7.5 Interdependence of the Three Java Security Legs

Previous page
Table of content
Next page
 <  Day Day Up  >  

Although the three legs of Java security ” class-loading system, class file verifier, and security manager ”each have unique functions, they are interdependent.

  • The class-loading system relies on the security manager to prevent untrusted code from loading its own class loader, which could flag untrusted code as trusted.

  • Conversely, the security manager relies on the class-loading system to keep untrusted classes and local classes in separate name spaces and to prevent the local trusted classes from being overwritten.

  • Both the security manager and the class-loading system rely on the class file verifier to make sure that class confusion is avoided and that class protection directives are honored.

The bottom line is this: If an attacker can breach one of the three defenses, the security of the whole system is usually compromised.

 <  Day Day Up  >  

Previous page
Table of content
Next page
Enterprise Java Security. Building Secure J2EE Applications
Enterprise Javaв„ў Security: Building Secure J2EEв„ў Applications
ISBN: 0321118898
EAN: 2147483647
Year: 2004
Pages: 164
Authors: Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Absolute Beginner[ap]s Guide to Project Management
Image Processing with LabVIEW and IMAQ Vision
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy