Vulnerabilities in native libraries, such as the C standard library, which may be used to implement the application and/or runtime.Vulnerabilities in the protection mechanisms provided by the hardware or operating system which the application relies upon for its security.(Note that these refer to potential sources of vulnerabilities which need to be kept in mind by security-conscious programmers: this is not intended as a list of actual vulnerabilities.)Įxamples of potential sources of vulnerability common to Java and non-Java applications are: There are a number of possible sources of security vulnerabilities in Java applications, some of which are common to non-Java applications and some of which are specific to the Java platform. Potential sources of security vulnerabilities in Java applications The Java Class Library provides a number of APIs related to security, such as standard cryptographic algorithms, authentication, and secure communication protocols. For example, a user may decide that only system classes should be fully trusted, that code from certain trusted entities may be allowed to read certain specific files, and that all other code should be fully sandboxed. Users can also set fine-grained access control policies for programs from different sources. The security manager also allows Java programs to be cryptographically signed users can choose to allow code with a valid digital signature from a trusted entity to run with full privileges in circumstances where it would otherwise be untrusted. For example, untrusted code might be prevented from reading or writing files on the local filesystem, running arbitrary commands with the current user's privileges, accessing communication networks, accessing the internal private state of objects using reflection, or causing the JVM to exit. The platform provides a security manager which allows users to run untrusted bytecode in a "sandboxed" environment designed to protect them from malicious or poorly written software by preventing the untrusted code from accessing certain platform features and APIs. This contributes to type safety and memory safety. It manages memory allocation and initialization and provides automatic garbage collection which in many cases (but not all) relieves the developer from manual memory management. The platform does not allow programs to perform certain potentially unsafe operations such as pointer arithmetic or unchecked type casts. ![]() This means that Java programs are significantly less likely to suffer from memory safety flaws such as buffer overflow than programs written in languages such as C which do not provide such memory safety guarantees. It also allows the JVM to enforce runtime constraints such as array bounds checking. The JVM performs verification on this bytecode before running it to prevent the program from performing unsafe operations such as branching to incorrect locations, which may contain data rather than instructions. The binary form of programs running on the Java platform is not native machine code but an intermediate bytecode.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |