Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt in security

 
Eusebio Floriano
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here a mock from j2mecertification.com

What is true about security consideration in CLDC?

a) Programmer can use the native libraries supplied by device manufacturer as the part of J2ME.

b) Programmer cant override profile specific or manufacturer specific packages.

c) Programmer can modify the lookup order if the application is trusted.

d) Java application can load classes from its own jar and other downloaded jars.


The correct answeres are a and b.

In my opinion letter c was correctly too.
Can someone explain me why it is not correct ?

Regards,
 
Mark Spritzler
ranger
Sheriff
Posts: 17278
6
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
C should be incorrect because it deals with the Class Loader, which is completely off limits to the J2ME sandbox. If it was available, then there could be some hacking done there that could cause problems tot he users phone, and we don't want that to happen.

Mark
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe there is no option that is correct.

-Option a deals with Native libraries. It could be referred to section 3.4.2.1 Sandbox model of the CLDC 1.1 Spec.

-Option b deals with overriding the system classes. It could be referred to the first restriction in the section 5.3.3 Class File Lookup Order of the CLDC 1.1 Spec.

-Option c deals with lookup order. It could be referred to the second restriction in the section 5.3.3 Class File Lookup Order of the CLDC 1.1 Spec.

-Option d deals with custom class loader, which is not allowed. It could be referred to the section 5.1.1 User-defined class loaders of the CLDC 1.1 Spec.

All above are not allowed in CLDC 1.1 specification. So there is no correct option in the question...
 
Sivasundaram Umapathy
Ranch Hand
Posts: 360
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
C is incorrect as the JVM does not allow changing the class lookup a.k.a classpath order

A is correct as manufacturer specific libraries could be used.

B is correct as the option clearly says that the profile/manufacturer classes cannot be overridden which is a valid statement.

D is incorrect as classes can only use the classes from its jar and not from other downloaded jars.

HTH
Siva
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
B is correct as the option clearly says that the profile/manufacturer classes cannot be overridden which is a valid statement.

Oh! my Eyes got a problem, I guess... I didn't see the word "cant" in the original post... I think it's better to use full form as "cannot" in the official question like this...

A is correct as manufacturer specific libraries could be used.

Oh, again. Here is what I've extracted from the CLDC 1.1 Specification... Surely an application can access the native libraries provided by CLDC, profiles or manufacturer-specific classes..

The set of native functions accessible to the virtual machine is closed, meaning that the application programmer cannot download any new libraries containing native functionality or access any native functions that are not part of the Java libraries provided by CLDC, profiles or manufacturer-specific classes.
 
Eusebio Floriano
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thx for your replies .. )

Regards,
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic