Geek Answers Handbook

Best Approach for Creating a Security Environment in Java

I need to create a desktop application that will run third-party code, and I need to avoid third-party export code in any way (web, clipboard, file io) from the application.

Something like:

public class MyClass { private String protectedData; public void doThirdPartyTask() { String unprotedtedData = unprotect(protectedData); ThirdPartyClass.doTask(unprotectedData); } private String unprotect(String data) { // ... } } class ThirdPartyClass { public static void doTask(String unprotectedData) { // Do task using unprotected data. // Malicious code may try to externalize the data. } }

I'm reading about SecurityManager and AccessControler, but I'm still not sure what the best approach is for this.

What should I read about doing this implementation?

+1
source share
2 answers

First of all, you can hardly stop the leak of information on the local computer. Of course, you can restrict access to the network and even a lot of access to the file system, but there is nothing that could stop the gui from popping up a dialog box showing the information to the user on the screen, or any other 100 ways you could β€œleak out” , data.

Secondly, you continue to say that the policy file can be modified by the user. Yes. it looks like you are basically trying to recreate DRM. I would suggest reading DRM and general futility. This, in essence, boils down to giving someone a locked box and a key to the box and ordering them not to open it. If someone has physical access to your program, you can do almost nothing to prevent them from getting data from it, in java or almost any other programming language (at least not on computers, as they are built today) .

+2
source

The general approach is to run your jvm with a security policy that provides java.security.AllPermission to your codebase (i.e. jar) and no access rights to the third-party codebase. Below is the documentation on how to run the policy file and what to add to the specified file.

+1
source

More articles:


All Articles