May 2001
Intermediate to advanced
618 pages
20h 50m
English
Content preview from Java Security, 2nd EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
What Is Security?
The first thing we must do is to discuss just what Java’s security goals are. The term “security” is vague unless it is discussed in some context; different expectations of the term “security” might lead us to expect that Java programs would be:
- Safe from malevolent programs
Programs should not be allowed to harm a user’s computing environment, such as Trojan horses and harmful programs that replicate, like computer viruses.
- Non-intrusive
Programs should be prevented from discovering private information on the host computer or the host computer’s network.
- Authenticated
The identity of parties involved in the program -- both the author and the user of the program -- should be verified.
- Encrypted
Data that the program sends and receives -- over the network or through a persistent store such as a filesystem or database -- should be encrypted.
- Audited
Potentially sensitive operations should always be logged.
- Well-defined
A well-defined security specification should be followed.
- Verified
Rules of operation should be set and verified.
- Well-behaved
Programs should be prevented from consuming too many system resources: too much CPU time, too much memory, and so on.
- C2 or B1 certified
Programs should have certification from the U.S. government that certain security procedures are followed.
In fact, while all of these features could be part of a secure system, only the first two were within the province of Java’s 1.0 default security model. Other items in the list have been introduced ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.