REVIEW - Cryptography for Internet and Database Applications - Developing Secret and Public Key Techniques with Java


Cryptography for Internet and Database Applications

Developing Secret and Public Key Techniques with Java


Nick Galbreath



John Wiley and Sons (2002)




Christoph Ludwig


June 2003



The book promises to tell you how to cryptographically secure your applications with Java. However, even though it gives an overview of public and symmetric key cryptography, introduces Java's cryptographic frameworks JCA and JCE and discusses typical issues when implementing web and database applications, the book falls short. The book suffers most from two problems; the unclear target readership as well as the numerous and often severe errors.

Cryptographic applications are always critical. If they fail your sensitive data may be compromised. If your data is not sensitive enough to make you worry about potential failures then there is no reason to apply cryptography in the first place. It is therefore reasonable to assume that someone trusted with the design and implementation of cryptographic (Java-)components of your system has at least basic knowledge of computer science fundamentals, is able to use Java's primitive types properly and knows enough about undergraduate abstract algebra to comprehend the concepts of algorithms like RSA. Galbreath considers it necessary to explain all these details. I'd agree if this was an undergraduate textbook that introduces computer science students to cryptography, but not if the book is explicitly written for software engineers, i.e. practitioners with at least some experience. As it is, the basics take too much room and other discussions, e.g. ease of use vs. security, are kept short.

Whatever the target readership, the errors in the book are too many to be overlooked. I am not talking about the numerous typos, layout glitches or syntax errors in sample code. There are serious errors in the text that may confuse readers in the best case and cause them to write insecure code in the worst. The sections on key storage fail to mention special purpose hardware like, e.g. smartcards.

The book's strong points (like its extensive, partially commented bibliography) cannot make up for its shortcomings. Not recommended.

Book cover image courtesy of Open Library.

Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED

By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED

Settings can be changed at any time from the Cookie Policy page.