|
Chapter 9. Security
When Java technology first appeared on the scene, the excitement was not about a well-crafted programming language but about the possibility of safely executing applets that are delivered over the Internet (see Volume 1, Chapter 10 for more information about applets). Obviously, delivering executable applets is practical only when the recipients are sure that the code can't wreak havoc on their machines. For this reason, security was and is a major concern of both the designers and the users of Java technology. This means that unlike the case with other languages and systems where security was implemented as an afterthought or a reaction to break-ins, security mechanisms are an integral part of Java technology. Three mechanisms help ensure safety:
The Java virtual machine checks for bad pointers, invalid array offsets, and so on. The other steps require controlling what goes to the Java virtual machine. When class files are loaded into the virtual machine, they are checked for integrity. We show you in detail how that process works, and we show you how to implement your own class loader. For maximum security, both the default mechanism for loading a class and a custom class loader need to work with a security manager class that controls what actions code can perform. You'll see how to write your own security manager class. Finally, you'll see the cryptographic algorithms supplied in the java.security package, which allow for code signing and user authentication. As always, we focus on those topics that are of greatest interest to application programmers. For an in-depth view, we recommend the book Inside Java 2 Platform Security by Li Gong [Addison-Wesley 1999]. |
|