JRE Security: Difference between revisions

Byte Code Verifyer

• Checks code consistent with spec - Format of files, byte code legal
• Detects inconsistencies in bounds checking/object casting

Security Manager

• Only one per runtime
• Uses security policy file for runtime permissions
• Throws AccessControlException or SecurityException
• -Djava.security.manager

Security policy

• defines access privileges
• defines permissions e.g. file/network access
• default policy $JAVA_HOME/jre/lib/security
• -Djava.security.policy
• may be
  • text policy file
  • binary policy class

Keystore

• Certificates are stored in a password protected database
• Stores
  • public/private keys
  • certificates
• Stored in file .keystore in the user's home directory
• keytool - facilitates creating/managing/administering public/private keys and certificates for authentication/authorisation
• X.509 certificates