 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / March 2004Java and security question
Hi. I apologize for maybe stupid question. I`m studying java security now and I`m confused with use of security manager use. If I good understand when I do not programaticaly install a security manager into my application no security restrictions are aplied. So my question is: If I`m hacker I will not install a sec. manager to achieve that I can do anythink on the comp. my program runs on. If I`m honest I do not need to install sec. manager because I do not need do anything ilegal. So if I`m an user of aplication how can I force that application to use security manager if it comes from hacker with no sec. manager installed. How can I, as an user say what can aplication do and what not without letting this thinks on application developer, because I do not know if he installed sec. manager or not. Or do I misunderstand somethink. Thak`s in advance. Robert > Hi. > [quoted text clipped - 5 lines] > manager > into my application no security restrictions are aplied. That's not true. You can programatically install a security manager, but the usual way is to specify it when running a program. E.g., applets are always run in the sandbox, because your browser installs the security manager. You can also set up a security manager using java -Djava.security.manager ApplicationName A user can fine tune the set of allowed operations in her/his policy file. E.g. a Java program run in a sandbox (with a security manager) needs special permissions to installl a new SecurityManager no matter of what kind. > So my question is: > > If I`m hacker I will not install a sec. manager to achieve that I can > do anythink on the comp. my program runs on. Only if the user starts your application without a security manager. > If I`m honest I do not need to install sec. manager because I do not > need do anything ilegal. An application you trust does not need to run inside a sandbox. > So if I`m an user of aplication how can I force that application to > use security manager if it comes from hacker with no sec. manager > installed. How can I, as an user say what can aplication do and what > not without letting this thinks on application developer, because I do > not know if he installed sec. manager or not. As I said above, use the command line switches and a policy file. It's highly advisable not to allow an application to install its own security manager, because that way it could bypass all security checks offered by the Java. > Or do I misunderstand somethink. > > Thak`s in advance. > Robert Regards JK. Thank you. Seems more clear. Regards Robert Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.