Cryptography for Internet and Database Applications

Cryptography for Internet and Database Applications: Developing Secret and Public Key Techniques with Java

Published by Wiley in 2002, ISBN: 978-0-471-42808-4

Prior to this book, most cryptography books were geared toward
algorithms and protocols, which hopefully are already provided by some
library. This was my first attempt at going up the stack, teaching
how to use cryptography to solve common problems in web application
development.

Back in early 2000s, the answer to any problem in web security was
"use SSL" or "use PKI" which certainly is part of the solution but
doesn't address data at rest. The original abstract (which I think
the publisher wrote) reflects my concerns at the time, which sadly are
still true.

Cryptography is the gold standard for security. It is used to protect
the transmission and storage of data between two parties by encrypting
it into an unreadable format. Cryptography has enabled the first wave
of secure transmissions, which has helped fuel the growth of
transactions like shopping, banking, and finance over the world's
biggest public network, the Internet. Many Internet applications such
as e-mail, databases, and browsers store a tremendous amount of
personal and financial information, but frequently the data is left
unprotected. Traditional network security is frequently less effective
at preventing hackers from accessing this data. For instance,
once-private databases are now completely exposed on the Internet. It
turns out that getting to the database that holds millions of credit
card numbers-the transmission-is secure through the use of
cryptography, but the database itself isn't, fueling the rise of
credit card information theft.

A paradigm shift is now under way for cryptography. The only way to
make data secure in any application that runs over the Internet is to
use secret (also known as private) key cryptography. The current
security methods focus on securing Internet applications using public
keys techniques that are no longer effective. In this groundbreaking
book, noted security expert Nick Galbreath provides specific
implementation guidelines and code examples to secure database and
Web-based applications to prevent theft of sensitive information from
hackers and internal misuse.

Unfortunately, 2002 was still in the midst of the first Dot Bomb and wasn't the best time to come out. But it did get the best book review in industry

Let's face it, databases are just "naked ladies" on the
Internet. They have no protection at all. This is the first book that
I've ever bought that shows how to use crypto to get some clothes on
those ladies and keep your credit card number and mine safe. Word to
the wise-buy this book.

Thank you, "A Customer" whoever you are!

To my amazement, ten years later the book is still available, this time in electronic form:

So go download a copy and get the souce code from Google Code. See also Check Digits which is related code from the book.