DOCSLIB.ORG

Oracle Database Programming Using Java and Web Services Oracle Database Related Book Titles

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Oracle Database Programming Using Java and Web Services Oracle Database Related Book Titles Oracle Database Programming Using Java and Web Services Oracle Database Related Book Titles: Oracle 9iR2 Data Warehousing, Hobbs, et al, ISBN: 1-55558-287-7, 2004 Oracle 10g Data Warehousing, Hobbs, et al, ISBN 1-55558-322-9, 2004 Oracle High Performance Tuning for 9i and 10g, Gavin Powell, ISBN: 1-55558-305-9, 2004 Oracle SQL Jumpstart with Examples, Gavin Powell, ISBN: 1-55558-323-7, 2005 Implementing Database Security and Auditing, Ben Natan, ISBN 1-55558-334-2, 2005 Oracle Real Applications Clusters, Murali Vallath, ISBN: 1-55558-288-5, 2004 Oracle 10g RAC Grid, Services & Clustering, Murali Vallath, ISBN 1-55558-321-0, 2006 For more information or to order these and other Digital Press titles, please visit our website at www.books.elsevier.com/digitalpress! At www.books.elsevier.com/digitalpress you can: •Join the Digital Press Email Service and have news about our books delivered right to your desktop •Read the latest news on titles •Sample chapters on featured titles for free •Question our expert authors and editors •Download free software to accompany select texts Oracle Database Programming Using Java and Web Services Kuassi Mensah AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Elsevier Digital Press 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA Linacre House, Jordan Hill, Oxford OX2 8DP, UK Copyright © 2006. Elsevier, Inc. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, e-mail: [email protected]. You may also complete your request on-line via the Elsevier homepage (http://elsevier.com), by selecting “Customer Support” and then “Obtaining Permissions.” Recognizing the importance of preserving what has been written, Elsevier prints its books on acid-free paper whenever possible. Library of Congress Cataloging-in-Publication Data Application Submitted. ISBN 13: 978 1-55558-329-3 ISBN 10: 1-55558-329-6 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. For information on all Elsevier Digital Press publications visit our Web site at www.books.elsevier.com 06 07 08 09 10 9 8 7 6 5 4 3 2 1 Printed in the United States of America To the memory of my mother and my father. To my loving wife, Gabrielle, and my wonderful sons, Gareth and Kenneth. This Page Intentionally Left Blank Contents Foreword xix Preface xxi Introduction xxv Server-Side Database Programming (Stored Procedures) xxvi Database Programming Using JDBC, SQLJ, and JPublisher xxviii Database Programming with Web Services xxix Putting Everything Together: The “All-You-Can-Eat Buffet” xxx Acknowledgments xxxi Part I: Java in the Database 1 1 Stored Procedures as Database Programming Model 3 1.1 Rationale for Stored Procedures 3 1.1.1 Simplifying Database Programming 3 1.1.2 Centrally Managed Data Logic 4 1.1.3 Performance: Run JDBC Applications Faster in the Database 4 1.1.4 Encapsulation 10 1.1.5 Security: Advanced Data Access Control 10 1.1.6 Resource Optimization 11 1.1.7 Low-Cost Deployment 11 1.1.8 Fully Utilize Database Capabilities 11 1.2 Obstacles to the Adoption of Stored Procedures 11 vii viii Contents 1.2.1 Lack of Portability across RDBMS Vendors 12 1.2.2 Scalability 12 1.2.3 Maintenance and Resilience to Schema Change 12 1.2.4 Hard to Debug 13 1.2.5 Weak Support for Complex Types 13 1.3 Languages for Stored Procedures 13 1.3.1 Proprietary Languages 13 1.3.2 Java for Stored Procedures 14 1.3.3 .NET Languages 18 1.4 PL/SQL or Java 19 1.4.1 PL/SQL and Java! 21 2 OracleJVM: Under the Hood 23 2.1 Design Goals and Architecture 23 2.1.1 Tight Integration with the RDBMS 24 2.1.2 J2SE Compatibility 24 2.1.3 How Is Java Stored in the Database? 