A Look at Java Security

INTRODUCTION Why should Java security concern you? Many push-based applications are being ported to Java. In addition, Java is one of the cornerstones of active content and an understanding of Java security basics is necessary for understanding the implications of push security issues. A lot of people ask: “Why do I need Java security? I thought it was safe.” Java as a language is basically safe and is built on top of a robust security architecture. But security breaches related to bugs in the browser, poorly written Java code, malicious Java programs, poorly written CGI scripts and Javascript code, and more often occur. Moreover, placing the enforcement of a security policy in the browser, and thus in the hands of end users, opens up many opportunities for security measures to be defeated. In addition, many push vendors are relatively new startups that do not always understand mission-critical software and security needs. Such circumstances only exacerbate the security predicament. While some people might opine that Java is too insecure to be used in production environments and that it should be completely avoided, doing so creates the situation where a tremendous computing opportunity is lost. While the company that decides to bypass Java alleviates itself of Java security worries, that means that they also relinquish the myriad benefits that Java affords. In addition, a significant amount of cuttingedge Internet-based activities such as E-commerce, online trading and banking, and more are all written in Java. Also, many firewall and router vendors are writing their management front-end application in Java. By cutting an organization off from Java, they may likely cut themselves off from the next generation of computing technology. P A Y O F F I D E A