Security in Java Applets and Active X Controls
“You can’t stop the wind. But you can build windmills”.
The use of small programs such as Java applets and Active-X controls in Web pages is steadily increasing. These programs enable users to enhance pages with advanced functions, which script or HTML are not capable of. In today’s Oxygen3 24h-365d we are going to look at the methods used by such technologies to avoid security problems.
The ability of a Web page to download and run a program creates the need to adopt security measures to prevent hackers from spreading viruses through Web pages or sending e-mail viruses in HTML format. For this reason, Java applets and Active-X controls have built-in security measures that protect your PC, but each has its own approach.
Java applets base their security on a concept known as sandbox, or a virtual environment that isolates the applet from the rest of the system, preventing it from carrying out actions considered potentially dangerous. The sandbox prevents Java applets from writing to the hard disk and reading or sending data indiscriminately from the system.
On the other hand, Active-X controls do not restrict the functionality of applications and can carry out any type of action in the system. Its security mechanism is based on digital signatures, giving the user and system the option to decide if a particular program should be run, depending on the reliability of the certificates of origin. For example, when an Active -X control is approved by Internet Explorer it is opened automatically, because your system recognizes it as a trustworthy source. If the site is not certified as a trustworthy source, the user will receive an alert and the user will decide if the Active-X control will be run or not.