John Hembree

hired gun
+ Follow
since Mar 07, 2003
John likes ...
MS IE Oracle Windows
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by John Hembree

Thanks for the reply.
15 years ago
I guess I was looking for a list of other security concerns outside of the application. Something that would say, "Now that you have a secure application you need to look at XXX to be really secure". Is the server behind a locked door? Is there limited logon access to the box to keep everybody from logging into. Is the hard drive shared with Everyone granted full control for those Windows environments, etc.

Is there any suggestions for securing the application beyond the application itself?
15 years ago

Originally posted by Ramesh Nagappan:
We do have plans to publish these patterns to support Microsoft .NET users !

/Ramesh



Do you have a time frame for when this version would come out? Would the patterns be the same just with a different code base and classes as necessary to accomplish the requirements of the pattern?
15 years ago
I've always felt that when it comes to security that there's thousands of people out there trying to crack my stuff against me trying to write something secure.

So to me using a pattern may help to leverage some more brain power on my side of the equation.
15 years ago
I'm not sure that you understood my question and quite possibly I didn't understand your answer.

I was looking for something along the lines of any information regarding the complete solution. Let's say I use this book and built the perfect application addressing every security issue within the realms of Java. The program was flawless, but then I installed the app on a server that I don't keep patched. It sits out in a DMZ or possibly inside my network without any firewall rules. The database server is sitting on the same box as the app. I don't know what else would be bad for me to do with my strong app but having compromised the other areas of my solution?

Do you have any generalized instructions of other steps I can take to secure my solution not just the application? Larger clients may have a security deartment that keeps all of things things in mind when deploying a solution. Is there anything that I can use within the book to guide me to other areas of security?
15 years ago
Does the book go into any detail concerning the need to secure other areas of the application.

I don't think I would really expect a lot since this is a pattern book but it might have some information regarding that the app is only as secure as the entire solution and point users in the right direction to secure the other areas.
15 years ago
Perfect, that's what I expected but thought you would know best.
15 years ago
I work for a client that uses a wide variety of technologies including Java, JSP, VS .Net (C#), ASP and VB6. While I'm sure the book is great for J2EE, how well might the pattern concepts transfer into the other languages?

As a Pattern book I would hope that the ideas would be transferable while J2ee was the medium for the examples in this instance.
[ January 11, 2006: Message edited by: John Hembree ]
15 years ago
Thanks for you response.
15 years ago
A friend of mine is interested in creating a Security portal website of sorts for various service oriented web sites that require user authentication. A single sign-on design but would pass through to the intended web site providing the end service. Would the book provide enough examples to point them in the right direction to implement a secure design. They have talked about the multi-factor authentication process (Password + Smartcard + Biometrics) that you had mentioned in another post. Is that type of technology covered in your book?

I'm not looking for a solution but something to point them in the right direction to create a secure application.
15 years ago
Does the book reference any interaction with Active Directory including code examples or are you required to use LDAP alone to interact with AD?
17 years ago
One of the reviews on Amazon talked about your "java security toolkit" included in the book, what types of things can it do?
17 years ago
Sounds like that's the book for me, I'm completely new to this side of Java.

Originally posted by Rashmi Tambe:
Siva, u r really lucky to get ... photo on the book !!!


I don't know if this would be so lucky or not... Did any of you see the some of the pictures in the first book. You might be surprised to see how your picture is used. This isn't a Wrox book (nor would any other book to be published any time soon).
Welcome aboard, we'll take the help anytime.
18 years ago