Skip to main content


Posted by daniel on December 18, 2003 at 11:55 AM PST

We feature links to two articles on securing your application today.

In Also in Java Today we feature two articles on Cryptography. First Denis Piliptchouk has published part two of his four part series on Java vs. .Net security. This time he concludes that "Both platforms come out pretty even in terms of cryptographic features, although Java has a more complicated solution due to the obsolete US export restrictions. The picture becomes muddier when it comes to communication protection -- while Java fares much better by providing a choice of both platform and application-level solutions, it clearly lags behind .NET when it comes to support for web services security. Here, Java developers would have to turn to independent vendors for the desired features."

If you want to back up and get an introduction to the concepts Denis covers, start with An Introduction to Cryptography and the Java Cryptography Extension by Brian R Gilstrap. This introduction is December's Java Technical Insight of the Month from Object Computing. Gilstrap begins with an explanation of encryption and decryption, Message Authentication Codes, and Digital Certificates and Signatures. He then provides an overview of the JCE architecture along with an example of how you would use it. He concludes "that security only works when it is end-to-end, meaning all steps in a process must be secured. For example, no matter how good the algorithm used to encrypt data on disk, if that data is transmitted across an unsecured network the algorithm for encrypting on disk may not matter."

In Weblogs Jim Cushing talks about the steps you go through when joining a project already in progress. There is that first Inquisitive Phase when you are new to the project. Then there's the time between being a newbie and being an old hand that he characterizes as the Complacent Stage. Finally you start to assert yourself and become part of the leadership of the project in the Emboldened Phase.

Joshua Marinacci takes a less philosophical approach in his answer to the question How do you develop? He's actually looking for your input. He offers this summary of his own process. " I focus on the taskflow of the user. Where will the user start? Where will the user want to go from screen X? How should validation and error conditions be handled? I usually create classes to model each window. All of the code to create the panels, sub panels, and widgets goes in that class. As the size of the class grows I pull the major chunks out (say a reusable subpanel for selecting a date). I make my event handlers anonymous at first and then pull them out into inner classes and later into full classes in an event package."

In Projects and Communities, the JXTA Community is aware that it takes a while to learn about P2P and about JXTA in particular. You may want to start with the EZEL Easy Entry Library for JXTA. It's goal is to "enable the typical client-server developer in creating a JXTA service - and a peer that consumes that service - in a single afternoon with no previous JXTA or P2P programming experience required."

The Java Desktop community points to the announcement of Apple's Worldwide Developers Conference. While JavaOne is rocking Moscone North and South, Apple's conference will be right across the street at Moscone West. I'm looking ahead to a fun but exhausting week June 28 - July 2. By the way, Apple announced the public availability of Java 3D and JAI downloads.

In today's News

Registered users can submit news items for the href=""> News Page using
news submission
All submissions go through an editorial review by news director Steve
Mallet before being posted to the site. You can also subscribe to the
href=""> News RSS

Current and upcoming Java

  • December 18 SDForum Distinguished Speaker: John Gage
  • December 27 JUG.RU meeting at Saint-Petersburg
  • Registered users can submit event listings for the href=""> Events Page using our href=""> events submission
    All submissions go through an editorial review before being posted to

    This blog is delivered weekdays as the href="">Java Today
    feed. Once this page is no longer featured as the front page of href=""> it will be archived at href=""> You can
    access other past issues in the href=""> Archive.