SCEA之路--10. Security

Java Applet安全限制与特性实现
最新推荐文章于 2023-04-14 17:29:38 发布
原创 最新推荐文章于 2023-04-14 17:29:38 发布 · 787 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#security #authorization #applet #authentication #descriptor #features

博客强调安全并非100%可靠,需多层面保障且应融入设计。介绍了Java 2技术环境对浏览器中运行的Applet的安全限制,如代码使用、文件读写、网络连接等方面。还阐述了根据架构系统规范确定安全特性实现位置及适用技术,包括认证和授权相关内容。

General.
• nothing is 100% secure
• only as strong as the weakest link (e2e security requires many layers)
• manageable (a complex system will only serve to confuse admins/users)
• security must be included as part of the design not retro-fitted

Identify Security Restrictions That Java 2 Technology Environments Normally Impose on Applets Running in a Browser
• An applet can utilize only its own code and is not allowed to load libraries or define native methods.
• An applet cannot read or write files on the host that is executing it.
• An applet can make network connections only to the host from which it was downloaded.
• An applet cannot start any program on the local host.
• An applet is restricted from reading the following system properties:
java.home, java.class.path, user.name, user.home, and user.dir.

Given an Architectural System Specification, Identify Appropriate Locations for Implementation of Specified Security Features and Select Suitable Technologies for Implementation of Those Features
• Authentication
    • Authentication method: BASIC, FORM, DIGEST, and CLIENT-CERT
    • Digital certificates, certificate authorities
    • Secure Sockets Layer (SSL)
    • Common Secure Interoperability (CSIv2)
    • Identity selection: <run-as> or <use-caller-identity>
    • Security roles
• Authorization
    • Authorization enforced by the container (declarative), defined in the deployment descriptor
    • Authorization enforced by the component (programmatic), defined within the application code

