We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.
  • INDUSTRY PRESS ROOM
  • ABOUT
  • CONTACT
  • MEDIA FILE
  • Create Account
  • Sign In
  • Sign Out
  • My Account
Free Newsletters
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • Parcel Forum 2022
    • MODEX 2022
    • Upload Your Video
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • Parcel Forum 2022
    • MODEX 2022
    • Upload Your Video
Home » Test your Java brew
techwatch

Test your Java brew

February 14, 2013
James A. Cooke
No Comments

The Java programming language was a breakthrough in the early days of the Internet. What made it so revolutionary at the time was that Java allowed an online application to run on computers with different operating systems (Macs, PCs, etc.). Sun Microsystems released Java in 1995. Today, Java is overseen by Oracle, which acquired Sun in 2010.

Not only has Java proved critical for software development, but the programming language is also widely used in logistics-related applications. Indeed, many supply chain software vendors write their applications in Java. (C Sharp is the other language commonly found in supply chain software.)

That's why when the U.S. Department of Homeland Security issued a warning in January about Java, it was the source of some concern. The federal government advised computer users to disable Java on their Web browsers because hackers could install malicious software on computers running Windows, Mac OS, or Linux. Although the warning was issued to the public, it raised an important question for the supply chain community: Are logistics managers who are using Java-coded supply chain software leaving their operations vulnerable to cyberattack?

According to executives at supply chain software companies using Java, the government's warning is more applicable to consumers than business users. That's because supply chain software runs Java on the servers that host the application. Vishal Minocha, senior global product manager for supply chain solutions at Infor, notes that his company's Java "runs on the server, which does not cause any security vulnerability." Adds Prakash Muthukrishnan, senior director of product strategy at supply chain software developer Manhattan Associates: "The identified Java vulnerabilities [cited in] the government warning are applicable only to applets [that] run inside a browser and not applicable to Java running on servers, stand-alone Java desktop applications, or embedded Java applications."

Java applets are generally used to provide interactive features for a Web browser, such as stock tickers or scrolling text. (Hence the government's advice that browser users disable the Java plugin.) "The Java security risks recently in the news are specific to Java code downloaded and run on the client side browser using Java plugins or applets," says Robert Nilsson, vice president and general manager of software and supply chain intelligence at Dematic Corp. "Applets are not widely used for enterprise applications." He adds that Dematic does not use Java applets in its suite of applications, thus reducing any potential security threat.

Although supply chain vendors say the government's warning is not pertinent, software security experts note that Java run on servers is not immune to hacking. Joseph Feiman, a vice president and fellow at the technology research firm Gartner Inc., says that hackers can penetrate Java enterprise applications. In particular, hackers can engage in a sequel injection attack, which tries to trick the application into surrendering all the records in a database. Another type of potential attack is a buffer overflow attack, in which the hacker tries to overwhelm the data buffer in order to trigger the execution of malicious code or allow the release of confidential data.

Although logistics managers likely don't have to worry about the current warning, they should press their supply chain software providers to make sure their applications are routinely inspected for security vulnerabilities. "Because hackers invent new kinds of attacks, it requires continuous testing," says Feiman. "If you tested your software a month ago, you have to retest it."

In addition to regular testing, Nilsson, for one, believes the time has come for supply chain software vendors to develop security standards. "Selecting Java over another programming language is not the issue—having security built into the programming standards in place is," he says. "The logistics and supply chain industry should look into developing and implementing standards similar to those in place for credit card transactions for secure interoperability throughout the supply chain network."

Technology Warehousing (WMS & WCS & WES)
KEYWORDS Dematic Gartner, Inc. Infor Manhattan Associates Oracle
  • Related Articles

    What your WMS vendor doesn't want you to know

    Buying a WMS? Have it your way

    Videogame lets players test their picking chops

Jamescooke
James Cooke is a principal analyst with Nucleus Research in Boston, covering supply chain planning software. He was previously the editor of CSCMP?s Supply Chain Quarterly and a staff writer for DC Velocity.

Recent Articles by James Cooke

Getting smart about using software intelligence

Where's the payback in software?

R is for "robot": interview with Tom Bonkenburg

You must login or register in order to post a comment.

Report Abusive Comment

Most Popular Articles

  • Big and bulky last-mile delivery segment set for hot growth

  • Outlook 2023: What’s in store for logistics/supply chain?

  • Ports, maritime operators see tide turning as ocean freight tsunami subsides

  • In Person: Steve Beverly of Penske

  • InPerson interview: Rob McKeel of Fortna

Now Playing on DCV-TV

89cfed30 8aac 4284 960d c8c8c1886e16

Have you checked your read rate lately?

DCV-TV 4: Viewer Contributed
No reads. Unaccounted for boxes. Boxes sent to the wrong place. A logistics nightmare! But this nightmare doesn’t have to come true. SICK’s linear line scan camera is what dreams are made of for your logistics operations. And if you’re worried about motion and vibration from conveyor belts...well, there’s no reason...

FEATURED WHITE PAPERS

  • The five best applications for robotic lift trucks in warehouse environments

  • Fulfillment Facility Improved Efficiencies by 4x

  • 3PLs: Complete Orders Faster with Flexible Automation

  • Reusable Packaging for the New Wave of Supply Chain Automation

View More

Subscribe to DC Velocity Magazine

GET YOUR FREE SUBSCRIPTION
  • SUBSCRIBE
  • NEWSLETTERS
  • ADVERTISING
  • CUSTOMER CARE
  • CONTACT
  • ABOUT
  • STAFF
  • PRIVACY POLICY

Copyright ©2023. All Rights ReservedDesign, CMS, Hosting & Web Development :: ePublishing