Sun Microsystems developed the Java programming language and architecture in 1995. Since then, it has become a valuable and integral part of the evolution of the Internet. Paul provided a great list for Java Application examples that should prove very helpful to developers, and Karl provided a useful guide on how to remove older versions of the JRE from your system.
In this article, I’d like to take a moment to reflect upon the reasons Java is considered one of the most trusted architectures for developing and running applications over the Internet and cover a little bit about how Java applets work. As most readers may know, the beauty of Java is that the Java Virtual Machine architecture allows Java to run on multiple platforms – including Windows, Solaris, Linux and Apple. The ability to write common applications that can run on multiple architectures makes Java one of those web programming models that have survived and flourished for over a decade and a half.
Why You Can Install & Run Java Software Anywhere
The reason Sun’s model worked so well is, in part, because of the fact that it was created to overcome one of the many drawbacks of the early Internet. Few very “useful” applications could run over the Internet because of all of the security concerns in allowing an Internet based application with access to the browsers settings and information – or worse, the computer’s file system and operating system. Early architecture developers realized that for any web software environment to survive, it would need to take those security considerations very seriously.
Before we get to security, I’d like to briefly cover the architecture itself and what made the system so effective and powerful for both software developers and Internet users who wanted more useful and functional web applications.
If you take a look at my poor attempt at drawing above, you’ll see a rough representation of the Java program flow. Essentially, Java developers write an application. I’m focusing on Java Applets, because this is about Internet apps – local Java applications are a whole different beast with their own unique considerations.
Developers create Java Applet code that can get embedded into any web page. Whether you’re running Ubuntu, Mac or Windows, when you launch that applet with your particular browser version, the Applet attempts to run within it’s “sandbox” known as the Java Runtime Environment or Java Machine. I found some cool, simple examples of how Java applets work, created by Joseph Bergin of Pace University in 1996.
As you can see, this simple application accepts user input, and responds to that input by sorting random points in the manner chosen. This application accepts the Java Code and converts it into machine readable code that’s appropriate for that particular operating system so that the mouse, display and other system functions work correctly with that application.
As you can see from his background code, Java is an object oriented language, with classes and objects that are common for all Java developers. This is the beauty of Java development – the platform you’re writing for doesn’t matter, because everyone speaks the same language.
Java is now an application runtime platform that is becoming more accepted and “standard” throughout the world, and it is one of the most popular programming languages chosen for online application development. You can install the latest JRE for your operating system anytime.
Security Concerns & Why You Should Feel Safe
The entire Java layout was developed with user security in mind. Sun developers wanted to structure the JRE and the language in a way that, while not impossible to hack, would be much more difficult. In recent years we’ve all heard some nightmare accounts of ActiveX viruses and the like, but Java remains at the top of the list for most businesses and corporate environments as one of the safest methods to run web apps within a browser. Most corporations leave Java enabled in their browsers, and most client machines are installed with the latest JRE.
When you run a Java Applet, or just install the JRE, you’ll notice the Java icon show up in your taskbar. When you see this, you know that you have Java installed. To check the version, just right click, open the Control Panel and select “About…”
This runtime environment, or “sandbox” protects your computer from malicious code, simply by the way the functionality was developed and the language was structured. Some of the safety considerations you can count on when you’re allowing Java in your browser, and installing the JRE on your system are as follows.
- Java has public methods which developers can utilize, but these common methods have security checks that ensure they are not being used improperly by the application. This means that access to many objects (such as the File object) have a certain “security checkpoint” process before any application can access that public method within the Java library.
- Java is considered “type safe,” meaning that the compile and runtime variable types are compatible – verified at compile or runtime. This blocks malicious code that attempts to get around access control safeguards by “casting” objects. All this means is that Java has removed the ability of another entire class of Malware and Virus software to cause problems.
- Developers declare methods as “final,” which means that outside applications (such as malicious softare) can’t override methods – only the actual declared method is invoked for the object. Another security crack sealed up by Java.
- Finally, while it’s a thorn in the side of many developers, Java does not allow pointers as a data type. While this means developers need to develop other ways to accomplish tasks where they would use pointers, it also means that array pointers can not be manipulated – nor can programmers accidentally overrun an array length with faulty code. Malicious apps can not take advantage of pointer arithmetic to get access to system object pointers, because there is no pointer to manipulate.
- Java has its own “garbage collection” to recover memory, thereby blocking the ability for malicious code to allocate memory for one purpose, de-allocate it and then use it (with a new pointer) for malicious purposes. Again – an entire class of malicious code is blocked because of this.
If you’re not a programmer, then all of the above information should simply reassure you that the Java approach to running web applications is one of the safest available. You can feel fairly confident running the JRE on your system and launching Java applets.
One more thing to understand when you run Java Applets is when you’re asked whether you want to provide a “trusted certificate.” Accept these requests carefully, because once you do, the Java Code can run somewhat outside its normal Applet “sandbox.” You can access what certificates you have as trusted by going in the Java Control Panel and clicking on the security tab, and then clicking on “Certificates…”
Unsigned Applets can only make network connections back to their host, display web documents, invoke only public methods (see the security benefit listed above) and they can read system properties. Signed Applets, on the other hand, can access the local filesystem, files, clipboard and printers and they can access other remote servers, and much more. Even so, the fact that the user (you) has to explicitly grant such permission is a nice safeguard. I recognized every app on my list – nothing gets added automatically.
Are you a Java developer? What’s your opinion of the functionality and security of Java applets? If you’re just a regular Internet user, and not a developer, do you consider the process of running Java applets easy enough to understand? Share your thoughts in the comments section below.