Web Security, Privacy & Commerce, 2/e (Paperback)

Simson Garfinkel

  • 出版商: O'Reilly
  • 出版日期: 2001-11-25
  • 定價: $1,650
  • 售價: 9.5$1,568
  • 貴賓價: 9.0$1,485
  • 語言: 英文
  • 頁數: 800
  • 裝訂: Paperback
  • ISBN: 0596000456
  • ISBN-13: 9780596000455
  • 相關分類: 資訊安全
  • 立即出貨(限量)



Since the first edition of this classic reference was published, World Wide Web use has exploded and e-commerce has become a daily part of business and personal life. As Web use has grown, so have the threats to our security and privacy--from credit card fraud to routine invasions of privacy by marketers to web site defacements to attacks that shut down popular web sites.

Web Security, Privacy & Commerce goes behind the headlines, examines the major security risks facing us today, and explains how we can minimize them. It describes risks for Windows and Unix, Microsoft Internet Explorer and Netscape Navigator, and a wide range of current programs and products. In vast detail, the book covers:

  • Web technology--The technological underpinnings of the modern Internet and the cryptographic foundations of e-commerce are discussed, along with SSL (the Secure Sockets Layer), the significance of the PKI (Public Key Infrastructure), and digital identification, including passwords, digital signatures, and biometrics.
  • Web privacy and security for users--Learn the real risks to user privacy, including cookies, log files, identity theft, spam, web logs, and web bugs, and the most common risk, users' own willingness to provide e-commerce sites with personal information. Hostile mobile code in plug-ins, ActiveX controls, Java applets, and JavaScript, Flash, and Shockwave programs are also covered.
  • Web server security--Administrators and service providers discover how to secure their systems and web services. Topics include CGI, PHP, SSL certificates, law enforcement issues, and more.
  • Web content security--Zero in on web publishing issues for content providers, including intellectual property, copyright and trademark issues, P3P and privacy policies, digital payments, client-side digital signatures, code signing, pornography filtering and PICS, and other controls on web content.

Nearly double the size of the first edition, this completely updated volume is destined to be the definitive reference on Web security risks and the techniques and technologies you can use to protect your privacy, your organization, your system, and your network.

Table of Contents


Part I. Web Technology

1. The Web Security Landscape
     The Web Security Problem
     Risk Analysis and Best Practices

2. The Architecture of the World Wide Web
     History and Terminology
     A Packet's Tour of the Web
     Who Owns the Internet?

3. Cryptography Basics
     Understanding Cryptography
     Symmetric Key Algorithms
     Public Key Algorithms
     Message Digest Functions

4. Cryptography and the Web
     Cryptography and Web Security
     Working Cryptographic Systems and Protocols
     What Cryptography Can't Do
     Legal Restrictions on Cryptography

5. Understanding SSL and TLS
     What Is SSL?
     SSL: The User's Point of View

6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
     Physical Identification
     Using Public Keys for Identification
     Real-World Public Key Examples

7. Digital Identification II: Digital Certificates, CAs, and PKI
     Understanding Digital Certificates with PGP
     Certification Authorities: Third-Party Registrars
     Public Key Infrastructure
     Open Policy Issues

Part II. Privacy and Security for Users

8. The Web's War on Your Privacy
     Understanding Privacy
     User-Provided Information
     Log Files
     Understanding Cookies
     Web Bugs

9. Privacy-Protecting Techniques
     Choosing a Good Service Provider
     Picking a Great Password
     Cleaning Up After Yourself
     Avoiding Spam and Junk Email
     Identity Theft

10. Privacy-Protecting Technologies
     Blocking Ads and Crushing Cookies
     Anonymous Browsing
     Secure Email

11. Backups and Antitheft
     Using Backups to Protect Your Data
     Preventing Theft

12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
     When Good Browsers Go Bad
     Helper Applications and Plug-ins
     Microsoft's ActiveX
     The Risks of Downloaded Code

13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
     Flash and Shockwave

Part III. Web Server Security

14. Physical Security for Servers
     Planning for the Forgotten Threats
     Protecting Computer Hardware
     Protecting Your Data
     Story: A Failed Site Inspection

15. Host Security for Servers
     Current Host Security Problems
     Securing the Host Computer
     Minimizing Risk by Minimizing Services
     Operating Securely
     Secure Remote Access and Content Updating
     Firewalls and the Web

16. Securing Web Applications
     A Legacy of Extensibility and Risk
     Rules to Code By
     Securely Using Fields, Hidden Fields, and Cookies
     Rules for Programming Languages
     Using PHP Securely
     Writing Scripts That Run with Additional Privileges
     Connecting to Databases

17. Deploying SSL Server Certificates
     Planning for Your SSL Server
     Creating SSL Servers with FreeBSD
     Installing an SSL Certificate on Microsoft IIS
     Obtaining a Certificate from a Commercial CA
     When Things Go Wrong

18. Securing Your Web Service
     Protecting Via Redundancy
     Protecting Your DNS
     Protecting Your Domain Registration

19. Computer Crime
     Your Legal Options After a Break-In
     Criminal Hazards
     Criminal Subject Matter

Part IV. Security for Content Providers

20. Controlling Access to Your Web Content
     Access Control Strategies
     Controlling Access with Apache
     Controlling Access with Microsoft IIS

21. Client-Side Digital Certificates
     Client Certificates
     A Tour of the VeriSign Digital ID Center

22. Code Signing and Microsoft's Authenticode
     Why Code Signing?
     Microsoft's Authenticode Technology
     Obtaining a Software Publishing Certificate
     Other Code Signing Methods

23. Pornography, Filtering Software, and Censorship
     Pornography Filtering

24. Privacy Policies, Legislation, and P3P
     Policies That Protect Privacy and Privacy Policies
     Children's Online Privacy Protection Act

25. Digital Payments
     Charga-Plates, Diners Club, and Credit Cards
     Internet-Based Payment Systems
     How to Evaluate a Credit Card Payment System

26. Intellectual Property and Actionable Content
     Actionable Content

Part V. Appendixes

A. Lessons from Vineyard.NET

B. The SSL/TLS Protocol

C. P3P: The Platform for Privacy Preferences Project

D. The PICS Specification

E. References