sandbox
Home > Security Definitions - Sandbox
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

sandbox

Show me everything on Software Development Methodology

DEFINITION - Using the Java programming language and development environment, the sandbox is the program area and set of rules that programmers need to use when creating Java code (called an applet) that is sent as part of a page. Since a Java applet is sent automatically as part of the page and can be executed as soon as it arrives, the applet can easily do harm, either accidentally or as the result of malicious intent, if it is allowed unlimited access to memory and operating system services. The sandbox restrictions provide strict limitations on what system resources the applet can request or access. Essentially, the programmer must write code that "plays" only within the sandbox, much as children are allowed to make anything they want to within the confined limits of a real sandbox. The sandbox can be conceived as a small area within your computer where an applet's code can play freely - but it's not allowed to play anywhere else.

The sandbox is implemented not only by requiring programmers to conform to certain rules but also by providing code checkers. The Java language itself provides features such as automatic memory management, garbage collection, and the checking of address ranges in strings and arrays that inherently help to guarantee safe code. In addition, Java includes a compiled code (Java's compiled code is known as bytecode) verifier that guarantees adherence to certain limitations. Java also provides for a local name space within which code may be restricted. The Java virtual machine (the layer that interprets the Java bytecode for a given computer platform) also mediates access to system resources and ensures that sandbox code is restricted.

In the original sandbox security model, the sandbox code is generally known as untrusted code. In later versions of the Java Development Kit (JDK) - the programmer's development environment - the sandbox has been made more sophisticated by introducing several levels of trust that the user can specify for sandbox code. The more trust the user allows, the more capability the code has to "play" outside of the sandbox. In the Java Development Kit 1.1 version, the concept of a signed applet was introduced. An applet accompanied by a digital signature can contain trusted code that will be allowed to execute if the signature is recognized by the client browser.

In JDK 2.0, Java provides for assigning different levels of trust to all application code, whether loaded locally or arriving from the Internet. A mechanism exists to define a security policy that will be used to screen all code - whether signed or not - as it executes.

Learn more about Software Development Methodology
Quiz: How to build secure applications: Use this five-question quiz to test your knowledge of how to secure your enterprise apps.
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Attacks targeted to specific applications: This is the fourth tip in our series, "How to assess and mitigate information security threats".
Architectural Risk Analysis: Traditional Risk Analysis Terminology
SAP Security Learning Guide: This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system ...

CONTRIBUTORS: Paul Thompson, Tselly
LAST UPDATED: 30 Jan 2004

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- Sun Microsystems provides more information about the sandbox in its Java Security Architecture .
- Wiley's online version of Securing Java explains the original Java sandbox in The Base Java Security Model: The Original Applet Sandbox .





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Quiz: How to build secure applications
Use this five-question quiz to test your knowledge of how to secure your enterprise apps.
How to detect software tampering
In their book Surreptitious Software, authors Christian Collberg and Jasvir Nasvir reveals how to tamperproof your software and make sure it...
Developers Need Help with Security Errors
SQL injection attacks continue to plague Web applications. Companies need to invest in technology and education to hold off hackers.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bypass  (SearchSecurity.com)
Common Weakness Enumeration  (SearchSecurity.com)
Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software... (Continued)




Get More sandbox Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts