Originally posted by Rick Salsa:
If you could that be great! So does the book cover programatic security as well? I'm assuming this might be something like isUserInRole, type of thing?
Also, you mentioned that the book talks about securing communcation from client to server, with a swing-jdbc app. What about securing communications with an app server using rmi? Is this mentioned at all and would it be similar to what you describe for the client-sever scenario?
Thanks Brian. The first answer was very informative!
/rick
[ October 23, 2002: Message edited by: Rick Salsa ]
Brian Buege<br />Author of <a href="http://www.amazon.com/exec/obidos/ASIN/0072225653/brivacom-20" target="_blank" rel="nofollow">Hacking Exposed J2EE & Java: Developing Secure Web Applications with Java Technology</a><br />Visit the <a href="http://www.hackingexposedjava.com" target="_blank" rel="nofollow">Companion Website</a>
Originally posted by Deb Williams:
Brian,
Are there any security issues when using dynamic or static includes? If so, is one better to use than the other?
Thanks,
Deb
Brian Buege<br />Author of <a href="http://www.amazon.com/exec/obidos/ASIN/0072225653/brivacom-20" target="_blank" rel="nofollow">Hacking Exposed J2EE & Java: Developing Secure Web Applications with Java Technology</a><br />Visit the <a href="http://www.hackingexposedjava.com" target="_blank" rel="nofollow">Companion Website</a>
Originally posted by Cathy Gorchkova:
Hi, Brian
What is the best solution for handling instance-level security in Entity beans? How to return to the user a subset of entity beans he can access?
I wish to avoid retreiving all the beans first and then check authorization for every entity.
Brian Buege<br />Author of <a href="http://www.amazon.com/exec/obidos/ASIN/0072225653/brivacom-20" target="_blank" rel="nofollow">Hacking Exposed J2EE & Java: Developing Secure Web Applications with Java Technology</a><br />Visit the <a href="http://www.hackingexposedjava.com" target="_blank" rel="nofollow">Companion Website</a>
Originally posted by G Vanin:
Brian, thank you answering me in
https://coderanch.com/t/132992/Security/digital-encryption
I have more questions there basically abt what was the evolution in security and what will be next.
It is also very important for running the code from articles on Internet, since things change, there are articles 3 years old, and no explanation abt what they were/are using. A little bit of confusion.
For ex., IBM's security suite is evaluating since April 1999. It is interesting, if I read an article from 2000 (or even 1999) how may I get that suite from 2000, etc.?
How many your books are on promotion? Whether the CD is self-sufficient for reproducing examples without referring to Internet (I use JDK1.3.1, and access Internet through library or books' CDs)
Brian Buege<br />Author of <a href="http://www.amazon.com/exec/obidos/ASIN/0072225653/brivacom-20" target="_blank" rel="nofollow">Hacking Exposed J2EE & Java: Developing Secure Web Applications with Java Technology</a><br />Visit the <a href="http://www.hackingexposedjava.com" target="_blank" rel="nofollow">Companion Website</a>
Creativity is allowing yourself to make mistakes. Art is knowing which ones to keep
Greg Ostravich - SCPJ2
Originally posted by Greg Ostravich:
Welcome Brian.
This book looks great!
It looks like it has examples of all sorts of great stuff from Applets to Server-Side.
Do you speak at Java User Groups?
It looks like you could do a full talk just on J2EE security.
[ October 24, 2002: Message edited by: Greg Ostravich ]
Brian Buege<br />Author of <a href="http://www.amazon.com/exec/obidos/ASIN/0072225653/brivacom-20" target="_blank" rel="nofollow">Hacking Exposed J2EE & Java: Developing Secure Web Applications with Java Technology</a><br />Visit the <a href="http://www.hackingexposedjava.com" target="_blank" rel="nofollow">Companion Website</a>
If you have a bad day in October, have a slice of banana cream pie. And this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
|