- Java Security

[ Home | Whats New | Recommended Books | Search | Subscribe ]
[ TP | DB | Java | JavaBeans | C++ | Design-Pattern | CORBA | Server | Script | SCM | Dev-Mags | Net-News | WebDev | Net | XML ]

Get the FREE SwTech e-mail newsletter :
Support this site by buying one of our Recommended Books

Search the SwTech.com site:   

Java : Java Security

See Also:
>Network and Server Security

* Java Commerce Home Page
The Java Commerce Home Page, where you can find the latest details about the Java Electronic Commerce Framework (JECF), the Java Commerce package, the Java Wallet, and JavaCard.
* The JECF Cassette Developer's Cookbook
The Java Commerce Cassette Developer's Cookbook walks through a real example of writing working cassette code for the JECF Commerce Framework.
* Hostile Applets Home Page
Mark LaDue's Hostile Applets Home Page details many types of hostile Java applets and outlines the security loopholes in Java the language and the implementation in it's various versions that these types of applet exploit. Note: Following this link WILL NOT run any of the applets directly - you are still in control.
* The Java Security Hotlist
Probably one of the most complete set of online resources and links about Java security currently available on-line. Compiled and maintained by Gary McGraw.
* Netscape 4.0 Capabilities API Sample Code
* About package com.ms.security
Details of how to access the security system of the Microsoft Win32 VM for Java, and hence the applet permissioning and capabilities of MSIE 4.
* Class netscape.security.Target
Documentation for using the PrivilegeManager facilities in Netscape 4.0 (Communicator), including all the names and meaning of the different privilege attributes.
* Java is not type-safe
An article by Vijay Saraswat looking at the way classloaders dynamically load Java classes, and the possible security holes this introduces.
* Java's security architecture
An overview of the JVM's security model and a look at its built-in safety features.
* Security and the class loader architecture
A look at the role played by class loaders in the JVM's overall security model. The class loader architecture causes code downloaded from different sources to be kept separate, and prevents the loading of untrusted classes that declare themselves to be part of a trusted library.
* Security and the class verifier
The class verifier enables untrusted code to be verified up front, rather than on the fly as the code is executed.
* Java security: How to install the security manager and customize your security policy
Learn about the security manager and the Java API, what remains unprotected by the security manager, and security beyond the JVM architecture. How to use a security manager to establish a custom security policy for Java applications.
* How secure is the Java Wallet ?
An introdiuction to the Java Wallet component of the Java Electronic Commerce Framework (JECF), the security features it contains, and highlighting some of the security holes in the current (Early Access Release 1) version.
* The SSLava Home Page
Details of a toolkit and class library product from Phaos for developing secure Java applications using the SSL (Secure Sockets Layer) protocol.
More detailed coverage of SSL is on our Web Reference Docs page.
* RSA’s JSAFE Java Crypto Toolkit
A commercial Java library product from RSA Data Security Inc giving industrial strength secure network communications. Designed to be called through the Java Security API in Java 1.1, but can also be retrofitted into Java 1.0.2.
* Cryptix
A free cryptography library based in the UK.
* Cryptix - Frequently Asked Questions
* How the Applet Network Security Policy works
Some notes on the way applets can correctly use Socket's and/or URLConnection's through various types of security firewall.
* Privileged Blocks API in Java 1.2
An enhancement to the Java security API to allow the ability to enforce proper bracketing of begin/endPrivileged calls.
* Headline: First Virus Written In Java Found
The Symantec Antivirus Research Center has found the first virus written in Java - called Strange Brew, but the good news is it can't hurt Web surfers due to the "sandbox" restrictions built in to the Web Browsers.
* The evolution of Java security
An article from the IBM Systems Journal special issue on Java Technology looking at the current and future security facilities of the Java language and class libraries. Reviews the new Java Development Kit (JDK) 1.2 policy-based security model, limitations of stack-based authorization security models, general security requirements, and future directions that Java security might take.
* Privileged code in Java 1.2
Details of the major change that was recently made to the JDK 1.2 API for privileged code blocks, and the reasons why the API changed from JDK 1.2beta3 to 1.2beta4. Also explaining the ongoing evolution of Java's security model from a "sandbox" architecture to a trust model.
* Escape the sandbox: Access native methods from an applet
