Book description
This book is a comprehensive guide to Java security issues. It assumes you are an experienced Java programmer, but have little experience with creating secure applications. This book covers formulating and enacting a network security policy to protect end-users, building e-commerce and database applications that can safely exchange secure information over networks and the Internet, cryptography, digital signatures, key management, and distributed computing: CORBA, RMI, and servlets.
Table of contents
- Copyright
- About the Authors
- Acknowledgments
- Tell Us What You Think!
- Introduction
-
I. The Foundations of Java Security
- 1. Security Basics
- 2. Java Security Overview
- 3. Java Application Security Access Control
- 4. Applet Security
-
II. Cryptographic Security
- 5. Introduction to Cryptography
- 6. Key Management and Digital Certificates
- 7. Message Digests and Digital Signatures
- 8. The Java Cryptography Extension
- 9. SSL and JSSE
-
III. Distributed System Security
- 10. Distributed Enterprise Security Overview
- 11. Databases and Database Security
- 12. The Java Authentication and Authorization Service
- 13. CORBA Security
- 14. Enterprise JavaBeans Security
- 15. Java Servlet and JSP Security
-
IV. Appendixes
-
A. Past Java Security Flaws
- JavaScript (February, 1996)
- DNS Attack (February, 1996)
- Class Loader Implementation Bug (March, 1996)
- Verifier Implementation Bug (March, 1996)
- URL Name Resolution Attack (April, 1996)
- Hostile Applets (April, 1996)
- Classloader Attack Variant (May 18, 1996)
- Illegal Type Cast Attack (June 2, 1996)
- Inconsistency in javakey (December 13, 1996)
- Web Spoofing (December, 1996)
- Java Versus ActiveX (February 25, 1997)
- Virtual Machine Bug (March 5, 1997)
- Disclosure of IP Addresses (March 17, 1997)
- Signing Flaw (April 29, 1997)
- Verifier Bugs (May 16, 1997)
- Another Verifier Bug (June 23, 1997)
- RSA PKCS1 Risk in SSL (June 26, 1998)
- Princeton Classloader Attack (July 22, 1998)
- Execution of Unverified Code (March 26, 1999)
- Construction of Unverified Classes (April 14, 1999)
- Locally Installed Applet Classes (February 2, 2000)
- B. The Mathematics of RSA
- C. Downloading and Installing the JCE
-
D. The Java 2 Security API
-
The java.security Package
- Interfaces
-
Classes
- AccessControlContext
- AccessController
- AlgorithmParameterGenerator
- AlgorithmParameterGeneratorSpi
- AlgorithmParameters
- AlgorithmParametersSpi
- AllPermission
- BasicPermission
- CodeSource
- DigestInputStream
- DigestOutputStream
- GuardedObject
- Identity
- IdentityScope
- KeyFactory
- KeyFactorySpi
- KeyPair
- KeyPairGenerator
- KeyPairGeneratorSpi
- KeyStore
- KeyStoreSpi
- MessageDigest
- MessageDigestSpi
- Permission
- PermissionCollection
- Permissions
- Policy
- ProtectionDomain
- Provider
- SecureClassLoader
- SecureRandom
- SecureRandomSpi
- Security
- SecurityPermission
- Signature
- SignatureSpi
- SignedObject
- Signer
- UnresolvedPermission
-
Exceptions
- AccessControlException
- DigestException
- GeneralSecurityException
- InvalidAlgorithmParameterException
- InvalidKeyException
- InvalidParameterException
- KeyException
- KeyManagementException
- KeyStoreException
- NoSuchAlgorithmException
- NoSuchProviderException
- PrivilegedActionException
- ProviderException
- SignatureException
- UnrecoverableKeyException
- The java.security.acl Package
- The java.security.cert Package
- The java.security.interfaces Package
- The java.security.spec Package
- The javax.crypto Package
- The javax.crypto.interfaces Package
- The javax.crypto.spec Package
-
The java.security Package
- E. Downloading and Installing the Cryptix JCE 1.2
- F. Using the Keytool
- G. Using the jarsigner Tool
-
A. Past Java Security Flaws
Product information
- Title: Java Security Handbook
- Author(s):
- Release date: September 2000
- Publisher(s): Sams
- ISBN: 9780672316029
You might also like
book
Java Security, 2nd Edition
One of Java's most striking claims is that it provides a secure programming environment. Yet despite …
book
Java Security
Java's most striking claim is that it provides a secure programming environment. However, despite lots of …
book
Java Cryptography
Cryptography, the science of secret writing, is the biggest, baddest security tool in the application programmer's …
book
TCP/IP Sockets in Java, 2nd Edition
The networking capabilities of the Java platform have been extended considerably since the first edition of …