Rails for Java Developers

Book Description

Many Java developers are now looking at Ruby, and the Ruby on Rails web framework. If you are one of them, this book is your guide. Written by experienced developers who love both Java and Ruby, this book will show you, via detailed comparisons and commentary, how to translate your hard-earned Java knowledge and skills into the world of Ruby and Rails.

If you are a Java programmer, you shouldn't have to start at the very beginning! You already have deep experience with the design issues that inspired Rails, and can use this background to quickly learn Ruby and Rails. But Ruby looks a lot different from Java, and some of those differences support powerful abstractions that Java lacks. We'll be your guides to this new, but not strange, territory.

In each chapter, we build a series of parallel examples to demonstrate some facet of web development. Because the Rails examples sit next to Java examples, you can start this book in the middle, or anywhere else you want. You can use the Java version of the code, plus the analysis, to quickly grok what the Rails version is doing. We have carefully cross-referenced and indexed the book to facilitate jumping around as you need to.

Thanks to your background in Java, this one short book can cover a half-dozen books' worth of ideas:

Programming Ruby

Building MVC (Model/View/Controller) Applications

Unit and Functional Testing

Security

Project Automation

Configuration

Web Services

Customer Reviews:

Very Nice but not for everyone.......2007-07-07

I had started this book awhile ago, but then got distracted with various things and left it. I recently started reading it again and just finished it.
I have been puzzled by the relatively lower ranking of this book in the Amazon sales rankings compared to other Ruby/Ruby on Rails books. What is even more puzzling is the fact that amlost everyone who has bothered to write a review has given it full five starts including myself. Here is my guess on why is it so (I may be wrong):
This book assumes certain experience, skill set, knowledge, and sophistication on the reader's part. This means that the person should have a good deal of Java and more importantly J2EE knowledge and real-world experience both as a developer and architect. Unless one has suffered through the baggage that goes with "Enterprise Java", it is very hard to understand and appreciate what the authors are trying to say. Merely having played with J2EE/Java is not sufficient to enjoy this book and get something out of it. You have to lived through at least one complete life-cycle of a typical J2EE project to appreciate the fine points that the authors are making in this book.
One thing is clear to me: even though they try very hard to maintain a neutral posture throughout the book, given a choice, they would rather code Ruby and RoR than Java and J2EE (who wouldn't?).
If you have the necessary experience, knowledge, and skills; then the book becomes very useful. I have particularly enjoyed the later chapters of the book dealing with Testing, Rake, Web Services, and Security.
I hope that they continue to "push" the boundaries of Ruby on Rails knowledge and share it with the rest of us in their excellent writing style.

Gentle Introduction to Ruby on Rails for the Experienced Java Developer.......2007-05-20

In "Rails for Java Developers", Stuart Halloway and Justin Gehtland provide an introduction to Ruby and the Rails web application framework aimed at the Java developer more familiar with frameworks such as Struts and Hibernate. There's a lot of buzz in the Java community surrounding Ruby and Ruby on Rails so this title is quite timely.

Halloway and Gehtland provide a tutorial to learning Ruby and Rails by examining similarities with Java. The tutorial progresses by providing examples in both Ruby and Java using popular Java frameworks. The introduction of Ruby and Rails concepts by juxtaposing them with similar concepts implemented in Java is comforting for the developer who may feel a little intimidated by the differences between the languages. Working through the book, the Java developer will learn the basics about creating and deploying Ruby on Rails applications, picking up an exciting new language along the way.

The first three chapters introduce the Ruby programming language. This is the best Java-centric Ruby introduction that I've seen and it's something I wish I had available to me when I was first learning the language. The rest of the material covers the basics of Rails applications as well as web services and security issues. I found the chapters on testing and automating the development process to be particularly good.

The approach this book takes may not be suitable for everyone. After a certain point, I found that the constant juxtaposition of the Java way of accomplishing a task with the Ruby on Rails way of accomplishing a task wore a bit thin. I found myself just trying to skip past the Java bits to get on with the Ruby. Still, I found the book to be quite good overall. If you are an experienced Java developer seeking a gentle introduction to Ruby on Rails, you can't do better than "Rails for Java Developers".

If you know Java and are curious about Rails, buy this book........2007-04-12

Simply put, I wish that I had been able to read Stu Halloway and Justin Gehtland's Rails For Java Developers before I began on my own journey of learning Ruby and Rails after a professional life of Java development. If you are looking for a book that cuts through the hype to a commendably unbiased comparison of the web development environment in these two great languages, look no further.

With "Rails is not for everything" on the first page of the preface, the book identifies its audience as informed Java developers who haven't necessarily made up their minds about Ruby and Rails. To paraphrase the authors, however, Java programmers have lived through a lot of the struggles that Rails attempts to address. Through showing how and explaining why this is the case, this book serves as an excellent guide for those of us willing to investigate a new technology for web development.

When you buy a new car, the first step is the test drive. In the same way, Chapter 1 is like a test-drive of a "car" unlike any you've ever been in as a Java developer. The tour is as brief as possible while still exposing the reader to all of the ideas that the rest of the book fleshes out. In fact, for those who found any particular topic instantly appealing, the book provides an instant reference for where to turn next.

After any test drive invigorating enough to get you to purchase the vehicle, the dealer will often sit you in the drivers seat and point out where everything is in the unfamiliar cockpit. Chapter 2 is much the same, showing how familiar concepts in the Java language are expressed in the Ruby language. The chapter contains ten sections on topics ranging from the basics of primitive types and arrays to control flow and exception handling. This sets the stage for Chapter 3 where the authors explore those aspects of Ruby that either have no clear analogue in Java or are essentially unrecognizable.

In Chapter 4, the authors crack the hood and show you just how different Hibernate and ActiveRecord are from a developer's perspective. There are a lot of differences, and I feel this chapter will be the first that begins to give the reader an idea about whether they'll enjoy the Rails framework as a whole. The "Rails Way" begins to become visible and stands in stark contract to the choices that Hibernate makes in its own implementation. The authors' aim is to compare these two frameworks without bias, and they succeed.

A comparison of Struts and ActionController is the focus of Chapter 5. Struts' status as the lowest-common-denominator of the Java frameworks that specialize in communication with web forms led to its inclusion in this chapter. Again the authors walk through a simple example, illustrating the differences in approach. Many of Rails' optimizations towards developer simplicity come at a cost of application performance. An investigation at the end of this chapter provides an estimation of the ultimate cost of those tradeoffs.