25 2.1.4 Class Sharing 30 2.1.5 Interapplication Isolation (JSR 121) 32 2.1.6 Contrasting OracleJVM with the JDK VM 32 2.1.7 Resource Control 36 2.1.8 SQL Data Access from Java in the Database 37 2.1.9 DBMS_JAVA: The All-Purpose Tool for Administering OracleJVM 39 2.2 Java Memory Management 41 2.2.1 Key Memory Structures of the Oracle Database 42 2.2.2 Java Memory Allocation Techniques 43 2.2.3 Garbage Collection Techniques 44 2.2.4 Java Memory Areas 46 2.2.5 Shared Servers versus Dedicated Processes 49 2.2.6 The Javapool 52 2.2.7 Top-Level Calls and Recursive Calls 53 2.2.8 State Preservation across Calls and End-of-Call Migration 54 2.2.9 End-of-Call, VM Termination, and Session Termination 58 2.3 Security in OracleJVM 60 2.3.1 User Authentication 60 2.3.2 Database-Schema Security 61 2.3.3 Resolver Specification and Class-Resolution Security 62 2.3.4 Login-User and Effective-User Security 64 2.3.5 Java 2 Security 66 2.3.6 Java 2 Security in OracleJVM 68 Contents ix 2.3.7 OracleJVM Security Best Practices 79 2.3.8 JNI Calls 80 2.4 Java VM Life Cycle 80 2.4.1 OracleJVM Install, Uninstall, and Reinstall 80 2.4.2 Java VM Initialization and Termination 81 2.5 Java Execution in the Database 81 2.5.1 The OracleJVM Interpreter 82 2.6 The Native Java Compiler (NCOMP) 84 2.6.1 What Is NCOMP? 84 2.6.2 Requirements and Design Choices 85 2.6.3 The NCOMP Process 88 2.6.4 The NCOMP Command 88 2.6.5 The STATUSNC Command 92 2.6.6 Dumping Java Classes with NCOMP 96 2.6.7 NCOMP Configuration and Planning 96 2.6.8 NCOMP Performance Tips, Improper Use, and Troubleshooting 100 2.7 Conclusion 103 3 Developing and Running Java in the Database 105 3.1 Developing Java in the Database 105 3.1.1 Turning JDBC Applications into Java Stored Procedures 105 3.1.2 Creating or Loading Java in the Database 106 3.1.3 Removing Java Sources, Classes, and Resources from the Database 119 3.1.4 Setting/Querying Environment Variable and System Properties 120 3.1.5 The Java Compiler within the Database 124 3.2 Turning Java in the Database into Stored Procedures 126 3.2.1 Call Spec Types 127 3.3 Mapping SQL and PL/SQL Types to/from Java Types 135 3.3.1 Mapping Matrix 135 3.3.2 Code Segments for Mapping 140 3.4 Invoking Java in the Database 207 3.4.1 Setup 207 3.4.2 Invoking Java in the Database Using OJVMJAVA 212 3.4.3 Invoking Java in the Database through the PL/SQL Wrapper 214 3.4.4 Invoking Java in the Database through Client-side Stub 216 3.4.5 Errors and Exceptions Handling 221 Contents x Contents 3.5 Managing Java in the Database 227 3.5.1 Java Audit 227 3.5.2 Oracle Enterprise Manager (Database Control) Support for Java in the Database 228 4 Pragmatic Applications Using Java in the Database 231 4.1 CNXO: Secure Credit Card Processing with Oracle and JSSE 231 4.2 Using J2EE and Java in the Database Together 239 4.2.1 Auto-generating Primary Keys for BMP Entity Beans 239 4.2.2 Calling-out EJB from OracleJVM 241 4.2.3 HTTP Call-Out: The Poor Man’s Cache Invalidation 249 4.2.4 JMS over Streams/AQ in the Database 253 4.3 JDBC Call-Out to Non-Oracle Databases 260 4.3.1 Description and Rationales 260 4.3.2 How Does It Work? 260 4.4 SAP Java Connector: Accessing the SAP System from the Oracle Database 268 4.5 Excel-like Expression Parser in the Database 277 4.5.1 Rationales for Custom Parsers in the Database 277 4.5.2 What Is the Mini-Parser? 278 4.5.3 Implementing the Mini-Parser 279 5 Database Scripting Using Non-Java Languages 287 5.1 Why Contemplate Non-Java Languages for the Database? 