Professional Java Security (Programmer to Programmer)

Security is of huge importance to the computing industry - the growth in e-commerce has brought the topic from the shadows of high-level specialists into the public eye. Nowadays breaches in security for B2C based e-tailers are big news, and damage not only the reputation of the individual organization, but also confidence in the industry as a whole. Computer Security covers a multitude of areas ranging from low-level operating system security to higher-level application security. This book concentrates on the latter, and will show you how to protect your applications with cryptography and the Java security model. Beginning with simple examples and clear descriptions of different cryptography approaches, such as symmetric and asymmetric encryption, the book will build in complexity, through consideration of public key infrastructure and SSL, to provide a comprehensive set of solutions for the enterprise Java developer. Who is this Book For? This book is aimed at intermediate to advanced Java programmers, familiar with the concepts underpinning distributed application development such as sockets, RMI, JDBC, and J2EE technologies, however no previous experience of security or cryptography is assumed. It concentrates on teaching approaches to security, developing an understanding on building cryptography into applications and, in so doing, illustrates how the key Java cryptography components can be employed. What does this book cover? The core Java security architecture. Java security extensions - JCE, JAAS, and JSSE. Encryption and authentication. Applet, JSP, and EJB security. The application of SSL in Java applications. Database security. Designing and implementing a secure tiered application. Building a cryptographic provider.