appa.html

jdbc书

into using a different identity than intended or prevent applications 
from finding a particular identity.

<P>
<STRONG>addIdentityCertificate</STRONG>:
This target grants permission to add a certificate for an
<CODE>Identity</CODE> object. Granting this permission allows
attackers to set a certificate for an 
identity's public key making the public key trusted to a wider
wider audience than originally intended.

<P>
<STRONG>removeIdentityCertificate</STRONG>:
This target grants permission to remove a certificate for
an <CODE>Identity</CODE> object.
Granting this permission allows attackers to remove a
certificate for an identity's public key. This could be
dangerous because public key suddenly
becomes considered less trustworthy than it otherwise would be.

<P>
<STRONG>printIdentity</STRONG>:
This target grants permission to print out the name of a principal, 
the scope in which the principal is used, and whether the
principal is considered <EM>trusted</EM> in that scope.
The printed scope could be a filename, in which case
it might convey local system information. For example, here is a sample
printout of an identity named <EM>carol</EM>, who is
marked not trusted in the user's identity database:<P>
carol[/home/luehe/identitydb.obj][not trusted].

<P>
<STRONG>clearProviderProperties.{provider name}</STRONG>
This target grants permission to clear a <CODE>Provider</CODE>
object so it no longer contains the properties
used to look up services implemented by the provider.
Granting this permission disables the lookup of services
implemented by the provider. This could change the behavior
or disable execution of other
parts of the program that would normally utilize the Provider, as
described under the <CODE>removeProvider.{provider name}</CODE>
permission above.

<P>
<STRONG>putProviderProperty.{provider name}</STRONG>:
This target grants permission to set properties for the
specified provider.  
The provider properties each specify the name and location
of a particular service implemented by the provider. Granting
this permission allows code to replace the service specification
with another one with a different implementation and could
be dangerous if the new implementation has malicaious code.

<P>
<STRONG>removeProviderProperty.{provider name}</STRONG>:
This target grants permission to remove properties from the
specified provider. Granting this permission disables the lookup
of services implemented by the provider making them inaccessible. 
Granting this permission to malicious code could allow the
malicious code to change the behavior or disable execution 
of other parts of the program that would normally utilize the 
<CODE>Provider</CODE> object, as described under the 
<CODE>removeProvider.{provider name}</CODE> permission above.

<P>
<STRONG>getSignerPrivateKey</STRONG>:
This target grants permission to retrieve the private key of a
<CODE>Signer</CODE> object. Private keys should always be kept secret. 
Granting this permission could allow malicious code to use the 
private key to sign files and 
claim the signature came from the <CODE>Signer</CODE> object.

<P>
<STRONG>setSignerKeyPair</STRONG>:
This target grants permission to set the public and private key pair
for a <CODE>Signer</CODE> object. Granting this permission could allow
an attacker to replace the target's key pair with a possibly weaker
(smaller) key pair. This would also allow an attacker to listen in on encrypted
communication between the target and its peers. The target's peers
might wrap an encryption session key under the target's <EM>new</EM> public
key, which would allow the attacker (who possesses the corresponding
private key) to unwrap the session key and decipher the communication
data encrypted under that session key.

<A NAME="SerializablePermission"></A>
<H3>SerializablePermission</H3>

<code>java.io.SerializablePermission</code> grants access
to serialization operations. The possible targets are listed by name
with no action list. 

</FONT>

<PRE>
grant {
  permission java.io.SerializablePermission 
	"enableSubclassImplementation";
  permission java.io.SerializablePermission 
	"enableSubstitution";
};
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<STRONG>enableSubclassImplementation</STRONG>:
This target grants permission to implement a subclass of
<CODE>ObjectOutputStream</CODE> or <CODE>ObjectInputStream</CODE> 
to override the default serialization or deserialization 
of objects. Granting this permission could allow code to use this to
serialize or deserialize classes in a malicious way. For example,
during serialization, malicious code could store confidential private 
field data in a way easily accessible to attackers; or, 
during deserialization malicious code could deserialize 
a class with all its private fields zeroed out.