287 5.1.1 Common Language Runtime in RDBMS 288 5.1.2 Scripting Languages Support in RDBMS 288 5.2 Database Scripting with OracleJVM—Just for Fun! 288 5.2.1 Proof of Concept #1: Running TCL (JACL) Scripts in the Database 289 5.2.2 Proof of Concept #2: Running Jython (Python) in the Database 297 5.2.3 Proof of Concept #3: Running Kawa (Scheme) in the Database 299 5.2.4 Proof of Concept #4: Running Groovy in the Database 302 Part II: Java Persistence and Java SQL Data Access 317 Database Programming with Oracle JDBC 318 Contents xi 6 Introducing the JDBC Technology and Oracle’s Implementation 319 6.1 JDBC Primer 319 6.1.1 First Steps in JDBC 319 6.1.2 JDBC within J2SE and J2EE Environments 324 6.2 Overview of JDBC Specifications 325 6.2.1 Overview of JDBC 1.22 Specification (Where Things Started!) 325 6.2.2 Overview of JDBC 2.0 Specification (A Major Spec!) 326 6.2.3 Overview of JDBC 3.0 Specification 328 6.2.4 Overview of Upcoming JDBC 4.0 Specification 330 6.2.5 JDBC Standards Support in the Oracle JDBC Drivers 331 6.3 Architecture and Packaging of Oracle JDBC Drivers 334 6.3.1 Rearchitected Oracle JDBC Drivers 334 6.3.2 Packaging of Oracle JDBC Drivers 336 6.3.3 Features Differences Between Driver Types 340 6.3.4 JDBC Drivers and Database Interoperability 343 7 URL, DataSource, Connection, and Statements 345 7.1 JDBC URL 345 7.2 DataSources 348 7.2.1 The OracleDataSource 349 7.2.2 DataSources and JNDI 351 7.3 Connections and Connection Services 357 7.3.1 JDBC Connections and Oracle Extensions 357 7.3.2 Connection Caching: Implicit Connection Cache 358 7.3.3 The Connection Cache Manager 383 7.3.4 RAC Events and Fast Application Notification 391 7.3.5 High Availability: Fast Connection Failover 400 7.3.6 Scalability: Connection Load Balancing 406 7.3.7 JDBC Support for Transparent Application Fail-over 409 7.3.8 Proxy Authentication 415 7.3.9 Connection Wrapping 422 7.3.10 JDBC Connections in Grid Environment 424 7.4 JDBC Statements and Oracle Extensions 427 7.4.1 JDBC Statement Types
Load more

  1121
Copy Link
Recommended publications
  • Oracle Application Server 10G R3 (10.1.3.1) New Features Overview
    Oracle Application Server 10g R3 (10.1.3.1) New Features Overview An Oracle White Paper October 2006 Oracle Application Server 10gR3 New Features Overview 1.0 Introduction................................................................................................. 4 2.0 Standards Support: J2EE Infrastructure ................................................. 5 2.1 Presentation Tier – Java Server Pages and JavaServer Faces........... 6 2.2 Business Tier – Enterprise Java Beans................................................ 7 2.3 Persistence - TopLink............................................................................ 8 2.3.1 Oracle TopLink............................................................................... 8 2.3.2 EJB 3.0 Persistence......................................................................... 9 2.3.3 Object-XML.................................................................................... 9 2.4 Data Sources and Transactions ............................................................ 9 2.4.1 Data Sources.................................................................................... 9 2.4.2 Transactions................................................................................... 10 2.5 Java 2 Connector Architecture ........................................................... 10 2.6 Security................................................................................................... 11 2.6.1 Core Container.............................................................................
