|
Page 1 of 2 Nothing's 100% secure in computer technology. Since several years,
attackers have attempted to break into computer systems, with or
without malicious intent. On the other hand, security experts have
tried to foil attacks by using various technologies.
With this background, when Java programming was being developed, a
lot of focus was on ensuring that this new language should not have any
security holes. It was important because it was then touted as the
language of the Internet. The Internet being an open network,
accessible to everyone, any flaws in Java could directly compromise
trusted servers, internal networks and the always vulnerable clients.
Therefore, a lot of stress was put on ensuring that Java should be as
safe to use, as possible.
Moreover, attackers had found several problems in the usage of C and
C++. These languages were so powerful on one hand, but so vulnerable on the
other, because of the concept of pointers. Naturally, Java simply could
not be expected to support the concept of pointers, thereby
automatically getting rid of a lot of problems found in C and C++. However,
this was not enough.
Java simply could
not be expected to support the concept of pointers...
Java security designers spent considerable time in devising what is
considered as a strong security model, which focuses on the following
key factors:
- Accessibility
- Serialization
- Packages
- Privileged Code
- Native Methods
We shall now discuss these concepts in reasonable depth to understand
their context and significance, in this series of articles. This time,
we shall focus on the concept of accessibility.
By far, the simplest concept to understand is that of accessibility. We
know that the Java programming language allows the developer to define
access specifiers, that decide what level of accessibility methods,
classes, and data members can have. Java defines four levels of
accessibility, as follows:
- Public - This is the
least secure approach, where any class can access the entity defined as
public.
- Protected - Mainly used
in inheritance, an entity defined as protected is accessible to the
class itself, or its subclasses, or to any classes that belong to the
same package.
- Package-private -
Whenever no explicit access specifier is mentioned, this definition
takes over, and allows the class itself, and any other classes in the
same package to access the defined entity.
- Private - This is the
opposite end of public, and allows only the class itself to allow an
access to this entity.
The accessibility features do not end here. In other programming
languages such as C++, the effect of access specifiers is checked at
the compile time, but not at the run time. Thus, an attacker can write
code to access private data members belonging to another class.
However, this is carefully prevented in Java. At run time, the Java
bytecode verifier ensures that the access specifiers are not violated.
Page 1 OF 2
<< Start < Previous 1 2 Next > End >>
|
Home | 
