• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Welcome to our guest author!

 
mister krabs
Posts: 13974
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A big JavaRanch welcome to Pankaj Kumar, author of J2EE Security for Servlets, EJBs, and Web Services. He will be with us this week to talk about his book and answer our questions about security in Java.
We will be giving away a copy of the book to four lucky winners. So check the book promotion page for the rules and you may win a copy of the book!
 
Ranch Hand
Posts: 449
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome Pankaj,
I read the review of the book on Amazon, it indicates more of positive aspects than negative. Where can I get the Index of the book. I was curious about the detailed topics/contents covered in the book.
One more thing, what is the coverage of security with respect to Websphere App Server?
Vijay
 
Ranch Hand
Posts: 504
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not much of promotion activity has been going on so far... Have the authors arrived at the forum at all? :roll:
 
author and iconoclast
Posts: 24207
46
Mac OS X Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Pankaj is actually a regular contributor to the 'Ranch. He'll be here, don't worry!
 
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Thomas Paul:
[QB]A big JavaRanch welcome to Pankaj Kumar, author of J2EE Security for Servlets, EJBs, and Web Services. He will be with us this week to talk about his book and answer our questions about security in Java.
QB]


Hi Tom,
Thanks for the warm Welcome!
And yes, I will be around this week. And next week. And next week ...
 
Pankaj Kr
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Vijay Rathore:
I read the review of the book on Amazon, it indicates more of positive aspects than negative. Where can I get the Index of the book. I was curious about the detailed topics/contents covered in the book.


Hi Vijay,
You can find the table of contents, the free sample chapter and a lot of goodies at the book's home page http://www.j2ee-security.net.

One more thing, what is the coverage of security with respect to Websphere App Server?


The book focuses on Java/J2EE standards and doesn't cover specific products. However, it does use specific products for illustrating examples -- Apache Tomcat for web applications, Apache Axis for Web Services and BEA WebLogic for EJBs.
 
Vijay S. Rathore
Ranch Hand
Posts: 449
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Pretty impressive, I would definitely like to win the book.
Do you have any plans to incorporate JSSE (Java Secure Socket Extensions) and JGSS (Java General Security Services) in near future in your book?
How tough it would be for a person to implement all the programs using any other App Server. Means can the sample programs be easily ported to any App Server.
 
Pankaj Kr
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JSSE is already covered. In fact, the chapter on JSSE is available for free download at java.net.
And I will certainly include JGSS if my publisher ever decides to come out with a 2nd edition (which depends on how much money they make from the 1st edition.
Porting the examples to different app servers should not be too difficult -- I tried to use standard APIs and descriptors wherever possible.
 
Vijay S. Rathore
Ranch Hand
Posts: 449
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Usually is there any cost involved while implementing the security at various levels in an application?
 
author
Posts: 11962
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Vijay Rathore:
Usually is there any cost involved while implementing the security at various levels in an application?

Implementing something always costs money... I guess you're asking whether it has some unexpected risk factors that can explode your budget, am I correct?
 
Vijay S. Rathore
Ranch Hand
Posts: 449
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Obviously there will be some budget for the design, coding admin and implementation. But apart from that do we have to pay for using these APIs or most of them are free with open license.
Or once you start using them in future you have to pay to use these APIs apart from ‘ unexpected risk factors that can explode the budget’
 
Pankaj Kr
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The basic capabilities and APIs are part of the J2SE/J2EE SDK. Open source implementations like Bouncy Castle add more capbilities and are free. However, if you want to use a commercial implementation (for support reasons), you got to pay for those.
With opensource implementations, you always have the risk that someday some company will claim patent/copyright infringement and may ask to be compensated. Think Linux and SCO.
Another potential risk is of that of violating export/import laws -- there are usually country-specific laws on what cryptograhic s/w you can export or import.
Another hidden cost could be the cost of managing security (like the cost of hiring a person who issues new passwords on reported lost passwords, or buying and managing certificates).
In nutshell, there are costs associated with security. As an enterprise, what one needs to do is to take a "risk management approach" -- balance the cost of security with the risk of no-security.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic