 288), ICDBA (IBM 700, IBM 701), SCDJWS, ICSD (IBM 348), OCP 10g DBA (Beta), SCJP 5.0 (Beta), SCJA 1.0 (Beta), MCP(70-270), SCBCD 5.0 (Beta), SCJP 6.0, SCEA for JEE5 (in progress)
Marco Pistoia
Author
Greenhorn

Joined: Apr 19, 2004
Posts: 27
Hi Nick,
My answers are below.
Among those existing security measurements, like SSL, JAAS, ACL, digital siguature, etc, in what extend you think a J2EE system should adopt, that can regard as a robust system?
ANSWER: Well, I think it all depends on the requirements of the system. J2EE fits well with many security technologies and standards. So, for example, if there is the need for authentication, JAAS should be used. If authentication and confidentiality is an issue, then JSSE should be used.
In addtion, what is the focus of the book? In management view (what measurements to be adopted), in technology view (what algorithms should be used, like ECC, AES, etc) and in business view (what degree of security level should be archived)?
ANSWER: We worked very hard to meet the requirements of different categories of readers. The book starts in a light way (to introduce the topics, mainly for managers, business people, or people who are not familiar with J2EE security). Then the book explains the architecture of J2EE and J2SE security, which is something that developers and researchers should all know if they are going to work on Java security. The last chapters cover advanced topics. This last part is good for people who are intereted in enhancing Java security.
Thank you for your interest,
Marco


Marco Pistoia, Ph.D.<br /><a href="http://www.research.ibm.com/people/p/pistoia/" target="_blank" rel="nofollow">http://www.research.ibm.com/people/p/pistoia/</a>
Mary Wallace
Ranch Hand

Joined: Aug 25, 2003
Posts: 138
Is there any free chapters to download?
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
Hi Marco,
How about the technical details? How deep will the book covered?
For example, you mention JAAS and JSSE, but to what extend the book discusses them?
Besides Java standard APIs, are there any other APIs to cover? Such as changing in security provider, algorithms, etc
Thanks.
Nick.
Marco Pistoia
Author
Greenhorn

Joined: Apr 19, 2004
Posts: 27
Hi Nick,
The book covers those topics in great details. Some of our reviewers told us that they will keep the cryptography chapters as a treasure (in particular, the JCA/JCE chapters, and the JSSE chapter). All these chapters have tons of sample code. Some programs are even 5 pages long. The JAAS chapter explains every detail of authentication and authorization. One of our reviewers on amazon.com said that he finally understood JAAS only after having read that chapter, even though he had worked with JAAS for two years already.
We spent a long time (nights and weekends ) writing this book, so hopefully you will find it useful.
Thanks,
Marco
Marco Pistoia
Author
Greenhorn

Joined: Apr 19, 2004
Posts: 27
Nick,
I forgot to mention that yes, we do cover the concept of security provider, including how to replace providers etc.
Marco
Nicholas Cheung
Ranch Hand

Joined: Nov 07, 2003
Posts: 4982
Which providers the book used?
I am sure SUN's JCE is one of them, any others? Due to the export restriction, SUN's provider has limited support on *powerful* algorithms.
Nick
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: To author: What types of security measurements are used?