Among the computer languages in existence, the Java 2 platform is without a doubt the most secure. It was originally developed with the Web in mind, and much thought about security was put into the design right from the start. This section discusses the basic security model, including the extended sandbox mechanism for restricting Java 2 applets. Any Java operation is treated with extreme suspicion by the Java language if it can possibly do damage to a system. More specifically, Webcapable operations such as connecting to another server are treated with suspicion. The Java language is capable of protecting both the user and the host of an application from harm, which was no small feat for the Java designers.

Other languages and development tools, such as ActiveX, are not as secure because they run in the native language on a PC and after they begin executing, they have access to all resources on your system. Security for ActiveX seems to be implemented as a reaction to security breaches rather than designed into the architecture right from the start.

There are basically five goals for any complete security architecture:

• Containment Preventing dangerous operations from occurring on a client system. Some operations are like chemicals in a lab: useful but dangerous. Operations such as writing to the disk, deleting files, and sending information over a network are potentially dangerous and need to be controlled and contained.

• Authorization Authorization means allowing different levels of access...