Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Core Security Patterns ?  RSS feed

 
Paul Windsor
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys,

Has anyone looked at this book "Core Security Patterns". It is a follow-on to J2EE patterns book and it shows a patterns based approach and best practices solaution for implementing J2EE security.

Before I buy this book, could someone throw their thoughts about this book. Some stuff about this book is available at www.coresecuritypatterns.com

- Paul

[ November 12, 2005: Message edited by: Paul Windsor ]
[ November 12, 2005: Message edited by: Paul Windsor ]
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Disclaimer: I have not read this book.

The term "pattern" is all the rage these days, but it is particularly ill-suited to security. Judging from the web site I gather that patterns are not actually an emphasis of the book - it's more about best practices. There are certainly things that you should and should not do to in order to create secure systems. A recipe-style book can help identify those, but you will not get an in-depth understanding of security, and thus you will not know if you have done enough (or have done too much).

I never tire to make this point: ''Security is not a product or a technology (or a set of patterns), it is a process.'' Gaining an understanding of what the challenges are that a system must meet is crucial; from there, the practices to follow will suggest themselves. Following a list of things to do will help a beginning security practitioner get going, but it will not necessarily lead to a deeper understanding of security issues or from there to safe and secure systems.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!