Chapter 6 focuses on rendering HTML, where the Java developer space is somewhat more fragmented. As a result, a lot of the Java material focuses on general concepts, while the Rails material is focused on some of the most advantageous elements of the Rails stack-- specifically AJAX and RJS. I do find it to be a bit strange that the authors took the time to discuss Markaby, which, to my knowledge, is not very widely used at all.

Testing is the focus of Chapter 7. Although treatment of rcov and the "dummy objects" make this a useful section even for intermediate Rubyists, I'm a bit surprised that the authors did not focus more specifically on Rails testing. One of the central tensions in the book (and between outspoken practitioners of both languages) is the attitudes that the respective communities have towards choice. Perhaps more than in any other area, the submission to "opinionated software" reaps considerable rewards when testing Rails code.

Chapter 8 deals with the development process itself, focusing on build tools like Rake and Ant, and continuous integration tools like Cerebus and CruiseControl. The authors do not spend as much time on the inner workings of those libraries as they do on the Rails libraries. That's understandable, because uses of a build tool are myriad; this book is meant to be an introduction. If build tools and deployment are areas of interest for you, you'll likely need other resources to become more familiar with the breadth of offerings on both the Java and Ruby sides. My experience tells me that Rake is more expressive than Ant, but there's certainly a learning curve for both.

Chapter 9 concerns Web Services and XML. There are many ideas discussed in this short chapter, because this topic is getting attention in different ways among leading Ruby and Java programmers. There is a lot of enthusiasm for REST on the part of many Rails developers, and so the authors provide a brief overview of what REST is, and how Rails supports it. Java developers have to parse XML in many different contexts, and there's a lot of work that has gone into developing a useful and highly efficient stack for processing XML data. As a result, comparisons and contrasts dominate the chapter.

Chapter 10 deals with security and doesn't include too much treatment on the Java side. It seems to be a defense of Rails against some common attacks. While I do feel that's useful information, especially for any reader in a discussion with his manager, it seems that Ruby security libraries are not yet as mainstream as those of Java, such as Acegi.

If you've read this far, you should definitely buy the book.

Excellent overview of Rails ~and~ Java technologies.......2007-03-26

This is more than a typical "We love Rails!" book. Instead Justin and Stuart put their years of experience to good use and point out where Java and Ruby paradigms overlap, and how to decide which technology you should use for a particular problem. In addition to being a great introduction to the Rails arena, it's also a very good "compare and contrast" text.

If you're a Java programmer who wants to get a great overview of the Rails space, of a Java programmer who wants to get a handle on many of the Java front-end technologies, this book would be a great purchase.

Attention Java Developers - A Must Read Book!.......2007-02-24

Stu and Justin hit a sweet spot with this rails book. Unlike other Ruby and Rails books, this one specifically focuses on learning Rails, Ruby, Rake, and ActiveRecord from a Java Developer's standpoint. In my opinion there is no better way to learn Rails than the methods and techniques used in this book. Stu and Justin use practical techniques and examples thoughout the book that you can easily use to code along side the book while reading it.

The other thing I like about this book is that they cover the complete picture, not just Rails. There are chapters devoted to Ruby, ActiveRecord, Rake, security and testing - all from a Java Developer's point of view. Through this book Stu and Justin correctly point out that it doesn't have to be an either-or situation. This is not a "one-size-fits-all" world. They are right - and that is the main reason you should read this book. Read this book to expand your knowledge, grow in your career, and learn not only how to code in Rails but how to be a better Java Developer as a result.

J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)

Average customer rating:

Good book, with reservations
Comprehensive Java Security Book
Not a Hacking Exposed book at all
Security for advanced Java developers
Real Help for J2EE Programmers

J2EE & Java: Developing Secure Web Applications with Java Technology (Hacking Exposed)
Art Taylor , Brian Buege , and Randy Layman
Manufacturer: McGraw-Hill/OsborneMedia
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Hacking | Business & Culture | Computers & Internet | Subjects | Books

Security | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0072225653

Book Description

Written in the same exciting and informative style as the international blockbuster Hacking Exposed, this book provides comprehensive coverage of the tools and techniques for testing and correcting J2EE and Java security issues. Includes examples of J2EE attacks and countermeasures, risk ratings throughout the chapters and case studies.

Customer Reviews:

Good book, with reservations.......2004-03-16

This book has some nice examples and is fairly complete, but some sections are basically a regurgitation of the java.sun web site!
In many technical books, it is common to find multiple authors, each writing a section based upon his/her expertise. Since each author has a specific writing style and personality, there is usually a person (or persons) charged with proofing and approving the sections as well as working to make the transitions seamless and consistent. This book was written by three different authors and it would appear to me that at least one of the authors turned in work that is remarkably similar to existing sources!

Here is a sample of the JCE section in HackingExposed:
"The Java Cryptography Extension (JCE) package provides a framework for encryption and decryption, key generation, key agreement, and MAC. Encryption allows symmetric, asymmetric, block, and stream ciphers, with additional support for secure streams and sealed objects."
Now here is the verbage from the java.sun.com website:
"The JavaTM Cryptography Extension (JCE) provides a framework and implementations for encryption, key generation and key agreement, and Message Authentication Code (MAC) algorithms. Support for encryption includes symmetric, asymmetric, block, and stream ciphers. The software also supports secure streams and sealed objects."

To be fair, it appears that the problems are confined to the first section of the book. The final 2/3 of the book are closer to what I expect from the Hacking Exposed series.

Comprehensive Java Security Book.......2003-11-11

This is a very good book on java security that starts pretty much from the ground up so you have to know much about security to read it. The first part of the book starts out with
some of the java security basics (classloading, protection domains, etc.) and then goes through the JAAS, JCE, and JSSE modules.

The second part of the book goes through how to use security in stand alone java applications and what pitfalls you need to watch out for. The book also details where security is lacking or not mature and what the alternative are.

The third section of the book goes through security in the J2EE environment and where the J2EE containers can help out the developers by doing most of the work for them.

Overall this book provides a very good overview of security in all the java environments while not requiring previous security knowledge. I highly recommend it.

Not a Hacking Exposed book at all.......2003-02-06

If this book had been titled differently, I would have had no
reason for complaint: it gives a good introduction to Java
Security, and how to deploy it in various forms.

But it *is* titled 'Hacking Exposed'. That is now taken
to be an indication of a particular approach to security,
... The blurb acknowledges it: 'The proven Hacking Exposed
methodology' is the first thing mentioned under 'What You Learn'.

And I bought this title without second thought -- I have
nothing but praise for the previous books, and expected
to find the same approach and the same quality here.

