لطفا منتظر باشید ...
Chapter 6. Java Security
Java programs can
dynamically load Java classes from a
variety of sources, including untrusted sources, such as web sites
reached across an insecure network. The ability to create and work
with such mobile code is one of the great strengths and features of
Java. To make it work successfully, however, Java puts great emphasis
on a security architecture that allows untrusted code to run safely,
without fear of damage to the host system.The need for a security system in Java is
most acutely demonstrated by appletsminiature Java
applications designed to be embedded in web pages.[1] When a user visits a web page (with a Java-enabled web
browser) that contains an applet, the web browser downloads the Java
class files that define that applet and runs them. In the absence of
a security system, an applet could wreak havoc on the
user's system by deleting files, installing a virus,
stealing confidential information, and so on. Somewhat more subtly,
an applet could take advantage of the user's system
to forge email, generate spam, or launch hacking attempts on other
systems.
[1] Applets are documented in Java Foundation Classes in
a Nutshell (O'Reilly) and are not covered
in this book. Still, they serve as good examples here.
Java's main line of
defense against such malicious code is access
control : untrusted code is simply not given access to
certain sensitive portions of the core Java API. For example, an
untrusted applet is not typically allowed to read, write, or delete
files on the host system or connect over the network to any computer
other than the web server from which it was downloaded. This chapter
describes the Java access control architecture and a few other facets
of the Java security system.