SCEA之路--11. Protocols
wangjiong的专栏
09-06 1038
Scenarios.HTTP/HTTPS – internet sitesRMI-IIOP – intranet environment; interoperability requirements (EJB-EJB, EJB-CORBA, etc.)RMI-JRMP – intranet with an all Java environmentFirewalls provide protec
SCEA之路--5. Legacy Connectivity
wangjiong的专栏
08-15 907
General.Legacy connectivity refers to how Java components interact with a legacy system.Typical properties of a legacy system are :• developed in another programming language• runs in an environment t
SCEA之路--4. Applicability of J2EE
wangjiong的专栏
08-12 983
General.The most commonly used J2EE technologies (in order of use) are :• Java Servlets / JSPs• JDBC• JNDI• EJB• JMS• Java XML Pack• Java Mail• Java IDL / RMI-IIOP• JTA / JTSIdentify application asp
SCEA之路--1. Common Architectures(2)
wangjiong的专栏
08-06 945
Architecture models:1-tierMonolithic, “all-in-one” model – e.g. clients are “dumb” terminals connected directly to the mainframe.Problems with the 1-tier model are :• any change affects the entire sys
SCEA之路--1. Common Architectures(1)
wangjiong的专栏
08-04 889
Role of Architect: An Architect visualizes the behavior of the system.? Architects create the blueprint for the system.? They define the way in which the delements of the system work together and dist
《Kubernetes 排错指南-012》Ubuntu apt-get update 报 Key is stored in legacy trusted.gpg keyring 警告解决方案
极客点儿
04-14 7104
在 Ubuntu 22.04 LTS 下更新源 apt-get update 遇到了Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. 这样的警告。 虽然说警告并不影响执行,但是作为有重度代码强迫症和代码洁癖的患者看着还是很难受,所以还是解决一下吧。
SCEA5.0 part-1 experience
Enjoy Life with Sun
10-08 729
 Hi,I have cleared SCEA5.0 part-1 yesterday.Though not really a great score (69%)the exam is worth taking by all those who want to test their architectureskills.I wrote the exam with only prior experi
如何在 Debian 10 上配置 sources.list
太极淘的博客
02-17 5536
Debian 是有史以来最流行的 Linux 发行版之一,现在它有了一个新版本 Debian 10 Buster。Debian 衍生了很多衍生产品,其中最受欢迎的是 Ubuntu。 Debian Linux 发行版被广泛使用,因为它的核心包管理 -APT,它的包格式为.deb。Debian 中的每个应用程序、系统实用程序或游戏都作为一个包分发。您可以使用 APT(自动或手动)将这些软件包安装到您的系统上。 在本指南中,我们将简要介绍 Debian 10 的新功能,熟悉 APT 包管理器,并了解如何在 .
压力下的行走----我的SCEA之路
ohmygodlzl
09-25 173
[i][u]偶然从google上搜到了多年前自己的帖子,这篇帖子后来自己觉得太过于沉重,就从所有的记录中删除了,现在读起来还是觉得太冷色调,不过作为一段经历,还是保留下来罢。[/u][/i] 走出上海交大教学2号楼的瞬间,心里闪过一丝欣慰,随后压力便伴着冷厉的风压将过来,让人不由打了个冷战,我一个人幽幽地走出校园,无人喝彩。 一年前我跟原来的公司三年合同到期,放弃了PM的职位和一万五千股号...
以下是输入指令后的输出结果 Intern25_2@79d153e3ced3:/$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7EA0A9C3F273FCD8 Executing: /tmp/apt-key-gpghome.bedViBYqEr/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7EA0A9C3F273FCD8 gpg: key 8D81803C0EBFCD88: 1 duplicate signature removed gpg: key 8D81803C0EBFCD88: "Docker Release (CE deb) <docker@docker.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 Intern25_2@79d153e3ced3:/$ sudo rm -f /etc/apt/sources.list.d/docker*.list Intern25_2@79d153e3ced3:/$ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu focal stable Intern25_2@79d153e3ced3:/$ sudo apt update Hit:1 http://mirrors.aliyun.com/ubuntu focal InRelease Hit:2 http://mirrors.aliyun.com/ubuntu focal-security InRelease Hit:3 http://mirrors.aliyun.com/ubuntu focal-updates InRelease Get:4 https://mirrors.aliyun.com/docker-ce/linux/ubuntu focal InRelease [57.7 kB] Hit:5 http://mirrors.aliyun.com/ubuntu focal-backports InRelease Hit:6 http://mirrors.aliyun.com/ubuntu focal-proposed InRelease Ign:8 https://download.docker.com/linux/ubuntu focal InRelease Hit:7 https://developer.download.nvidia.cn/compute/cuda/repos/ubuntu2004/x86_64 InRelease Get:9 https://download.docker.com/linux/ubuntu focal Release [56.8 kB] Get:10 https://download.docker.com/linux/ubuntu focal Release.gpg [801 B] Ign:10 https://download.docker.com/linux/ubuntu focal Release.gpg Reading package lists... Done N: Ignoring file 'docker.listsudo' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension W: GPG error: https://download.docker.com/linux/ubuntu focal Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8 E: The repository 'https://download.docker.com/linux/ubuntu focal Release' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Intern25_2@79d153e3ced3:/$ sudo apt update 2>&1 | grep -i "7EA0A9C3F273FCD8" The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8 W: GPG error: https://download.docker.com/linux/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8 Intern25_2@79d153e3ced3:/$
最新发布
11-21
pub rsa4096 2017-02-22 [SCEA] 7EA0A9C3F273FCD8 ``` ### 常见问题排查 1. **密钥服务器连接失败**: - 尝试不同服务器:`hkp://keys.gnupg.net` 或 `hkp://pgp.mit.edu` - 或直接使用手动下载方法 2. **...
yousatech@Rack-Server:~$ gpg --show-keys /etc/apt/trusted.gpg.d/docker-archive-keyring.gpg pub rsa4096 2017-02-22 [SCEA] 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 uid Docker Release (CE deb) <docker@docker.com> sub rsa4096 2017-02-22 [S] yousatech@Rack-Server:~$ echo "deb [arch=$(dpkg --print-architecture)] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable" | \ sudo tee /etc/apt/sources.list.d/docker.list deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu jammy stable yousatech@Rack-Server:~$ sudo apt update Hit:1 https://mirrors.aliyun.com/docker-ce/linux/ubuntu jammy InRelease Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease Err:3 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy InRelease 403 Forbidden [IP: 101.6.15.130 80] Err:4 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates InRelease 403 Forbidden [IP: 101.6.15.130 80] Err:5 http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-backports InRelease 403 Forbidden [IP: 101.6.15.130 80] Reading package lists... Done N: See apt-secure(8) manpage for repository creation