    [Show full text]
  • Oracle® Toplink Release Notes Release 12C (12.1.2)
    Oracle® TopLink Release Notes Release 12c (12.1.2) E40213-01 June 2013 This chapter describes issues associated with Oracle TopLink. It includes the following topics: ■ Section 1, "TopLink Object-Relational Issues" ■ Section 2, "Oracle Database Extensions with TopLink" ■ Section 3, "Allowing Zero Value Primary Keys" ■ Section 4, "Managed Servers on Sybase with JCA Oracle Database Service" ■ Section 5, "Logging Configuration with EclipseLink Using Container Managed JPA" ■ Section 6, "Documentation Accessibility" 1 TopLink Object-Relational Issues This section contains information on the following issues: ■ Section 1.1, "Cannot set EclipseLink log level in WLS System MBean Browser" ■ Section 1.2, "UnitOfWork.release() not Supported with External Transaction Control" ■ Section 1.3, "Returning Policy for UPDATE with Optimistic Locking" ■ Section 1.4, "JDBC Drivers returning Timestamps as Strings" ■ Section 1.5, "Unit of Work does not add Deleted Objects to Change Set" 1.1 Cannot set EclipseLink log level in WLS System MBean Browser Use Oracle Enterprise Manager to set the EclipseLink log level; do not use the WLS System MBean Browser to complete this action. 1.2 UnitOfWork.release() not Supported with External Transaction Control A unit of work synchronized with a Java Transaction API (JTA) will throw an exception if it is released. If the current transaction requires its changes to not be persisted, the JTA transaction must be rolled back. When in a container-demarcated transaction, call setRollbackOnly() on the EJB/session context: @Stateless public class MySessionBean { @Resource SessionContext sc; public void someMethod() { ... 1 sc.setRollbackOnly(); } } When in a bean-demarcated transaction then you call rollback() on the UserTransaction obtained from the EJB/session context: @Stateless @TransactionManagement(TransactionManagementType.BEAN) public class MySessionBean implements SomeInterface { @Resource SessionContext sc; public void someMethod() { sc.getUserTransaction().begin(); ..
    [Show full text]
  • 1 Shounak Roychowdhury, Ph.D
    Shounak Roychowdhury, Ph.D. 10213 Prism Dr., Austin, TX, 78726 || 650-504-8365 || email: [email protected] Profile • Software development and research experience at Oracle and LG Electronics. • Deep understanding of data science methods: machine learning; probability and statistics. • 5 US patents and 40+ peer reviewed publications in international conferences and top refereed journals Research Interests • Published research papers on computational intelligence, neural networks and fuzzy theory, numerical optimization, and natural language processing, and information theory. Education • Ph.D. (Computer Engineering), University of Texas at Austin, Austin, TX, (Dec. 2013) o Dissertation: A Mixed Approach to Spectrum-based Fault Localization Using Information Theoretic Foundations. (Machine Learning in Software Engineering) • M.S. (Computer Science), University of Tulsa, Tulsa, OK, (May 1997) o Thesis: Encoding and Decoding of Fuzzy Rules Patents • Chaos washing systems and a method of washing thereof (US Patent #5,560,230) • System and method for generating fuzzy decision trees (US Patent #7,197,504) • Method for extracting association rules from transactions in a database (U.S. Patent # 7,370,033) • Expediting K-means cluster analysis data mining using subsample elimination preprocessing (U.S. Patent # 8,229,876) • Bayes-like classifier with fuzzy likelihood (U.S. Patent # 8,229,875) Computer Languages • Python, Java, C/C++, MATLAB, R, SQL, PL/SQL, Perl, Ruby, Tcl/Tk Teaching Experience Adjunct Faculty Texas State University 2017- Present Professional Experience Hewlett Packard Enterprise, Austin, TX (Oct 2018 - present) Expert Technologist • Executed software development processes for composable rack team of HPE’s OneView cloud management system. • Developed a Python-based system to test the scalability of OneView connections across multiple layers of Plexxi switches.
