0

I've worked through Java SE Security features.
As far as I understood the whole idea of this standard feature is to protect the user from malicious software.
For both java applications on the web, for which SecurityManager is enabled by default and security policies restrict application access to user machine with ability for the user to grant additional permissions.
And local java application, for which SecurityManager is disabled by default with ability for the user to enable it for concrete application and apply security policy to the application.

Is Java SE SecurityManager applicable to protect sensitive application data from the user?
If yes what is high level scenario for the developer to achive this?

Mike
  • 20,010
  • 25
  • 97
  • 140

2 Answers2

2

If you're sending data to the users machine you are out of luck. There are no DRM features.

If you don't want users to access data, don't send the data to them. Keep it on your own servers and provide clients with a remote interface onto it.

Tom Hawtin - tackline
  • 145,806
  • 30
  • 211
  • 305
1

Is Java SE SecurityManager applicable to protect sensitive application data from the user?

No. Whatever security Java provides is all for the user, not for 'protecting us/our code from the users'.

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
  • Note: I read that to mean something it might not mean. Please clarify whether you mean 'protect sensitive data the user provides to the app.' or 'protect (our) sensitive data from the user seeing or altering it'.. – Andrew Thompson Jul 12 '13 at 15:27