Discussion Board

Results 1 to 2 of 2
  1. #1
    Registered User
    Join Date
    Aug 2010

    Java applications security


    when developing a java application what are the security mechanisms one should tale into consideration, both from a developer point of view as well as from a security penetration tester point of view.

    any help in this regards is highly appreciated


  2. #2
    Super Contributor
    Join Date
    Mar 2008
    The Capital of INDIA

    Re: Java applications security

    As per my point of view these are few points you should keep in mind,

    1. Low-level KVM security:
    An application running in the KVM must not be able to harm the device in any way. Such security is guaranteed by a pre-verification process that rejects invalid class files and ensures that a class does not contain any references to invalid memory locations. The preverify tool is responsible for the verification process, and it inserts some special attributes into the Java class file. After pre-verification, the KVM does an in-device verification process, which ensures that the class is pre-verified.

    2.Application-level security:
    The KVM defines a sandbox model that is quite different from the J2SE sandbox model. The sandbox requires that all Java classes are verified and guaranteed to be valid Java applications. It limits all but a predefined set of APIs from becoming available to the application as required by the CLDC specifications and supporting profiles. The downloading and management of applications take place at the native code level, and application programmers cannot define their own class loader or override the class loader or system classes and associated packages of the KVM. Application programmers also cannot download or add any native libraries that contain code and functionality that are not part of the CLDC supported libraries.
    This can contain the two main points to be considered,
    2.1. Data Security:
    Keeping the data safe on the device also requires encryption, and for that you probably have to use a toolkit: even if HTTPS is available on your device, the encryption code probably isn't exposed.
    2.2. Network Security
    The simplest way to keep your data safe is to communicate using the HTTPS or SSL protocols. Unfortunately, not all devices support one of these protocols.
    Thanks with Regards,

    R a j - The K e r n e l

    Join Delhi-NCR Nokia Developer's Community,

Similar Threads

  1. Security warnings for WRT applications
    By renehagen in forum Symbian
    Replies: 4
    Last Post: 2009-06-30, 10:29
  2. Unlocked Applications & Security on Ovi Servers
    By parisn in forum [Closed] Publishing to Nokia Store
    Replies: 7
    Last Post: 2009-05-05, 08:29
  3. Replies: 0
    Last Post: 2008-07-24, 10:42
  4. Physical Security for Applications
    By jamiehelm in forum General Development Questions
    Replies: 1
    Last Post: 2004-08-10, 10:02

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts