Friday, August 8, 2008

Security Model in Java and its evolution


Security Model in Java and its evolution


Java was originally designed for developing Network Applications and as we know that such applications are more prone to potential attacks hence a need for the Security Model was felt as one of the most important feature of the Java architecture.


Since the inception of the Java architecture, the Security Model has also evolved from the Basic Sandox to the rich security architecture for access control in Java 1.2 by supplying a concrete implementation of the Security Manager with the Java 2 Platform. The three major evolutions of the Security Model took place in Java 1.0, Java 1.1, and then in Java 1.2 which are briefly discussed below:-

  • Security Model in Java 1.0 - the basic security model implementation was very restrictive for any untrusted code. Any applet downloaded from a remote untrusted machine was considered untrusted and hence such a code used to have a very limited set of priviledges on the client machine. This security model is commonly known as The Basic Sandbox where the term 'sandbox' represents a virtual box where the untrusted code will reside and that code can executed only within the boundaries of the sandbox. This is why the original sandbox based security model implementation in Java 1.0 restricted many activities for the untrusted code on the local machine. These restricted activities include Read/Write on the local disk, Createtion of a new process, Loading of a new dynamic library, etc. The untrusted code was not allowed to establish any network connection to any other host except the host it was downloaded from. Thus we can easily see that the untrusted code in Java 1.0 was having very limited access on the local machine which obviously limited the scope of even trustworthy applets as the security model in that version of Java was not able to differentiate between trustworthy and untrusted applets. Obviosuly a need arises to enable the security model with this capability and consequently the model was revised and made more capable in Java 1.1 which is discussed below.
  • Security Model in Java 1.1 - this version of Java enables the Security Model to recognize a trustworthy code by using Code Signing and Authentication. These features helped the client machine to recognize if the downloaded code is trustworthy or not by checking if the downloaded code is digitally signed by a Recognized Signing Authority or not. But the limitation in this version was that the Security Model supported either a completely trusted code and anything which failed was considered completely untrusted.
  • Security Model in Java 1.2 - this version of Java provided the fine-grained Security Model which we have today. In Java 1.0 and Java 1.1 the java.lang.SecurityManager class was an abstract class and the developer needed to subclass it and implement the methods to enforce a policy which was of course a very complex task and hence the Security Model used to have security holes in the cases where the developer didn't take all the aspects into account while implementing the check methods of the SecurityManager class. Java 1.2 provided a default implementation of this class and hence the class became concrete from this version onwards. Now in most of the cases developer doesn't bother to subclass and re-define the check methods unless such a special need arises. This new SecurityManager class doesn't require the developer to define a policy by writing Java code instead it requires them to define the policy in an ASCII file which is called a policy file. Obviously it's much more easier and less error-prone for the developer and it allowed even those developers to write a correct and robust security policy who don't have a very good understanding of all the aspects of the Security Model.



Share/Save/Bookmark


2 comments:

Anonymous said...

hi, i am software engineer i need to use a primary key which can increment automatically and used for any unique number i am using MYSQL

Geek said...

Hello anonymous... I've not used MySQL for quite a while now. When I used MySQL some 3-4 years back I probably couldn't find any direct support for Sequences in MySQL (unlike Oracle) and hence I used the AUTO_INCREMENT feature which served my purpose of automatic unique ID generation.

What I could interpret from your question that you simply want a mechanism to generate unique numbers which will serve as primary keys of the records being inserted in the table. If this is the case then it's very easy to implement using the AUTO_INCREMENT feature only. You just need to append the 'AUTO_INCREMENT' clause to the primary key column of the table. For example:-

CREATE TABLE table_name(
id INT PRIMARY KEY AUTO_INCREMENT,
column_name1 ...,
...
);


Once the table is created you can set the initial value of the AUTO_INCREMENT counter by using the following statement:-

ALTER TABLE table_name AUTO_INCREMENT = value;

You can of course not specify a value less than or equal to any value that has already been used for that table. In such a case MyISAM resets the AUTO_INCREMENT counter to the current maximum value plus one. InnoDB might also take care of it accordingly. But it's always better to avoid setting such a value and the start value is normally set in the very beginning before any insertion. From there on MySQL engine automatically increments the current maximum value by one to get the new unique number. The default value of the AUTO_INCREMENT counter is 1.

You can use LAST_INSERT_ID() to get the unique number generated by the previous INSERT opration executed on a table which had an AUTO_INCREMENT column. You can even pass an expression as an argument to the LAST_INSERT_ID() function. In this case the value of the argument will be returned by the function and the same value is remembered to be returned by the next invocation of the LAST_INSERT_ID() function. You may use this to create a table serving as a Sequence:-

CREATE TABLE sequence_table(
seq INT NOT NULL);


Initialize the sequence counter by inserting a record:-

INSERT INTO sequence_table VALUES(100);

Updating the sequence and reading the value:-

UPDATE sequence_table SET seq = LAST_INSERT_ID(seq + 1);
SELECT LAST_INSERT_ID();


These are probably the two most commonly used mechanisms of implementing sequences in MySQL. I guess the former suits your requirement better. Hope the info helps. Keep visiting/posting!