File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes how do we deploy app with security manager to clients? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "how do we deploy app with security manager to clients?" Watch "how do we deploy app with security manager to clients?" New topic
Author

how do we deploy app with security manager to clients?

H Melua
Ranch Hand

Joined: Jan 04, 2005
Posts: 172
Hi

When i write a desktop application in Java, and i want to deploy it to clients, and within the application I install a security manager (the default one!); now if we assume the program needs to read and write into the file system, and also needs to access the network... and by default the client application does not provide me with these permissions!
in other words, the application will keep throwing security exceptions, and surely i cant change the policy file in the client since i don't have permission to do so!

how do we go about that?

thank you
HannaH
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42935
    
  68
Why would the application install a security manager that does not allow it to do what it needs to do?
H Melua
Ranch Hand

Joined: Jan 04, 2005
Posts: 172
can you elaborate more...

if i want to make my application more secure, and only performs in its own protection domain, and so does not try to do something with out permissions from the client, then how can we achieve that?

I'm actually against programmers running their applications with full permissions on client machines, because that means if the application contains a security hole, then the attacker can make use of all the permissions granted to the application!

now i dont want my application to be completely free to play in the client machine! but i only want it to contain the least possible permissions it needs to run!
[ July 11, 2008: Message edited by: H Melua ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42935
    
  68
In that case, write a SecurityManager that grants precisely those permission the application needs, and denies all others. See here for a simple example of how to do that.
H Melua
Ranch Hand

Joined: Jan 04, 2005
Posts: 172
I seeeee, thank you, i was actually wondering, why does java let you write your own security manager, and also warns you not to do so unless you really really need to!!! It seems like it should be very common that programmers write their own!!

and if thats the case, they should be encouraging programmers to make their programs run with "least privilege"!!

That was very helpful, i thank you very much again

HannaH
[ July 11, 2008: Message edited by: H Melua ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how do we deploy app with security manager to clients?