do you cover client side security handling in your book? Think of a security domain attached to your application server and your clients which need to access the application.
This stuff is more of technical nature and I'm curious to know whether you guys go that far.