Applets and UNIX File permissions

Greetings.

there is a lot of good info out there about how to set file and directory permissions, but it is not at all clear on what are the minimum permissions required for people to run my applet without giving them any unneeded access.

On the web server all my class files, and the application fie, are in a subdirectory of public_html. I was hoping that someone who has been around the block a few times with file and directory permissions and java applets could advise me on the minimum required file and directory permissions. Presumably I only need to be concerned about the third component of the set, the world permissions.

Do I need different permission on the html file that loads the JApplet class? or different permission on the JApplet class itself as opposed to the rest of the classes?

I have no problem getting things to work with the default pemissions, but I am interested in tightening things up if possible. I suppose I could just try different settings to find the minimum that worked, but I'd like to hear from someone here also.

thanks.

You are asking about the files on the server machine, from where people will download your applet? You just need the permissions set so that the HTTP server can read those files.

The only access that clients need is the ability to send HTTP requests to the server asking for those files. They don't need any file permissions at all, since it's the HTTP server which is going to read the files and send them back to the clients as the responses.

Or am I misunderstanding the question? I've looked at it four times already and wondered why you would ask that.

Paul Clapham wrote:You are asking about the files on the server machine, from where people will download your applet? You just need the permissions set so that the HTTP server can read those files.

The only access that clients need is the ability to send HTTP requests to the server asking for those files. They don't need any file permissions at all, since it's the HTTP server which is going to read the files and send them back to the clients as the responses.

Or am I misunderstanding the question? I've looked at it four times already and wondered why you would ask that.

Fair question.

What I do know is that I have an account with a Web Hosting company, which provides me with a home directory on a UNIX server over which I have control over what access I give to various subdirectories that contain my application files. The server assigns a default set of permissions to all new directories I create and the files contained therein. And I am looking for information on the implications of the various permissions I have control over, especially world permissions.

There are three sets of permissions User, group, and world, and three access types read, write, execute. And I am looking for detailed information on the relevance of these permissions to java applets.

Fred Hamilton wrote:And I am looking for detailed information on the relevance of these permissions to java applets.

Well, like I said there isn't any detailed information because there's nothing special about applets. As far as the server is concerned they are just another file being served.

That makes clear enough sense. It would seem that the same rules apply to java class files that apply to html source. OK then lets rephrase the question...

When a web server serves up an html document, in most cases at the client end the user can "get" the html source simply by clicking "View Source". So I am wondering if a knowledgeable user at the client end , if there was a reason too, could "grab" the java class file by virtue of the fact that it is being served up by the web server?

Fred Hamilton wrote:When a web server serves up an html document, in most cases at the client end the user can "get" the html source simply by clicking "View Source". So I am wondering if a knowledgeable user at the client end , if there was a reason too, could "grab" the java class file by virtue of the fact that it is being served up by the web server?

Yes, the end user can do that, and there's nothing you can do to prevent it. After all, the client's browser (or rather, the client browser's JVM) needs to be able to access those class files in order to run the applet.