No profile, any program made by any programming language will exist security issues, especially the Java language-oriented web application, will have a greater security issue to consider. The following is a brief introduction to Java security.
The Java security model is a sandbox model, and the sandbox model has changed significantly after Java1.1 to Java1.2. It can be said that Java1.1 is a large-scale sandbox. It is difficult to get out of the sandbox to do some necessary things. In order to break through this limit, the Java1.2 version is changed to the strategy-based sandbox model, which can be based on the user Demand to define a policy to make a flexible security problem solution.
Java provides the following security features: class-loader, bytecode file check, virtual machine security restrictions, security manager and API, the top three aspects are not available in general programming processes, safe Manufacturers and APIs are programmed solutions for Java's flexible configuration security (you can also make simple but valid security management through Java). Security involves both side, each particular problem will have different solutions, and we mainly make a summary introduction to these aspects.
We first analyze the Java life cycle from the application perspective, and every stage system provides a security function. Each program has a start-run-end process, starting to be the load, this process is to verify that the load is correct, the loader can give the class to the class, etc., etc. Is it equivalent to running after loading? The action, whether the running process causes memory leaks, etc .; how to end is completed, whether it is forced by an external program. For several aspects of Java provide security functions, you can simply correspond to lifecycle, and the type loader acts on the start phase, the bytecode checks on the start and runtime, and the virtual machine built-in security acts on the run and end.
The overall concept of Java security is given above, which involves some knowledge of Java virtual machines, please refer to the book about the virtual machine and the corresponding articles of this column (to be written). The following is discussed from several aspects of Java security.