    [Show full text]
  • A Java Security Scanner for Eclipse
    Colby College Digital Commons @ Colby Honors Theses Student Research 2005 JeSS – a Java Security Scanner for Eclipse Russell Spitler Colby College Follow this and additional works at: https://digitalcommons.colby.edu/honorstheses Part of the Databases and Information Systems Commons, Other Computer Engineering Commons, Programming Languages and Compilers Commons, and the Systems Architecture Commons Colby College theses are protected by copyright. They may be viewed or downloaded from this site for the purposes of research and scholarship. Reproduction or distribution for commercial purposes is prohibited without written permission of the author. Recommended Citation Spitler, Russell, "JeSS – a Java Security Scanner for Eclipse" (2005). Honors Theses. Paper 567. https://digitalcommons.colby.edu/honorstheses/567 This Honors Thesis (Open Access) is brought to you for free and open access by the Student Research at Digital Commons @ Colby. It has been accepted for inclusion in Honors Theses by an authorized administrator of Digital Commons @ Colby. JeSS – a Java Security Scanner for Eclipse Russell Spitler Senior Honors Thesis Spring 2005 Colby College Department of Computer Science Advisor: Dale Skrien Contents Chapter 1 Introduction 1 Chapter 2 Secure Coding and Java Security 2.1 – Secure Coding 3 2.2 – Java Security 7 Chapter 3 Java Security Holes 3.1 – Don’t depend on initialization 13 3.2 – Make everything final 14 3.3 – Make your code unserializable and undeserializable 16 3.4 – Make your class non-Cloneable 19 3.5 – Don’t rely on
    [Show full text]
  • Eu-19-Zhang-New-Exploit-Technique
    New Exploit Technique In Java Deserialization Attack • Yang Zhang • Yongtao Wang Keyi Li “在此键⼊引⽂。• ” • Kunzhe Chai –Johnny Appleseed New Exploit Technique In Java Deserialization Attack Back2Zero Team BCM Social Corp. BCM Social Group Who are we? Yang Zhang(Lucas) • Founder of Back2Zero Team & Leader of Security Research Department in BCM Social Corp. • Focus on Application Security, Cloud Security, Penetration Testing. • Spoke at various security conferences such as CanSecWest, POC, ZeroNights. Keyi Li(Kevin) • Master degree majoring in Cyber Security at Syracuse University. • Co-founder of Back2Zero team and core member of n0tr00t security team. • Internationally renowned security conference speaker. –Johnny Appleseed Who are we? Yongtao Wang • Co-founder of PegasusTeam and Leader of Red Team in BCM Social Corp. • Specializes in penetration testing and wireless security. • Blackhat, Codeblue, POC, Kcon, etc. Conference speaker. Kunzhe Chai(Anthony) • Founder of PegasusTeam and Chief Information Security Officer in BCM Social Corp. • Author of the well-known security tool MDK4. • Maker of China's first Wireless Security Defense Product Standard and he also is the world's first inventor of Fake Base Stations defense technology–Johnny Appleseed Agenda • Introduction to Java Deserialization • Well-Known Defense Solutions • Critical vulnerabilities in Java • URLConnection • JDBC • New exploit for Java Deserialization • Takeaways 2015: Chris Frohoff and Gabriel Lawrence presented their research into Java object deserialization vulnerabilities ultimately resulting in what can be readily described as the biggest wave of RCE bugs in Java history. Introduction to Java Deserialization Java Deserialization Serialization • The process of converting a Java object into stream of bytes. Databases Deserialization Serialization • A reverse process of creating a Java object from stream of bytes.
