On Tue, 3 Jul 2001 00:39, Berin Loritsch wrote: > > I *will* reply to the points you made, but halfway through the reply I > > wrote I realized I needed to study up on this before doing so. > > It's a *big* subject.
HUUUUUUUUUUUUUUUUUUUUGE you mean - One of those subjects where you can never know enough ;) So far in persuit of it I have written a basic JVM (to figure out bytecode hacks and language) rules, gone though 15 books or so, followed all research and still are only a babe in the woods ;) > Start with this link: > > http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-security_p.html > > It will familiarize you with the basic concepts and types of attack that > you need to guard yourself against. It also introduces you to the Java > Security API. Another resource I would recommend is Java Security > published by O'Reilly. Make sure you get the second revision as it augments > the original, and merges information from Java Cryptography into that > volume (a better buy). The best I have found for permissions/codebase/bytecode/etc (ie. JVM level) is called "Java 2 Network Security" By Pistoia et al (Not sure why it describes "Network Security" in title though...). About the only problem for me was that the version I have (Ed 2) didn't cover the "blending" of permissions in JDK1.3 for APIs like JAAS. A good reference (not great - especially if you are familiar with material) is Java Security Handbook by Jaworski & Perrone. Cheers, Pete *-----------------------------------------------------* | "Faced with the choice between changing one's mind, | | and proving that there is no need to do so - almost | | everyone gets busy on the proof." | | - John Kenneth Galbraith | *-----------------------------------------------------* --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
