ACCU Home page ACCU Conference Page
Search Contact us ACCU at Flickr ACCU at GitHib ACCU at Google+ ACCU at Facebook ACCU at Linked-in ACCU at Twitter Skip Navigation

Search in Book Reviews

The ACCU passes on review copies of computer books to its members for them to review. The result is a large, high quality collection of book reviews by programmers, for programmers. Currently there are 1918 reviews in the database and more every month.
Search is a simple string search in either book title or book author. The full text search is a search of the text of the review.
    View all alphabetically
Title:
Network Security with OpenSSL
Author:
John Viega et al
ISBN:
0 596 00270 X
Publisher:
O'Reilly
Pages:
367pp
Price:
£28-50
Reviewer:
Christoph Ludwig
Subject:
networks; security
Appeared in:
15-1
All programs that use network resources are potential objects of snooping, tampering, or other attacks. Even if you are familiar with cryptology, chances are your programs won't withstand sophisticated attacks unless you rely on established protocols like SSL and its successor TLS. OpenSSL is a highly regarded C implementation of these protocols. Unfortunately, there are plenty of subtle traps when using OpenSSL, giving you a false sense of security.Network Security with OpenSS' aims to show you how to avoid such pitfalls.

It presumes that the reader already has a rough understanding of modern cryptology. The explanations given are too vague to serve as more than a reminder. The authors explicitly avoid the details since they do not have an immediate impact on the use of OpenSSL. They may have a valid point here, but I miss a comprehensive commented bibliography that allows the reader to look up details or further information.

The book does not explain the design of OpenSSL or give a complete reference of all available C functions. It's rather like a cookbook; it shows how to perform certain tasks like setting up an SSL connection with proper authentication of client and server or how to correctly use message authentication codes. However, simply adapting examples when developing security relevant parts of a program leaves an uneasy feeling. A more complete discussion of all possible options and how different parts of OpenSSL interact would have been helpful.

There are more or less complete OpenSSL bindings to other languages like Perl, Python and PHP. The book dedicated one chapter to these bindings, but I doubt whether 24 pages suffice to cover everything that you need to know in order to make efficient use of OpenSSL from other languages.

In summary, if you are going to use OpenSSL, then I recommend you have a look into this book. It will give you a good starting point, at least. However, it won't serve as your only reference, you will have to dig through the documentation shipping with OpenSSL and some textbook on cryptology anyway.