Jahan Moreh

Java is rapidly evolving from just a useful language for developing Web-based applets to an enterprise platform for developing and deploying mission critical applications. An enterprise-class application must possess many characteristics. Comprehensive security is, inarguably, one of these characteristics. Many existing security models burden programmers with the obligation to understand, code and enforce the security policy of an organization. The current state-of-the-art model for implementing security suggests that a developer should not directly be involved in implementing an organization's security policy. This model provides two important advantages: 1. It reduces the likelihood of an incorrect implementation, thus increasing the security of the overall system. 2. It allows dynamic changes to the security policy to take effect quickly. Typically, changes to an ... (more)

Java Security: Beyond Code Safety

In an article entitled Implementing a Security Policy (Java Developer's Journal, Vol. 2., Issue 8), Qusay Mahmoud wrote on the practical uses of the Java SecurityManager class. Starting with JDK 1.1, Java provides a number of classes and interfaces for implementing a comprehensive security policy. These include cryptographic interfaces for signature production and verification, cryptographic checksums as well interfaces for access control. This article focuses on practical uses of the cryptographic interfaces of JDK 1.1, including their use in creating and verifying the origin o... (more)