Slashdot Mirror
Inside Java 2 Platform Security, Architecture, API Design and Implementation
The book begins with an introduction to computer and network security fundamentals. The different types of attacks, available defense mechanisms, current security models, cryptography, authentication, etc., are introduced. Chapter 2 brings you up to date with what has been happening 'til JDK 1.1 The different components of the Java security architecture such as the byte code verifier, security manager, the restrictive sandbox, signed applets, and the strong typing, etc. are briefly described.
Chapter Three, 73 pages long, explains the inner details of JDK 1.2 security architecture that provides for flexible, extensible and fine-grained access control. The important classes and their relationships are explained. Of these classes the key methods are explored in detail.
Chapter 4 and 5 talk about deployment and customization of the security architecture. Deployment involves creating policy files and using tools like keytool, policytool, jarsigner and customization involves creating new permission types and configuring the security policy. Also here you learn about how to migrate from the JDK 1.1 based security managers to JDK 1.2 based. Certain good coding practices for writing secure Java objects form the topic of Chapter 6- --Object Security. JDK 1.2 also introduces some new classes for the same SignedObject, SealedObject and GuardedObject
The generic crypto APIs of JDK along with the Java Cryptography Extension (JCE) form the Java Cryptographic Architecture which provides platform independent cryptography APIs. Chapter 7, Programming cryptography introduces the classes of the JCE. The final chapter looks into the future. Security features that are being investigated for the future releases are discussed and since the author is also the chief Java security architect, this section resembles a trailer of what is coming.
This book is for developers who are very much interested in the inner details of the JDK 1.2 architecture and system administrators who have to configure the system security policy.
Developers will in particular enjoy the discussions where the author explains the rationale behind the design of key classes and algorithms of significant methods. We get to know what were the alternatives present, from where the ideas came, and why this particular one was chosen. For example, you need only private keys to create signatures and public keys to verify them, but then why does CodeSource deal with only certificates and not public keys?
This book is not just theory; it is also rich with examples. You will learn how to create a new Permission type, use the classes of the cryptographic package or use the tools that comes with JDK, just to name a few.
Sys Admins will benefit a lot from Chapter 4, which teaches how to configure and deploy policy files. The technical depth is one of the strong points of this book but it can be overwhelming to people who would just like to get an update on what all is new. But then you can skip the sections that get into the details and benefit a lot from the breadth of knowledge that is covered. There is also an excellent bibliography.
JDK 1.2 is feature rich. The author has done a commendable job in making all of this easy to comprehend by giving a number of real-world code examples. This book is definitely not for the newbie, but for someone who knows the language and the environment, so the book could have done without the section on how to install JDK or it would have been more appropriate in the appendix. I would recommend reading the Java Security trail (http://java.sun.com/docs/books/tutorial/security1.2/index.html) of the Java Tutorial before reading this book.
On the negative side, there are syntax errors in some of the Java code given. The keyword "class" is omitted in the definition of a class. Considering the fact that this book comes "from the source", this is a serious error.
The security model that came with the original version of Java was the very restrictive sandbox model. JDK 1.1 gave us the feature of signing applets. JDK 1.2 brings a whole lot of new features and tools which allows flexible and configurable security policies. One of the factors that hinder the adoption of new technology is complexity. Books like these, which clearly explain how to use it, will definitely make the process of using these security features a lot painless.
Finally, the author gives a tip to improve the security features on MS-Windows--- restrict all applications to be 100% Java code. Till we reach that golden era, I will stick with Robert T. Morris' three golden rules to ensure computer security: do not own a computer, do not power it on, and do not use it :)
Pick this book up at ThinkGeek.
Ben: "I was once a troll the same as your brother."
Luke: "My brother didn't troll. He was a Linux zealot."
Ben: "That's what Signal 11 told you. He didn't hold with your brother's ideals. He thought he should post pro-Linux FUD. Not gotten involved."
Luke: "I wish I had known him."
Ben: "He was a cunning troller, and the best flamebaiter on the Internet. I understand you've become quite a troll yourself. And he was a good friend. For over 3 years the trolls made Slashdot worth reading. Before the dark times. Before the moderation"
Luke: "How did my brother die?"