In this book you find a lot of information on prevention, but
very little on actual vulnerabilities. As a result the
message is far less urgent. If I can demonstrate a 'hack'
the message gets across very quickly: we have to do something
about it now. But if all I can do is point to a text that
says 'attackers can potentially attach a debugger to our
application and watch the code as it runs', urgency is gone.

There's another point there as well: 'our application'.
Those words probably sum up the difference from, say, 'Hacking
Exposed Web Applications'. This book is not from the point of
view of the hacker that the previous books used so well to get
their message across. This is 'we', protecting our assets from
a considerably more nebulous hacker than has appeared earlier.

The difference is the same as between an actual security
incident on one hand, and the report of a threat analysis on
the other.

In short, this is not a Hacking Exposed book. It's a Java
Security Exposed book. As such it probably merits four stars.

But ... as it is marketed as a Hacking Exposed book, and,
in my opinion, doesn't live up to the expectations that goes
with that trademark, I'm afraid I can't give any rating at all.
(1 star seems to be the lowest possible, so that is what I give it.)

I'll be very careful about purchasing the next red book
with "Hacking Exposed" all over the front cover. I just
might find that I have bought 'Hacking Exposed - ISO 17799'.

Security for advanced Java developers.......2002-11-12

The book uses an example Java application which is intially very unsecure, and throughout the book the vulnerabilities of the example are discussed and countermeasures are written. Then the application is webenabled, creating new vulnerabilities which are fixed again, and so on. This way the complex material is covered in an easy accessible yet comprehensive way, without becoming lengthy. This book is a must have for any serious Java web developer interested in application security. Not recommended for beginners, though.

Real Help for J2EE Programmers.......2002-10-23

This is one of the best books I've read on J2EE security. The recommendations in this book improved my exisiting production applications and development designs.

Average customer rating:

Concise, no-nonsense, but framework hinders learning
For programmers: messaging basics
Very Good on Messaging Concepts and Implementation

Java Messaging (Programming Series)
Eric Bruno
Manufacturer: Charles River Media
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Intranets & Extranets | Networking | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Web Services | Web Development | Computers & Internet | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 1584504188

Book Description

LEARN TO USE JAVA MESSAGING SOFTWARE IN YOUR DISTRIBUTED APPLICATIONS! As software becomes more complex, and the Web is leveraged further, the need for messaging software continues to grow. Virtually all software written today requires at least one form of internal, and even external, communication. Java Messaging explores the various methods of intra-process and inter-process messaging for Java software, such as JavaBean events, JMS, JAX-RPC, JAXM, SOAP, and Web Services. Programmers will learn the basics of these APIs, as well as how, when, and why to use each one, including how to use them in combination, such as combining SOAP with JMS over a WAN. The book begins by walking the reader through simple intra-process communication using JavaBean events. A set of classes is constructed that extend JavaBean events beyond one JVM, transparently using JMS. The messaging paradigms of JMS are explained thoroughly, including in-depth discussions on the theory and mechanics of message queues. Design patterns and helper classes are also explored, which ultimately combine to form a generic messaging framework that helps programmers avoid common pitfalls. This framework, explained throughout the book, provides for the seamless integration of JMS with SOAP Web Services that is required to build distributed applications. Starting from the first chapter, a comprehensive sample application (an online stock trading system) is built using the framework and messaging paradigms discussed in the book. By the end of the book, programmers will not only understand the various messaging paradigms, but they will also understand how to architect complex distributed applications that use them together - with a framework that provides a running start.

Customer Reviews:

Concise, no-nonsense, but framework hinders learning.......2006-08-21

Excellent introduction to messaging, including healthy portions on JMS and web services.

The writing style is clear, consistent, and to the point. Probably what I liked most was this no-nonsense writing style. If it's on a page, it's important to understand. The author doesn't waste your time with irrelevant discussions or out of scope topics.

Editing and code presentation are top notch, making it easy to follow, and build upon from one example to the next. The author also shares some gotchas and considerations that I wouldn't have expected to see in an introductory discussion which were particularly valuable.

Another great feature is one of the drawbacks of the book. The framework presented in the book is elegant, but in many of the examples, there is too much cognitive overhead involved in grokking the level of abstraction in the framework, and this takes away from actually learning the concepts. I would have liked to see more non-framework code for the introduction, which is then tied together with the framework.

For programmers: messaging basics.......2006-03-17

Eric Bruno's JAVA MESSAGING explores different ways of messaging using Java software, from JavaBean events and JMS to SOAP. Web programmers receive all the basics to using these features, tips on how and why to use each feature and when to choose something else, how to combine features, and more. The basics of Java communication processes are revealed in chapters which form 'classes' to link related information in a logical progression. An excellent, basic foundation for Java users.

Very Good on Messaging Concepts and Implementation.......2006-01-07

As we look at how much we use the web, it is sometimes hard to remember just how new this concept of worldwide packet switching really is. Java was started as a new language before a lot of the new concepts like XML and SOAP were conceived. But as a new language it has been able to move into using these new concepts faster than nearly any other language.

What I especially liked about this book was the first chapter. So often computer books start with programming. This one starts with a description of what we're trying to do here. He gives several examples of the types of communications that he is going to cover in the book. I had a particular application in mind when I got the book, but in reading the first chapter I began to see several other ways that messaging would help our system.

After the first chapter, I've go to say that it's a pretty regular computer software book. It tells you how to do the things that you want to do. It is quite clear on all the different software protocols, packages, and philosophies. Basically it is all that a Java programmer needs to implement messaging in Java.

The CD included with the book gives you all the sample code from the book, as well as the complete messaging toolkit and several open source tools.

Average customer rating:

Good on intro...needs an update to JDK 1.4 and above.
This book needs a revision.
Excellent JAVA book covering all security issues
Good Structure
Good Overview of Java Security

Java Security (2nd Edition)
Scott Oaks
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Java | Programming | O'Reilly | By Publisher | Books

General | Programming | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0596001576

Amazon.com

Scott Oakes' Java Security is extraordinary both for its technical depth and its readability. It provides the Java programmer with a complete overview of the Java security architecture and security classes, plus a wealth of detailed information and code examples for specific implementations. The book opens with a clear discussion of what Java security is, how the various Java sandbox models work, and how Java applications and applets execute within the security model. The following chapters look in depth at the elements of the Java security architecture: language rules, class loaders, the security manager, the access controller, and permission objects. All these chapters provide detailed information on implementation, as well as an excellent explanation of the role of each feature within the entire security picture. The second half of the book covers cryptographic features in the Java security package (much enhanced in Java 1.2) and how Java programs work with code that performs authentication and encryption. Here, you'll find detailed chapters on message digests, keys and certificates, key management, digital signatures, and the Java Cryptography Extensions. Anyone who needs to understand Java security, but especially those who will implement security features in Java applications, will want to own this book.

