|
|
Featured White Papers
- Why choose an Open Source BPM?
- 10 FAQs on Business Process Management
- Best Practices for Getting Started with BPM
- Free Your Devs From The Pain Of Java Redeploys
- Increase Velocity 40% by Using JRebel
- What Developers Want: The End of Application Redeploys
- Developer Productivity Report: Java Tools, Tech, Devs, and Data
- Coding with JRebel: Java Forever Changed
- Utilizing Fast Testing to Transform Java Development
- Do You Really Get Classloaders?
- Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
- Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
- Coding with JRebel, Java Forever Changed
- 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data
Sponsored Links
Sponsored Links
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Java security evolution and concepts, Part 3: Applet security
Tackle Java applet security with confidence
Page 3 of 6
$ java -Djava.security.manager -Djava.security.policy=all.policy writeFile
In this example, the application was subject to the security manager, but the overall policy was governed by the policy file,
which allowed all files on the local filesystem to be modified. A stricter policy might have been to allow modification of only the relevant
file -- tmpfoo in this case.
I'll cover more details of the policy file, including the syntax of the entries, later in this article. But first, let's look at applet security and contrast it with application security.
Applet security
So far, we've studied application security. As such, most of the security features can be accessed and modified via the command
line. Providing an adequately secure and yet somewhat flexible policy in an applet environment proves substantially more challenging.
We will start by looking at the deployment of an applet in Appletviewer. We'll look at browser-deployed applets later.
Java code policy is primarily dictated by CodeSource, which comprises two pieces of information: the place where the code originated and the person who signed it.
Appletviewer
Create a file called writeFile.html with the following contents:
<html> <title> Java Security Example: Writing Files</title> <h1> Java Security Example: Writing Files </h1> <hr> <APPLET CODE = writeFile.class WIDTH = 500 HEIGHT = 50 > </APPLET> <hr> </html>
Running the applet with the following command line would result in the window shown in Figure 3:
$ appletviewer writeFile.html
Figure 3. appletviewer -- applets subject to security manager by default
Notice that -- in contrast to what would happen with an application -- the applet generated an exception since the applet is subject to the security manager by default. The installation can be governed by a customizable policy, if required. Running the following command line:
appletviewer -J"-Djava.security.policy=all.policy" writeFile.html
would, as you might expect, allow modification of the tmpfoo file, since this was permitted in accordance with the policy file.
Browsers
Applet security in browsers strives to prevent untrusted applets from performing potentially dangerous operations, while simultaneously allowing optimal access to trusted applets. Applet security deployment in browsers is substantially different from what we have seen so far, primarily due to the following reasons:
- A default lack of trust in code downloaded over the network
- Insufficient access to the command-line options for running the JVM, since the JVM is hosted in the context of a browser
- Inadequate support for some of the latest security features in the JVMs bundled with browsers
As for the first problem, to obviate the potential problems resulting from running untrusted code, earlier versions of Java used the sandbox model (see "Sidebar 1: Sandbox Model"). Trust is a largely philosophical or emotional issue, rather than a technical issue; however, technology can help. For example, Java code can be signed using certificates. In this example, the signer implicitly vouches for the code by signing it. The onus is ultimately upon the user running the code to trust the signing entity or not, given that these certificates guarantee that the code was indeed signed by the intended person or organization.
- Feedback
More from JavaWorld
Resources
- To run this article's example applet, go to
http://www.javaworld.com/javaworld/jw-12-2000/security/writeFile.html - For all of the files, including the
writeFile.javasource file, associated with this article, go to
http://www.javaworld.com/javaworld/jw-12-2000/security/jw-1215-security.zip - "Java Security Evolution and Concepts," Raghavan N. Srinivas (JavaWorld):
- Part 1Learn computer security concepts and terms in this introductory overview (April 2000)
- Part 2Discover the ins and outs of Java security (July 2000)
- Part 3Tackle Java applet security with confidence (December 2000)
- Part 4Learn how optional packages extend and enhance Java security (May 2001)
- Part 5J2SE 1.4 offers numerous improvements to Java security (December 2001)
- JavaWorld's security-related resources
- For more articles covering Java security, visit the Security section of JavaWorld's Topical Index
http://www.javaworld.com/javaworld/topicalindex/jw-ti-security.html - The Java Security discussion offers numerous conversations concerning security. It's also a great place to ask questions
http://www.itworld.com/jump/jw-1215-security/forums.itworld.com/webx?14@@.ee6b80e - Sign up for the JavaWorld This Week free weekly email newsletter and keep up with what's new at JavaWorld
http://www.idg.net/jw-subscribe - JavaWorld's Java Bookstore security page can point you to numerous security-related books
http://www.javaworld.com/javaworld/books/jw-books-security.html - Security information from Java.sun.com
- For comprehensive Java security information, read the Java Security API page
http://java.sun.com/security - For the latest documentation on Java security, read the documentation from Java 2 version 1.3
http://java.sun.com/j2se/1.3/docs/guide/security/index.html - "Low Level Security in Java," Frank Yellin
http://java.sun.com/sfaq/verifier.html - Java security Q&A archives
http://archives.java.sun.com/archives/java-security.html - "Frequently Asked Questions -- Java Security"
http://java.sun.com/sfaq/ - "TrailSecurity in Java 2 SDK 1.2," Mary Dageforde
http://web2.java.sun.com/docs/books/tutorial/security1.2/index.html - Java 2 SDK platform security tools
http://java.sun.com/j2se/1.3/docs/tooldocs/tools.html#security - Default Policy Implementation and Policy File Syntax
http://java.sun.com/j2se/1.3/docs/guide/security/PolicyFiles.html - Java 2 version 1.2 code signing example
http://java.sun.com/security/signExample12/ - Java plug-in documentation and download
http://java.sun.com/products/plugin/index.html - Other important security-related resources
- A list of CAs from which you can obtain code-signing certificates
https://certs.netscape.com/client.html - Netscape's security tools including
signtool
http://developer.netscape.com/docs/manuals/index.html?content=security.html - CERT advisories -- a comprehensive list of security related problems with suggested remedial action
http://www.cert.org/ - Applied CryptographyProtocols, Algorithms, and Source Code in C, 2nd Ed., Bruce Schneier (John Wiley and Sons, 1996) -- a fascinating book on the science and politics of cryptography
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471128457 - RSA Labs' FAQ about today's cryptographyftp://ftp.rsasecurity.com/pub/labsfaq/labsfaq4.pdf
- X.509 standard for certificates
http://www.ietf.org/rfc/rfc2459.txt