SCEA Road - 10. Security

xiaoxiao2021-03-06  93

General. • nothing is 100% secure • only as strong as the weakest link (e2e security requires many layers) • manageable (a complex system will only serve to confuse admins / users) • security must be included as part of the design not retro -fitted

Identify Security Restrictions That Java 2 Technology Environments Normally Impose on Applets Running in a Browser • An applet can utilize only its own code and is not allowed to load libraries or define native methods. • An applet can not read or write files on the host that is . executing it • An applet can make network connections only to the host from which it was downloaded • An applet can not start any program on the local host • An applet is restricted from reading the following system properties:.. java.home, java. Class.path, user.name, user.home, and user.dir.

Given an Architectural System Specification, Identify Appropriate Locations for Implementation of Specified Security Features and Select Suitable Technologies for Implementation of Those Features • Authentication • Authentication method: BASIC, FORM, DIGEST, and CLIENT-CERT • Digital certificates, certificate authorities • Secure Sockets Layer (SSL) • Common Secure Interoperability (CSIv2) • Identity selection: or • Security roles • Authorization • Authorization enforced by the container (declarative), defined in the deployment descriptor • Authorization enforced By The Component (Programmatic), Defined within The Application Code

转载请注明原文地址:https://www.9cbs.com/read-122406.html

New Post(0)