The Dangers of Mobile Code
General
Because of the universal use of e-mail and WWW, it is impossible forany security administrator to guarantee that no malicious external files,
programs or data will reach the internal network. Primary culprits for
Web-based intrusions are applications using the Java and ActiveX
programming languages. These languages allow Web sites to
incorporate programs that users can run on their computers, in other
words: remotely compiled programs are executed locally. It is not
surprising that one should be rather nervous about executing untrusted
code on one’s private network or machine.
Java
Java is a high-level, object-oriented, general-purpose programming
language that took the Internet by storm, because it was one of the first
technologies that could animate Web pages and make them interactive.
Designed by Sun Microsystems in 1990, it is similar to C++, but it
eliminates many language features that can cause common
programming errors.
Java source code files (files with a .java extension) are compiled into a
format called bytecode (files with a .class extension), which can then be
executed by a Java interpreter. Java can be used to develop complete
applications, called Java applets, which can perform a variety of tasks
from the same Web page:
• Animations.
• Games.
• Charts.
• Interactive programs.
Let us see how this works in a Web browser on a desktop computer.
References to Java software are embedded on a Web page, which can be
stored on a local disk or on the network. When the browser sees these
references, it performs the following procedure:
• The Java software, i.e. the applet, is loaded.
• The applet is then processed by the Java Virtual Machine (JVM),
which is built into the browser.
• This JVM does stringent security checks.
• The JVM runs the applet, which appears and interoperates inside
the browser.
The computer's operating system provides machine-specific support
for many of the actual operations and interactions.
No comments:
Post a Comment