Cryptography for Internet and Database Applications
Cryptography for Internet and Database Applications: Developing Secret and Public Key Techniques with Java
Published by Wiley in 2002, ISBN: 978-0-471-42808-4
Prior to this book, most cryptography books were geared toward algorithms and protocols, which hopefully are already provided by some library. This was my first attempt at going up the stack, teaching how to use cryptography to solve common problems in web application development.
Back in early 2000s, the answer to any problem in web security was “use SSL” or “use PKI” which certainly is part of the solution but doesn’t address data at rest. The original abstract (which I think the publisher wrote) reflects my concerns at the time, which sadly are still true.
Cryptography is the gold standard for security. It is used to protect the transmission and storage of data between two parties by encrypting it into an unreadable format. Cryptography has enabled the first wave of secure transmissions, which has helped fuel the growth of transactions like shopping, banking, and finance over the world’s biggest public network, the Internet. Many Internet applications such as e-mail, databases, and browsers store a tremendous amount of personal and financial information, but frequently the data is left unprotected. Traditional network security is frequently less effective at preventing hackers from accessing this data. For instance, once-private databases are now completely exposed on the Internet. It turns out that getting to the database that holds millions of credit card numbers-the transmission-is secure through the use of cryptography, but the database itself isn’t, fueling the rise of credit card information theft.
A paradigm shift is now under way for cryptography. The only way to make data secure in any application that runs over the Internet is to use secret (also known as private) key cryptography. The current security methods focus on securing Internet applications using public keys techniques that are no longer effective. In this groundbreaking book, noted security expert Nick Galbreath provides specific implementation guidelines and code examples to secure database and Web-based applications to prevent theft of sensitive information from hackers and internal misuse.
Unfortunately, 2002 was still in the midst of the first Dot Bomb and wasn’t the best time to come out. But it did get the best book review in industry
Let’s face it, databases are just “naked ladies” on the Internet. They have no protection at all. This is the first book that I’ve ever bought that shows how to use crypto to get some clothes on those ladies and keep your credit card number and mine safe. Word to the wise-buy this book.
Thank you, “A Customer” whoever you are!
To my amazement, ten years later the book is still available, this time in electronic form:
So go download a copy and get the souce code from Google Code. See also Check Digits which is related code from the book.