How to use signed applets, combined with JNI, to invoke the Win32 API directly. Also provides code for installDLL, installJniWrapperClass, and loadLibrary methods to deploy and install the DLL and JNI classes in the correct place for the Netscape browser to use, including the calls to the Netscape permissions system required to allow this.
* JDK 1.1 Signed Applet Example
A simple step-by-step demo of how you can experiment with code signing, using the JDK 1.1 tools (javakey, jar, and appletviewer).
* Using javakey
A short self-contained introductory tutorial on using the javakey tool included in the JDK for code-signing.
* Policy Recommendations using JDK 1.1 javakey
Straightforward recommendations for generating and storing keys and certificates in JDK 1.1 from the view point of both a user and a systems administrator.
* Strange Brew Overview
An overview by Sun on the "Strange Brew" Java virus identified by Symantec.
* Strange Brew Q & A
A FAQ / some Questions and Answers by Sun on the "Strange Brew" Java virus identified by Symantec.
* Code Signing for Java Applets
This document by Daniel Griscom goes over the process of digitally signing a Java applet's files. It was written to provide a unified description of this process, covering Netscape, Internet Explorer and Sun Java plugin, with as much detail as possible, but with the assumption that the reader basically knows their stuff.
* How the Java Security API can help you secure your applications
The Java Security API makes it a simple matter to add security and authentication to your application. The result is an application that knows what and whom it can trust. This article by Todd Sundsted delves into the Java Security API and demonstrates how to generate message digests, keys, and digital signatures.
* Twelve rules for developing more secure Java code
Java is growing up and is starting to be used in many security-critical situations. But even with its advanced security architecture and built-in security features, Java isn't immune to security risks. As Java security practitioners, authors Gary McGraw and Edward Felten have learned many valuable lessons about how to create more secure code. Writing security-critical code isn't easy, and developers need all the help they can get. In this article, McGraw and Felten offer 12 rules for writing safer Java code.
* Java Authentication and Authorization Services (JAAS) API
The Home Page for Sun's Java Authentication and Authorization Services (JAAS) API, which extends the security architecture of the JDK by providing additional support for authentication, and supports enforcement of additional access controls.
* Java Authentication and Authorization Services (JAAS) API Documentation
The online JavaDoc documentation for Sun's Java Authentication and Authorization Services (JAAS) API.
* Book: Inside Java 2 Platform Security: Architecture, API Design, and Implementation
Inside the Java 2 Platform Security is the definitive and comprehensive guide to the Java security platform. Written by the Chief Java Security Architect at Sun, it provides a detailed look into the central workings of the Java security architecture and describes security tools and techniques for successful implementation. It also provides a practical guide to the deployment of Java security, and shows how to customize, extend, and refine the core security architecture.
Buy it TODAY from Amazon Worldwide/U.S.A. or U.K.
* Java Secure Socket Extension (JSSE)
Java Secure Socket Extension (JSSE) from Sun enables secure Internet communications. It implements a Java version of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols and includes functionality for data encryption, server authentication, message integrity, and optional client authentication.
* JGSS Resources: Java and GSS-API
* JGSS Package
This is the distribution site for the University of Illinois Systems Software Research Group 's JGSS package. The JGSS package provides Java programs access to Kerberos' Generic Security Services API. This API implements the Generic Security Service API defined in RFC-1508 and revised in the IETF Common Authentication Technology WG's Internet-Draft draft-ietf-cat-gssv2-??.txt . The API's services include the signing and sealing of messages, and a generic authentication mechanism.
* OpenSAML - an Open Source Security Assertion Markup Language implementation
OpenSAML is a set of open source Java and C++ libraries that are fully consistent with the SAML specifications and implement the post profile part of the SAML 1.0 specification

DevLynx - Developer Links

Add your own Developer Links:

You can now suggest your own DevLynx to include on this page.
Search the Software Technologies site:   

Home Copyright © 1996-2006 Software Technologies Ltd.
All rights reserved. All trademarks acknowledged. E & O E.
Privacy Policy.
Designed for
Microsoft Internet Explorer
Designed for
Netscape Navigator
webmaster@SwTech.com http://www.SwTech.com/java/security/