Web安全与电子商务(第二版)(影印版)
Web安全与电子商务(第二版)(影印版)
Simson Garfinkel, Gene Spafford
出版时间:2002年11月
页数:788
自从这部经典之作的第一版出版以来,World Wide Web的应用得到了迅速普及,电子商务已经成为人们日常工作和生活的一部分。Web的成长也带来了对我们的安全性和个人隐私的威胁 —— 从信用卡诈骗到商家对个人隐私的入侵,从对Web站点的丑化攻击到彻底瘫痪掉一些流行的站点。
《Web安全与电子商务(影印版)》一书研究了当今面临的主要安全问题。本书的篇幅几乎是第一版的两倍,对相关的内容进行了全面的更新,力图成为Web安全问题的权威参考书。读者可以使用书中介绍的技术和技巧保护你的个人隐私、公司、系统和网络。本书的主题包括:
* Web技术 —— 密码系统、安全套接层(SSL)、公共密钥构架(PKI)、密码、数字签名和生物统计学。
* 用户的Web隐私和安全机制 —— Cookie、日志文件、spam、Web日志、个人信用信息、身份盗窃,以及插件、ActiveX控件、Java applet和JavaScript、Flash、Shockwave程序中的怀有敌意的活动代码。
* 管理员和内容提供商的Web服务器安全机制 —— CGI、PHP、SSL证书、P3P和隐私策略、数字支付、客户机方签名、代码签名、色情内容过滤、PICS、智能属性和法律问题。
“由于Internet面临的安全威胁日益严重,解决方案也变得越来越复杂,人们往往为了应付表面的安全问题而抛弃了基本的安全原则。本书对现代计算环境中的安全性和个人隐私的基础问题进行了卓越的研究。本书内容中肯实用,叙述轻松流畅 —— 甚至会让业界的专家们拍案叫绝!我向涉及安全工作的初学者和有经验的人员强烈推荐此书。本书也值得该领域的教师和作者一读再读。”
—— Gene Kim(Tripwire公司CTO)
“本书应该让所有运营Web站点的人认真阅读。书中介绍了让你做出明智决策所需要的理论,以及许多与理论紧密结合的实用示例。即使你已经有了多年运营Web站点的经验,本书也会让你受益匪浅。”
—— Reuven Lerner(Web/数据库顾问,Linux Journal专栏作家)
  1. Preface
  2. Part I. Web Technology
  3. 1. The Web Security Landscape
  4. The Web Security Problem
  5. Risk Analysis and Best Practices
  6. 2. The Architecture of the World Wide Web
  7. History and Terminology
  8. A Packet's Tour of the Web
  9. Who Owns the Internet?
  10. 3. Cryptography Basics
  11. Understanding Cryptography
  12. Symmetric Key Algorithms
  13. Public Key Algorithms
  14. Message Digest Functions
  15. 4. Cryptography and the Web
  16. Cryptography and Web Security
  17. Working Cryptographic Systems and Protocols
  18. What Cryptography Can't Do
  19. Legal Restrictions on Cryptography
  20. 5. Understanding SSL and TLS
  21. What Is SSL?
  22. SSL:The User's Point of View
  23. 6. Digital Identification I: Passwords, Biometrics, and Digital Signatures
  24. Physical Identification
  25. Using Public Keys for Identification
  26. Real-World Public Key Examples
  27. 7. Digital Identification II: Digital Certificates, CAs, and PKI
  28. Understanding Digital Certificates with PGP
  29. Certification Authorities:Third-Party Registrars
  30. Public Key Infrastructure
  31. Open Policy Issues
  32. Part II. Privacy and Security for Users
  33. 8. The Web's War on Your Privacy
  34. Understanding Privacy
  35. User-Provided Information
  36. Log Files
  37. Understanding Cookies
  38. Web Bugs
  39. Conclusion
  40. 9. Privacy-Protecting Techniques
  41. Choosing a Good Service Provider
  42. Picking a Great Password
  43. Cleaning Up After Yourself 242
  44. Avoiding Spam and Junk Email 252
  45. Identity Theft 256
  46. 10. Privacy-Protecting Technologies
  47. Blocking Ads and Crushing Cookies
  48. Anonymous Browsing
  49. Secure Email
  50. 11. Backups and Antitheft
  51. Using Backups to Protect Your Data
  52. Preventing Theft
  53. 12. Mobile Code I: Plug-Ins, ActiveX, and Visual Basic
  54. When Good Browsers Go Bad
  55. Helper Applications and Plug-ins
  56. Microsoft's ActiveX
  57. The Risks of Downloaded Code
  58. Conclusion
  59. 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave
  60. Java
  61. JavaScript
  62. Flash and Shockwave
  63. Conclusion
  64. Part III. Web Server Security
  65. 14. Physical Security for Servers
  66. Planning for the Forgotten Threats
  67. Protecting Computer Hardware
  68. Protecting Your Data
  69. Personnel
  70. Story:A Failed Site Inspection
  71. 15. Host Security for Servers
  72. Current Host Security Problems
  73. Securing the Host Computer
  74. Minimizing Risk by Minimizing Services
  75. Operating Securely
  76. Secure Remote Access and Content Updating
  77. Firewalls and the Web
  78. Conclusion
  79. 16. Securing Web Applications
  80. A Legacy of Extensibility and Risk
  81. Rules to Code By
  82. Securely Using Fields,Hidden Fields,and Cookies
  83. Rules for Programming Languages
  84. Using PHP Securely
  85. Writing Scripts That Run with Additional Privileges
  86. Connecting to Databases
  87. Conclusion
  88. 17. Deploying SSL Server Certificates
  89. Planning for Your SSL Server
  90. Creating SSL Servers with FreeBSD
  91. Installing an SSL Certificate on Microsoft IIS
  92. Obtaining a Certificate from a Commercial CA
  93. When Things Go Wrong
  94. 18. Securing Your Web Service
  95. Protecting Via Redundancy
  96. Protecting Your DNS
  97. Protecting Your Domain Registration
  98. 19. Computer Crime
  99. Your Legal Options After a Break-In
  100. Criminal Hazards
  101. Criminal Subject Matter
  102. Part IV. Security for Content Providers
  103. 20. Controlling Access to Your Web Content
  104. Access Control Strategies
  105. Controlling Access with Apache
  106. Controlling Access with Microsoft IIS
  107. 21. Client-Side Digital Certificates
  108. Client Certificates
  109. A Tour of the VeriSign Digital ID Center
  110. 22. Code Signing and Microsoft's Authenticode
  111. Why Code Signing?
  112. Microsoft's Authenticode Technology
  113. Obtaining a Software Publishing Certificate
  114. Other Code Signing Methods
  115. 23. Pornography, Filtering Software, and Censorship
  116. Pornography Filtering
  117. PICS
  118. RSACi
  119. Conclusion
  120. 24. Privacy Policies, Legislation, and P3P
  121. Policies That Protect Privacy and Privacy Policies
  122. Children's Online Privacy Protection Act
  123. P3P
  124. Conclusion
  125. 25. Digital Payments
  126. Charga-Plates,Diners Club,and Credit Cards
  127. Internet-Based Payment Systems
  128. How to Evaluate a Credit Card Payment System
  129. 26. Intellectual Property and Actionable Content
  130. Copyright
  131. Patents
  132. Trademarks
  133. Actionable Content
  134. Part V. Appendixes
  135. A. Lessons from Vineyard.NET
  136. B. The SSL/TLS Protocol
  137. C. P3P: The Platform for Privacy Preferences Project
  138. D. The PICS Specification
  139. E. References
  140. Index
书名:Web安全与电子商务(第二版)(影印版)
国内出版社:清华大学出版社
出版时间:2002年11月
页数:788
书号:7-302-05951-9
原版书出版商:O'Reilly Media
Simson Garfinkel
 
