University of Cincinnati logo and link  
Java 2 Security
 
  UC ingot Security has come a long way.
  • In Java 1.0, local programs have full control, and Applets have very restricted features.
  • Java 1.1 brought signatures, where a user could choose to accept a signature to give an applet full control.  We used this at 5/3.
  • In Java 2, we have security policies, which give us more fine-grained control over what a class can do.
    • But, with this flexibility we have complexity.  These can be difficult to implement at times.  
    • Worse yet, many books and programmers tend to just take the cheap escape and grant full control to everything.
  • Security policies are composed of:
    • code source:  which further holds the code location as a jar file or directory, and certificates.
    • permission sets: properties checked by the SecurityManager.
 Side note: How do you get/set permissions with the Policy object?
 Permissons