on 20 June 2003
The first edition of this book was extremely good and this version is even better. As a source on crytographic programming this can't be bettered (note that it is much better than the O'Reilly book 'Java Crytography' which is hopelessly out of date). However, it also provides thorough coverage of code security - the famous sandbox, the class loader and the security manager. Finally, the book covers JAAS, the Java Authentication and Authorization Service. Here, unfortunately, the book gets a little sketchy and the examples are poor. Overall, however, this is a fine book and well up to O'Reilly standards.
on 25 February 1999
If you wish to become an in-depth expert in Java security, this book is for you. But if you just want to find out how to add specific aspects of Java security to your applications, this book is the long way around the block. It would be better to have some how-to examples early in each chapter, followed by the background and theory of each concept. Instead, you have to figure out "how-to" based on the discussion.
on 4 May 1999
Having played a bit with encryption and digital signatures on a java project for my company, I was looking forward to learning more via this book. The book starts with an important story from the author of how different people expect totally different things from a book called Java Security.
The book was split in two, with one part on the security which makes Java a 'safe' language to use, and the other part on the Java Cryptography Architecture, java.security.
As my interest was primarily in the second part, I managed to read the first part without being too disappointed in its lack of relevance for me. Unfortunately, the second part was even harder to maintain an interest in than the first, so I have to sadly name this the least interesting OReilly book I`ve read.
Not for me.
on 29 May 1999
Excuse me, but my previous review was intended for "Java Threads" by Scott Oaks, not "Java Security".
However, although the "Java Security" book is also of comparable quality, it, unfortunately, doesn't clearly cover the magical art of how dynamically loaded class files are properly integrated with "smart" servers. In other words, how are freshly loaded classes broadcast to the server VM? This "security problem" is a holy grail of the web.
on 29 May 1999
take a step forward in your mundane java applet development by reading scott's book.
his tome is choked full of the kind of details and examples that java server gurus have known since jdk1.1.3. for example, he gives a very workable example of a READ/WRITE lock algorithm for threads competing for objects .. a simple but effective algorithm that competes well with a full blown queue manger.
need i say more? his book is one of the best on the market of experienced java coders.
anxiously abaiting a real Object/Set database in java ... email@example.com