Download PDF version of this article PDF

Privacy: What Developers and IT Professionals Should Know

J.C. Cannon

Addison-Wesley Professional, 2004, $49.99
ISBN: 0321224094

I have been teaching an advanced course on design methodologies for more than a decade, and its content has evolved to keep up with changes in the application domains, implementation technologies, and advancements in design methods. Until I read this book, however, I did not realize that, as designers of software solutions, we need to have a good understanding of how to actually build privacy functionalities into the solutions we develop and deliver. Therefore, just as implementing security in software solutions is now viewed as a responsibility of software architects, I feel that privacy will be the next new responsibility of designers of software solutions. The question arises: What do we need to know to fulfill this new responsibility? This book provides an answer to this question. Specifically, it suggests that software designers need to know about privacy legislation, understand privacy-enhancing technologies, and possess the expertise to build privacy-aware applications.

The book is divided into three parts. Part 1 is an overview of and introduction to the area of privacy. It covers privacy-enhancing and privacy-aware technologies, privacy-invasive devices, privacy legislation, the privacy management features in Windows, and how to fight spam. The writing style is focused and clear. This part is designed for people who are new to the area of privacy.

Part 2 focuses on how to build a privacy infrastructure in an organization. This infrastructure must be in place to drive the design of privacy-aware applications.

Half the book is devoted to Part 3, which presents a development process that incorporates privacy analysis and design considerations, leading to privacy-aware applications. The analysis process extends the traditional data flow analysis. The author provides code fragments for a sample privacy-aware application, database protection, and managing access to data. The details of the code fragments are available on the CD-ROM included with the book. Although the three chapters on privacy-aware applications, protecting database data, and managing access to data are sprinkled with actual code, people who write programs for Internet applications should be able to read the code without too much difficulty.

The book is written for software development professionals, but can be used to support graduate-level courses in design methodology, software engineering, and information technology architectures.—Don Chand

IPv6 Network Programming

Jun-ichiro itojun Hagino

Digital Press, 2004, $49.95, ISBN: 1555583180

This book addresses the migration from IPv4 to IPv6, from the point of view of networking applications. The move from IPv4 to IPv6 is expected to happen gradually, and both will coexist for some time. Programs may be written for IPv4 only, for IPv6 only, or for both IPv4 and IPv6. The latter is the most difficult case.

Hagino provides ways to detect IPv4-specific code and ways to modify it into portable code that can be used with both versions. He presents details about which operating system supports which IPv6 features, and which features are relevant.

There are specific problems relating to the coexistence of both protocols. Multiple formats for the same address increase the difficulties of filtering correctly, as in firewalls. The author explains the problems clearly.

The author is an authority on the subject. The text is clear and to the point; it contains sufficient, complete examples, which can be downloaded from a Web site. The examples are Unix-oriented, using Unix commands.

One particular aspect of this book makes it different from most others. It has 361 pages. The appendices start on page 81 and contain relevant, additional documentation for IPv6 network programming. The inclusion of four RFC (request for comments) documents is rather unexpected: most people would use http://www.rfc-editor.org, rather than a book, when they need to check details.

If you are responsible for networking code, and you need to migrate programs from IPv4 to IPv6, prepare such a migration, or start clean with IPv6, you will be able to pick up the essentials from this book without difficulty.

—A. Mariën

Reprinted from Computing Reviews, © 2005 ACM, http://www.reviews.com

acmqueue

Originally published in Queue vol. 3, no. 5
Comment on this article in the ACM Digital Library








© ACM, Inc. All Rights Reserved.