Добавлен: 08.07.2023
Просмотров: 36
Скачиваний: 2
Name System (DNS). An attacker using his own DNS server can create an incorrect DNS link to force the Java system to assume that the applet is allowed to connect to a computer to which it does not have the right to connect. The bug was fixed in Netscape Navigator 2.01 and JDK 1.0.1.
David Hopwood discovered that by downloading applets from 2 different WWW servers, a hacker could violate the Java Virtual Machine namespace . This allows you to convert variable types to each other, convert integers to links, etc. As a result, the applet can read and write local files, execute machine code. Without any problems, a file can be created on UNIX. rhosts . This error manifests itself, at least in HotJava , the code can be written entirely in Java and be platform independent .
In real versions of Java , tricks are possible with calling the constructor of the superclass, as a result of which this call may be skipped. This is due to the algorithm that the Java interpreter is currently using . Possible ways to do this:
-super inside try.
-super inside if.
- cathcer / thrower.
JavaScript - this is built into the Netscape navigator . From time to time, the Netscape navigator detected security issues with JavaScript , which Netscape periodically fixes in newer versions of the navigator. Andy Augustine in its JavaScript FAQ describes the following problems: 1) Read custom URL history - fixed in Netscape 2.0.
2) Read custom URL cache - fixed in Netscape 2.0.
3) Reading a user e- mail address and transmitting it over the Internet is fixed in Netscape 2.01.
4) Getting recursive file system table of contents - fixed in Netscape 2.01.
5) Opening a 1-pixel window, receiving the URL of open documents and transferring them to a remote server. This is a common network graphics system problem with a long history. Users of x- windows who run the ` xhost +` command without arguments may encounter someone else's invisible window that transmits user input over the Internet to the hacker.
In order to work with Java and JavaScript applications without security problems it is recommended:
-Do not use older versions of WWW clients that support Java and JavaScript . Web client manufacturers fix their programs if a new security bug is discovered.
-Follow the current state of affairs with Java and Javascript security . Javasoft has a Java and security page . In netscape has a similar page about JavaScript . Each manufacturer of the web client has a security page on its server.
In conclusion, a few general rules that will help you avoid many problems.
1.When creating a web server, use a reliable product. Use a web server that suits your needs, not necessarily the most comprehensive and fashionable.
2. Read the server documentation. Deficiencies in the configuration often create security problems than errors in the server itself.
3. Do not forget about the SSL protocol when it comes to commercial information.
4. Take care of the security of CGI applications, as these are parts of the server itself. Do not forget to check other people's CGI applications if you have a multi-user server.
5. Do not use older versions of Web clients that support Java and JavaScript . Keep for updates.
4. Conclusion
In this paper, I examined the problems of information security in the global Internet . This problem has been and remains relevant to this day, since no one can guarantee one hundred percent that your information will be protected or a virus will not get into your computer. The urgency of this problem is also confirmed by the fact that a huge number of pages on the Internet are devoted to it . However, most of the information is in English, which makes it difficult to work with it. Of course, in this paper, only part of the problem is considered (for example, information protection with the help of firewalls (firewalls) is not considered). Studies have shown that the developed many ways to protect information: access control, password protection, data encryption itp . However, despite all this, we still hear about hackers breaking into various servers and computer systems. This suggests that the problem of information security has not yet been resolved and a lot of time and effort will be spent on its solution.