Sun's claim that Java is a secure programming
environment is one of the most hotly debated aspects of Java. In spite
of intense discussion, many Java programmers are mystified by what
Java's default security policies are, and how to create and implement
their own policies. "Java Security", a new release by O'Reilly,
explores Java security for Java programmers clearly and concisely.
In "Java Security", Oaks shows how to use Java's facilities for signing
classes or implementing your own signature facility. He also teaches,
step-by-step, how to write a class loader that recognizes signed
classes, verifies the signature, and cooperates with a security manager
to grant additional privileges. He addresses the problem of managing
cryptographic keys and provides solutions that implement your own key
management systems. "Java Security" includes detailed coverage of:
- security managers
- class loaders
- the access controller
- the Java security package
- message digests, certificates, and digital signatures
- the differences between version 1.1 and 1.2
"Java Security" is an essential book for everyone using Java real-world
software. Serious Java programmers deploying software written in Java
must know how to grant classes the privileges they need, without
granting privileges to untrusted classes. They must know how to protect
their systems from intrusion and corruption. Java provides the tools;
this book helps the programmer master those tools.