to what extends have basic networking security issues been adressed in this edition of the Java Network Programming book? I remeber the 2nd edition already covered how to use the SSL. But I missed some basic awareness building on what it means to have an application "out there in the open".
Security is really a book in itself. In fact, it's several books. I doubt one book could cover it all. Certainly it couldn't cover the field and still teach readers how to write network programs. Chapter 11 covers the Java Secure Sockets Extension (JSSE) and SSL. Other than that, though, the focus of this book is elsewhere.
One of the challenges in writing a book like this is that you touch on a lot of other issues,not just security but user interface design, performance, internationalization, and many other topics. Sometimes you can address part of these, and try not to do anything that's actively contrary to good practice; but you can't let yourself get too far off the main track.
The issue is especially troublesome in the examples. Sometimes programs are derided as toy examples, and indeed that's fair. However, if you actually took care of error handling, internationalization, user interface design, security, documentation, and a dozen other issues like I would in a real application, the material I'm trying to teach would get completely lost in a mountain of other concerns. This is something I've run across time and time again in all my books, not just this one. The skill lies in knowing where to make the cut, what to include in the examples and what to leave out. I also try to offer a range of examples. Most of the examples are quite small, but at the end of each chapter there's one or two larger examples that demonstrate a few more (though certainly not all) of the concerns that arise in more realistic programs.
Elliotte Rusty Harold<br />Author of <a href="http://cafe.elharo.com/web/refactoring-html/" target="_blank" rel="nofollow">Refactoring HTML</a>