|
|
Security has come a long way.
-
In Java 1.0, local programs have full control, and Applets have very restricted
features.
-
Java 1.1 brought signatures, where a user could choose to accept a signature
to give an applet full control. We used this at 5/3.
-
In Java 2, we have security policies, which give us more fine-grained
control over what a class can do.
-
But, with this flexibility we have complexity. These can be difficult
to implement at times.
-
Worse yet, many books and programmers tend to just take the cheap escape
and grant full control to everything.
-
Security policies are composed of:
-
code source: which further holds the code location as a jar
file or directory, and certificates.
-
permission sets: properties checked by the SecurityManager.
Side note: How do you get/set permissions
with the Policy object?
Permissons
|