<< 1 >>
Rating: 
Summary: Lousy at best
Review: 1 star because one can't give a rating lower than that. The authors do a good job of repeating trivial stuff over and over again. But when it comes to algorithmic or mathematical treatment of the subject, they seem to be at their wit's end. Consider this : According to authors, 2^56 + 2^56 = 2^112. Basic mathematics knowledge would have been suffiecient to calculate the above i.e 2^56 + 2^56 = 2*2^56 = 2^57.
I think now one can start judging the faith one can have in the authors and the book. The authors make it apparent in the first few chapters itself that one should not expect any sensible treatment of the topic. I would recommend this book to all those who have never experienced frustration in life and are looking for a first-hand experience.
Rating: 
Summary: Excellent!
Review: I picked up this book some time ago, when I needed a good book on how to manage certain
problems with a cryptographic application I was developing. I already had exposure to
the concepts of cryptography, and all I needed was a way to tie it in with Java. I had
read the Security FAQ at the Java website, but was needing more.This book was an excellent contrast to the Security packages FAQ. Cryptic comments were
explained in much more detail, and many examples are included. For those who don't have
much exposure to cryptography, there's a whole section on it. All in all, a great value!
Rating: 
Summary: Mediocre
Review: I was looking for a book to cover the JAAS API and kerberos with examples. Very little of the book addressed that. The book seems mostly to cover the theory, and in that light it rambles on and is confusing. If you're the type who buys lots of books, this one might serve to connect some dots. If you buy few books, I doubt this one will help.
Rating:
Summary: Too inaccurate to be useful
Review: I was looking forward to this book, because it had five stars. I got it and thumbed through it, and immediately started finding tons of errors, particularly in the cryptography sections. And, I'm not talking typos, I'm talking problems that show a serious lack of understanding about crypto on the part of the authors. For example, just in the symmetric crypto section, the discussion on ciphers is very poor and often wrong (and where's the discussion of CTR mode, which is now standard and held in high regard by cryptographers... and what about AES, especially considering this book came out in 2002). But the thing that took the cake for me is the discussion on stream ciphers on page 259. It is so absolutely wrong it's not funny. This is a very big deal, because this book essentially gives you a loaded weapon pointed right at yourself and invites you to pull the trigger, without telling you to turn the thing around. It would be very easy to build code with insecure crypto based on this book. However, if you aren't already an expert in the area, you probably will not realize that you've got good odds of shooting yourself. I can definitely understand why this book had previously gotten good ratings, despite being very poor. This book is really out of touch with what developers need in terms of secure programming. For example, it doesn't do a very good job of showing you how to add crypto to your apps in a SECURE manner (it doesn't talk about how to COMBINE a MAC and a block cipher in a secure way, which is awfully hard to do... in fact, the author doesn't really understand what a MAC is.). Instead, it focuses a bunch of energy on how to implement basic services that are already available in any decent crypto provider. Crypto is hard enough that exposing the low-level stuff without adequately putting it in the context of how to apply it securely is rediculously dangerous.
Rating:
Summary: Cut & Paste?
Review: This book has some of the same code from an earlier book title the "Java Security Handbook". Doesn't give me much comfort in the author's abilities.
Rating:
Summary: Java Security Solutions - Review
Review: This book not only provides the information necessary to understand and implement Java security, but does so in a very organized and readable manner. The use of comparisons to real world (non-IT) security should prove particularly useful to those fairly new to IT security issues. Similarly, the implementation examples are very helpful to those actually implementing Java security solutions. Very nicely done!
Rating:
Summary: More than a regurgitation of the documentation
Review: This is the third Java Security book that I have read. The first two left me wondering about why I would apply a technology. This book covers the all standards and api's for implementing security in a Java based environment, but it adds the element of why and when to apply a particular strategy. The Heltons have described many different types of attacks and what you can do to combat them by using the strategies outlined. I found that much more useful than a regurgitation of specs, standards, and api's. This book also has details, with code, of crytographic algorithms and key exchange algorithms, and describes the strengths and weaknesses of all of them. Really detailed. This book covers all the bases. It could be used as a reference manual, a text on Java Security, or a handbook for an IT Security Manager. I'm keeping right by my keyboard.
<< 1 >>
| 
