O'Reilly logo

The CERT® Oracle® Secure Coding Standard for Java™ by David Svoboda, Dean F. Sutherland, Robert C. Seacord, Dhruv Mohindra, Fred Long

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 17. Runtime Environment (ENV)

Rules

Image

Risk Assessment Summary

Image

ENV00-J. Do not sign code that performs only unprivileged operations

Java uses code signing as a requirement for granting elevated privileges to code. Many security policies permit signed code to operate with elevated privileges. For example, Java applets can escape the default sandbox restrictions when signed. Consequently, users can grant explicit permissions either to a particular code base or to all code signed by a particular signer. This approach places control of security ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required