Featured White Papers

• Why choose an Open Source BPM?
• 10 FAQs on Business Process Management
• Best Practices for Getting Started with BPM
• Free Your Devs From The Pain Of Java Redeploys
• Increase Velocity 40% by Using JRebel
• What Developers Want: The End of Application Redeploys
• Developer Productivity Report: Java Tools, Tech, Devs, and Data
• Coding with JRebel: Java Forever Changed
• Utilizing Fast Testing to Transform Java Development
• Do You Really Get Classloaders?
• Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
• Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
• Coding with JRebel, Java Forever Changed
• 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data

Sponsored Links

• APIs for Java Programmers: Manage & Convert DOC, XLS, PPT, PDF & More

• Instantly Preview Java Code Changes: JRebel.com

Sponsored Links

Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs

Java security: How to install the security manager and customize your security policy

Learn about the security manager and the Java API, what remains unprotected by the security manager, and security beyond the JVM architecture

By Bill Venners, JavaWorld.com, 11/01/97

Page 7 of 7

Besides openness, there are several other aspects to Java's overall security strategy that don't directly involve its architecture. You can find links to more information about these in the Resources section at the bottom of this article.

Conclusion

The security manager contributes to the JVM's security model by establishing a custom security policy for Java applications. For the security policy to be "bullet proof," both the Java API and the security manager itself must be implemented properly. A bug in either of these can result in a security hole that malicious programmers could exploit.

The customizable nature of the security manager is one of the strengths of Java's security architecture. The security manager's "check" methods are just Java code, so you are free to decide the exact circumstances in which your application will permit potentially unsafe actions. If you can express an algorithm in Java code as a "check" method of the security manager, that algorithm can be part of your application's custom security policy.

About the author