68.

Jini with Protection

The safest way for a Jini client or service to be part of a Jini federation is through abstinence: that is, for it to refuse to take part. This doesn't get you very far in populating a federation, though. The JDK 1.2 security model offers a number of ways in which more permissive activity may take place:

• Grant permission only for certain activities, such as socket access at various levels on particular ports, or access to certain files for reading, writing, or execution.

   grant {     permission java.net.SocketPermission "224.0.1.85", "connect,accept";     permission java.net.SocketPermission "*.edu.au:80", "connect"; } 

• Grant access only to particular hosts , subdomains, or domains.

   grant codebase "http://sunshade.dstc.edu.au/classes/" {     permission java.security.AllPermission "", ""; } 

• Require digital signatures to be attached to code.

   grant signedBy "sysadmin" {     permission java.security.AllPermission "", ""; } 

For any particular security access, you will need to decide which of these options is appropriate. This will depend on the overall security policy for your organization, and if your organization doesn't have such a policy that you can refer to, then you certainly shouldn't be exposing your systems to the Internet (or to anyone within the organization, either)!