Security Section Index | Page 12
How can my application or applet programmatically use HTTPS to talk to a servlet? Can I do it with just the Java 2 SDK?
In order to use secure sockets, you need an SSL implementation.
this is not provided in the Java 2 SDK.
If you are running an applet, the major browsers provide support
for HTTPS through the ja...more
With JDK 1.2, what policies do I have to setup to grant the necessary permissions for RMI?
Sun's RMI tutorial shows the necessary policies at http://java.sun.com/docs/books/tutorial/rmi/running.html. Basically, you have to enable connecting from anywhere to the HTTP port and connecting ...more
How can I accept a password from the console without an echo?
You can't. Java provides no way to disable echo when reading from System.in.
Where are the java.security classes in Netscape browsers?
Netscape doesn't provide the java.security classes with their browsers. You get the netscape.security package and their own custom security framework instead. You cannot provide the java.security ...more
Are there any computer viruses written in Java?
There are two known Java viruses that I am aware of, Strange Brew and Bean Hive. The Symantec AntiVirus Research Center includes information on them at http://www.symantec.com/avcenter/venc/data/j...more
When I connect to a URL from my applet, I get a security exception, why?
Untrusted applets are restricted to only communicate back to the host that delivered the applet. You cannot open a connection to any other URL besides the one from which the applet came.
What security model does the current Java CORBA from SUN support?
none.
Well, in iteself the CORBA support in JDK 1.2 is basic but I think you could buy a product that implements the CORBA Security model. More on it at http://www.omg.org/corba/sectrans.htmlmore
Can an applet start another program on the client machine?
Normally, an applet downloaded from remote site is regarded as "untrusted" program. It could not use any local client resources, i.e file I/O, opening connection with the network, etc.
Unless yo...more
Where can I get the signtool program to sign applets for Netscape browsers?
This is available from Netscape at http://developer.netscape.com/software/signedobj/jarpack.html.
What is obfuscation?
Obfuscation makes your programs less vulnerable to reverse engineering. After decompiling your obfuscated code, the generated source code contains altered symbol names for private symbols.
It doe...more
What is SSL?
SSL stands for Secure Socket Layer. It is a protocol developed by Netscape for encrypting information sent between processes over TCP/IP sockets. It sits between application software and the TCP/I...more
How do I extend permissions to an applet without editing the policy file manually?
A: Short answer: Forget about Java 2 security (i.e. the policy file) when creating applets. No major web browser currently supports that security model. Instead, place the applet in ...more
How do signed applets interact with a web browser?
See Certificate jFAQ.
What is a digitally signed applet?
See Certificate jFAQ.
Where can I get the Netscape capabilities classes so I can compile programs that use Netscape's Capabilities API?
Besides pulling the classes out of the browser directory, you can download a zip file of the classes from http://developer.netscape.com/docs/manuals/signedobj/capsapi_classes.zip.more
