Java is designed for secure development and deployment. It is often said that security is incorporated in Java from the ground up and not added as an afterthought. This article is excerpted from the newly published book “J2EE Security for Servlets, EJB’s, and Web Services“.
An Introduction to J2EE Security
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
It is often said that security is incorporated in Java from the ground up and not added as an afterthought.
If the author is talking about a secure architecture, I cannot fully agree. The things I agree on are Java’s verification of downloaded application code, forbidden use of pointer arithmetic and separation of application memory. But its sandbox model in its earliest version was an all-or-nothing model which is the same model used by Microsoft’s ActiveX controls. Either you trust it to do hell on your computer or you don’t trust it at all. Only at version 1.2 did they come out with a fine-grained security model which is what I would consider a useable security architecture. For example, you can allow a hostile application to print to your printer but not to read files on your computer and not to connect to the internet.
http://java.sun.com/products/jdk/1.2/docs/guide/security/spec/secur…
http://java.sun.com/sfaq/may95/security.html
http://java.sun.com/j2se/1.2/docs/api/java/lang/SecurityManager.htm…
i completely agree. –: ) btw, this one is a great book, i recommend it to everybody dealing with java security.