Tuesday, November 26, 2019

Free Essays on Java Security

Introduction Java is a new programming language from Sun Microsystems (currently in beta release). The Java language has a number of interesting properties. One property is that it is intended to be portable, even to the extent that programs can be dynamically loaded over the network and run locally. In particular, small programs called applets can be loaded and run by a user's WWW browser while the user is ``surfing'' the Web (HotJava is such a browser written in Java, and Netscape2.0 will support Java applets). While this idea is very powerful, it is also an invitation to security problems. The Java language and runtime system (which includes libraries, the compiler, and the bytecode interpreter) attempt to address these security issues, with the result that Sun claims Java will be secure. This paper evaluates the security issues raised by the Java language and its intended uses in Java enabled Web browsers and Java's proposed solutions. After a brief discussion on the background of executable content, this paper moves on to discuss the potential security risks of executable content, what Java's proposed solutions are, and finally an analysis of the effectiveness of those solutions. Background on Executable Content Executable content is the idea of sending around data that is actually code to be executed. Why is the idea of executable content so exciting? The answer is fairly simple. Power and expressiveness. Use of the World Wide Web has exploded over the past few years, along with this growth there have been many attempts to retrofit applications to the Web. While the Web has adapted to allow more interesting uses through forms and scripts that run on the server, these methods are extremely limiting. The ability to have users locally run a program written in a full-fledged programming language allows applications to be used directly over the Web. Not surprisingly Java is not alone with its idea of shipping aroun... Free Essays on Java Security Free Essays on Java Security Introduction Java is a new programming language from Sun Microsystems (currently in beta release). The Java language has a number of interesting properties. One property is that it is intended to be portable, even to the extent that programs can be dynamically loaded over the network and run locally. In particular, small programs called applets can be loaded and run by a user's WWW browser while the user is ``surfing'' the Web (HotJava is such a browser written in Java, and Netscape2.0 will support Java applets). While this idea is very powerful, it is also an invitation to security problems. The Java language and runtime system (which includes libraries, the compiler, and the bytecode interpreter) attempt to address these security issues, with the result that Sun claims Java will be secure. This paper evaluates the security issues raised by the Java language and its intended uses in Java enabled Web browsers and Java's proposed solutions. After a brief discussion on the background of executable content, this paper moves on to discuss the potential security risks of executable content, what Java's proposed solutions are, and finally an analysis of the effectiveness of those solutions. Background on Executable Content Executable content is the idea of sending around data that is actually code to be executed. Why is the idea of executable content so exciting? The answer is fairly simple. Power and expressiveness. Use of the World Wide Web has exploded over the past few years, along with this growth there have been many attempts to retrofit applications to the Web. While the Web has adapted to allow more interesting uses through forms and scripts that run on the server, these methods are extremely limiting. The ability to have users locally run a program written in a full-fledged programming language allows applications to be used directly over the Web. Not surprisingly Java is not alone with its idea of shipping aroun...

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.