• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Java Security

 
Luciano A. Pozzo
Ranch Hand
Posts: 112
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I heard that Java is secure. So my question is:

The Java security is applied only on applets?

Because I read in book "Core Security Patterns", that the sandbox works only in untrusted applets. For me sound strange, because this mean that if I donload a jar and execute in my machine, the application can access all my system resources?

Thank's
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Java security can be applied just about anywhere.

An Applet runs in a sandbox. The default is that an Applet can only send data back to the server on which it originated, and can not write data to the local file system.

However, there is a props file you can edit and change all this stuff.

Same for the JVM as a whole. You can restrict the places a vanilla JVM can read and write data, or you can give it full access to the hard drive.

I do remember doing a Java application where I wasn't aware of the security properties that were applied to the JVM. My applicatiosn couldn't write data to any of the places on the hard drive I was attempting. Documenting the stuff you do is very important to developers like me.



Cheers!

-Cameron McKenzie
 
Arvind Giri
Ranch Hand
Posts: 91
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Its not that java security is only applicable to applets. If you download a jar but you don't trust it, Still you can run it with SecurityManager and you can set permissions allowed to this jar (%JAVA_HOME%\jre\lib\security\java.policy).

Sandbox security was there in java 1.2. After that a lot of changes has been done in java security to make it more fine grained....


Cheers....
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic