Professional Java Security (Programmer to Programmer) - Softcover

Review

For any developer who needs to understand and use Java's considerable built-in support for encryption and security standards, Professional Java Security delivers a capable guide to both the theoretical and practical aspects of implementing security on the Java platform. With a concise presentation that moves well and covers a wide range of topics, this book fills an extremely valuable niche for any working Java programmer.

Classic titles on encryption and cryptography (such as Bruce Schneier's Applied Cryptography: Protocols, Algorithms, and Source Code in C) look at security from the ground up as if developers needed to write everything themselves. The good news is that with features like the Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE), Java security is standard equipment with today's Java 2 platform. This book does a great job at giving a quick overview of the way today's encryption algorithms (including symmetric and asymmetric encryption, hash functions, and digital certificates) work, along with the way to apply them in Java. The authors anchor the theory here with practical explanation and code for using such encryption algorithms as Blowfish and RSA, plus using digital signatures and certificates and tapping SSL for secure communications over the Internet.

While books on cryptography usually describe protocols with anonymous players (with names like Alice, Bob, and the like), the authors here use more imagination, retelling a scene from Shakespeare's Hamlet in which King Claudius sends a message via Rosenkrantz and Guildenstern to do away with Hamlet. No, you don't need to have read the play to understand, but this scenario and its permutations highlight in a more entertaining fashion than other titles the issues in secure communications and the ways things can go wrong.

More advanced material on securing JDBC database connections, and even on how to create custom encryption algorithms and plug them into the JCE, will let the more expert reader do more. (The authors demonstrate this latter process with sample code that implements the well-known RSA encryption algorithm.) For the busy working Java developer, coverage of the basics here will let you implement security in Java without having to reinvent the proverbial wheel. Smart, concise, and extremely useful, Professional Java Security is a truly valuable resource for creating secure Java applications with features that every working Java developer will want to know about and use. --Richard Dragan

Topics covered: Overview of enterprise security issues, defining a security policy, Java security features, support for security in Java code (accessibility, serialization, sealed JAR files, and privileged code), introduction to cryptography and encryption, introduction to symmetric and asymmetric encryption, authentication, the Java Cryptography Architecture (JCA), the Java Cryptography Extension (JCE), symmetric encryption with Java (including password-based encryption, ciphers, and sealed objects), asymmetric encryption in Java (including file encryption with RSA), message digests, digital signatures, digital certificates, signing JAR files (permissions and applets), additional security in Java with servlets and EJB, the Java Authentication and Authorization Service (JAAS), using SSL in Java applications, securing JDBC database connections, case study for a secure online banking application, building a custom JCE provider (using the RSA algorithm), additional security techniques (securing e-mail, timestamping, secure logging, using a nonce), and quick reference for using MySQL with JDBC.

From the Publisher

This book is aimed at intermediate to advanced Java programmers, familiar with the concepts underpinning distributed application development such as sockets, RMI, JDBC, and J2EE technologies, however no previous experience of security or cryptography is assumed. It concentrates on teaching approaches to security, developing an understanding on building cryptography into applications and, in so doing, illustrates how the key Java cryptography components can be employed.