Wednesday, October 15, 2008

Java Security Model Fail

Java 2 was introduced in 1999, along with its revolutionary security model.

There was just one problem: nobody wanted to use it.

It's been almost 10 years since its introduction, and even though there were nice extensions like JAAS, I don't remember ever seeing applications that were, in fact, relying on Java security model.

Part of the problem, of course, was the fact that it was a pain in the neck to implement. Parts of the implementation were working outside of the security manager, and the bootstrap was neckbreaking. By the time I abandoned attempts to use Java security model (about 2003, having grokked it fully by then) because none of my employers were willing to support it, there were no available common sense implementations such as LDAP security manager, and anything more complicated than a policy file was out of question because you needed to implement it first. I believe this greatly contributed to the overall failure of the security model - Sun should have paid more attention and provided at least basic implementations.

Another part is a perceived performance degradation. Sure there is some, but there is also total absence of hard proof, which, in turn, is caused by total absence of visible implementations that actually used the security manager... Hence, I call bs until I see the actual hard statistics (not that I'm holding my breath for that).

This, however, is complicated by the fact that if you can really compare the performance of a system with the security manager and without one, that'll mean you're doing it wrong. Security manager is much more than simply checking for access, that'll be like using the microscope to hammer nails. Properly using security manager means that it is completely integrated into your application and is an integral part of it.

But I don't think this is happening or will ever happen, except for maybe a few niche products.

Too bad, it was a good start.


Update: To be fair, all above is pertinent only to a part of what is declared to comprise the security model today, namely, Authentication and Access Control. Other parts either didn't exist, or weren't officially the part of the security model at the time.

No comments:

Post a Comment