Press Release: May 31, 2001
O'Reilly Author Provides Updated, In-Depth Look At Java Security
Sebastopol, CA--"Security is a broad topic," author Scott Oaks explains in the introduction to his book Java Security, 2nd Edition (O'Reilly, US $44.95). "Everyone has his or her own notion of what security means. Complicating this issue is the fact that Java security and network security (including Internet security) are complementary and sometimes overlapping topics: you can send encrypted data over the network with Java." With this preface, Oaks dives in and provides and in-depth account of the architecture of Java's security model and how that model can be used, both programmatically and administratively.
Java's claim that it provides a secure programming environment is much debated and frequently misunderstood. As Oaks explains, "Security is a key feature of the Java platform, and it's one that I end up spending a great deal of time discussing with developers. Even today, there's still a lot of misunderstanding about how Java's security model actually works. I wanted to write a reference that explained all aspects of that model."
In Java Security, Oaks focuses on security from the perspective of a Java program. He discusses the basic platform features of Java that provide security--the class loader, the bytecode verifier, the security manager--as well as the recent additions to Java that enhance this security model: digital signatures, security providers and the access controller. Much of the book is focused on APIs within Java that provide security, including how those APIs are used by a standard Java 2 Standard Edition implementation.
"There have been some exciting developments in the Java Security APIs lately," says Oaks. "To begin, the US has changed its export restrictions on cryptography engines, so that many of the APIs detailed in this book are, for the first time, available for use in programs that will be deployed worldwide. Plus, Sun has two new key security APIs that we cover in this edition: the Java Secure Sockets Extension, which handles SSL, and the Java Authentication and Authorization Service, which for the first time integrates the Java security model with information about the user running Java applications."
Java Security is intended primarily for programmers who want to write secure Java applications. It is also an excellent resource for system and network administrators who are interested in Java security, particularly those who are interested in assessing the risk of using Java and need to understand how the security model works in order to determine whether or not Java meets their security needs.
Scott Oaks is a Java technologist at Sun Microsystems, where he has worked since 1987. While at Sun, he has specialized in many disparate technologies, from the SunOS kernel to network programming and RPCs. Since 1995 he has primarily focused on Java and bringing Java technology to end-users. Oaks is also the author of O'Reilly's Java Threads and Jini in a Nutshell.
What readers and critics said about the first edition:
"This is an essential book for everyone writing real-world software for the Internet."
--Louis Kruh, Cryptologia, January 1999
"...provides a detailed examination of all the best security options available in Java...Oaks handles the tightly focused subject of Java Security like a pro. He strikes the balance between providing high-level technical information and maintaining a friendly tone. By striking that balance, the book is easy to read from beginning to end...If you are already well versed in Java, read this book and tell your boss what you learned about Java Security; it could get you a promotion."
--Suzanne A. Smith, ComputerLink, San Diego Union Tribune, July 14, 1998
"A interesting and informative book covering very important issues. Essential reading for programmers (it assumes a working knowledge of Java) implementing java based software where security is critical...Highly recommended!"
--C Vu and the BCS Journal, August 1998
"Scott Oaks' Java Security is extraordinary both for its technical depth and its readability. It provides the Java programmer with a complete overview of the Java security architecture and security classes, plus a wealth of detailed information and code examples for specific implementations. Anyone who needs to understand Java security, but especially those who will implement security features in Java applications, will want to own this book."
Chapter 1, "Java Application Security," is available free online.
More information about the book, including Table of Contents, index, author bio, and samples.
A cover graphic in jpeg format.