Professional Java Security

Hi,I'm a mid-expert in java, but did not know much about security, only by words.I've decided to try a book that would give me an overview of the topic but at the same time I wanted a book that would "dirty" my hands in enough code to be able to try out what I was reading.I consider this a perfect book to cover the topic for people that loves to "play" with java code.Max Pellizzarohttp://www.maxpellizzaro.com

The cover of this book has photos of the authors, who have the boyish good looks of candidates for a 1990's boy band. The contents of the book belie the apparent youth of the authors. They both know the topic well and how to explain it. The not only know about how Java security works now, they also know about the quirks and peculiarities of the history of Java security. They don't seem to mention it anywhere in the book, but the authors created a nicely modified version of the GPL version of the Terraterm ssh client. Having read some of the Terraterm code I admire them for even making sense of it.Unlike many of the Wrox technical books this is not a million page, multi author, multi topic tome but 520 pages that keep strictly to the title topic. There is plenty of information on the net about Java security but it is often hard to find and not explained well. This book goes right from the basics of explaining algorithms to giving substantial code examples for creating secure tunnels to manage database connections. I have read about public and private key algorithms several times in the past but the analogies used in this book really re-inforced my understanding. They explain the ideas behind some of the different encryption algorithms by using analogies with the characters in Hamlet the Shakespearean play. They go through the various permutations of how Hamlet could send a message to the king of England using a box locked with various key combinations. The analogies get longer and more involved with each algorithm, but they worked well for me.Chapter 10 has a long example and explanation on how to create an SSL tunnel server, whereby they JDBC calls are redirected between a client machine. The idea is that you configure your client system to refer to a database on a local machine but the SSL tunnel server intercepts these calls and transmits them over the secure connection to the machine running the database. A matching program on the remote machine then redirects the calls to the actual database. This is a very similar concept to using an ssh tunnel, but you can run both portions on any machine that has a java system. This is a little like having a Java based VPN. In one of my jobs we used the example code as the basis for a system for synchronizing files and directories between two different machines. This was an alternative to using rsync over ssh, as it it gave us operating system portability "out of the box". If we had not had the code from this book for the key ideas it would have either taken much longer, or we probably would not have started it at all.One thing that would be good in a revised version of this book would be a step by step guide to installing SSL in Tomcat. It is not hard, and you can find how to do it easily on the net, but many people who buy this book will want to do it.If you are thinking of putting Java applications on the web you will want them to be secure. Knowledge is the key to security and this is the shortest

The book 'Java Professional Security' by Garms and Somerfield is one of the best technical books that I have ever read.Since my current project is to provide secure communications for all of our internet programs, I have spent a lot of time trying to glean information from the internet. After 3 months of this, there were several 'missing parts' for a good understanding of the subject. This book has everything that I was looking for!In both content and presentation, the book is superb. I look forward to getting many more books from Wrox.

This book starts with a great overview of security, both in theory and implementation in Java. The examples are consise and easy to follow.The authors then show how you can apply the concepts to secure certain parts of an application, like how you can secure just about any JDBC connection to prevent the information from being sent over the network unencrypted.Later, the authors give an example application and show one way you might secure it, giving complete source code and configuration instructions. It's nice to see how the various pieces might fit together into a real system.As a final bonus, the authors include a JCE provider that supports the RSA cipher and show how it works. Much more useful than the XOR ciphers some other books provide.Overall, a great book for Java developers looking to learn something about security.