Book Reviews

The following book reviews are the copyright of their respective authors and no part should be reproduced without the express permission of the author. Publishers and Authors of the books reviewed may reproduce the whole or extracts of a review for their book. To request copyright permission please email webmaster@birmingham.pm.org.

All the reviews herein are the opinions of the reviewer and are not necessarily the views of Birmingham Perl Mongers and its members. If you feel a review or comment has been made in error, please contact webmaster@birmingham.pm.org to rectify the situation.

Network/Security Books

Static Link: http://birmingham.pm.org/reviews/35

 
Web Security and Commerce
Title:Web Security and Commerce
Author(s):Simson Garfinkel with Gene Spafford
ISBN:1-56592-269-7
Publisher:O'Reilly Media
Reviewer:Barbie

This is a book everyone should read, not just the system admin types, programmers and designers, but end users too. It's a book that contains a lot of thought provoking material with regards to security on the web, both from server attacks and private user information being compromised.

It can be read cover to cover, or by dropping in and out of the bits of interest. Some of the chapters are very web server specific and wouldn't be of interest to HTML editors and users, but there is plenty to keep you on your toes.

I have been waiting for a security book that relates specifically to Perl, but in the interim, this is certainly a good place to start. Each chapter is preceded by either a bit of history, a typical scenario, or an explanation of the terminology before getting to grips with how to combat attacks and the like.

Many aspects of software security are covered, including web servers, firewalls, web browsers, digital signatures, ActiveX controls & plugins, cryptography, SSL together with the programming side of things with Java & JavaScript and the CGI/API languages of Perl & C. I'm not quite sure why there is no mention of VBScript, which is just as lethal in the wrong hands, if not more so with the growth of virii written in the language.

To end the book there are several chapters relating to Commerce & Society, in particular Credit Cards, Blocking Software and the Legal Issues. As a warning to all it's perhaps worth reading this section alone.

I still haven't finished reading this, and am likely to continue re-reading chapters from time to time, just to remind myself of the dangers out there. It's all to easy to become complacent when building your web portal, thinking "well it works for me". If we all planned ahead to combat the known dangers, then the unforeseen ones could be greatly reduced.

My Verdict - A damn good read and a must for anyone thinking about hosting sites.