Professional Java Security

The authors then show how you can apply the concepts to secure certain parts of an application, like how you can secure just about any JDBC connection to prevent the information from being sent over the network unencrypted.

Later, the authors give an example application and show one way you might secure it, giving complete source code and configuration instructions. It's nice to see how the various pieces might fit together into a real system.

As a final bonus, the authors include a JCE provider that supports the RSA cipher and show how it works. Much more useful than the XOR ciphers some other books provide.

Overall, a great book for Java developers looking to learn something about security.

Rating:
Summary: Good practical book that tries to cover too much ground
Review: This is a very good book to get you started on issues such as encryption, public/private keys, message digests, certificates etc. The authors do know what they are talking about and I enjoyed going through it.

At the same time, I sometimes found repetitive text and code examples that are too elaborate. I find that most books these days try to cover too many topics and are unable to do justice to all of them. It almost seems like an obsession to achieve a certain number of pages or the buyer won't notice the book on the shelf. I'd probably blame the publishers and editors for that trend.

I would have preferred if the authors had added more depth than breadth to the book. For instance, I would have preferred if they had stuck to cryptography and skipped other aspects of java security. They possibly could have gone into further depth (behind the scenes) on the Java classes and their usage patterns. Also they could have dedicated a whole chapter or appendix to JCA and JCE, compared to the few pages they did.

But do not get me wrong, this is an excellent book which could have been made better by shortening some sections and elaborating some others.