--java security mechanism of software thought

Automatically downloading and running programs over the Internet sounds like a virus maker's dream.

When you click on a Web site, you may return any number of things along with HTML pages: GIF files, scripting code, compiled Java code, and ActiveX components. Some are harmless; GIF files do no harm to us, and scripting languages usually have a lot of limitations on what they can do. Java is also designed to run in a secure "sandbox" in its patches, which prevents operations from being located in a disk or memory area other than the sandbox. ActiveX is one of the most worrying of all of these. Using ActiveX programming is like writing a Windows application--you can do whatever you want. After downloading back to an ActiveX component, it is completely likely to cause damage to the files on our disks. Of course, for those programs that are downloaded back not limited to running inside a Web browser, they can also disrupt our system.

Viruses downloaded from BBS have been a big problem, but the speed of the Internet has made the problem more complicated. The solution is "digital signature", the code will be validated by the authority, showing the author who it is. This mechanism is based on the belief that the virus spreads because its creator is anonymous. So if the anonymity factor is removed, all designers will have to take responsibility for their actions. This seems to be a good idea because it makes the program look more formal. But I am skeptical that it can eliminate the malicious elements, because if a program contains bugs, it can also cause problems. Java uses "sandbox" to prevent these problems from occurring. The Java interpreter is embedded in our local Web browser, and all suspected instructions are checked when the patch is loaded. In particular, the program does not have the right to write files to disk or to delete files (this is one of the things that viruses like to do most). We usually think of the program as a safe piece. And because security is critical to building a reliable client/server system, all bugs that leave bugs behind can be quickly repaired (the browser software actually has to enforce these security rules; and some browsers allow us to choose different levels of security to prevent varying degrees of access to the system). You may wonder if this restriction will prevent us from writing files to the local disk. For example, we sometimes need to build a local database, or save the data for later use offline. The earliest version seems to be that everyone can do anything sensitive online, but it quickly becomes very unrealistic (although low-cost "Internet Tools" may one day meet the needs of most users).

The solution is "signed program", which verifies that the program is actually from the place it claims to be, using a public key encryption algorithm. Of course, after verification, a signed piece of the program can still start to erase your disk. But in theory, since it is now possible to find the founders "accounts", they generally do not do such a stupid thing. Java 1.1 provides a framework for digital signatures and, when necessary, allows a piece of the program to "walk" outside the sandbox. The digital signature omits an important question, which is the speed at which people move on the internet. If you download a bug-riddled program and it unfortunately does some stupid thing, how long will it take to find out? This may be a few days, or maybe a few weeks later. After discovering, how to track the process of the original accident (and how much responsibility it was at that time).

              Excerpts from Java programming ideas