• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 41. Security > Security in the Java Runtime System

Security in the Java Runtime System

Classes can be treated differently when loaded locally, in contrast to over a network. One of these differences is how the class is loaded into the runtime system. The default way for this to happen is to load the class from a local .class file. Any other way of retrieving a class requires the class to be loaded with an associated ClassLoader. The ClassLoader class is a subtype of a standard Java object that has the methods to implement many of the security mechanisms we have discussed so far. A lot of the attack scenarios that have been used against Java have involved getting around the ClassLoader.

The ClassLoader comes into play after Pass 3 of the bytecode verifier as the classes are actually loaded on Pass 4. The ClassLoader is fairly generic because it does not know for certain that it is loading classes written in Java. It could be loading classes written in C++ and compiled into bytecode.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint