Database Reference
In-Depth Information
In addition to lending portability, the JVM can enhance security by establishing a runtime security
sandbox. The sandbox is a set of rules that apply to all Java code running in the JVM. In most cases where
a security policy is in effect, these rules prevent the Java code from reading from or writing to the hard
drive, and from opening network connections. When the JVM is running in a browser (like Internet
Explorer or FireFox), the Java code (usually a Java applet) is not allowed to communicate with any other
machine on the network except the machine from which it was loaded (the web server that provided the
web page that included the applet tag).
At the command prompt and in many Java web servers, there is no sandbox in the JVM. In that case,
your Java code can open and write files and read from other machines on the network.
In the Oracle JVM, the sandbox is quite rigid, preventing the Java code from reading from/writing to
the hard drive; and from communicating on the network at all; however, it provides open access to the
Oracle database, limited by the Oracle privileges granted to the Oracle user who is executing the Java
code, and his roles.
With every sandbox, additional privileges can be granted in a number of ways. With applets, the
code needs to be signed with a certificate in order to be granted extra privileges. When it runs in a
browser, the browser presents the certificate to the computer user, who has to accept the certificate and
privileges before the privileges become functional. Once the certificate is accepted, the applet is
permitted to perform the privileged actions.
On the Oracle database, privileges are granted by administrative commands and are stored in the
database. Privilege grants can be broad or very granular. We will be using extended privileges for Java
code running in Oracle database in order to communicate to other machines over the Internet. You will
see some very granular grants for those privileges when we get to Chapter 9.
Chapter Review
Although this has been only a brief introduction to the Java language, it has provided you with enough of
the fundamentals to get you started. You cannot build security on sand; rather, you need a foundation.
There are many options and styles in Java programming, and we want to intentionally choose our coding
practices to assure, enhance and maintain security.
We learned about packages and their relationship to directory paths. We also learned about the
CLASSPATH
environment variable.
There were a boatload of terms and concepts introduced in this chapter, including class, instance,
object, method, member, and constructor. Also the modifiers
static
,
public
, and
private
were covered.
And we discussed the
main()
method.
Finally, we covered exception handling and the
try
/
catch
/
finally
syntax.
We will be using all these Java syntax elements throughout the rest of this topic. If they are new to
you now, don't worry. They will be like second nature to you before long.
