Chapter 2, "The Base Java Security Model: The Original Applet Sandbox," and Chapter 3, "Beyond the Sandbox: Signed Code and Java 2," discussed the Java security model at length. Java's designers tried to ensure that untrusted or partially trusted applets could not misbehave by placing them in an adjustable sandbox. For a concise listing of things that untrusted Java applets should not be allowed to do, see Chapter 2. It is also worth reading the "Frequently Asked Questions-Java Security'' Web page served by Sun Microsystems at java.javasoft.com/sfaq. In order to provide concrete examples of Java security policies that work, Sun's Security FAQ page includes pointers to a number of applets that cannot get around Java security. The good news is that some straightforward approaches to breaching security will fail. The bad news is that crackers usually don't give up after the straightforward approach fails. Fortunately, neither do security researchers.
It is always interesting to get an objective outsider's opinion about Java security. That is probably one of the reasons you are reading this book. Appendix A, "Frequently Asked Questions: Java Security, Java versus ActiveX," includes a hard copy of two of the Princeton Secure Internet Programming team's Java Security FAQs. An up-to-the-minute version of the FAQs can be found at www.cs.princeton.edu/sip/java-faq.html.
Copyright ©1999 Gary McGraw and Edward Felten.