and user configuration details. N: Updating from such a repository can't be done securely, and is therefore disabled by default. E: The repository 'http://cn.archive.ubuntu.com/ubuntu jammy InRelease' is no longer signed. E: Failed to fetch http://cn.archive.ubuntu.com/ubuntu/dists/jammy/InRelease 403 Forbidden [IP: 101.6.15.130 80] E: Failed to fetch http://cn.archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease 403 Forbidden [IP: 101.6.15.130 80] E: The repository 'http://cn.archive.ubuntu.com/ubuntu jammy-updates InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch http://cn.archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease 403 Forbidden [IP: 101.6.15.130 80] E: The repository 'http://cn.archive.ubuntu.com/ubuntu jammy-backports InRelease' is no longer signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
11-07
deb-src http://mirrors.aliyun.com/ubuntu/ $(lsb_release -cs)-security main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ $(lsb_release -cs)-updates main restricted universe ...
Hit:1 http://mirrors.ustc.edu.cn/ros/ubuntu focal InRelease Hit:2 https://mirrors.ustc.edu.cn/ubuntu focal InRelease Hit:3 https://mirrors.ustc.edu.cn/ubuntu focal-updates InRelease Hit:4 https://mirrors.ustc.edu.cn/ubuntu focal-backports InRelease Hit:5 https://mirrors.ustc.edu.cn/ubuntu focal-security InRelease Hit:6 http://snapshots.ros.org/noetic/2024-10-31/ubuntu focal InRelease Err:6 http://snapshots.ros.org/noetic/2024-10-31/ubuntu focal InRelease The following signatures were invalid: EXPKEYSIG AD19BAB3CBF125EA ROS Spanshot builder <rosbuild@ros.org> Hit:7 https://drake-apt.csail.mit.edu/focal focal InRelease Reading package lists... Done Building dependency tree Reading state information... Done 368 packages can be upgraded. Run 'apt list --upgradable' to see them. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://snapshots.ros.org/noetic/2024-10-31/ubuntu focal InRelease: The following signatures were invalid: EXPKEYSIG AD19BAB3CBF125EA ROS Spanshot builder <rosbuild@ros.org> W: Failed to fetch http://snapshots.ros.org/noetic/2024-10-31/ubuntu/dists/focal/InRelease The following signatures were invalid: EXPKEYSIG AD19BAB3CBF125EA ROS Spanshot builder <rosbuild@ros.org> W: Some index files failed to download. They have been ignored, or old ones used instead.
07-31
pub rsa3072 2019-03-14 [SCEA] C1CF6E31E6BADE8868B172B4F42ED6FBAB17C654 ``` 4. **修改源地址(可选)** 如果问题仍存在,可能是由于使用了快照源(`snapshot.ros.org`)。建议将源地址改回官方稳定源,例如...
sudo apt-get update -o Acquire::Check-Valid-Until=false Ign:1 https://download.docker.com/linux/ubuntu jammy InRelease Hit:2 http://archive.ubuntu.com/ubuntu noble InRelease Hit:3 http://security.ubuntu.com/ubuntu noble-security InRelease Hit:4 http://archive.ubuntu.com/ubuntu noble-updates InRelease Hit:5 http://archive.ubuntu.com/ubuntu noble-backports InRelease Ign:1 https://download.docker.com/linux/ubuntu jammy InRelease Ign:1 https://download.docker.com/linux/ubuntu jammy InRelease Get:1 https://download.docker.com/linux/ubuntu jammy InRelease [48.8 kB] Err:1 https://download.docker.com/linux/ubuntu jammy InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8 Reading package lists... Done W: GPG error: https://download.docker.com/linux/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7EA0A9C3F273FCD8 E: The repository 'https://download.docker.com/linux/ubuntu jammy InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. 这是什么报错,怎么解决
09-13
pub rsa4096 2017-02-22 [SCEA] 7EA0A9C3F273FCD8 ``` #### 3. 清理并更新软件源 ```bash # 清理可能存在的无效列表文件(若之前有错误配置) sudo rm -f /etc/apt/sources.list.d/docker.list* # 重新创建正确的...
root@master:/home/di# sudo apt update 命中:1 http://mirrors.aliyun.com/docker-ce/linux/ubuntu focal InRelease 获取:2 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [8,993 B] 错误:2 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease 由于没有公钥,无法验证下列签名: NO_PUBKEY B53DC80D13EDEF05 命中:3 http://mirrors.huaweicloud.com/repository/ubuntu focal InRelease 命中:4 http://mirrors.huaweicloud.com/repository/ubuntu focal-updates InRelease 命中:5 http://mirrors.huaweicloud.com/repository/ubuntu focal-backports InRelease 命中:6 http://mirrors.huaweicloud.com/repository/ubuntu focal-security InRelease 命中:7 https://download.docker.com/linux/ubuntu focal InRelease 忽略:8 https://nvidia.github.io/libnvidia-container/stable/deb/amd64 InRelease 错误:9 https://nvidia.github.io/
05-09
pub rsa4096 2021-08-18 [SCEA] B53D C80D 13ED EF05 ``` ##### 3. **强制更新APT缓存** ```bash sudo apt-get update --allow-insecure-repositories ``` ##### 4. **修复残留依赖(可选)** 若仍报错,执行: `...
Part II中的一些疑问 4
wangjiong的专栏
03-08 1347
How to deal with the frequent flyer mileage system?
Requirement Research
wangjiong的专栏
01-27 1316
backgroud:1. The FBN travel agents use a legacy system written in Cobol that accesses an IMS database through 3270 screens.2. FBN uses TransMaster to process the credit cards for flight purchases. FBN
SCEA之路--8. Messaging
wangjiong的专栏
08-23 1219
General.Synchronous communication.Synchronous communication represents a tight coupling between a sender and receiver :• the sender and receiver must both be available – i.e. real-time communication•
顺利通过Part I 考试
wangjiong的专栏
09-26 1136
终于在昨天通过了Part I的考试,从八月初开始准备到九月底考完,差不多用了两个月时间。这次考试感觉题确实很难,而且与平时所做的模拟题基本上没有什么类似的地方,是我历次考试中最没有把握的一次,不过好歹是过了,85%,对这个分数也比较满意。其实回想起来,考试题中出现的考点在Study Guide中基本都有,再根据自己平时的一些经验,要通过这个考试,应该也不是很难的事.下一步就要开始准备第二部分的程序
SCEA之路--第二次模拟题小结
wangjiong的专栏
09-14 1136
第二次模拟题,48题,错了5道。其中三题错在了Design Pattern上,一道是EJB,剩下一道是Message。看来还要把每个Design Pattern的用途,适用场景理一遍。还有一些容易混淆的Patterns,要把他们区分清楚。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值