博客强调安全并非100%可靠,需多层面保障且应融入设计。介绍了Java 2技术环境对浏览器中运行的Applet的安全限制,如代码使用、文件读写、网络连接等方面。还阐述了根据架构系统规范确定安全特性实现位置及适用技术,包括认证和授权相关内容。
General.
• nothing is 100% secure
• only as strong as the weakest link (e2e security requires many layers)
• manageable (a complex system will only serve to confuse admins/users)
• security must be included as part of the design not retro-fitted
Identify Security Restrictions That Java 2 Technology Environments Normally Impose on Applets Running in a Browser
• An applet can utilize only its own code and is not allowed to load libraries or define native methods.
• An applet cannot read or write files on the host that is executing it.
• An applet can make network connections only to the host from which it was downloaded.
• An applet cannot start any program on the local host.
• An applet is restricted from reading the following system properties:
java.home, java.class.path, user.name, user.home, and user.dir.
Given an Architectural System Specification, Identify Appropriate Locations for Implementation of Specified Security Features and Select Suitable Technologies for Implementation of Those Features
• Authentication
• Authentication method: BASIC, FORM, DIGEST, and CLIENT-CERT
• Digital certificates, certificate authorities
• Secure Sockets Layer (SSL)
• Common Secure Interoperability (CSIv2)
• Identity selection: <run-as> or <use-caller-identity>
• Security roles
• Authorization
• Authorization enforced by the container (declarative), defined in the deployment descriptor
• Authorization enforced by the component (programmatic), defined within the application code
扫一扫
914
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