Simson Garfinkel是一个新闻记者、企业家,也是计算机安全方面的权威人士。Sandstorm公司总部位于波士顿,主要业务是开发超级计算机安全工具,而Garfinkel是这家公司的首席技术官。同时他也是《Technology Review Magazine》的专栏作家,并且曾经在《计算机世界》、《财富》杂志、《纽约时代》上发表了50多篇文章,并曾经编写过《Database Nation》、《PGP:Pretty Good Privacy》,还有六本其他方面的书。并且同Gene Spafford合著了《Practical UNIX& Internet Security》。
 
 
Gene Spafford
 
Gene Spafford是美国普度大学的教授、CERIAS的董事,CERIAS是有关信息安全领域方面的世界第一的综合学科中心。Spaf是AAAS、ACM和IEEE的成员,并且由于其在信息安全方面的研究和教学获得了国家计算机系统安全奖项、NCISSE的William Hugh Murray奖章,被选入ISSA名人堂,普度的Charles Murphy奖。他是CISSP,2000年的荣誉者。他与人合著了《Practical Unix & Internet Security》一书,并且是《Compuer Crime:A Crimefighters Handbook》的编辑顾问。
 
 
The animal on the cover of Web Security,Privacy &Commerce,Second Edition is a whale shark.Sharks have lived on the Earth for over 300 million years,and populate all the oceans of the world (as well as some freshwater lakes and rivers).They are related to skates and rays,differing from ordinary bony fish in having a cartilaginous skeleton that makes their bodies unusually flexible.Unlike bony fish,sharks give birth to live young,in small litters.
A common misconception about sharks is that they need to keep swimming at all times.While they do need to move their fins constantly in order to stay afloat,many species of sharks like to rest on the bottom of the ocean floor.
Sharks make excellent predators because of their well-developed sensory system (not to mention their big,sharp teeth).They have excellent eyesight and an unusually keen sense of smell;they are known to be able to locate prey from a single drop of blood.
Sharks can also sense electrical currents in the water indicating the presence of other fish.They retain several rows of teeth,which roll outward to replace those that are lost.
The whale shark,on the other hand,is a kinder,gentler shark.Whale sharks (Rhinocodon typus )have a large flat head,a wide mouth,and tiny teeth.As a filter feeder,they feed primarily on plankton and small fish.They have distinctive spotted markings on their fins and dorsal sides.Whale sharks are so named because of their size:they may weigh more than 18 metric tons and measure up to 60 feet long.They are the largest species of fish alive today.
Whale sharks live in tropical and temperate seas.They pose little or no risk to humans.In fact,whale sharks are considered a particular treat to divers,since they are impressive in size but are slow-moving and not aggressive.