Chapter 10. Security

“The ultimate security is your understanding of reality.”

—H. Stanley Judd

Complex applications bring a collection of security requirements to today's data management. These requirements begin at application development time to protect different layers in the software architecture against each other and end at deployment time when production systems have to be protected against malicious access or data corruption. The first part of this chapter defines those different levels of security, their requirements, and their objectives. A controversial part of JDO, the so-called reference enhancer, is discussed under security aspects. The rules and measures defined by JDO that keep up the Java sandbox security and secure an application against foreign or malicious code are also examined. The last part of this chapter is about application-level security and how J2EE and JDO work together regarding security.