This Chapter
-	Chapter 24: Security
-	A Java Security Overview
-	Using the Security Manager
-	Policy Files
-	Permissions
-	Using the Policy Tool
-	Applet Security
-	Programming with Security
-	Cryptography Overview
-	Creating Certificates
-	The KeyTool Program
-	The JarSigner Tool
-	Java Cryptography API
-	Summary
-	Questions

Table of Contents
-	Introduction
-	Chapter 1: Your First Taste of Java
-	Chapter 2: Language Fundamentals
-	Chapter 3: Statements
-	Chapter 4: Objects and Classes
-	Chapter 5: Core Classes
-	Chapter 6: Inheritance
-	Chapter 7: Error Handling
-	Chapter 8: Numbers and Dates
-	Chapter 9: Interfaces and Abstract Classes
-	Chapter 10: Enums
-	Chapter 11: The Collections Framework
-	Chapter 12: Generics
-	Chapter 13: Input Output
-	Chapter 14: Nested and Inner Classes
-	Chapter 15: Swing Basics
-	Chapter 16: Swinging Higher
-	Chapter 17: Polymorphism
-	Chapter 18: Annotations
-	Chapter 19: Internationalization
-	Chapter 20: Applets
-	Chapter 21: Java Networking
-	Chapter 22: Java Database Connectivity
-	Chapter 23: Java Threads
-	Chapter 24: Security
-	Chapter 25: Java Web Applications
-	Chapter 26: JavaServer Pages
-	Chapter 27: Javadoc
-	Chapter 28: Application Deployment
-	Appendix A: javac
-	Appendix B: java
-	Appendix C: jar
-	Appendix D: NetBeans
-	Appendix E: Eclipse

 

Chapter 24

Security

Along with a bag of goodies, the Internet brings with it a box full of viruses, spyware, and other malevolent programs. You’ve been warned too many times to always watch what you run on your PC. A malicious program, once run, can do anything, including send your confidential files over the Internet and mercilessly wipe your hard disk. If only all applications were written in Java, then you wouldn’t need to worry so much.

Java was designed with security in mind and Java security was designed for:

• Java users, i.e. people running Java applications. With Java, at least, there is ease of mind. However, as you will see later, Java users need to understand Java’s security feature in order to configure security settings.
• Java developers. You can use Java APIs to incorporate fine-grained security features into your applications, such as security checks and cryptography.

There are two main topics of Java security in this chapter:

• Restricting running Java applications. Unlike applets that by default run in a restricted environment, Java applications are unrestricted.
• Cryptography, namely encrypting and decrypting your message and Java code.

This chapter starts with an overview of the security feature in Java. This section explains how you can secure a Java application and how it works in general. Then, it will discuss cryptography with emphasis on asymmetric cryptography, the type of cryptography used extensively over the Internet. The immediate and practical use of cryptography is to digitally sign your code, an example of which is also given in at the end of this chapter.

 

©2006-2007 Brainy Software Corp.