Java 2 Network Security

pdf.css

You are here: CodeIdol > Java > Java 2 Network Security > page: 25 26 27 28 29 30 31 32 33 34 35

3. Nothing in Java should permit complacency
Installers and users of Java must be as willing to respond as the
implementors. That is, users must recognize that loopholes will be found
and must be closed without delay.
In summary, provided that you have an implementation that is free of known
errors, and that you install, maintain and review Java carefully, you can reach
levels of security which are appropriate for any business purpose.
1.3.1 Safety and Security
To enthusiastic object-oriented programmers, it is the
Java language
that is
important. It contains a number of important differences from C++ which
reduce the chance of writing a rogue program by accident, as well as making
it more difficult to write a rogue program by design.
But, from a security point of view, it is the
Java Virtual Machine
that matters.
The business benefits of Java are the security and portability of the JVM, and
these come from the bytecodes, not from the Java source language.
So, we shall be more concerned with bytecode programs, which are different
from Java source programs. All valid Java source programs can be compiled
to bytecode programs, but there are bytecode programs that have no
corresponding Java source. And, of course, it is possible to generate Java
bytecode programs from other high-level languages. The first other language
was NetREXX, a variant of the REXX language, and others have followed.
This difference between high-level and bytecode is both bad and good:
· It is bad because people can circumvent the design features of the Java
language. This was designed to produce well-behaved bytecode
programs, a design that has limited security strength if an attacker can
write directly in bytecode.
· It is good because you can foil the decompilers. These take bytecode and
generate Java source code source code which is very readable because
of the large amount of information a Java class file contains. To prevent
people from decompiling your valuable copyright code, you can modify the
compiled class file so that there is no decompiled version. We discuss this
in detail in 5.4.1, "Beating the Decompilation Threat" on page 134. So the
good features of the high-level Java language should be seen as
safety

features, not as
security
You are here: CodeIdol > Java > Java 2 Network Security > page: 25 26 27 28 29 30 31 32 33 34 35

ADBRITE ads links

Your Ad Here

Related tags

Popular Categories

Unix books and guides

AJAX popular information
C# language guides
Windows books and cookbooks

.......

Русский

Polski

Francais

Deutsch

support

sitemap

terms