<< 1 >>
Rating: 
Summary: Good for 1996
Review: I'm writing this review in April, 2002 when IE 6.0 became a standard browser and Netscape is RIP.
This book was written 6 years ago in the days of NN 2.0 and IE 3.0 .. Although it's more then
outdated by now it clearly explains what security risks exist for Java-enabled browsers
and answers my (and may be your) question "How the hell applets can break through Security Manager ?!"
It's main idea is to explain readers what harm applets can do, why is it possible at all
and what is done about the subject by the browser manufactures. Good work for 1996.Note that it's not "Java security book" in the terms you may think today - in 1996 Java
was only understood as a flashy applets popping-up in the Web.
Rating: 
Summary: Great Java security book
Review: If you use a web browser that is Java enabled (versions greater than Netscape Navigator 2.0 and Microsoft Internet Explorer 3.0) ,and are concerned about Java security, this book is required reading. At under 160 pages of text (not counting the appendices), Java Security provides a superb overview of security issues involved with using Java. The authors are security veterans. Felton heads up the Princeton University Safe Internet Programming Team and is famous for discovering quite a few holes in the Java security model. One might think that two security experts who know the depths and implications of Java security may come out with a reference with suggestions that are overly restrictive and perhaps paranoid. That is not the case here. The recommendations that the book suggests are rational and reasonable. Java Security provides commendable guidelines on how to use Java more safely and what the future holds for Java security features. The 6 chapters of the book provide an excellent and comprehensive analysis to all aspects of Java security. Chapter 2 provides a significant amount of detail about the Java Security Model, with in-depth coverage of the 3 prongs (as they call it) of the security model, namely: the Byte Code Verifier, the Applet Class Loader and the Security Manager. Chapter 3 follows with a discussion detailing serious holes in the security model. The authors consider a flaw to be serious when the breach has the potential to corrupt data, reveal private information, or infecting the workstation with a virus. They fittingly note that all of the flaws detailed in the chapter have been fixed by Netscape and Microsoft. The function of the chapter is to show what sort of things can go wrong. Chapter 3 concludes with a summary of 8 significant security problems that were discovered last year in implementations of Java. The book also goes into great detail on what developers and end-users can do to make Java much more secure. Their six guidelines for Safer Java use are: 1. Know what web sites you are visiting 2. Know your Java environment 3. Use up-to-date browsers with the latest security updates 4. Keep a lookout for security alerts 5. Apply drastic measures if your information is truly critical 6. Access your risks Fenton has his doctorate in computer science, nonetheless, the book is written in a very clear and coherent manner. Add this to your bookshelf.
Rating:
Summary: Great Java security book
Review: If you use a web browser that is Java enabled (versions greater than Netscape Navigator 2.0 and Microsoft Internet Explorer 3.0) ,and are concerned about Java security, this book is required reading. At under 160 pages of text (not counting the appendices), Java Security provides a superb overview of security issues involved with using Java. The authors are security veterans. Felton heads up the Princeton University Safe Internet Programming Team and is famous for discovering quite a few holes in the Java security model. One might think that two security experts who know the depths and implications of Java security may come out with a reference with suggestions that are overly restrictive and perhaps paranoid. That is not the case here. The recommendations that the book suggests are rational and reasonable. Java Security provides commendable guidelines on how to use Java more safely and what the future holds for Java security features. The 6 chapters of the book provide an excellent and comprehensive analysis to all aspects of Java security. Chapter 2 provides a significant amount of detail about the Java Security Model, with in-depth coverage of the 3 prongs (as they call it) of the security model, namely: the Byte Code Verifier, the Applet Class Loader and the Security Manager. Chapter 3 follows with a discussion detailing serious holes in the security model. The authors consider a flaw to be serious when the breach has the potential to corrupt data, reveal private information, or infecting the workstation with a virus. They fittingly note that all of the flaws detailed in the chapter have been fixed by Netscape and Microsoft. The function of the chapter is to show what sort of things can go wrong. Chapter 3 concludes with a summary of 8 significant security problems that were discovered last year in implementations of Java. The book also goes into great detail on what developers and end-users can do to make Java much more secure. Their six guidelines for Safer Java use are: 1.Know what web sites you are visiting 2.Know your Java environment 3.Use up-to-date browsers with the latest security updates 4.Keep a lookout for security alerts 5.Apply drastic measures if your information is truly critical 6.Access your risks Fenton has his doctorate in computer science, nonetheless, the book is written in a very clear and coherent manner. Add this to your bookshelf.
Rating:
Summary: An Excellent read for anyone interested in Java security
Review: This book is wonderfully written and full of goodinformation. It would be useful for anyone from novice users to managers to Java Programmers who are concerned about security. In fact, Istrongly recommend them buying a copy to read as this is one of the best technical books I've read in a long time. The only audience I wouldn't recommend it for are the people who are doing very advanced Java Security work such as writing their own Security Manager, but they may even learn something from it.
<< 1 >>
| 
