Security has been an integral part of Java technology from day one, and it continues to evolve. Sun's Ramesh Nagappan, co-author of the book Core Security Patterns, says, "The Java security architecture provides several definitive ways for extending security capabilities of a Java application to integrate security capabilities such as confidentiality, integrity, access control, trust and so forth." What are those security features? Nagappan explains in this two-part series. In Part 1 he discusses security within the Java Runtime Environment, Java security management tools and Java applet security. Then in Part 2 he looks at Java WebStart security and the Java Extensible Security Architecture and APIs. The articles raise a question, though: Is Java so secure that you don't have to think about application threats and exploits? How much specific coding do you do around application or data security?
- Posted by: Michelle Davidson
- Posted on: June 26 2006 14:14 EDT
What I have understand with the release of J2SE 5.0 there was possible to develop a application using client SSL and using certificate on the Java card, correct? But this part is missing in Java ME, client SSL, correct? There is an option package called SATSA,“Security and Trust Services API (SATSA), JSR177”. I read that SATSA-APDU and SATSA-JCRMI are both APIs that allow the application to communicate with a smart card (for example, the SIM card. Java ME/Personal profile 1.1 is based on Java SE 1.4, when we have new version of Java ME/Personal Profile 1.2 based on Java SE 5.0, will we then have support for client SSL? Regards, Ove
people do. Just ask me about the guy who coded an app to put the user in session before checking the password. Javas fault? Did java prevent that? Of course not.