|
|
|
|
Advertisement
|
Summary
One of the primary reasons Java technology is a "good fit" for networks is that it has a comprehensive security model designed into its architecture. The first half of this article gives an overview of Java's security model. The second half focuses on one aspect of that security model: the safety features built into the Java virtual machine.
Why security?
Java's security model is one of the language's key architectural
features that makes it an appropriate technology for networked
environments. Security is important because networks provide a
potential avenue of attack to any computer hooked to them. This concern
becomes especially strong in an environment in which software is
downloaded across the network and executed locally, as is done with
Java applets, for example. Because the class files for an applet are
automatically downloaded when a user goes to the containing Web page in
a browser, it is likely that a user will encounter applets from
untrusted sources. Without any security, this would be a convenient way
to spread viruses. Thus, Java's security mechanisms help make Java
suitable for networks because they establish a needed trust in the
safety of network-mobile code.
Java's security model is focused on protecting users from hostile programs downloaded from untrusted sources across a network. To accomplish this goal, Java provides a customizable "sandbox" in which Java programs run. A Java program must play only inside its sandbox. It can do anything within the boundaries of its sandbox, but it can't take any action outside those boundaries. The sandbox for untrusted Java applets, for example, prohibits many activities, including:
By making it impossible for downloaded code to perform certain actions, Java's security model protects the user from the threat of hostile code.
|
Sponsored Links
|