Database Reference
In-Depth Information
C H A P T E R 3

Secure Java Development Concepts
This chapter goes beyond what would traditionally be covered in a chapter on Java security, and it does
not cover strictly Java security topics in depth. Rather, it addresses fundamental Java development
concepts. We should make sure that we are on a solid foundation in Java development. You can develop
very secure code in Java, but if you do not realize what you are doing, your code can be unwittingly
insecure.
This chapter will also help Java Integrated Development Environment (IDE) programmers better
understand the development process outside of the tools (such as JDeveloper, NetBeans, or Eclipse).
IDEs do a pretty good job, but do not blindly trust one to understand and enforce secure development
practices for you. If you have a strong background in Java, this chapter may be unnecessary—in that
case, just skim it to see if there are any areas you need to review.
Java Development Kit
The Java Standard Edition (SE) Java Development Kit (JDK) is available both stand-alone and bundled
with Sun's (Oracle's) IDE, NetBeans. You can download either one from Oracle's web site at
java.sun.com ( www.oracle.com/technetwork/java ). Yo u will need JDK 1.5 or later, and you will find that
earlier versions, such as 1.5, may only be available on the Previous Releases web page.
We need JDK 1.5 or later because that is the version of the JDK that has been included in the Oracle
database: the Oracle Java Virtual Machine. We will discuss virtual machines shortly. We want to have at
least that same revision level of Java on our workstation as on the Oracle database.
You can also download the Java Runtime Environment (JRE.) Because you are downloading the JDK,
you do not need to also download the JRE. A JRE is that portion of the JDK required to run Java
applications, but it does not have the tools required to compile Java.
If you have a Java IDE installed, then you also have the JDK included with your IDE. If that is version
1.5 or later, you can simply use the JDK that came with your IDE.
Oracle Java Database Connectivity
Download a copy of the Oracle Java Database Connectivity (JDBC) code library from Oracle's web site at
www.oracle.com/technetwork/indexes/downloads . Scroll down to [Drivers]. The file you download can be
for the latest release of Oracle database (11g) and must be suitable for JDK 1.5 or later. Note, however,
that you should not use JDBC drivers that are later than the JDK you are using (e.g., do not use ojdbc6.jar
with JDK 1.5). So you will download ojdbc5.jar , or ojdbc6.jar if you are using JDK 1.6 or later.
 
Search WWH ::




Custom Search