| Oracle® Java Micro Edition Software Development Kit Developer's Guide Release 3.3 for Eclipse on Windows E37550-03 |
|
 Previous |
 Next |
| Oracle® Java Micro Edition Software Development Kit Developer's Guide Release 3.3 for Eclipse on Windows E37550-03 |
|
Previous |
Next |
The Oracle Java ME SDK requires an execution model that makes certain networked resources available for emulator execution. These required resources might include - but are not limited to - a variety of communication capabilities between Java ME SDK components.
|
Note: the Oracle Java ME SDK installation and runtime system is fundamentally a developer system. It is not designed to guard against any malicious attacks from outside intruders |
During execution, the Oracle Java ME SDK architecture can present an insecure operating environment to the platform's installation file system, as well as its runtime environment. For this reason, it is critically important to observe the precautions outlined in these guidelines when installing and running the Oracle Java ME SDK.
To maintain optimum network security, Oracle Java ME SDK can be installed and run in a “closed” network operating environment, where the Oracle Java ME SDK system is not connected directly to the Internet. Or, it can be connected to a secure company Intranet environment that can reduce unwanted exposure to malicious intrusion.
An example of an Oracle Java ME SDK requirement for an Internet connection is when wireless functionality requires a connection to the Internet to support communications with the wireless network infrastructure that is part of a Java ME application execution process. Whether or not an Internet connection is required depends on the particular Java ME application running on Oracle Java ME SDK. For example, some Java ME applications can use an HTTP connection.
In any case, if the Oracle Java ME SDK is open to any network access you must observe the following precautions to protect valuable resources from malicious intrusion:
Installing the Java ME SDK Demos plugin is optional. Some sample projects use network access and open ports. Because the sample code does not include protection against malicious intrusion, you must ensure your environment is secure if you choose to install and run the sample projects.
Install the Oracle Java ME SDK behind a secure firewall that strictly limits unauthorized network access to the Oracle Java ME SDK file system and services. Limit access privileges to those that are required for Oracle Java ME SDK usage while allowing all the bidirectional local network communications that are necessary for Oracle Java ME SDK functionality. The firewall configuration must support these requirements to run the Oracle Java ME SDK while also addressing them from a security standpoint.
Follow the principle of “least privilege” by assigning the minimum set of system access permissions required for installation and execution of the Oracle Java ME SDK.
Do not store any data sensitive information on the same file system that is hosting the Oracle Java ME SDK.
To maintain the maximum level of security, make sure the operating system patches are up-to-date on the Oracle Java ME SDK host machine.
|
 Copyright © 2009, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|