Java 2 Network Security

pdf.css

You are here: CodeIdol > Java > Java 2 Network Security > page: 27 28 29 30 31 32 33 34 35 36 37

Java 2 Network Security
the next, still severe, threat of
privacy invasion
, in which read access rather
than update access is gained. This does not leave you having to reinstall all
your software and reassemble all your business data, but the loss can be
serious enough. In addition to the exposure of business data, if your private
key is compromised, then it can be used to sign electronic payments in your
name.
Because Java has the strongest security for executable content, it has been
seen as a challenge by security specialists, who find both the intellectual
challenge exciting and want to help close any loopholes in Java
implementations. Up to the date of writing, all the reported attack applets
were developed by such specialists, not by malicious or criminal attackers.
There are another couple of, much less severe, threats against which Java
does not have strong defenses. The very essence of Java is that a program
from a server will come down and run on your client with little, if any,
intervention from you. What if the program is not one you want to run... If it is
stealing your cycles?
The most extreme form of cycle stealing is a
denial of service
attack. The
applet can use so much of the client's machine time that it cannot perform its
normal function. This is the Java equivalent of flooding a company with mail
or with telephone calls; like those nuisances it cannot readily be prevented
all you can do is find out who is responsible and take action after the event.
Less extreme examples of cycle stealing are the irksome,
nuisance
, applets.
These run unhelpful programs intended to show how clever the author is and
embarrass the owner of the client machine. They can even pretend to be you
(psyche stealing?), for example by sending e-mail that appears to come from
you.
1.3.4 Writing Secure Java
Valuable Java code is likely to need to communicate with the server it came
from, and to do so securely. All sensitive communication over the Internet
needs proper cryptographic protection. From JDK 1.1 onwards, Java provides
general purpose APIs for cryptographic functions, collectively known as the
Java Cryptography Architecture (JCA) and Java Cryptography Extension
(JCE). Java 2 significantly extends the Java Cryptography Architecture. The
set of the Java core classes (which are the Java classes shipped with the
Java platform
3
) can be divided into two subsets:
· Security related core classes
· Other core classes
3
In this book, the Java 2 Platform, Standard Edition, V1.2 (J2SE) is often referred to as
Java platform
or
Java 2 platform
You are here: CodeIdol > Java > Java 2 Network Security > page: 27 28 29 30 31 32 33 34 35 36 37

Related tags

Popular Categories

Unix books and guides

AJAX popular information
C# language guides
Windows books and cookbooks
.......

Русский

Polski

Francais

Deutsch

support

sitemap

terms