On Tue, 3 Jul 2001 00:39, Berin Loritsch wrote:
> > I *will* reply to the points you made, but halfway through the reply I
> > wrote I realized I needed to study up on this before doing so.
>
> It's a *big* subject.
HUUUUUUUUUUUUUUUUUUUUGE you mean - One of those subjects where you can never
know enough ;) So far in persuit of it I have written a basic JVM (to figure
out bytecode hacks and language) rules, gone though 15 books or so, followed
all research and still are only a babe in the woods ;)
> Start with this link:
>
> http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-security_p.html
>
> It will familiarize you with the basic concepts and types of attack that
> you need to guard yourself against. It also introduces you to the Java
> Security API. Another resource I would recommend is Java Security
> published by O'Reilly. Make sure you get the second revision as it augments
> the original, and merges information from Java Cryptography into that
> volume (a better buy).
The best I have found for permissions/codebase/bytecode/etc (ie. JVM level)
is called "Java 2 Network Security" By Pistoia et al (Not sure why it
describes "Network Security" in title though...). About the only problem for
me was that the version I have (Ed 2) didn't cover the "blending" of
permissions in JDK1.3 for APIs like JAAS.
A good reference (not great - especially if you are familiar with material)
is Java Security Handbook by Jaworski & Perrone.
Cheers,
Pete
*-----------------------------------------------------*
| "Faced with the choice between changing one's mind, |
| and proving that there is no need to do so - almost |
| everyone gets busy on the proof." |
| - John Kenneth Galbraith |
*-----------------------------------------------------*
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