Book Description

One of Java's most striking claims is that it provides a secure programming environment. Yet despite endless discussion, few people understand precisely what Java's claims mean and how it backs up those claims. If you're a developer, network administrator or anyone else who must understand or work with Java's security mechanisms, Java Security is the in-depth exploration you need. Java Security, 2nd Edition, focuses on the basic platform features of Java that provide security--the class loader, the bytecode verifier, and the security manager--and recent additions to Java that enhance this security model: digital signatures, security providers, and the access controller. The book covers the security model of Java 2, Version 1.3, which is significantly different from that of Java 1.1. It has extensive coverage of the two new important security APIs: JAAS (Java Authentication and Authorization Service) and JSSE (Java Secure Sockets Extension). Java Security, 2nd Edition, will give you a clear understanding of the architecture of Java's security model and how to use that model in both programming and administration. The book is intended primarily for programmers who want to write secure Java applications. However, it is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to assess whether or not Java meets their security needs.

Customer Reviews:

Good on intro...needs an update to JDK 1.4 and above........2007-07-29

The content of this book is dated now and this book needs a revision. The book does not cover Java security from JDK 1.4 and above. I suggest to use Core Security Patterns by Steel, Nagappan, Lay, which covers Java and J2EE security todate.

This book needs a revision........2006-04-27

JDK 1.5 has many updates to platform security as well as APIs. I bought this book recently and it does not have updates after jdk 1.4.

Excellent JAVA book covering all security issues.......2005-08-27

A good introduction and explanation of the Java language security (sandbox, security manager, access controller and class loaders). The same for criptography, it is clearer than Java criptography. It includes great chapters for SSL and JAAS. God job Scott (Oaks). I really recommend this book both for introduction and guide.

Good Structure.......2004-11-26

One thing for sure that this book is well structured, chapters are properly segregated and closely linked to each other. It makes introduction to java security seems easy.

I used to find java security a bit complicated, got pieces of information from articles that I read, but I ended up having more questions.

Some of the APIs shown in the examples are deprecated for JDK 1.4, but you can easily replace them with the new classes.

Good Overview of Java Security.......2002-09-25

The term "security" means many different things. This book deals with the built-in security features of Java, which most programmers access through the Security Manager and Access Controller. Overall, I liked this book and found it a really good introduction to secutiry. However, for the price of this book, I expected a lot more infomation. For example, I would have liked it if the author explored the cryptographic package in depth and gave more real world examples of using ciphers and encryption. ALthough this is not technically what the book is about, most people think of cryptogrophy in terms of security.

Developer's Guide to Web Application Security

Average customer rating:

Good read for the security conscious
Great Overview of a complex subject!

Developer's Guide to Web Application Security
Matt Fisher
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Cross-platform Development | Programming | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books
Similar Items:

ASIN: 159749061X

Book Description

Over 75% of network attacks are targeted at the web application layer. This book provides explicit hacks, tutorials, penetration tests, and step-by-step demonstrations for security professionals and Web application developers to defend their most vulnerable applications.

This book defines Web application security, why it should be addressed earlier in the lifecycle in development and quality assurance, and how it differs from other types of Internet security. Additionally, the book examines the procedures and technologies that are essential to developing, penetration testing and releasing a secure Web application. Through a review of recent Web application breaches, the book will expose the prolific methods hackers use to execute Web attacks using common vulnerabilities such as SQL Injection, Cross-Site Scripting and Buffer Overflows in the application layer. By taking an in-depth look at the techniques hackers use to exploit Web applications, readers will be better equipped to protect confidential.

* The Yankee Group estimates the market for Web application-security products and services will grow to $1.74 billion by 2007 from $140 million in 2002

* Author Matt Fisher is a highly sought after speaker who regularly delivers Web Application presentations at leading conferences including: Black Hat, TechnoSecurity, CanSec West, Shmoo Con, Information Security, RSA Conferences, and more

* The Companion Web site will have downloadable code and scripts presented in the book

Customer Reviews:

Good read for the security conscious.......2007-03-17

When I came across this book on the O'Reilly website I was immediately interested, as web applications are becoming more and more prevalent. And other than thinking it covered methods of securing web applications I had no preconceived assumptions. My main aspiration for this book was to give me better awareness of security in the area of web applications and to provide me with some tools. After having read this book I can say that it has done both.

Each of the chapters in this book seem to follow a pattern of first defining the topic, second giving real world examples, and finally providing the reader with solutions. The book begins by providing a history of the hacking methodology and defining the various types of hacking. It was interesting to learn about some of the various hacks and hackers. For example, I had no idea Steve Jobs (Apple Computers) used to be a hacker.

In chapter two the author discusses what he calls a "Code Grinder", and how to not become or produce a code grinder. A code grinder is someone who works in a highly regulated environment where creativity is discouraged. I found it interesting that a code grinder environment typically produces more unsecure code then an environment that is open and promotes creativity.

Chapter three discusses the risks associated with mobile code. Chapter four covers vulnerable CGI scripts and introduces the reader to some tools such as Nikto and Web Hack Control Center to scan your website to find vulnerabilities. The author goes on to discuss the issues faced by the various CGI scripting languages, and then provides an outline of rules to writing secure CGI scripts.

Chapter five covers hacking techniques and tools. This section gets you into the mind of a hacker, what are their goals, how are those goals achieved and what tools do they use. In chapter six the topic is "Code Auditing and Reverse Engineering." This chapter I found exceptionally interesting and helpful. The author takes you through various types of vulnerabilities and with each weakness explains how it affects each of the more popular programming/scripting languages. And to take it a step further the author also provides the reader with the functions/methods for each programming/scripting language that are vulnerable to attack and then explains either how to use those functions securely or gives an alternative function/method that is more secure.

Chapters seven through ten cover securing code in specific languages; Java, XML, ActiveX, and ColdFusion. Chapter eleven discusses developing security enabled applications using such technologies as PGP, SSL, and PKI. Finally in chapter twelve the author wraps up the book by taking the reader through creating and working with a security plan.

CONCLUSION
--
I found this book to be interesting and a good read. I plan to make use of some of the tools it introduced in hardening applications I work with and develop. And as I mentioned before, the chapter on code auditing will be extremely useful to me in cleaning up existing apps and developing new ones. I liked this book and I would recommend it to anyone who is writing code.

