Before moving on to a discussion of Java security, one should have an understanding of the potential problems raised by executable content. The advantages of executable content come from the increase in power and flexibility provided by software programs. The increased power of Java Applets (the Java term for executable content) is also the potential problem. When a user is ``surfing'' the Web, they should not have to worry that an Applet may be deleting their files or sending their private information over the network surreptitiously.
The essence of the problem is that running programs on a computer typically gives that program access to certain resources on the host machine. In the case of executable content, the program that is running is untrusted. If a Web browser that downloads and runs Java code is not careful to restrict the access that the untrusted program has, it can provide a malicious program with the same ability to do mischief as a hacker who had gained access to the host machine. Unfortunately, the solution is not as simple as completely restricting a downloaded programs access to resources. The reason that one gives programs access to resources in the first place is that in order to be useful a program needs to access certain resources. For example a text editor that cannot save files is useless. Thus, if one desires to have useful and secure executable content, access to resources needs to be carefully controlled. The next section takes the first step, which is to identify the resources that we are concerned about. After the resources have been identified, some example scenarios which illustrate the problems with not providing sufficient limitations are presented.