Java 2 Network Security P1

The purpose of this chapter is not only to introduce the themes of the book tothose who will later read the more detailed chapters that follow, but also to actas a brief overview for the intelligent non-specialist who does not need all thedetails. This is because the focus of the book is on helping people to deployJava in a secure way. There are many people involved in that – managers,administrators, developers, systems programmers, users – all of whom play apart.
Nội dung trích xuất từ tài liệu:
Java 2 Network Security P1Java 2 Network SecurityMarco Pistoia, Duane F. RellerDeepak Gupta, Milind Nagnur, Ashok K. Ramani International Technical Support Organization http://www.redbooks.ibm.com SG24-2109-01 SG24-2109-01International Technical Support OrganizationJava 2 Network SecurityMarco Pistoia, Duane F. RellerDeepak Gupta, Milind Nagnur, Ashok K. RamaniForeward by Li GongDistinguished Engineer and Chief Java Security ArchitectSun Microsystems, Inc.June 1999 Take Note! Before using this information and the product it supports, be sure to read the general information in Appendix F, “Special Notices” on page 659.Second Edition (June 1999)This edition applies to Java 2 SDK, Standard Edition, V 1.2.Comments may be addressed to:IBM Corporation, International Technical Support OrganizationDept. HZ8 Building 678P.O. Box 12195Research Triangle Park, NC 27709-2195When you send information to IBM, you grant IBM a non-exclusive right to use or distribute theinformation in any way it believes appropriate without incurring any obligation to you.© Copyright International Business Machines Corporation 1997 1999. All rights reserved.Note to U.S Government Users – Documentation related to restricted rights – Use, duplication or disclosure issubject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp.Foreword As the person who led the JavaSoft team that developed the Java security technology discussed in this book, it is extremely gratifying to see people spend their precious time writing about our technology and products. Every engineer’s dream is to have his or her technology deployed and used by thousands of others, and this book is a great help to Java developers who write security-aware applications. Security is a difficult subject to write about. On the one hand, security is in people’s daily consciousness so that it appears easy to get across (to the reader) some of the basic concepts. On the other hand, security applied to computer and networking is often subtle and unexpected. Security also is pervasive in that it touches all aspects of the computing technology, including hardware, software, operating system, software libraries, communication software, networking infrastructure, application software, user interface, and management software. In order to understand security in any situation, one has to understand the entire system under consideration as well as each individual component so that one can identity their strengths and weaknesses and design the appropriate solutions. Java security is one of the more recent additions to the family of security technologies. Ever since Sun Microsystems announced Java technology in the spring of 1995, there has been strong and growing interest (in industry, research laboratories, and academia) around the security of the Java platform as well as new security issues raised by the deployment of Java technology. Such close attention being paid to security is almost unprecedented in that new computing technologies normally ignore security considerations when they emerge initially. Most of them remain unsecured forever. In the few cases where efforts are made to secure them later, the efforts are typically not very successful because retrofitting security is usually very difficult, if possible at all, and often causes backward compatibility problems. Therefore, it is extremely fortunate that the Java technology had security as a primary design goal from the very beginning. (Hats off to the original Java development team. I joined JavaSoft only in 1996.) Although the initial security model was very simplistic, it enabled later improvements in the security architecture. The Java language is a general-purpose object-oriented programming language and is specifically designed to be platform independent so that application developers can write a program once and then run it securely© Copyright IBM Corp. 1999 3 everywhere on the Internet. To achieve this platform independe ...