Great Overview of a complex subject!.......2007-02-20

With the increasing number of incidents of crime that is occurring on the world wide web it behooves every programmer to become fluent in all aspects of information security. This book provides a great overview of the various methods a hacker uses to penetrate various forms of web architectures. The author's goals it seems was to cover a broad subject by touching on all important aspects of securing a website.

Throughout the book a hacker mindset is presented and how to design your website to overcome the tools and tricks of the hacker. For instance in many of the chapters the manner of attack that a hacker would use to exploit a piece of technology is covered. Overall I believe this book to be a good introduction to the field of securing websites. Since security in of itself is such a broad subject and the Internet is also a broad subject it is unfair to expect one book to cover all aspects of a complex and dynamic environment

Average customer rating:

Excellent coverage
Out of date and filled with fluff
Disappointing
Where's the e-commerce, where's the professionality?
Ecellent overview of a wide range of topics

Professional Java E-Commerce
Subrahmanyam Allamaraju , Ronald Ashri , Chad Darby , Robert Flenner , Alex Linde , Tracie Karsjens , Mark Kerzner , Alex Krotov , Jim MacIntosh , James McGovern , Thor Mirchandani , Bryan Plaster , Don Reamey , and P.G. Sarang
Manufacturer: Peer Information
ProductGroup: Book
Binding: Mass Market Paperback

General | Business & Investing | Subjects | Books

E-commerce | Web Development | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

E-Commerce | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books
Similar Items:

Java Developer's Guide to E-Commerce with XML and JSP

ASIN: 1861004818

Amazon.com

Ideal for IT managers and developers working on e-commerce projects, Professional Java E-Commerce shows off how to design and program working e-stores and other enterprise Web applications powered by Java. This book is a guide to the nuts and bolts of Java used for e-commerce sites, and it also surveys the management and design issues that any organization will face when doing business online.

The first sections give an IT manager's perspective on integrating e-commerce initiatives into your organization, whether they're B2B, B2C, or m-commerce initiatives. The coverage achieves considerable depth. As well as terms you've already heard about, the team authors also look at B2B2C and C2B2C scenarios. They cover project planning for successful e-commerce software development and today's n-tiered architectures for scalability, and provide a quite thorough discussion of the security issues surrounding e-commerce.

The book then delves into actual sample source code for a variety of e-commerce applications, beginning with a traditional online store (for selling computers) with a product catalog and a shopping basket. Written with simple JSP, this site gets enhanced later using state-of-the-art Enterprise JavaBeans (EJB) for better scalability and performance. Hands-on advice for using tools like BEA WebLogic Application Server (something of an industry standard) will help you apply your knowledge to real projects. Further examples look at real-world instances of corporate e-commerce in action, including working code for a portal Web site, a supply chain application (using XML), and a workflow Web application. The book closes with newer technologies like m-commerce (in which business is conducted through wireless devices) and smart cards.

The working source code and real-world perspective help distinguish this text in its presentation of some emerging Java enterprise-level technologies. For many working Java developers or managers, Professional Java E-Commerce can help shift the odds in your favor for that next big e-commerce project with its mix of canny advice and very practical sample source code that shows the right ways to use Java to write several high-end enterprise e-commerce solutions. --Richard Dragan

Topics covered:

E-commerce business strategy and planning
Types and business impact of e-commerce (including B2C, B2B, B2B2C, C2C, C2B2C, and m-commerce)
Business requirements for e-commerce applications (including technological and business considerations)
E-commerce project planning (software project management and process)
Guide to architecting e-commerce applications (technical requirements and architecture)
Overview of the Java 2 Enterprise Edition (J2EE) and its support for e-commerce
Design approaches and components for e-commerce
Introduction to XML and XSLT
Security issues for online business (including Java security, authentication, and authorization)
Sample B2C online computer store
Usability issues (searching, feedback, and membership and internationalization)
Data validation techniques for user input (client-side and server-side options)
Adding Enterprise JavaBeans to the e-commerce site
Using BEA WebLogic
Case study for a custom portal
Case study for a B2B solution using XML/XSLT to share data between systems in the supply chain
Mass integration with the Java Message Service (JMS)
Introduction to application service providers (ASPs)
Case studies for a workflow application and a corporate purchasing Web site
Introduction to m-commerce
WAP and WML
Smart cards
XML and XSLT primer

Book Description

The term e-commerce encompasses a spectrum of trading interactions from the business-to-consumer (B2C) transactions that facilitate Web-based retail trade, to business-to-business (B2B) data exchange that increases supply chain efficiency. This book shows how the Java platform and Java technologies can be, and have been, employed to develop solutions that address these scenarios.

To allow readers to gain a full appreciation of the diversity of topics involved in building e-commerce solutions, the book consists of five main sections. We begin by looking at the general area of e-business and the commercial considerations surrounding such application development. We then look at the Java 2 Platform Enterprise Edition (J2EE), XML, and XSLT. Building on this, we discuss the development of B2C sites for online selling and the design of effective portal sites. Our fourth section is devoted to the expanding area of B2B commerce where XML and XSLT are proving invaluable. Finally, we highlight new developments in the area of m-commerce and see how Java technologies can be used to facilitate trading anywhere. A particular feature of the book is the inclusion of case studies that provide hard won information on the challenges of building effective B2C and B2B applications in the real world.

Customer Reviews:

Excellent coverage.......2002-12-09

This is the only book that covers such a wide range of issues relating to the application of Java to e-commerce. Although there are subjects that experienced users would certainly prefered to see treated in more depth this is an invaluable resource to those that need to get the big picture to a level that is practical and useful for understanding application and designing solutions. Well done.

Out of date and filled with fluff.......2002-10-27

Of all the technical books I've read this one qualifies as the worst. It's out of date, but even when it was new it would justify my opinion.

It attempts to cover too wide an area of subjects, and manages to either state the obvious (as in the first chapters that make a sophmoric attempt to define e-commenrce), to display questionable knowledge on the part of contributing authors, as in the section that lamely attempts to discuss architecture. The section on architecture should have been written by someone who could write and who understood architecture. Unfortunately I got the impression that the authors had neither qualifications.

The case studies were interesting, but were not sufficiently insightful to warrant buying this book that those alone.

There are positives to this book though. It weighs nearly 6 pounds, making it suitable as a doorstop. Having photos of all of the authors who contributed on the front cover is helpful if you conduct interviews since it helps in the screen process in case one of them shows up for an interview or tries to come in as a consultant.

