Java Reference
In-Depth Information
Chapter
1. Security
The Java programming language and runtime system were designed with security in mind.
For example, pointer manipulation is implicit and hidden from the programmer, and any
attempt to reference a null pointer results in an exception being thrown. Similarly, an ex-
ception results from any attempt to access an array or a string outside of its bounds. Java is
a strongly typed language, and all implicit type conversions are well defined and platform
independent, as are the arithmetic types and conversions. The Java Virtual Machine (JVM)
has a built-in bytecode verifier to ensure that the bytecode being run conforms to the Java
Language Specification: Java SE 7 Edition (JLS) so that all the checks defined in the lan-
guage are in place and cannot be circumvented.
TheJavaclassloadermechanism identifies classes astheyareloadedintotheJVM,and
can distinguish between trusted system classes and other classes that may not be trusted.
Classes from external sources can be given privileges by digitally signing them; these di-
gital signatures can also be examined by the class loader, and contribute to the class's iden-
tification. Java also provides an extensible fine-grained security mechanism that enables
the programmer to control access to resources such as system information, files, sockets,
and any other security-sensitive resources that the programmer wishes to use. This security
mechanism can require that a runtime security manager be in place to enforce a security
policy. A security manager and its security policy are usually specified by command-line
arguments, but they may be installed programmatically, provided that such an action is not
already disallowed by an existing security policy. Privileges to access resources may be
extended to nonsystem Java classes by relying on the identification provided by the class
loader mechanism.
Enterprise Java applications are susceptible to attacks because they accept untrusted in-
put and interact with complex subsystems. Injection attacks (such as cross-site scripting
[XSS], XPath, and LDAP injection) are possible when the components susceptible to these
attacksareusedintheapplication.Aneffectivemitigationstrategyistowhitelistinput,and
encode or escape output before it is processed for rendering.
Thischaptercontainsguidelinesthatareconcernedspecifically withensuringthesecur-
ity of Java-based applications. Guidelines dealing with the following security nuances are
articulated.
1.
Dealing with sensitive data
2.
Avoiding common injection attacks
3.
Language features that can be misused to compromise security
