Sandbox (computer science)
In computer science, a sandbox refers to a environment where software and potentially dangerous operations can be tested in isolation, thus reducing the chance of collateral damage to the primary system environment resulting from a poorly designed and/or malicious program.
The Java runtime environment runs all compiled programs in a sandbox to prevent security breaches. The sandboxed environment creates very strict limitations on what resources a Java applet or program can access to prevent malicious programs from running successfully. Java does this using three key strategies:
- security manager - The security manager is a program that Java consults every time it runs a program or applet. The security manager has the option to stop any potentially dangerous operation by generating a security exception and passing it to the operating system.
- bytecode verifier - Before the Java runtime environment runs a compiled program, it verifies the compiled bytecode and flags any suspicious pieces of the code. This normally prevents malicious segments of code from completely executing.
- applet class loader - Because all pieces of Java code are loaded from classes from within the environment, the Java class loader checks to ensure that no vital pieces of the runtime environment are replaced by other (possibly malicious) versions generated by outside applets.