Java security programming is also a little bit defensive programming meaning in the inside, in fact, Java as a programming language, relatively c,c++, itself is relatively safe, with c,c++ this partial lower-level programming language than, Java less display pointer calls, less program memory release, recycling, These are all given to the JVM, and in memory allocations have also done some testing, such as cross-border detection arrayindexoutof, as well as a null pointer to save NullPointerException, all of which makes the use of Java has become relatively simple, The language itself avoids a lot of unsafe possibilities. But while Java is programmatically safe, it does not mean that programmers can write code at will. A previous report from an organization showed that 64% of the most recent vulnerabilities were caused by programs written. Programmers assume that they do not pay enough attention to their own programming habits, they will be paying the price. This article I want to talk about is in the security aspect, may appear several security loopholes, here I say more is for the Java platform language, but I believe the same applies to any other language, security issues are common existence, the same.
1. Misplaced Trust. A software system can be divided into multiple subsystems, each subsystem has its own access module, so that each sub-module has its own trusted domain, but they can not give themselves to the letter level, it should be determined by the deployer of the program, so here we say, partition the trusted domain of each module, and ensure that each sub-module is active in its own module. A good security design pattern should actually be a combination of non-trust decoupling and permission separation.
2. Injection attacks, this is too common, usually said the most is the SQL injection attack, when the component or system in the acceptance of external data sources, some data can be malicious data, if not verified processing at this time, will import injection attacks. The approach we are advocating here is (1) verifying, for example, the validation of various numerical values within a given range of requirements (2). Purification, which refers to avoiding exposure to sensitive data, can be done by removing special characters, or by transcoding the form. (3). Finally, standardization and normalization. Converting the form of input into the simplest form is actually a lossy process of loading and swapping. Through the above process, do not think that you can do everything without worry, when the complex instruction string, when the existence of a special character in these strings, such as "Delete, insert," and so on will trigger the action of the keyword, also must be processed, otherwise, there will be a security hole. Here are some solutions to this situation:
(1). command interpreter for operating system
(2). database for specific SQL-compatible interfaces
(3). XML interpreter
(4). XPath evaluators
(5). Directory services based on the Lightweight Directory Access Protocol, commonly known as LDAP
(6). Scripting engine
(7). Regular expression (regex) compiler
Some of us have heard. Some, indeed I have not heard.
3. Sensitive data leaks. Sensitive data refers to a wide range, we often say that the user information, of course, is sensitive data, as well as numbers, bank accounts, not to mention the various secret keys. So in the process of data transmission, we generally reduce the transmission of sensitive data, but really need this data interaction, but also to filter processing, in the transmission to non-trusted components. Come to a demo diagram:
How does this work in Java, where we implement access control through classes, interfaces, and members. Classes and class members are given the lowest possible access rights. The interface is also as open as possible to allow public access to the method.
4. Performance leaks. First explain what is called performance, performance refers to the authorization can be communicated without forgetting the identity. Each Java object has an identity that will not be forgotten, so the reference to those objects that we can naturally contact is actually the indicator of these objects, which is the performance. For references to objects that perform sensitive operations, they only allow their holders to perform the performance of these operations, which is the object reference, so the reference itself must ensure that performance cannot be compromised to untrusted code.
5. Denial of service. Commonly known as Dos attacks. Now there is DDoS, distributed denial of attack. The reason for refusing attacks is simple: some malicious programs occupy the system, causing normal programs to get no resources, eventually leading to system paralysis. Resources have been exhausted for no reason. Some examples of Dos attacks are mentioned in the <<java Security Coding Specification >> book:
(1). Request a large vector image, such as an SVG file or font file
(2). " ZIP "bombs, those Zip,gzip compressed HTML files, will be extracted by the use of huge resources
(3). " XML parsing bombs, when parsing an XML document, if there are many nodes, it will quickly charge a lot of memory space
(4). Excessive use of disk space
(5). Multiple keys are inserted in a hash table, and these keys use the same hash code, which results in the worst performance O (N*n), not the average performance O (n)
(6). Initiates many connections, and the server allocates a large amount of resources for each connection, such as flooding attacks.
6. Principle of least privilege. This is reflected in some of the methods mentioned above. The Java flexible security model gives the app more permissions, which can be done by customizing the security policy. Privileged operations should only be provided to the least privileged code. Java's accesscontroller mechanism allows only the required code to gain permission, and when a class needs to change his permissions, it can call Accesscontroller's dopriviliged () method to get temporary privileges, However, the dopriviliged () method is minimized as much as possible, thus avoiding security breaches.
7. Security Manager. The security manager, referred to here, refers to the Java SecurityManager, when using the Java API, when the implementation of security policy violations, the system will report a SecurityException error. When we use Java to write programs, using the system default SecurityManager, when our team security requirements are relatively high, we encourage more to implement a custom security manager, in the code often think of the use of Acsesscontroller, Help us to limit or get some privileged code.
The above is my view of Java security programming, the end is to see the individual, said more, if not to do, or useless, or hope to have more programmers to join the security programming team to improve their coding level.
Java Security Programming