THE WHATIS.COM WORD-OF-THE-DAY January 28, 2004 sandbox ______________________ SPONSORED BY: Smart CRM
Today, it's about smarter CRM. And that's exactly why SearchCRM.com and Peppers & Rogers Group have joined forces to bring you the industry's definitive CRM conference that delivers on both the promise and challenges of enterprise CRM. Attend the Smart CRM conference in Atlanta, GA, February 11 - 13, and go home with tested CRM solutions and critical tips and techniques from the industry's leading independent experts, analysts, and the top principals from the Peppers and Rogers Group. Confirm your registration today and save $1,495. http://searchCRM.com/r/0,,19798,00.html?track=NL-34 ______________________ TODAY'S WORD: sandbox See our complete definition with hyperlinks at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci283994,00.html?track=NL-34 Using the Java programming language and development environment, the sandbox is the program area and set of rules that programmers need to use when creating Java code (called an applet) that is sent as part of a page. Since a Java applet is sent automatically as part of the page and can be executed as soon as it arrives, the applet can easily do harm, either accidentally or as the result of someone with malicious intent, if it is allowed unlimited access to memory and operating system services. The sandbox restrictions provide strict limitations on what system resources the applet can request or access. Essentially, the programmer must write code that "plays" only within the sandbox, much as children are allowed to make anything they want to within the confined limits of a real sandbox. The sandbox can be conceived as a small area within your computer where an applet's code can play freely - but it's not allowed to play anywhere else. The sandbox is implemented not only by requiring programmers to conform to certain rules but also by providing code checkers. The Java language itself provides features such as automatic memory management, garbage collection, and the checking of address ranges in strings and arrays that inherently help to guarantee safe code. In addition, Java includes a compiled code (Java's compiled code is known as bytecode) verifier that guarantees adherence to certain limitations. Java also provides for a local name space within which code may be restricted. The Java virtual machine (the layer that interprets the Java bytecode for a given computer platform) also mediates access to system resources and ensures that sandbox code is restricted. In the original sandbox security model, the sandbox code is generally known as untrusted code. In later versions of the Java Development Kit (JDK) - the programmer's development environment - the sandbox has been made more sophisticated by introducing several levels of trust that the user can specify for sandbox code. The more trust the user allows, the more capability the code has to "play" outside of the sandbox. In the Java Development Kit 1.1 version, the concept of a signed applet was introduced. An applet accompanied by a digital signature can contain trusted code that will be allowed to execute if the signature is recognized by the client browser. In JDK 2.0, Java provides for assigning different levels of trust to all application code, whether loaded locally or arriving from the Internet. A mechanism exists to define a security policy that will be used to screen all code - whether signed or not - as it executes. __________________________ RELATED TERMS: Java http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci212415,00.html?track=NL-34 applet http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci211580,00.html?track=NL-34 garbage http://whatis.techtarget.com/definition/0,,sid9_gci212175,00.html?track=NL-34 bytecode http://whatis.techtarget.com/definition/0,,sid9_gci211722,00.html?track=NL-34 virtual machine http://whatis.techtarget.com/definition/0,,sid9_gci213305,00.html?track=NL-34 ______________________ SELECTED LINKS: Wiley's online version of "Securing Java" explains the original Java sandbox in the "Base Java Security Model: The Original Java Sandbox." http://www.securingjava.com/chapter-two/ Sun Microsystems provides more information about the sandbox in its discussion of the Java Security Archictecture. http://java.sun.com/products//jdk/1.2/docs/guide/security/spec/security-spec.doc1.html ______________________ TODAY'S TECH NEWS: LOTUSPHERE '04: COMFORTING THE DOMINO BASE Some Domino shops are breathing a bit easier after IBM Lotus assured them at Lotusphere that their existing investments are safe. http://searchdomino.techtarget.com/originalContent/0,289142,sid4_gci946253,00.html?track=NL-34 WORM OPENS TWO BACKDOORS, LOGS KEYSTROKES A variant of the Dumaru worm has been found. This version opens a pair of back doors and logs keystrokes before mailing them to the worm writer. http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci946167,00.html?track=NL-34 RFID GRABS APPSWORLD HEADLINES Oracle Corp. will announce new RFID technology and enhancements to its E-Business suite at this week's AppsWorld event in San Diego. http://searchoracle.techtarget.com/originalContent/0,289142,sid41_gci946255,00.html?track=NL-34 >> Catch up on all the latest IT news at http://searchtechtarget.techtarget.com?track=NL-34 ______________________ SECRET WORD-OF-THE-DAY | What is IT? A place where reason comes and goes? In computers, there are seven of these, the basic building blocks of a digital circuit: AND, OR, XOR, NOT, NAND, NOR, and XNOR. Do you think you know the Secret Word? Click this URL and see if you're right! http://whatis.techtarget.com/definition/0,,sid9_gci213512,00.html?track=NL-34 ______________________ QUIZ #25 | Security Attacks How much do you know about security attacks? Take this week's quiz and find out! http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci813585,00.html?track=NL-34 ______________________________ RECENT ADDITIONS AND UPDATES [1] near-line storage http://searchstorage.techtarget.com/sDefinition/0,,sid5_gci944832,00.html?track=NL-34 [2] up-sell http://searchcrm.techtarget.com/sDefinition/0,,sid11_gci942967,00.html?track=NL-34 [3] Faraday cage http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci942282,00.html?track=NL-34 [4] business metric http://searchcrm.techtarget.com/sDefinition/0,,sid11_gci940481,00.html?track=NL-34 [5] DomainKeys http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci944600,00.html?track=NL-34 ____________________________________________________________________ ::::::::::::::::::: WHATIS.COM CONTACTS ::::::::::::::::::: MARGARET ROUSE, Site Editor ([EMAIL PROTECTED]) IVY WIGMORE, Consulting Editor ([EMAIL PROTECTED]) LOWELL THING, Consulting Editor and Founder ([EMAIL PROTECTED]) GABRIELLE DERUSSY, Advertising ([EMAIL PROTECTED]) ::::::::::::::::::::: ABOUT THIS NEWSLETTER :::::::::::::::::::::: This e-newsletter is published by WhatIs.com, a targeted Web site from TechTarget, the most targeted IT media and events company. TechTarget offers magazines, Web sites, e-newsletters, Webcasts and conferences for enterprise IT professionals. Copyright 2004 TechTarget. All rights reserved. _____________________________________________________________________ To unsubscribe from "Word of the Day": Go to unsubscribe: http://WhatIs.com/u?cid=475628&lid=430801&track=NL-34 Please note, unsubscribe requests may take up to 24 hours to process; you may receive additional mailings during that time. A confirmation e-mail will be sent when your request has been successfully processed. Contact us: WhatIs Member Services 117 Kendrick Street, Suite 800 Needham, MA 02494
