hi I am new to security and would like to get only one book. How do you compare your book with other books like Java security,professional java security etc.and do you cover j2ee 1.4 stuff related to security ? Could you tell us a bit about the java security toolkit (jstk). thanks in advance. [ December 16, 2003: Message edited by: Mcgill smith ]
Hi Mcgill, Java Security (O'REILLY) is a good reference book on J2SE security topics (Permissions, Policy Files, JCA, JCE, JSSE and JAAS) and a good place to start. However, it is more like a manual describing all the API classes/interfaces in detail. Professional Java Security covers similar topics. Most of these topics are covered in my book as well, but the focus is on accomplishing certain tasks (example: setting up SSL communication between a client and server with mutual authentication) than being a comprehensive reference. The main focus is on security aspects of enterprise applications technologies: RMI, Servlets, EJBs and Web Services. Another noteworthy aspect is use of "best-of-breed" products for illustrating examples. You can find more about the book at the highlights page at its website. For more information on JSTK, please refer to my response in this thread.