Epilogue

The authors believe that Java provides a powerful tool with which to create secure computer systems. This security does not depend on the underlying operating system; indeed, insecure PC operating systems will benefit, while secure operating systems like MVS and UNIX will have their security enhanced, using the same portable software as that on the PC. Java is sufficiently secure to allow other software to be run safely, even if it came from a dubious source.

This security depends on vigilance by the users, in ensuring that the software that they must trust does not contain any loopholes, and is correctly configured. Undoubtedly, Java flaws will continue to emerge and so continuing vigilance is needed.

The most publicized (and hence quickly fixed) flaws have appeared in the Java virtual machine. We believe that the next generation of flaws will appear in situations where Java is working together with other types of client executable content. For example, it is now very common to find Web pages that use a bewildering mixture of technologies - Java, JavaScript, ActiveX, Macromedia Shockwave and other plug-ins, dynamic HTML, and so on. Each of these works within its own zone of protection, which may overlap but are not identical. The wily cracker can take advantage of this fact to bypass the restrictions of one technology by exploiting another. Fixes for this type of exploit will probably not appear so quickly, because each component may be working correctly on its own terms.

Signed content (all types of content, not just Java) offers one solution to these problems, by guaranteeing the trustworthiness of its source. But there are dangers here also. Cryptography is not a simple subject and it is important to mask complexity from the end user. At the time of writing, the variety of different approaches to signed content reflects the difficulty of doing this. We hope that a consistent approach will soon emerge. One area that merits attention is the question of how to warn the user that some component of a Web page wants to perform some potentially dangerous function. The problem is that the user becomes "click-happy." When confronted by an endless sequence of dialog boxes warning of one thing or another, it is too easy to just keep clicking "OK." We need a method that makes it clear that, for example, a request by a Java applet to read environmental information is potentially an order of magnitude less dangerous than allowing an ActiveX control to run.

Java, because of its unique design, offers many safety and security advantages over alternative approaches. In this book we have illustrated this fact and, we hope, given you some insight into how to create secure Java applications, how to protect Java assets, and how to use Java securely.