When i write a desktop application in Java, and i want to deploy it to clients, and within the application I install a security manager (the default one!); now if we assume the program needs to read and write into the file system, and also needs to access the network... and by default the client application does not provide me with these permissions! in other words, the application will keep throwing security exceptions, and surely i cant change the policy file in the client since i don't have permission to do so!
if i want to make my application more secure, and only performs in its own protection domain, and so does not try to do something with out permissions from the client, then how can we achieve that?
I'm actually against programmers running their applications with full permissions on client machines, because that means if the application contains a security hole, then the attacker can make use of all the permissions granted to the application!
now i dont want my application to be completely free to play in the client machine! but i only want it to contain the least possible permissions it needs to run! [ July 11, 2008: Message edited by: H Melua ]
Joined: Mar 22, 2005
In that case, write a SecurityManager that grants precisely those permission the application needs, and denies all others. See here for a simple example of how to do that.
Joined: Jan 04, 2005
I seeeee, thank you, i was actually wondering, why does java let you write your own security manager, and also warns you not to do so unless you really really need to!!! It seems like it should be very common that programmers write their own!!
and if thats the case, they should be encouraging programmers to make their programs run with "least privilege"!!
That was very helpful, i thank you very much again
HannaH [ July 11, 2008: Message edited by: H Melua ]