Ben: "A young troller named CmdrTaco, who turned to evil, helped Rob Malda moderate Slashdot. He permanently banned your father's IP Address. Taco was seduced by the Dark Side of the Karma."
Luke: "The Karma?"
Ben: "Yes, the Karma is what gives a Karma-Whore his power. It's an energy field created by repeating pro-Linux FUD. It surrounds us. Penetrates us. Binds Slashdot together. Which reminds me. Your brother wanted you to have this when you were old enough, but Signal 11 wouldn't allow it. He thought you'd follow Anonymous Coward on a FIRST POST."
Luke: "What is it?"
Ben: "It a bowl of hot grits. The weapon of a troll. Not as random or clumsy as a petrified Natalie Portman or a Scooby Doo. An elegant topic for a more trollish First Post."
bookpool.com has it for
$26.95
unhealable deep cut discounts!
Have you actually used this puppy, or do you
just believe the marketing gunk ?
Its hard to believe this - there are a *lot* of reasons why java is much slower than C/C++ let alone fortran - I've been using java off and on for 5 years. The fastest I've seen is jit for ibm jdk1.1.8 on NT which is about 5x slower than C++ equivalent.
http://rareformnewmedia.com/
Other folks have mentioned Thinking in Java, so I won't link it. While it's a damn good book, I liked Ivor Horton's Beginning Java a little better for newbies, since it doesn't focus quite as much on object orientation. I don't have the new edition, though I would expect the same high quality. Of course, Fatbrain has it. Wrox is my second favorite tech publisher after O'Reilly. Still, you can't beat a free book, so I'd at least check out the online version of Thinking.
Weblogging Considered Harmful:
I agree that too many people post a lot of stuff at a score of 2 that really shouldn't be - I think it would help if the default were to post at a score of 1, with the option to uncheck a box to post with a score of 2.
That way, the poster would have to think a little if his/her post deserves a score of two. As it is, it's all too easy to just post and forget to check the box to stop it posting at a higher score...
I'll leave this post at a score of two assuming that it's a good enough idea that it deserves it. I often have posted at a score of 1 though, I try and make sure I have something really interesting to say before I mark it as 2 to start with.
P.S. - sorry for vilating the Strunk and White rules of "one" vs. "1" but it really seemed to look better in this case.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I learned Java with the JDK 1.1, and found two books pretty helpful. I already had been programming in other languages including C/C++ for a while, and these books helped to learn the language. Neither would be a good choice if you also needed to learn how to program at the same time.
The certification guide has an updated version for 1.2 that I haven't read. I was also warned by people who had taken the exam that the book by Boone, "Java 1.1 Certification Exam Guide for Programmers and Developers" is one to stay away from. Apparently it is just filled with errors. (There may be an updated version that is better, but I have no intentions of buying it, so I don't know.)
I know what you mean by being overwhelmed when you go to the bookstore. There are a lot of Java books available, and most are pure garbage. For the more specific Java topics the ORA books are pretty good, but I think that the Addison Wesley books are just a bit better.
Um, no. It's being used by Fortune 500 companies for serious business applications.
Female Prison Rape in NY
The book is not only available in printed form, but Bruce Eckel has a web site on the book and related subjects, including the full text in both html (downloadable zip or browsable) and indexed pdf format. However, it's not small and I would recommend going for the paper version if you like it.
The only Good System is a Sound System
I would go for "Thinking in Java" by Eckel, Bruce, available from Fatbrain.com at this page as it is one of the few books to really show you why you should follow the advice rather than yet another rehash of the java api (when are people going to realise that we don't want to pay money for a printout of the standard javadoc).
The only Good System is a Sound System
The official site is the Java section of sourceware, and there is a recent news update. It compiles source or class files to native code, and the CNI interface is basically C++ calling; so it's set up to be fast, and in fact has been fast, on the software I've managed to get running there.
Briefly, it's bleeding edge; one looks forward to the next GCC release. I don't know how the very latest snapshots go, but it's been ages since I've gotten one that even compiles smoothly (on Redhat 6.0, very standard).
