BKDCESEC.RVW   950804
 
"DCE Security Programming", Wei Hu, 1995, 1-56592-134-8, U$29.95
%A   Wei Hu
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   1995
%G   1-56592-134-8
%I   O'Reilly & Associates, Inc.
%O   U$29.95 800-998-9938 707-829-0515 fax: 707-829-0104 nuts@ora.com
%O   519-283-6332 800-528-9994 Rick Brown rick.brown@onlinesys.com
%P   386
%T   "DCE Security Programming"
 
Distributed computing must generally assume that the links between systems are
not secure.  Given client requests and server responses flying back and forth
over unknown channels, how are you to ensure confidentiality, authentication,
and access controls?
 
In chapter one, Hu gives a basic overview of data security principles,
encryption, and the Kerberos ticket-granting scheme.  (Marred only slightly by
typos such as the one which insists that n times two is greater than two raised
to the nth power.)  The specific function of the DCE (Distributed Computing
Environment) security server is covered in chapter two.  The programming part
starts with a look at the DCE security application programming interface and
continues, using an employee database example, through access control lists,
remote ACL management, and DCE 1.1 enhancements.
 
This is definitely a programmer's guide, and readers should be familiar with
both C and DCE before tackling it.  Hu's explanations, though, are quite clear
(barring an unfortunate tendency to start using an acronym about a paragraph
prior to its definition).  Chapters one and two can serve as a very good
introduction to DCE security concepts for nontechnical managers.
 
copyright Robert M. Slade, 1995  BKDCESEC.RVW   950804

======================
DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer        ROBERTS@decus.ca         rslade@vanisl.decus.ca
DECUS Symposium '96, Vancouver, BC, Feb 26-Mar 1, 1996, contact: rulag@decus.ca