Books are very useful for learning some things, and hopefully you’ve gotten some benefit from the one you’re holding in your hand. However, for some types of information, the Internet remains the better choice. In this appendix, we’ll list and discuss various network resources that relate to Java and security.
One reason why this information is better found on the Internet is because it is subject to rapid change. The APIs we’ve discussed may remain fairly stable (despite the big changes in many of them between 1.1 and 1.2), but the information to be found in these resources is more dynamic.
Early in my computer science career, I handed in an exam that ended up receiving a lower grade than I had expected. As part of the exam, I was asked to write an algorithm, prove that it was correct, and then provide an implementation of the algorithm.
While my algorithm and its accompanying proof were completely correct, my implementation received a failing grade. This was a rather dispiriting result: I had come up with a solution and proved that the solution was correct. But the “real” solution—the implementation—was still flawed.
Such is the potential problem with implementing a security model. A lot of design and analysis has gone into Java’s default security model, and hopefully you’ll put your own effort into making your own applications secure. But no matter how sound the design of a security model, in the end it is the implementation ...