aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes applet security,still confused Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "applet security,still confused" Watch "applet security,still confused" New topic
Author

applet security,still confused

Robin Zhang
Ranch Hand

Joined: Apr 11, 2002
Posts: 139
"In Java-enabled browsers, untrusted applets cannot read or write files at all. By default, downloaded applets are considered untrusted. There are two ways for an applet to be considered trusted
1)The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets.
2)The applet is signed by an identity marked as trusted in your identity database. For more information on signed applets, refer to an example of using signed applets, and to a short description on using javakey. "
above is the comment from SUN about applet, all applets loaded from CLASSPATH are considered trusted?
Rufus BugleWeed
Ranch Hand

Joined: Feb 22, 2002
Posts: 1551
If you allowed it to be written on your disk, you trust it. You put it there, or you trusted someone to put it there.
What seems confusing about this, I'm missing your point.
Bagwan Mehrat
Ranch Hand

Joined: Jan 26, 2002
Posts: 119
I agree with Rufus. Robin, what's the question you're asking?
Robin Zhang
Ranch Hand

Joined: Apr 11, 2002
Posts: 139
all applets loaded from CLASSPATH are considered trusted?
Robin Zhang
Ranch Hand

Joined: Apr 11, 2002
Posts: 139
ok I will try to make my question clear.
by default in java1.2
1)all java application loaded from local are not in the sandbox
2)applet started by appletviewer or from network are in default sandbox box
3)java-plug-in applicaton are in default sandbox box
what about the java classes and applet loaded from CLASSPATH? are they in default sandbox box too( by default)?
[ April 15, 2002: Message edited by: Robin Zhang ]
[ April 16, 2002: Message edited by: Robin Zhang ]
Ian B Anderson
Ranch Hand

Joined: Jun 26, 2001
Posts: 275
Hello,
When you install JDK or JRE you do not install a security manager. This means you can do anything the security manager wouldn’t allow. However when it comes to browsers the security manager will always be installed so you can’t write to files etc.
Ian
Rufus BugleWeed
Ranch Hand

Joined: Feb 22, 2002
Posts: 1551
I seem to remember that it's just the boot classpath that's trusted. I'm not sure about the whole class path.
Robin Zhang
Ranch Hand

Joined: Apr 11, 2002
Posts: 139
I read a book it says all applet loaded by appletviewer will be put in sandbox,but sun'faq says all classed that is in classpath will be trusted. I am confused.
[ April 16, 2002: Message edited by: Robin Zhang ]
Ian B Anderson
Ranch Hand

Joined: Jun 26, 2001
Posts: 275
Hello,
The boot classpath is essentially running a program on your machine, e.g. you type:
java MyApp
This program will not be subject to any security restrictions and could do whatever it wants. You could also run a program like:
java –cp something.jar MyApp
The jar file could also do whatever it wants.
If you wanted to restrict it you could run it in the following way:
java –Djava.security.manager MyApp
Or getting the code to use the security manager e.g.
System.setSecurityManager(new SecurityManager());
So I’m guessing that the appletviewer program runs with a security manager but maybe not as restrictive as the ones you would find in a browser.
Ian
Robin Zhang
Ranch Hand

Joined: Apr 11, 2002
Posts: 139
I understant what you said, but SUN said
" 1)The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets. "
does it mean,all applets and classes in CLASSPATH are trusted and not be put in the default sandbox.
PLEASE HELP
Kevin Thompson
Ranch Hand

Joined: May 04, 2001
Posts: 237
I think that this is what you are looking for.
QUESTION 1: Are all applets & classes in the CLASSPATH trusted?
ANSWER 1: Yes
QUESTION 2: Is EVERYTHING in the CLASSPATH trusted?
ANSWER 2: Yes
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: applet security,still confused