• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

This Weeks Giveaway

Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Architecture is definitely considered in our book. More software architecture than network architecture, although we do touch on issues like IPSec and Firewalls in the introduction.
Some of the issues to consider when designing your system are:
- balancing security and useability. There is not point in having an unbreakable security architecture if the users are going to circumvent it. For example, a really secure password isn't worth much if it is taped to the monitor.
- weighing the cost of data against the value of protecting it. Absolute security is impossible, so the time and money you spend to protect data should be relative to how sensitive it is.
- n-tiered application design. Where are the weak points, what has to be protected and from who? We talk about protecting the various tiers of the application and show an example banking app securing the database, the app-server and the web server.
There are many other issues to consider, depending on the app, but the book gives you a good place to start.

Originally posted by ruilin yang:
Some architecture design can solve some security problems. In order to get a good security implementation on a system, it is better to start from architecture design with combination of security consideration.
How much does your book cover/discuss the archetecture design in terms of a better security. I mean some security problems can be solved purely by a proper architecture design. Sometime we have to do a trade-off between architecture design, performance consideration, and security. I would like to get some comments from you - experts.
Thanks in advance.

Daniel Somerfield
Author of Professional Java Security
I AM MIGHTY! Especially when I hold this tiny ad:
a bit of art, as a gift, the permaculture playing cards
    Bookmark Topic Watch Topic
  • New Topic