Java Security begins with a description of the aims and features of the Java language and its security model, a description that will hold no surprises for the moderately experienced Java programmer. Authors Gary McGraw and Edward W. Felten, both professional hunters of Java security flaws, then spend a little too long detailing their past glories: the flaws in Java that they and others have found, but have long since fixed. They also list ongoing nuisance problems, suggestions and predictions for Java's future, and a short list of "antidotes" users can take to avoid risks.

Product Description
Java Security outlines secure programming practices for today's hottest language. They reveal the weaknesses and pitfalls of current safe Java policy and show how to incorporate both organizational and technical fixes into an effective safety management program.

Note that it's not "Java security book" in the terms you may think today - in 1996 Java
was only understood as a flashy applets popping-up in the Web.


Great Java security book   October 31, 2000
 2 out of 2 found this review helpful

If you use a web browser that is Java enabled (versions greater than Netscape Navigator 2.0 and Microsoft Internet Explorer 3.0) ,and are concerned about Java security, this book is required reading.

At under 160 pages of text (not counting the appendices), Java Security provides a superb overview of security issues involved with using Java. The authors are security veterans. Felton heads up the Princeton University Safe Internet Programming Team and is famous for discovering quite a few holes in the Java security model.

One might think that two security experts who know the depths and implications of Java security may come out with a reference with suggestions that are overly restrictive and perhaps paranoid. That is not the case here. The recommendations that the book suggests are rational and reasonable. Java Security provides commendable guidelines on how to use Java more safely and what the future holds for Java security features.

The 6 chapters of the book provide an excellent and comprehensive analysis to all aspects of Java security. Chapter 2 provides a significant amount of detail about the Java Security Model, with in-depth coverage of the 3 prongs (as they call it) of the security model, namely: the Byte Code Verifier, the Applet Class Loader and the Security Manager.

Chapter 3 follows with a discussion detailing serious holes in the security model. The authors consider a flaw to be serious when the breach has the potential to corrupt data, reveal private information, or infecting the workstation with a virus. They fittingly note that all of the flaws detailed in the chapter have been fixed by Netscape and Microsoft. The function of the chapter is to show what sort of things can go wrong. Chapter 3 concludes with a summary of 8 significant security problems that were discovered last year in implementations of Java.

The book also goes into great detail on what developers and end-users can do to make Java much more secure. Their six guidelines for Safer Java use are:

1.Know what web sites you are visiting 2.Know your Java environment 3.Use up-to-date browsers with the latest security updates 4.Keep a lookout for security alerts 5.Apply drastic measures if your information is truly critical 6.Access your risks

Fenton has his doctorate in computer science, nonetheless, the book is written in a very clear and coherent manner. Add this to your bookshelf.


An Excellent read for anyone interested in Java security   August 28, 1997
 1 out of 1 found this review helpful

This book is wonderfully written and full of goodinformation. It would be useful for anyone from novice users to managers to Java Programmers who are concerned about security. In fact, Istrongly recommend them buying a copy to read as this is one of the best technical books I've read in a long time. The only audience I wouldn't recommend it for are the people who are doing very advanced Java Security work such as writing their own Security Manager, but they may even learn something from it.


A Fine Antidote for All of the Java Fanfare   January 28, 1997
Heave an egg out of an open window almost anywhere in theworld today, and the odds of striking a Netscape user arein your favor. The odds are even better that this person either knows nothing of Java or believes that it is safe. Pick up almost any book on Java programming, and you will see the same superficial and misleading treatment of security issues. This important book is the first one to address the myriad problems raised by Java. It clearly and concisely explains past problems, current issues, and future risks. McGraw and Felten grab the high and mighty Java industry by the ear, and they offer sane and sensible advice to every level of Java programmer and user. One can only wish that this book had appeared a year earlier and had been widely read by Java's cheerleaders and hucksters. Perhaps then more of the problems would have been solved by now, and fewer risks would remain.