Security in the Java Runtime System
Classes can be treated differently when loaded locally rather than over a network. One of these differences is how the class is loaded into the runtime system. The default way for this to happen is to load the class from a local .class file. Any other way of retrieving a class requires the class to be loaded with an associated ClassLoader. The ClassLoader class is a subtype of a standard Java object that has the methods to implement many of the security mechanisms discussed so far. Many of the attack scenarios that have been used against Java have involved getting around the ClassLoader.
The ClassLoader comes into play after Pass 3 of the bytecode verifier as the classes are actually loaded on Pass 4. The ...
Get Platinum Edition Using XHTML™, XML, and Java™ 2 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
