How Java protects Network Security-General Linux technology-Linux programming and kernel information. For details, refer to the following section. Java is the only mobile code that considers security from the beginning of design. Although not perfect, Java achieves the greatest balance between program functionality and host security protection, and Java is very suitable for porting code from one platform to another.
Java uses a model called sandbox to run mobile code. Untrusted mobile code can only run in sandbox, but cannot perform most host-specific operations, such as reading, writing, or deleting files, listening, or accepting network connections.
When a browser loads a page containing a Java applet, it obtains the Java byte code from the Web server and passes the code to a Java part called the byte code validator. The validator ensures that the byte code is in the correct format and does not go beyond the boundary of the internal stack. This prevents program crashes. The second Java part, the class loader, determines when and how a Java applet adds code to the running Java environment, so that the applet does not replace any system-level content. (Each Java program consists of one or more classes, data objects, and methods for operating data .)
Finally, there is a third part called the security manager, which works when a potentially dangerous method is trying to run. Whether to run this potentially dangerous method depends on where the class of this method is required. For example, the internal analogy of the class obtained through the network has greater privileges. (For this reason, do not place an unknown class under the CLASSPATH of the system to become an internal class .)
It can be seen that the byte encoding validators, class loaders, and security managers make Java programs efficient and secure. Even so, programming errors in any part may cause security issues. This is why some attacks only target the JVM of a specific vendor. This is because there is not a problem with the Java security model, but a problem with the method for implementing this model.
As Java programs become more complex and practical, they must be separated from "sandbox. This can be achieved through the Java Development Kit JDK (Java Development Kit) 1.1. JDK extends the encrypted API in the system and supports digital signatures. In the Java document (. JAR file), the applet can be protected by signatures, allowing end users to know that the program is from a trusted place without any modification. With JDK1.1, if you use a signature to make sure that the applet code comes from a trusted place, notify the browser and JVM to treat the obtained code as the local code and obtain full permissions.
Java 1.2 (later renamed Java 2) goes further in terms of security. It provides models with different permissions to run different codes, that is, both local code, downloaded trusted code, and downloaded Untrusted code can be run in different privileged environments. In general, Java has fewer security vulnerabilities, especially Java 2, which greatly improves both security and performance.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.