Developing security applications with Java
How can I develop a security application using Java, and what features can I give to my application thru it? Are there any other tools I can use to develop security applications?
Like many questions on how to do something, it's hard to know how to
answer, because I really don't know what you're trying to do. So let me
help as best as I can.
Java is a marvelous language for writing security applications in. While Java gets more press for being a client-application language (like Java applets in Web browsers), it's much better as a *server* development language.
Java offers some features that make for writing good security systems. In particular, threading is built into the language. Java also has a garbage collector and checks all memory references for arrays, strings and the like.
These features come at a performance cost, but they may be worth it.
Software engineering mavens estimate that one-third of all bugs come from improper memory allocation and de-allocation and that another third come from buffer overflows. Eliminating those bugs is worth a lot.
As a side note, I'll mention that you can still run off the end of an array in Java, just like you can in C, but your program will take an exception instead of merrily destroying itself. Similarly, you can still consume all available memory in your computer when you use Java, but you don't have the sort of memory leak that occurs because you forgot to de-allocate something.
Also, with the new JIT compilers and runtime systems, Java servers can be quite fast. One network processing system I worked on has shown sustained processing of network packets at nearly 800 per second for over an hour. That is the one-hour average, to make things clearer. This was also on a Pentium 3 550MHz machine!
Here are some resources that may help you in your quest:
* Securing Java: Getting Down to Business with Mobile Code, Second Edition
by Gary McGraw, Edward W. Felten; John Wiley & Sons; ISBN: 047131952X
* Java Security Handbook
by Jamie Jaworski, Paul Perrone; Sams; ISBN:
* JAVA 2 Network Security
by Marco Pistoia, Duane F. Reller, Deepak
Gupta, Milind Nagnur, Ashok Ramani; Prentice Hall; ISBN: 0130155926
* Java Security
by Scott Oaks; O'Reilly & Associates; ISBN: 1565924037
* Java Cryptography
by Jonathan Knudsen; O'Reilly & Associates; ISBN:
* Inside Java 2 Platform Security: Architecture, API Design and
by Li Gong; Addison-Wesley Pub Co; ISBN: 0201310007
This was first published in May 2001