    [Show full text]
  • Apache Harmony Project Tim Ellison Geir Magnusson Jr
    The Apache Harmony Project Tim Ellison Geir Magnusson Jr. Apache Harmony Project http://harmony.apache.org TS-7820 2007 JavaOneSM Conference | Session TS-7820 | Goal of This Talk In the next 45 minutes you will... Learn about the motivations, current status, and future plans of the Apache Harmony project 2007 JavaOneSM Conference | Session TS-7820 | 2 Agenda Project History Development Model Modularity VM Interface How Are We Doing? Relevance in the Age of OpenJDK Summary 2007 JavaOneSM Conference | Session TS-7820 | 3 Agenda Project History Development Model Modularity VM Interface How Are We Doing? Relevance in the Age of OpenJDK Summary 2007 JavaOneSM Conference | Session TS-7820 | 4 Apache Harmony In the Beginning May 2005—founded in the Apache Incubator Primary Goals 1. Compatible, independent implementation of Java™ Platform, Standard Edition (Java SE platform) under the Apache License 2. Community-developed, modular architecture allowing sharing and independent innovation 3. Protect IP rights of ecosystem 2007 JavaOneSM Conference | Session TS-7820 | 5 Apache Harmony Early history: 2005 Broad community discussion • Technical issues • Legal and IP issues • Project governance issues Goal: Consolidation and Consensus 2007 JavaOneSM Conference | Session TS-7820 | 6 Early History Early history: 2005/2006 Initial Code Contributions • Three Virtual machines ● JCHEVM, BootVM, DRLVM • Class Libraries ● Core classes, VM interface, test cases ● Security, beans, regex, Swing, AWT ● RMI and math 2007 JavaOneSM Conference | Session TS-7820 |
    [Show full text]
  • Java Security, 2Nd Edition
    Table of Contents Preface..................................................................................................................................................................1 Who Should Read This Book?.................................................................................................................1 Versions Used in This Book....................................................................................................................2 Conventions Used in This Book..............................................................................................................2 Organization of This Book.......................................................................................................................3 What's New in This Edition.....................................................................................................................5 How to Contact Us...................................................................................................................................5 Acknowledgments....................................................................................................................................6 Feedback for the Author..........................................................................................................................6 Chapter 1. Java Application Security...............................................................................................................7 1.1 What Is Security?...............................................................................................................................7
    [Show full text]
  • Oracle Glassfish Server Application Development Guide Release 3.1.2 E24930-01
    Oracle GlassFish Server Application Development Guide Release 3.1.2 E24930-01 February 2012 This Application Development Guide describes how to create and run Java Platform, Enterprise Edition (Java EE platform) applications that follow the open Java standards model for Java EE components and APIs in the Oracle GlassFish Server environment. Topics include developer tools, security, and debugging. This book is intended for use by software developers who create, assemble, and deploy Java EE applications using Oracle servers and software. Oracle GlassFish Server Application Development Guide, Release 3.1.2 E24930-01 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations.
