Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

This Weeks Giveaway

Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Architecture is definitely considered in our book. More software architecture than network architecture, although we do touch on issues like IPSec and Firewalls in the introduction.
Some of the issues to consider when designing your system are:
- balancing security and useability. There is not point in having an unbreakable security architecture if the users are going to circumvent it. For example, a really secure password isn't worth much if it is taped to the monitor.
- weighing the cost of data against the value of protecting it. Absolute security is impossible, so the time and money you spend to protect data should be relative to how sensitive it is.
- n-tiered application design. Where are the weak points, what has to be protected and from who? We talk about protecting the various tiers of the application and show an example banking app securing the database, the app-server and the web server.
There are many other issues to consider, depending on the app, but the book gives you a good place to start.

Originally posted by ruilin yang:
Some architecture design can solve some security problems. In order to get a good security implementation on a system, it is better to start from architecture design with combination of security consideration.
How much does your book cover/discuss the archetecture design in terms of a better security. I mean some security problems can be solved purely by a proper architecture design. Sometime we have to do a trade-off between architecture design, performance consideration, and security. I would like to get some comments from you - experts.
Thanks in advance.

Daniel Somerfield
Author of Professional Java Security
I can't renounce my name. It's on all my stationery! And hinted in this tiny ad:
Thread Boost feature
    Bookmark Topic Watch Topic
  • New Topic