My advice is to avoid this book. There are much better ones that cover the subjects in it.

Disappointing.......2002-10-25

There are a few good sections in this book (mainly the chapters that deal with WebLogic and the appendices of primers and reference material that comprise Section 6). However, considering that this book weighs in at over 1000 pages, its mainly fluff or glib (but not helpful), with too much material that states the obvious.

Much of the fluff is found in Section 1 (The E-Commerce Landscape), and Section 2 (Architecting Java-Based E-Commerce Systems) was, in my opinion, a glossed over, high-level overview that was used as filler.

Sections 3 (B2C E-Commerce Solutions) and 4 (B2B E-Commerce Solutions) have a few interesting chapters in each. My main complaint here is that Section 3 is a mix of solutions and techniques, while Section 4 is purely solution-focused. Section 5 (M-Commerce) is too light to be useful, and most of the material is already woefully out of date.

My recommendation is to pass this book up and, instead, seek out single-topic books that address the subjects in which you're interested.

Where's the e-commerce, where's the professionality?.......2002-04-07

I can't believe the rating some people give this book. This book touches a lot of areas with little depth. The book contains a lot of filling with no practical usable things.

The information on practical Java E-commerce is very limited, and if you need usable information on JSP, Application Servers, ... I suggest you buy books about the specific areas you need information on. Even if this book was intended to be a high level overview on E-commerce it would miss its mark.

Ecellent overview of a wide range of topics.......2001-07-27

The Audience for this Book

Java E-Commerce is aimed at people who already know Java and need to evaluate the technologies available. I first I wondered what the target audience would be, if you are a programmer you might not get to choose the technologies and if you are a manager you might not have the time or inclination to learn about these technologies in such depth. I now appreciate that they are appropriate for just about anyone except a beginner, most programmers need to know what technologies are available and managers need to know what the programmers are talking about.

How the book is organised

The book is divided into five sections starting with The E-commerce Landscape. This didn't tell me much I didn't already know, evolution of internet... exciting, define e-commerce....arpanet, web browsers etc etc. All scene setting stuff, but you can't have a fairy story without "once upon a time". Things get a little more interesting with Section 2, "Architecting Java Based e-commerce systems".

Some parts of the web world assume that "everyone uses Microsoft Internet Explorer". The authors of this book recognize that in the future your audience might well be WebTV, a mobile phone or PDA. Although there is plenty of coverage of specific Java technologies such as EJB and Servlets the book recognises that most developments will have to fit in with legacy systems and that the heart of the task is to give the potential purchaser a usable and easy browsing experiences.

Much of the material covers topics I already knew about superficially. Some crucial aspects covered are EJB, XML and JMS. I was fairly stunned to note a mention of the Log4J technology from the Apache group. If you haven't come across Log4J, go to the Apache org web site and download it. I challenge anyone not to find a use for it in any non trivial application. Even allowing for the time it takes to put a book together this illustrates that the authors are right at the front of developing technologies, absorb what these people say, they know what they are talking about.

Plenty of XML Coverage

The topic of XML runs though large parts of the book. Chapter 16 gives an interesting overview of the emerging standards in XML dtd's. There are a raft of competing standards and the dust is yet to clear on which ones will be generally adopted. Chapter 13 has an in-depth discussion of an Intelligent Assistant, ie a natural language parser system to allow customers to interact with a virtual shop assistant. I thought this was interesting in an academic way but I suspect that the number of people who will actually adopt this technology would be very small indeed. The

Bits I enjoyed most

The part I enjoyed most was a part I thought I might not even get around to reading which was Chapter 23, "In the MarketPlace, Corporate Purchasing". This is written in a laconic style by people who obviously have plenty of real world experience. Mixed in with headings like " Characteristics of Corporate Purchasing Systems are titles like "The headaches of having more than one partner." At the end of this chapter are 4 case studies that made me smile for all the right reasons. I did my post graduate education in Software after I had a decade of experience in the industry. It used to annoy me that the lecturers insisted on describing an ideal world that I knew did not exist. I get annoyed by technical books that insist that by following their golden recipes everything will go perfectly. The 4 case studies illustrate that things rarely go to plan, frequently do not go as expected and sometimes have to use horrible solutions but can still solve the problems. If you are browsing your local book shop, pick up this book and jump to the end of chapter 23.

I try to read everything I can about emerging net and Java technologies but I learnt a whole slew of new things reading Java E-Commerce. Notably the nature of B2B technologies. I had rather foolishly assumed it was just more web applications where the person using the browser at one end was in a business and connecting to a server at another business. It actually refers to using web technologies to replace the automated EDI technologies that large corporations have been using for years. I found the topic of XSLT transformations fascinating in that it explains how to get around the incompatibilities between different forms of XML used by different companies. If two companies use different DTDs to structure their XML XSLT can be used to convert between the formats. Until I read that section I had thought of XSLT as a way of transforming XML into nicely formatted HTML.

I found the chapter on M-commerce (transactions via mobile devices) to be interesting as a primer on what can be done via mobile devices, but I suspect you could fit everyone who has ever placed an order via a mobile phone, in my living room and still have space for unexpected visitors.
The book gives a high level coverage of a wide range of related Java technologies by people who appear to have actually worked with them on real world projects. The authors seem to have actually used the technologies in the real world rather than just read the documents and played with a few toy applications. It gives you enough to evaluate how and where you would use each of the technologies and examples of how people have used it in real projects.

Should you buy it?

Book Description

Twenty-seven weekends a year, the No Fluff, Just Stuff conference rolls into another town, featuring the world's best technical speakers and writers. Up until now, you had to go to one of the shows to soak up their collective wisdom. Now, you can hold it in the palm of your hand. The No Fluff, Just Stuff Anthology represents topics presented on the tour, written by the speakers who created it. This book allows the authors the chance to go more in depth on the subjects for which they are passionate. It is guaranteed to surprise, enlighten, and broaden your understanding of the technical world in which you live.

The No Fluff, Just Stuff Symposium Series is a traveling conference series for software developers visiting 27 cities a year. No Fluff has put on over 75 symposia throughout the U.S. and Canada, with more than 12,000 attendees so far. Its success has been a result of focusing on high quality technical presentations, great speakers, and no marketing hype. Now this world-class material is available to you in print for the first time.

