If a sandboxed applet or application attempts to execute security-sensitive code, the JRE will throw a security exception.
RIAs should follow the principle of least privilege, and should be configured to run with the least amount of necessary permissions.
However, these guidelines are also applicable to software written for previous versions of Java.
Performing threat modeling and establishing trust boundaries can help to accomplish this (see Guideline 0-4).
The language is type-safe, and the runtime provides automatic memory management and bounds-checking on arrays.
Java programs and libraries check for illegal state at the earliest opportunity.
The most extreme form of this is known as the principle of least privilege.
Using the Java security mechanism this can be implemented statically by restricting permissions through policy files and dynamically with the use of the mechanism (see Section 9).