jQuery in Action, 3rd edition
The moose likes Security and the fly likes Java Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java Security" Watch "Java Security" New topic

Java Security

Luciano A. Pozzo
Ranch Hand

Joined: Jun 20, 2005
Posts: 112
Hi all,

I heard that Java is secure. So my question is:

The Java security is applied only on applets?

Because I read in book "Core Security Patterns", that the sandbox works only in untrusted applets. For me sound strange, because this mean that if I donload a jar and execute in my machine, the application can access all my system resources?

Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper

Joined: Aug 26, 2006
Posts: 4968

Java security can be applied just about anywhere.

An Applet runs in a sandbox. The default is that an Applet can only send data back to the server on which it originated, and can not write data to the local file system.

However, there is a props file you can edit and change all this stuff.

Same for the JVM as a whole. You can restrict the places a vanilla JVM can read and write data, or you can give it full access to the hard drive.

I do remember doing a Java application where I wasn't aware of the security properties that were applied to the JVM. My applicatiosn couldn't write data to any of the places on the hard drive I was attempting. Documenting the stuff you do is very important to developers like me.


-Cameron McKenzie
Arvind Giri
Ranch Hand

Joined: Jun 26, 2005
Posts: 91
Its not that java security is only applicable to applets. If you download a jar but you don't trust it, Still you can run it with SecurityManager and you can set permissions allowed to this jar (%JAVA_HOME%\jre\lib\security\java.policy).

Sandbox security was there in java 1.2. After that a lot of changes has been done in java security to make it more fine grained....


Regards<br /> <br />Arvind Giri<br />MCA,SCJP 1.4,SCWCD 1.4<br />Looking for SCDJWS
I agree. Here's the link: http://aspose.com/file-tools
subject: Java Security
It's not a secret anymore!