Customer Reviews:

Knowledge of experts, balance of FOX news.......2007-06-23

There is not a single good reason known to me not to read the second No Fluff Just Stuff Anthology. Most engineers I know spend far more time coding than catching up on the latest tricks and trends in the engineering world. To those engineers, present company included, an anthology like this is invaluable. However, NFJS Anthology Vol. 2 is also grievously unbalanced.

Much material in this volume is written by agitators of the "new age" software movement, for lack of a better word. They gravitate towards weaker contracts (i.e. REST over WS-*), loose typing (i.e. Ruby over Java), relaxed processes (i.e. Agile over anything else), and so forth... While all authors are entitled to their opinions, I find it unsettling that the "new age" dogma dominates much of the publication. Brian Sletten assaults WS-* in his essay "Give it a Rest", but where is the counterargument? The three paragraphs Sletten himself offers? Or does the editor wish to suggest, quite falsely if so, that there really is no business case to explain why top enterprises leverage WS-* based solutions in spite of their cost?

How about Jared Richardson's article on JRuby titled "Integrating Ruby with legacy code"? Since when is Java considered legacy code? Since when has the free world stopped developing solutions in Java except when under the whip of mighty yet incompetent management? And once again, where is the refutation? Where is the essay on the dangers of mixing and matching languages and platforms? The weaknesses of purely-dynamic languages? Certainly not in this NFJS anthology (sorry, Jared, two brush-off bullet points don't count). And what of a counterargument to Venkat Sabramaniam's essay on Agile Methodologies? While deeply insightful into agile techniques, it also seems to offer Agile as a panacea of sorts, omitting any discussion of when an agile process may be unfitting or even crippling. Once again, shop somewhere else for the complete story.
Ultimately, the single greatest failure of this compilation can be attributed to Neal Ford's role as its editor. A quick glance at his blog allows one to glean Ford's biases with a naked eye. While the strength of Ford's dispositions does not detract from his status or credibility as a great speaker and author, it renders him unfit to edit such a compilation as this anthology. Ford goes so far as to violate a key principle of the NFJS series by propagandizing a $500 IDE (Chapter 10), while devoting less than half that real estate to Eclipse techniques (Chapter 11), despite the latter's prevalence in availability and market share. In short, Ford allows what would otherwise be an invaluable educational resource to become a hideous concoction of information and propaganda.

Fortunately, Ford's negligence toward balance was slightly tempered by the diversity and insight of several of the authors. Howard Lewis Ship's essay on testing tools and techniques (Chapter 7), David Geary's introduction to the Google Web Toolkit (Chapter 8), and Scott Leberknight's "Data Access using Spring, Hibernate, and JDBC" (Chapter 19). These chapters stand out due to both their relevance and their instructional approach. These essays teach, rather than preach, and set a wonderful example of what the rest of this volume should have looked like. While I look forward to attending this year's No Fluff Just Stuff conference in Boston and even hearing some of the people whose work I criticized in the preceding paragraphs, I hope the 2008 NFJS anthology will offer less demagoguery and more substance, less fluff and more stuff.

Too little about too much - A bright star with a short lifespan.......2007-03-01

Being a great collection of masterly written articles, this book constitutes a deep introduction to a diversity of hot tech-topics. Surely, it will serve you well as a valuable skills thermometer in your professional growth planning.

Though, a couple of chapters awoke my interest and became the start point of further readings; I don't picture this book having a place in my "always at hand" book collection. I think this book, like those magazine subscriptions piling up in my garage, is a once in a lifetime reading.

Rather than having this professional guide to mainstream technological thinking dusting on my bookshelf; I would like to see it being passed around at the coffee table, inspiring, and guiding colleagues and friends. Definitely, this is not a book to own, but a book to share.

Specialized to the computer geek world - and packed with logic and detail........2006-10-14

Articles by many notables - Scott Davis, Neal Ford, and more - pack an anthology covering all kinds of topics, from real-world web issues and applications to project testing, total object makeovers, and more, computer pros will find topics detailed, in depth and specialized to the computer geek world - and packed with logic and detail.

Diane C. Donovan
California Bookwatch

eclectic.......2006-09-26

This is certainly an eclectic mix of a book. Topics from 15 authors covering subjects such as language-oriented programming, through agile methodology and CSS.

Written by leaders in their fields, this book doesn't aim to be definitive, but consists of essays by those people about the stuff which interests them. I didn't follow all of the subjects covered, and I think that you would be hard-pressed to. All were well written and would appeal to followers of that particular facet of information technology.

One particular thing I liked about this was the appendix covering each author's favourite reads and tools, plus a comprehensive bibliography.

I'm sure you'll find, as I did, half a dozen topics of interest, with several others opening up previously unknown fields of study. I'm looking forward to the next edition.

A Technical Conference - To Go!.......2006-09-02

I attended a NFJS conference last year and was very impressed by the quality of the speakers and content. So, when I had the chance to read the No Fluff, Just Stuff 2006 Anthology I jumped on it.

The book is a collection of 15 technical papers from NFJS speakers that will just make you flat smarter. I found each paper to be informative, well written, and enjoyable. For example, the first paper is "Real World Web Services" by Scott Davis. In it, he provides a broad overview of the various acronyms that make up Web Services. While I was already pretty familiar with WS, this paper filled a few gaps in my knowledge of the subject. In other sections of the book there are deep discussions on testing, continuous integration, methodologies, and more.

The NFJS 2006 Anthology cuts a wide swath across the topic of software development. And yet, each section manages to go quite deep into the subject. I found a nice balance of variety and detail. Some of the papers were on topics I wouldn't necessarily seek out but I appreciated the opportunity to widen my horizons a bit.

Check out the TOC and sample chapters on the Pragmatic Programmer site.

Think of it as a technical conference to go. Highly recommended.

Secure Internet Programming: Security Issues for Mobile and Distributed Objects (Lecture Notes in Computer Science)

Average customer rating:

Advanced treatment of advanced topics

Secure Internet Programming: Security Issues for Mobile and Distributed Objects (Lecture Notes in Computer Science)

Manufacturer: Springer
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Distributed Databases | Databases | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Programming | Mobile & Wireless Computing | Computers & Internet | Subjects | Books

General | Medicine | Subjects | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Business & Investing | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

Medicine | Amazon Upgrade | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Medicine | Qualifying Textbooks - Fall 2007 | Stores | Books
ASIN: 3540661301

Book Description

Large-scale open distributed systems provide an infrastructure for assembling global applications on the basis of software and hardware components originating from multiple sources. Open systems rely on publicly available standards to permit heterogeneous components to interact. The Internet is the archetype of a large-scale open distributed system; standards such as HTTP, HTML, and XML, together with the widespread adoption of the Java language, are the cornerstones of many distributed systems. This book surveys security in large-scale open distributed systems by presenting several classic papers and a variety of carefully reviewed contributions giving the results of new research and development. Part I provides background requirements and deals with fundamental issues in trust, programming, and mobile computations in large-scale open distributed systems. Part II contains descriptions of general concepts, and Part III presents papers detailing implementations of security concepts.