Significant missing features include the ability to parse JDK 1.1 "inner classes" from Java source. It's coming, but not there yet, and the workaround is just to use a JDK compiler and compile from classfiles.
And as for applying this particular signed code architecture (the one in the book, remember what the alleged topic of this thread is? :-) ... it's a ways off, I'd say. Clearly there'll be some good potential for open source hacking there, both to get the crypto parts going (let's really bang on that new BigInteger code!) and to make sure all the other parts of the runtime interact appropriately. Hard work.
JOVE
Doh! Ouch! Well the roughly $1,000 liscencing fees were the first thing that threw me. Second ther dosn't appear to be a linux version. Does it work under WINE?
Slashdot social engineering at it's finest
So basicly, you want java as some kind of c++ superset? That seems to be what Sun thinks too, and also what is ruining the language. Things like garbage
collection are the strength of languages like java. If you're serious about implementing an object oriented structure, then you really need a language with
these things. Java is more like what the next generation languages will be, allowing you to talk more about meta-objects and sealing off the lower levels of
code. However, what is needed for this is a quality compiler that optomizes your code. Lets try to make java more like perl or python, eliminating the large
amounts of time spent on memory management.
What I really want is having the ability to just take say a program that displays "hello, world" and displays it to the screen to be easily run on the console command line of a linux machine. I can do that with c++.
What I really would like to know is why all the objectness?
I have done some studying and in general any program can be created from:
for
do/while
while
if
Take the use of functions and you have a superb method of creating programs. Also add recursion and you have very nice programs. It seems like all the "object oriented" nature of languages appears to be of little practal use. Except to save perhaps a couple of minutes.
Slashdot social engineering at it's finest
In the first year of Java's release, we saw it used for stock tickers, buttons, and animation. Five years later, it's still the same damn thing.
The obvious things yes I would have to agree with that. Look at all the major linux applications out there little is being done in java regardless of how "good" it is. C/C++ are the languages of choice along with perl/python. I don't think there are any major programs that are written in java ther most average people use everyday (staple apps) that are actually java based on linux distributions. For that matter most of the things I use on windows platforms are not java based either.
Except on Windows NT, Java is slow. It's not open source, either. Interpreted languages that ARE open source generally kick it in the butt performance-wise, are easier to code, and are 100% portable.
I can't see NT as being fast at anything unless it's fast to anger the user.
Call me back when they figure out something for Java that's actually cool.
Dr. Dobbs has a number of what many would consider "cool" things with java. I have seen several games for java but nothing that has hit mainstream. Generally this is due to a lack of speed and bloat to the code. That may change however when we are all running processors 10x faster than now we might get 4% speed increase.
Slashdot social engineering at it's finest
This is really the beginning of something. Geeks have always despised Java because of speed difficulties, but its starting to actually go somewhere. It more of a "true" OO language than C++ (more like Smalltalk) and once we see
some breakthroughs with runtime compilers for it speed will be a nonissue.
Isn't there a simple way to just run java executables? I shure would like to actually be able to learn and use java without needing to get some fancy smansy memory intensive, disk space clogging mess. What about the gnu java compiler: gcj? Can I just run output from said java app with say standard libc stuff?
I think more likely is that computers will just end up speeding up to cover up inefficient implimentations of the language and perhaps poor programming. Hey look what fast computers did for windows.
Slashdot social engineering at it's finest
There is at least one java compiler than can give Fortran levels of performance.
And that is?
Slashdot social engineering at it's finest
The Third Edition of Java in a Nutshell is quite a good beginners book. But dont try the 1st or 2nd editions, they require you to know a bit of C or imperative programming. The Third Edition is much nicer for newbies.
No, five years later, it's the the most popular server-side development language for the web (counting new systems).
Except on Windows NT, Java is slow. ... Interpreted languages that ARE open source generally kick it in the butt performance-wise, are easier to code, and are 100% portable.
Java is faster on several other platforms, notably OS/2 and now Linux as well. Java with a JIT compiler compares favorably in speed to Perl and Python. What other language is 100% portable? Not Perl. Gimme a break.
Call me back when they figure out something for Java that's actually cool.
How will you hear the phone if your head is wedged so deeply in your ass?