Java 2 Network Security
by Pistoia, MarcoEdition: 2nd
Format: Paperback
Pub. Date: 1999-07-01
Publisher(s): Prentice Hall Ptr
Other versions by this Author
List Price: $49.99
Rent Book
Select for Price
New Book
We're Sorry
Sold Out
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Learn how to use Java reliably, securely, and safely! Unlike other books, which focus on how Java can be broken, this one focuses on delivering practical help with Java security to everyone involved in building and deploying industrial-strength Java-based applications. Now that Java is "leaving the sandbox," you need stronger security than ever, and Java 2 Network Security, Second Edition shows you how to get it. One of the first books to cover the new Java 2 network security model that has been written in full cooperation with Sun's own developers, it compares the pros and cons of every leading approach to Java security. You'll review specific techniques for deploying or limiting Java across corporate firewalls; discover how to integrate Java and SSL; master Java's powerful Cryptography APIs; and learn how to architect your applications to improve their inherent security. The accompanying CD-ROM contains all programs included in the book, plus shareware designed to help readers develop more secure Java programs and more thoroughly understand the new Java 2 security model.
Table of Contents
I. INTRODUCTION TO JAVA AND SECURITY.
1. An Overview of Java and Security.
2. Attack and Defense.
3. The New Java Security Model.
Java Is Not Just a Language. What Java Does. Java Is Not an Island: Java as a Part of Security. Understanding Java 2 Security. Summary.
2. Attack and Defense.
Components of Java. Java 2 and Cryptography. Attacking the World of Java. Summary.
3. The New Java Security Model.
The Need for Java Security. Evolution of the Java Security Model. Java 2 Protection Domain and Permissions Model. New Class Search Path. Java 2 Class Loading Mechanism. The Policy File. Security Manager vs Access Controller. Security Management with Java 2. Summary.
II. UNDER THE HOOD.
4. The Java Virtual Machine.
5. Class Files in Java 2.
6. The Class Loader and Class File Verifier.
7. The Java 2 Security Manager.
8. Security Configuration Files in the Java 2 SDK.
9. Java 2 SDK Security Tools.
10. Security APIs in Java.
11. The Java Plug-In.
12. Java Gets Out of Its Box.
The Java Virtual Machine, Close Up. Summary.
5. Class Files in Java 2.
The Traditional Development Life Cycle. The Java Development Life Cycle. The Java 2 Class File Format. The Constant Pool. Java Bytecode.
6. The Class Loader and Class File Verifier.
Class Loaders. The Class File Verifier. The Bytecode Verifier in Detail. An Incompleteness Theorem for Bytecode Verifiers. Summary.
7. The Java 2 Security Manager.
What Security Manager Does. Operation of the Security Manager. Attacking the Defenses of Java. Avoiding Security Hazards. Examples of Security Manager Extensions. Summary.
8. Security Configuration Files in the Java 2 SDK.
A Note on java.home and the JRE Installation Directory. Keystores. The Security Properties File, java.security. Security Policy Files. An Example of Security Settings in the Java 2 Platform. File Read Access to Files in the Code Base URL Directory. Security Properties and Policy File Protection. How to Implement a Policy Server.
9. Java 2 SDK Security Tools.
Key and Certificate Management Tool. Java Archive Tool. JAR Signing and Verification Tool. Policy File Creation and Management Tool.
10. Security APIs in Java.
The Package java.security. The Package java.security.spec. The Package java.security.cert. Package java.security.interfaces. The Package java.security.acl. Examples Using the Java 2 Security APIs. The Permission Classes. How to Write Privileged Code.
11. The Java Plug-In.
Main Features of Java Plug-In. What Does the Java Plug-In Do? Java Plug-In HTML Changes. Java Plug-In Control Panel. Java Plug-In Security Scenario.
12. Java Gets Out of Its Box.
JAR Files and Applet Signing. Signed Code Scenario in JDK 1.1 and Sun HotJava. Signed Code Scenario in Java 2 SDK, Standard Edition, V1.2. Signed Code Scenario in Netscape Communicator. Signed Code Scenario in Microsoft Internet Explorer. The JAR Bug—Fixed In Java 2 SDK, Standard Edition, V1.2.1. Future Developments.
III. BEYOND THE ISLAND OF JAVA SURFING INTO THE UNKNOWN.
13. Cryptography in Java.
14. Enterprise Java.
15. Java and Firewalls in and out of the Net.
16. Java and SSL.
17. Epilogue.
Appendix A: Getting Internal System Properties.
Appendix B: Signature Formats.
Appendix C: X.509 Certificates.
Appendix D: Sources of Information about Java Security.
Appendix E: What's on the Diskette?
Appendix F: Special Notices.
Appendix G: Related Publications.
How to Get ITSO Redbooks.
Glossary.
Index.
ITSO Redbook Evaluation.
Security Questions, Cryptographic Answers. The Java Cryptography Architecture Framework. JCA Terms and Definitions. Java Cryptography Extension. Java Cryptography in Practice. Asymmetric Encryption with the Java 2 SDK and JCE 1.2. How to Implement Your Own Provider.
14. Enterprise Java.
Browser Add-On Applets. Networked Architectures. Secure Clients and Network Computers. Server-Side Java. Servlets. Distributed Object Architectures—RMI. Enterprise JavaBeans.
15. Java and Firewalls in and out of the Net.
What Is a Firewall? What Does a Firewall Do? Detailed Example of TCP/IP Protocol. Proxy Servers and SOCKS Gateways. The Effect of Firewalls on Java. Java and Firewall Scenarios. Remote Method Invocation. Summary.
16. Java and SSL.
What Is SSL? Using SSL from an Applet. Java and SSL with Sun Microsystems. How to Use Java and SSL. Java and SSL with IBM SSLite. Conclusions. Summary.
17. Epilogue.
Future Directions of Java. Conclusion.
Appendix A: Getting Internal System Properties.
Program GetAllProperties. Program GetProperty.
Appendix B: Signature Formats.
Appendix C: X.509 Certificates.
X.509 Certificate Versions.
Appendix D: Sources of Information about Java Security.
Companies. Universities.
Appendix E: What's on the Diskette?
How to Access the Diskette. How to Get the Same Software Material from the Web.
Appendix F: Special Notices.
Appendix G: Related Publications.
International Technical Support Organization Publications. Redbooks on CD-ROMs. Other Publications.
How to Get ITSO Redbooks.
IBM Redbook Fax Order Form.
Glossary.
Index.
ITSO Redbook Evaluation.
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.