    [Show full text]
  • Java(8$ Andrew$Binstock,$Editor$In$Chief,$Dr.Dobbs$
    Java$Update$and$Roadmap$ November(2014( Tomas$Nilsson$ Senior$Principal$Product$Manager$ Java$SE$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Safe$Harbor$Statement$ The$following$is$intended$to$outline$our$general$product$direcNon.$It$is$intended$for$ informaNon$purposes$only,$and$may$not$be$incorporated$into$any$contract.$It$is$not$a$ commitment$to$deliver$any$material,$code,$or$funcNonality,$and$should$not$be$relied$upon$ in$making$purchasing$decisions.$The$development,$release,$and$Nming$of$any$features$or$ funcNonality$described$for$Oracle’s$products$remains$at$the$sole$discreNon$of$Oracle.$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Agenda$ 1( Oracle$and$Java$ 2( Java$SE$8$Overview$ 3( Java$SE$9$and$Beyond$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ 1( Oracle$and$Java$ 2( Java$SE$8$Overview$ 3( Roadmap$ Copyright$©$2014,$Oracle$and/or$its$affiliates.$All$rights$reserved.$$|$ Oracle$and$Java$ • Oracle$has$used$Java$since$the$beginning$of$Nme$(eg$1990s)$ • Acquired$JAVA$(Sun$Microsystems)$in$2010,$including$Java$IP,$trademarks$ • Embraced$OpenJDK,$open$community,$open$JCP$ – Welcomed$IBM,$Apple,$SAP,$ARM,$AMD,$Intel,$Twi\er,$Goldman$Sachs,$Microso^$and$many$others$ – Made$OpenJDK$official$Java$SE$reference$implementaNon$ – Ongoing$move$towards$open$development,$governance,$transparency$ • JDK$development:$Oracle$and$community$ – Oracle$focus$on$modernizaNon,$security,$big$Ncket$R&D$and$commercial$value$to$Oracle$ – Community$contributes$based$on$interest$and$ability,$examples:$
    [Show full text]
  • Evaluating the Flexibility of the Java Sandbox
    Evaluating the Flexibility of the Java Sandbox Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, and Joshua Sunshine Carnegie Mellon University {zfc,mmaass}@cs.cmu.edu, [email protected], {clegoues,sunshine}@cs.cmu.edu ABSTRACT should protect both the host application and machine from The ubiquitously-installed Java Runtime Environment (JRE) malicious behavior. In practice, these security mechanisms provides a complex, flexible set of mechanisms that support are problematically buggy such that Java malware is often the execution of untrusted code inside a secure sandbox. able to alter the sandbox's settings [4] to override security However, many recent exploits have successfully escaped the mechanisms. Such exploits take advantage of defects in either sandbox, allowing attackers to infect numerous Java hosts. the JRE itself or the application's sandbox configuration to We hypothesize that the Java security model affords devel- disable the security manager, the component of the sandbox opers more flexibility than they need or use in practice, and responsible for enforcing the security policy [5, 6, 7, 8]. thus its complexity compromises security without improving In this paper, we investigate this disconnect between theory practical functionality. We describe an empirical study of the and practice. We hypothesize that it results primarily from ways benign open-source Java applications use and interact unnecessary complexity and flexibility in the design and with the Java security manager. We found that developers engineering of Java's security mechanisms. For example, regularly misunderstand or misuse Java security mechanisms, applications are allowed to change the security manager at that benign programs do not use all of the vast flexibility runtime, whereas static-only configuration of the manager afforded by the Java security model, and that there are clear would be more secure.
    [Show full text]
  • Oracle® Fusion Middleware Solutions Guide for Oracle Toplink 12C (12.1.2) E28610-02
    Oracle® Fusion Middleware Solutions Guide for Oracle TopLink 12c (12.1.2) E28610-02 August 2013 This document describes a number of scenarios, or use cases, that illustrate TopLink features and typical TopLink development processes. Oracle Fusion Middleware Solutions Guide for Oracle TopLink, 12c (12.1.2) E28610-02 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007).
    [Show full text]
  • Oracle Application Server Toplink Getting Started Guide, 10G Release 2 (10.1.2) Part No
    Oracle® Application Server TopLink Getting Started Guide 10g Release 2 (10.1.2) Part No. B15902-01 April 2005 Oracle Application Server TopLink Getting Started Guide, 10g Release 2 (10.1.2) Part No. B15902-01 Copyright © 2000, 2005 Oracle. All rights reserved. Primary Author: Jacques-Antoine Dubé Contributing Authors: Rick Sapir, Arun Kuzhimattathil, Janelle Simmons, Madhubala Mahabaleshwar, Preeti Shukla The Programs (which include both the software and documentation) contain proprietary information; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent, and other intellectual and industrial property laws. Reverse engineering, disassembly, or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited. The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose. If the Programs are delivered to the United States Government or anyone licensing or using the Programs on behalf of the United States Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations.
    [Show full text]