SECURITY NOTES ( incomplete) :


Date: 01/sep/03



Fundamental goals of security, which are:

·         protection of data from unauthorized reading or modification,

·         protection of computer resources against unauthorized use, and

·         guaranteeing correctness and availability of resources and data for authorized persons and entities


Downloaded Code, Applets, and the Java Security Manager



What Does the Security Manager Prohibit?


Permitted Operations to the Untrusted Code (applets) :



Why the applet is prevented from connecting to other hosts

1.       If an applet could make arbitrary connections to any hosts, then applets could be used as the origin for denial of service attacks against other systems.

2.       However, the original reason that arbitrary network connections are prohibited is simply that many systems grant privileges to network requests based on the origin IP address of that request. If an applet could connect to arbitrary hosts, it would be possible for it to connect to a server inside your corporate network. If that server grants access to your machine based on IP address, then it will grant access to the applet, because it is sending requests from your machine. The applet could then obtain sensitive information and pass it back to its author, which you do not want to allow.


Denied Operations:



Java WebStart