Customer Reviews:

Advanced treatment of advanced topics.......2002-06-02

This three section collection of papers is for advanced architects who are exploring contemporary security strategies. The collection is divided into foundation material, concepts and implementation. The book has a fourth section, but it's an appendix that lists the author bios.

The papers in this book are based on presentations given at two ECOOP'98 workshops: the Workshop on Distributed Object Security and the Workshop on Mobility: Secure Internet Mobile Computation. Unlike many books that are based on workshops and lecture notes, this one is more practical than academic. I like the fact that XML and Java are covered, and found the papers that deal with access controls filled with useful information. The paper by Blaze, Feigenbaum, Ioannidis, and Keromytis on the role of trust management in distributed systems, and Roth's paper on mutual protection of cooperating agents gave information that me and my team used to solve a design problem.

Amazon.com

Right at the beginning the authors admit that " ... there is no black-and-white answer to the question, should I use Java?," and that the purpose of this book is to help you make your own decision. As an aid to systems administrators who are judging whether to enable Java on their company's computers, this book is worth the short time it takes to read it.

Java Security begins with a description of the aims and features of the Java language and its security model, a description that will hold no surprises for the moderately experienced Java programmer. Authors Gary McGraw and Edward W. Felten, both professional hunters of Java security flaws, then spend a little too long detailing their past glories: the flaws in Java that they and others have found, but have long since fixed. They also list ongoing nuisance problems, suggestions and predictions for Java's future, and a short list of "antidotes" users can take to avoid risks.

Customer Reviews:

Good for 1996.......2002-04-04

I'm writing this review in April, 2002 when IE 6.0 became a standard browser and Netscape is RIP.
This book was written 6 years ago in the days of NN 2.0 and IE 3.0 .. Although it's more then
outdated by now it clearly explains what security risks exist for Java-enabled browsers
and answers my (and may be your) question "How the hell applets can break through Security Manager ?!"
It's main idea is to explain readers what harm applets can do, why is it possible at all
and what is done about the subject by the browser manufactures. Good work for 1996.

Note that it's not "Java security book" in the terms you may think today - in 1996 Java
was only understood as a flashy applets popping-up in the Web.

Great Java security book.......2000-10-31

If you use a web browser that is Java enabled (versions greater than Netscape Navigator 2.0 and Microsoft Internet Explorer 3.0) ,and are concerned about Java security, this book is required reading.

At under 160 pages of text (not counting the appendices), Java Security provides a superb overview of security issues involved with using Java. The authors are security veterans. Felton heads up the Princeton University Safe Internet Programming Team and is famous for discovering quite a few holes in the Java security model.

One might think that two security experts who know the depths and implications of Java security may come out with a reference with suggestions that are overly restrictive and perhaps paranoid. That is not the case here. The recommendations that the book suggests are rational and reasonable. Java Security provides commendable guidelines on how to use Java more safely and what the future holds for Java security features.

The 6 chapters of the book provide an excellent and comprehensive analysis to all aspects of Java security. Chapter 2 provides a significant amount of detail about the Java Security Model, with in-depth coverage of the 3 prongs (as they call it) of the security model, namely: the Byte Code Verifier, the Applet Class Loader and the Security Manager.

Chapter 3 follows with a discussion detailing serious holes in the security model. The authors consider a flaw to be serious when the breach has the potential to corrupt data, reveal private information, or infecting the workstation with a virus. They fittingly note that all of the flaws detailed in the chapter have been fixed by Netscape and Microsoft. The function of the chapter is to show what sort of things can go wrong. Chapter 3 concludes with a summary of 8 significant security problems that were discovered last year in implementations of Java.

The book also goes into great detail on what developers and end-users can do to make Java much more secure. Their six guidelines for Safer Java use are:

1. Know what web sites you are visiting 2. Know your Java environment 3. Use up-to-date browsers with the latest security updates 4. Keep a lookout for security alerts 5. Apply drastic measures if your information is truly critical 6. Access your risks

Fenton has his doctorate in computer science, nonetheless, the book is written in a very clear and coherent manner. Add this to your bookshelf.

An Excellent read for anyone interested in Java security.......1997-08-28

This book is wonderfully written and full of good information. It would be useful for anyone from novice users to managers to Java Programmers who are concerned about security. In fact, I strongly recommend them buying a copy to read as this is one of the best technical books I've read in a long time. The only audience I wouldn't recommend it for are the people who are doing very advanced Java Security work such as writing their own Security Manager, but they may even learn something from it.

A Fine Antidote for All of the Java Fanfare.......1997-01-28

Heave an egg out of an open window almost anywhere in the world today, and the odds of striking a Netscape user are in your favor. The odds are even better that this person either knows nothing of Java or believes that it is safe. Pick up almost any book on Java programming, and you will see the same superficial and misleading treatment of security issues. This important book is the first one to address the myriad problems raised by Java. It clearly and concisely explains past problems, current issues, and future risks. McGraw and Felten grab the high and mighty Java industry by the ear, and they offer sane and sensible advice to every level of Java programmer and user. One can only wish that this book had appeared a year earlier and had been widely read by Java's cheerleaders and hucksters. Perhaps then more of the problems would have been solved by now, and fewer risks would remain.

Average customer rating:

Java & Internet Security
Theodore Shrader
Manufacturer: iUniverse
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Manager's Guides to Computing | Business & Culture | Computers & Internet | Subjects | Books

E-Commerce | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Modeling & Simulation | Computer Science | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books
ASIN: 0595135005

Book Description

Welcome to exciting realm of Java and Internet Security. Whether you are new to security or a guru, these pages offer introductory and advanced discussions of the hottest security technologies for developing and understanding successful e-business applications. This book offers several complimentary sections for easy reading and includes a generous helping of code samples. We introduce you to the Java 2 security model and its numerous objects and dive into explaining and exploiting cryptography in your applications. This book also includes an in-depth explanation of public keys, digital signatures, and the use of these security objects in Internet messaging and Java programs. We also cover other security topics including the Secure Sockets Layer (SSL), Java Authentication and Authorization Services (JAAS), and Kerberos.

Books:

Books Index

Books Home

Recommended Books