No matter what type of security is implemented in the Java language, there will always be ways to attack an application or applet. To combat these weaknesses, it is up to the application designer to implement the security properly, with a lot of thought put into the design phase of development.

As a developer, you are probably interested in protecting users of your application from damage by your application. However, you are just as interested in securing your Java code from outside attacks. Many of these attacks are difficult to anticipate. A denial-of-service (DoS) attack is a broad area of attack that can affect any publicly available service. It doesn't even have to be computer-related! For example, 911 lines periodically experience denial of service from nuisance callers tying up the lines without any real emergency.

Another type of attack is the Trojan horse, in which a piece of code is transported into a system usually by claiming to do something else and wreaking havoc. As a developer, this type of attack can only affect your application if the application can accept code from others. With technologies such as RMI, the possibility of code insinuating itself on your server is a definite possibility, as we shall see.