<P>
<STRONG>enableSubstitution</STRONG>:
This target grants permission to substitute one object for another
during serialization or deserialization. Granting this permission
could allow malicious code to replace the actual object with one that
has incorrect or malignant data.

<A NAME="SocketPermission"></A>
<H3>SocketPermission</H3>

The <code>java.net.SocketPermission</code> permission grants access
to  a network by way of sockets. The target is a host name and
port address, and the action list specifies ways to
connect to that host. Possible connections are <CODE>accept</CODE>,
<CODE>connect</CODE>, <CODE>listen</CODE>, and <CODE>resolve</CODE>.

<p>
This policy file entry allows
a connection to and accepts connections on port 7777 on
the host <CODE>puffin.eng.sun.com</CODE>.

</FONT>

<PRE>
grant {
  permission java.net.SocketPermission
        "puffin.eng.sun.com:7777", 
	"connect, accept";
};
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

This policy file entry allows connections to, accepts
connections on, and listens on any port between 1024 and 65535 on
the local host.

</FONT>

<PRE>
grant {
  permission java.net.SocketPermission
        "localhost:1024-", 
	"accept, connect, listen";
};
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">


<P>
The host is expressed with the following syntax
as a DNS name, as a numerical IP address,
or as <CODE>localhost</CODE> (for the local machine).
The asterisk (<CODE>*</CODE>) wild card can be included once in a
DNS name host specification. If included, it must be in the left-most
position, as in <CODE>*.sun.com</CODE>.

</FONT>

<PRE>
  host = (hostname | IPaddress)[:portrange]
  portrange = portnumber | -portnumber | 
	portnumber-[portnumber]
</PRE>

<FONT FACE="Verdana, Arial, Helvetica, sans-serif">

<p>
The port or port range is optional. A port specification of the 
form <CODE>N-</CODE>, where <CODE>N</CODE> is a port number, means all 
ports numbered <CODE>N</CODE> and above, while a specification of the
form <CODE>-N</CODE> indicates all ports numbered <CODE>N</CODE> 
and below.

<P>
The <CODE>listen</CODE> action is only meaningful when used with
<CODE>localhost</CODE>, and the <CODE>resolve</CODE>
(resolve host/ip name service lookups) action is implied
when any of the other actions are present.

<P>
Granting code permission to accept or make connections to remote
hosts may be dangerous because malevolent code can more easily
transfer and share confidential data among parties that might not
otherwise have access to the data.

<BLOCKQUOTE>
<HR>
<STRONG>Note:</STRONG> On Unix platforms, only root is normally
allowed access to ports lower than 1024.
<HR>
</BLOCKQUOTE>


<P ALIGN="RIGHT">
<FONT SIZE="-1">[<A HREF="#top">TOP</A>]</FONT>

<P>
_______<BR>
<A NAME="TJVM"><SUP>1</SUP></A> As used on this web site, 
the terms &quot;Java virtual 
machine&quot; or &quot;JVM&quot; mean a virtual machine 
for the Java platform.

</FONT>
</TD>
</TR>
</TABLE>




<!-- ================ -->
<!-- End Main Content -->
<!-- ================ -->

</TD>
</TR>
</TABLE>

<!-- Copyright Insert -->

<BR CLEAR="ALL">

<FORM ACTION="/cgi-bin/search.cgi" METHOD="POST">
<TABLE WIDTH="100%" CELLPADDING="0" BORDER="0" CELLSPACING="5">   
  <TR>
    <TD VALIGN="TOP">
	
    <P ALIGN=CENTER>
    <FONT SIZE="-1" COLOR="#999999" FACE="Verdana, Arial, Helvetica, sans-serif">
    [ This page was updated: <!-- new date --> 13-Oct-99 ]</font></P>
    </TD>
  </TR>
  
