网络编程 | 站长之家 | 网页制作 | 图形图象 | 操作系统 | 冲浪宝典 | 软件教学 | 网络办公 | 邮件系统 | 网络安全 | 认证考试 | 系统进程
Firefox | IE | Maxthon | 迅雷 | 电驴 | BitComet | FlashGet | QQ | QQ空间 | Vista | 输入法 | Ghost | Word | Excel | wps | Powerpoint
asp | .net | php | jsp | Sql | c# | Ajax | xml | Dreamweaver | FrontPages | Javascript | css | photoshop | fireworks | Flash | Cad | Discuz!
当前位置 > 网站建设学院 > 网络编程 > Java
Tag:注入,存储过程,分页,安全,优化,xmlhttp,fso,jmail,application,session,防盗链,stream,无组件,组件,md5,乱码,缓存,加密,验证码,算法,cookies,ubb,正则表达式,水印,索引,日志,压缩,base64,url重写,上传,控件,Web.config,JDBC,函数,内存,PDF,迁移,结构,破解,编译,配置,进程,分词,IIS,Apache,Tomcat,phpmyadmin,Gzip,触发器,socket
网络编程:ASP教程,ASP.NET教程,PHP教程,JSP教程,C#教程,数据库,XML教程,Ajax,Java,Perl,Shell,VB教程,Delphi,C/C++教程,软件工程,J2EE/J2ME,移动开发
本月文章推荐
.Displaytag1.1版发布了.
.JSF与WEB完美应用组合 高度提升开.
.你好,wiki.
.API解读:Thread.
.使用Lists.
.学习 是一条漫长的道路.
.多线程在JAVA ME应用程序中的使用.
.Struts开发指南之J2EE n层结构.
.delete 运算符.
.使用StopWatch类来计时.
.用hbm2java生成Hibernate类.
.Servle和applet通信.
.JavaDoc,在 Java 的注释上做文章.
.java基础入门之Hibernate 入门.
.用SolsticeEnterpriseManager建立.
.经典J2EE开发工具-IBMEclipse简.
.如何在Java中实现JobScheduling.
.用JBuilder2005开发spring MVC应.
.Java & XML基础学习笔记 SAX篇.
.详细解析 JavaBeans 与 Ejb 的区.

Java Security Notes (6)

发表日期:2008-1-5


  The five segments of notes take me three days to recall the basic knowledge of Java Security Mechanism--sandbox. But I like the language itself. Because I could control everything. Once your administrator set up environment for you, when you hope to get more authorization and right, you have to write e-mail, fill application form and ask your boss to approve it. What's troublesome nuts!

So I will start new topic--Java Languages Security. This is more interesting for me and more comfortable to eXPress what I try to explain. But I don't discuss those exceptions sUCh as native code that always trigger the problem as it's more like C/C++ code instead of Java code. As we all know, C/C++'s secuirty reply on yourself majorly.

Please remember these:public, protect, private, final . They are much better than C++. Because programmer haven't pointer to help them to snoop on hidden components in the class. Another good news is that Java forbid to arbitrarily cast class type unless there is some relationship between them such as derivative. Of course , you still can not stop memory snooper. What a pity!

The second bonus or maybe danger is object serialization. The file stored in hard disk. A lot of crazy guys could read it after trying with many times. How can we cope with it? One is to avoid from using it. The other is to encode them and override the writer and loader function.

The third tool is Javac , compiler tool. It can help to check security but weak functionality.

The forth trouble is from Java language itself. This problem is like Hook technique which have been used in network card capture application or API replacement. From the Java view, this is more easier than C++. Because there is one virtual machine used for application. Sun adds one bytecode verifier into virtual machine to detect corrupted code or illegal code. But Java uses special skill to do such detection--to verify bytecode only when the bytecode is performing. But it's not the runtime check. The real runtime check does not check class attribute but check array bounds and object casting.

As author said that the notion of security in Java is pervasive, its implementation is equally pervasive.
上一篇:Java Servlet Programming 读书笔记 - servlet生命周期 人气:726
下一篇:Java RMI 简单示例 人气:2627
浏览全部Java的内容 Dreamweaver插件下载 网页广告代码 祝你圣诞节快乐 2009年新年快乐