Architecture is definitely considered in our book. More software architecture than network architecture, although we do touch on issues like IPSec and Firewalls in the introduction.
Some of the issues to consider when designing your system are:
- balancing security and useability. There is not point in having an unbreakable security architecture if the users are going to circumvent it. For example, a really secure password isn't worth much if it is taped to the monitor.
- weighing the cost of data against the value of protecting it. Absolute security is impossible, so the time and money you spend to protect data should be relative to how sensitive it is.
- n-tiered application design. Where are the weak points, what has to be protected and from who? We talk about protecting the various tiers of the application and show an example banking app securing the database, the app-server and the web server.
There are many other issues to consider, depending on the app, but the book gives you a good place to start.
Originally posted by ruilin yang:
Jess/Daniel
Some architecture design can solve some security problems. In order to get a good security implementation on a system, it is better to start from architecture design with combination of security consideration.
How much does your book cover/discuss the archetecture design in terms of a better security. I mean some security problems can be solved purely by a proper architecture design. Sometime we have to do a trade-off between architecture design, performance consideration, and security. I would like to get some comments from you - experts.
Thanks in advance.
Ruilin
------------------
Daniel Somerfield
Author of
Professional Java Security