Java in libraries?

[Albert Lunde]

>I would like to see more talk about JAVA and 'security'.  How
>does one provide 'virus protection' against a JAVA app?  How
>does one prevent a JAVA app from reading 'private' information
>on the local machine and downloading it somewhere else?

Java was designed with some security features in mind.

It has enforces a number of runtime checks designed to prevent programs
from corrupting the stack or misusing data types. It is better designed for
this purpose, than say C++ or Postscript.

The primitives for file access can enforce restrictions on what files can
be accessed and I think there are also policies that can place some
controls on network access.

If you look at http://java.sun.com/ I think they have a short blurb on
security issues.

At the same time, it still is a general "Turning machine" language, so it's
hard to predict what people can do with it, or if the security policies it
can enforce will prove sufficent in all circumstances.

We will have a better idea how secure it is when more people have had a
chance to look at it (and/or try to break it).

Java is not running in native code, so a java "virus" could not spread the
same way as conventional virus. On the other hand, like the wordperfect
macro virus, if you _could_ write a java virus/trojan horse, it could
infect java environments cross-platform. The built-in language features
could make writing a virus/trojan more difficult, but I can't say it's
impossible.  (I don't want to argue this too strongly either way.)


---
    Albert Lunde                      Albert-Lunde at nwu.edu