  <TR>
    <TD BGCOLOR="#CCCCCC">
    <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
  </TR>
  
  <TR>
    <TD>
    <CENTER>
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <A HREF="http://java.sun.com/products/">Products &amp; APIs</A> | 
    <A HREF="/developer/index.html">Developer Connection</A> | 
    <A HREF="/developer/infodocs/index.shtml">Docs &amp; Training</A> | 
    <A HREF="/developer/support/index.html">Online Support</A><BR>
    <A HREF="/developer/community/index.html">Community Discussion</A> |
    <A HREF="http://java.sun.com/industry/">Industry News</A> | 
    <A HREF="http://java.sun.com/solutions">Solutions Marketplace</A> | 
    <A HREF="http://java.sun.com/casestudies">Case Studies</A>
    </FONT>
    </CENTER>
    </TD>
  </TR>
  
  <TR>
    <TD BGCOLOR="#CCCCCC">
    <IMG SRC="/images/pixel.gif" HEIGHT="1" WIDTH="1" ALT=""></TD>
  </TR>

  <TR>
    <TD ALIGN="CENTER">
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <A HREF="http://java.sun.com/docs/glossary.html">Glossary</A> - 
    <A HREF="http://java.sun.com/applets/">Applets</A> - 
    <A HREF="http://java.sun.com/docs/books/tutorial/">Tutorial</A> - 
    <A HREF="http://java.sun.com/jobs/">Employment</A> - 
    <A HREF="http://java.sun.com/nav/business/">Business &amp; Licensing</A> - 
    <A HREF="http://java.sun.com/javastore/">Java Store</A> -
    <A HREF="http://java.sun.com/casestudies/">Java in the Real World</A>
    </FONT>
    </TD>
  </TR>

  <TR>
    <TD>
    <CENTER>
    <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
    <a href="/siteinfo/faq.html">FAQ</a> |
    <a href="/feedback/index.html">Feedback</a> | 
    <a href="http://www.dynamicdiagrams.net/mapa/cgi-bin/help.tcl?db=javasoft&dest=http://java.sun.com/">Map</a> | 
    <A HREF="http://java.sun.com/a-z/index.html">A-Z Index</A>
    </FONT>
    </CENTER>

    </TD>
  </TR>
  
  <TR>
    <TD>

    <TABLE WIDTH="100%" CELLPADDING="0" BORDER="0" CELLSPACING="0">
      <TR>
        <TD WIDTH="50%">
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        For more information on Java technology<BR>
        and other software from Sun Microsystems, call:<BR>
        </FONT>
        <FONT SIZE="-1" FACE="Verdana, Arial, Helvetica, sans-serif">
        (800) 786-7638<BR></FONT>
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        Outside the U.S. and Canada, dial your country's 
        <A HREF="http://www.att.com/business_traveler/attdirecttollfree/">AT&amp;T&nbsp;Direct&nbsp;Access&nbsp;Number</A> first.<BR>
        </FONT>
        </TD>

        <TD ALIGN="RIGHT" WIDTH="50%">
        <A HREF="http://www.sun.com"><IMG SRC="/images/lgsun.gif" width="64" height="30" border="0" ALT="Sun Microsystems, Inc."></A><BR>
        <FONT SIZE="-2" FACE="Verdana, Arial, Helvetica, sans-serif">
        Copyright &copy; 1995-99
        <A HREF="http://www.sun.com">Sun Microsystems, Inc.</A><BR>
        All Rights Reserved. 
        <a href="http://www.sun.com/share/text/SMICopyright.html">Legal Terms</a>. 
        <A HREF="http://www.sun.com/privacy/">Privacy&nbsp;Policy</A>.
        </FONT>
        </TD>
      </TR>
    </TABLE>
	
    </TD>
  </TR> 
</TABLE>
</FORM>

<!-- End Copyright Insert -->


</BODY>
</HTML>