The five tenets of security are containment, authentication, authorization, encryption, and auditing.

Security systems that are implemented at the JVM level are far less likely to contain holes than security implemented at the application level. When possible, try to use the security mechanisms provided in Java.

The sandbox mechanism with Java 2 allows fine-grained access to system resources.

Class-loaders are used for loading in classes from any byte-stream.

The bytecode verifier is used by the JVM to double-check the integrity of Java bytecode before running it.

Java protected domains allows fine-grained access to system resources.

Limit the number of transactions a client can perform on a server. This can be done by providing a single login account for each user.

Limit the number of threads that can be created on the server. If too many threads are in play, it should tell the user the system is busy rather than crashing.

Use an RMI Security Manager to restrict code from infiltrating your server as Trojan horses.

Message digests can be used to ensure data has not been changed.

Digital signatures can be used to identify entities on the Internet.

Encryption allows data to remain private, even when transferred over the Internet.