Don't be fooled by the Java sandbox

With new technologies, security is a key issue that is always brought up in conversations. But quite often we fail to see the big picture. For example, with Java applications (MIDlets as they are called),

    Requires Free Membership to View

the usual answer to the question about security is "Yes it is secure, it's the Java sandbox thing." The typical attitude forgets the big picture and fails to see other quite-obvious possibilities. Author Mikko Kontio takes a look at some overlooked wireless security issues in this article from InformIT.

The Java sandbox gives an answer to the following question: Can the application do any harm to the phone or other applications in it? Java applications are run in a so-called sandbox, which means that the applications can't use any of the device's native interfaces; only the Java APIs are available. Although this is a disadvantage because software developers can't do everything with Java that they can do with C++, for example, it is primarily a benefit because they know the limits.

In MIDP, there are ways to perform some platform operations, such as making http connections or (in some MIDP 2.0 devices) making a telephone call. It is the platform's responsibility to ensure that none of these things happen without the user knowing about it. Of course, image galleries, contact lists, and calendar information are beyond the reach of developers. The benefit is that hostile applications can't steal the information and send it to Web servers.

If you have to secure the information sent over a plain HTTP connection, you can encrypt it. You don't have to implement the cryptographic algorithms yourself; just use one like the Bouncy Castles API.

Don't over look security on the server side. The server system (often a Web server) also needs to be secured, which means installing the security updates (for whichever operating system and Web server you are using), setting up the firewall properly, and performing the usual actions needed to secure a server system. You should also pay some attention to securing the database server. Placing both the Web server and the database server behind a firewall is always a good solution.

Security issues involved with mobile applications are about the same as with any other applications. If the application is a standalone application with no connections to the outer world, securing it is relatively easy. But if the application is networked, it takes same time and planning to make sure that the whole system is secure enough for the system's requirements.

Read more about Wireless security at InformIT.


This was first published in February 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.