This post originated from an RSS feed registered with Java Buzz by Nick Lothian. Original Post: (Lack of) Java Security Feed Title: BadMagicNumber Feed URL: http://feeds.feedburner.com/Badmagicnumber Feed Description: Java, Development and Me Latest Java Buzz Posts Latest Java Buzz Posts by Nick Lothian Latest Posts From BadMagicNumber

Are there any java open source projects that actually use any Java Security (ignoring spec implementations where it is required)?

Some frameworks have some support for using it, but apart from that I think even the best projects fail to use it.

I'm not blaming the authors for that - I know there are times when I've thought that I should be using Java security, but it's a whole area I know I don't understand as well as I should, and while I think I'm very secuity conscious as programmers go, I suspect there may be others in the same position.

I'd love to see some sample code for using the principle-of-least-privilege in Java. Java programmers often shout about how much more secure it is than C, but at least in C you do see code that deliberatly reduces the permissions it requires.