Definition

sandbox

1). In general, a sandbox is an isolated computing environment used by software developers to test new programming code.

2). In a Java programming language and development environment, the sandbox is the program area and set of rules that programmers need to use when creating Java code (called an applet) that is sent as part of a page. Since a Java applet is sent automatically as part of the page and can be executed as soon as it arrives, the applet can easily do harm, either accidentally or as the result of malicious intent, if it is allowed unlimited access to memory and operating system services. The sandbox restrictions provide strict limitations on what system resources the applet can request or access. Essentially, the programmer must write code that "plays" only within the sandbox, much as children are allowed to make anything they want to within the confined limits of a real sandbox. The sandbox can be conceived as a small area within your computer where an applet's code can play freely - but it's not allowed to play anywhere else.

The sandbox is implemented not only by requiring programmers to conform to certain rules but also by providing code checkers. The Java language itself provides features such as automatic memory management, garbage collection, and the checking of address ranges in strings and arrays that inherently help to guarantee safe code. In addition, Java includes a compiled code (Java's compiled code is known as bytecode) verifier that guarantees adherence to certain limitations. Java also provides for a local name space within which code may be restricted. The Java virtual machine (the layer that interprets the Java bytecode for a given computer platform) also mediates access to system resources and ensures that sandbox code is restricted.

In the original sandbox security model, the sandbox code is generally known as untrusted code. In later versions of the Java Development Kit (JDK) - the programmer's development environment - the sandbox has been made more sophisticated by introducing several levels of trust that the user can specify for sandbox code. The more trust the user allows, the more capability the code has to "play" outside of the sandbox. In the Java Development Kit 1.1 version, the concept of a signed applet was introduced. An applet accompanied by a digital signature can contain trusted code that will be allowed to execute if the signature is recognized by the client browser.

In JDK 2.0, Java provides for assigning different levels of trust to all application code, whether loaded locally or arriving from the Internet. A mechanism exists to define a security policy that will be used to screen all code - whether signed or not - as it executes.

Contributor(s): Paul Thompson, Tselly
This was last updated in September 2005
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: