Security Incident Report Java Se

Initially, the Java platform was designed to provide a platform on which non-operating system specific programming code could be executed. This code, called Java-applets, would run in a safe environment in which potentially untrusted code downloaded from the Internet could be executed without harm. As the platform has grown, it has evolved and its architecture now supports many security features such as a variety of application programming interfaces (APIs), tools, and implementations of commonly used security algorithms, mechanisms, and protocols. Developers now have a comprehensive security framework for writing applications and the user and administrators of these applications have the tools to securely manage them.

Cryptographic and public key infrastructure (PKI) interfaces provide the underlying basis for developing secure applications. Interfaces for performing authentication and access control enable applications to guard against unauthorized access to protected resources. In addition, many third-party providers have developed additional security services to enhance the platform and extend security beyond the base set of tools.

Java employs access controls to protect sensitive resources, such as local files and application code. The basic control in Java is the Security Manager class and it must be installed into the Java runtime in order to employ the necessary security features. By default, when Java is run via Web Start, the application is loaded and ran to initiate the security features it employs. However, when Java is run by either command-line or programmatically, the module must be invoked by a command-line command or loaded and executed by the calling program. The Security Manager module than provides the following benefits: where code is loaded from, who signed the code (if anyone), and default permissions granted to the code. The default permissions automatically granted to downloaded code include the ability to make network...