Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Signed Applet permission

 
J Gupta
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

I understand a regular applet runs under brower's security manager and can read system properties, does not have access to local files, can not make connection to host other then where it was loaded from. While that part is easy but when an applet is signed and assuming the certificate is valid and user has accepted the certificate, what are the permisisons or things this signed applet can do running on client machine.

I searched on the internet and browsed through some books they all talk about how to sign applet not necessarilty what are the things a signed applet can do

Thanks in advance for all your feedback
 
Abhinav Srivastava
Ranch Hand
Posts: 354
Eclipse IDE Java Oracle
 
J Gupta
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Abhinav for taking time to reply to my post. But it does not address my question. I am looking for specific permissions that it will be allowed like for example is this allowed to connect to any port or it is allowed to connect to host other than it was loded from or in other words does the applet becomes like a stand alone application and can do anything it wishes to
 
Abhinav Srivastava
Ranch Hand
Posts: 354
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So signed Applets ask for permission to run, and are granted AllPermissions, unless there is a specific client-side policy for that Applet

Does that answer your question!
 
J Gupta
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sure, thanks a lot
 
P Das
Ranch Hand
Posts: 123
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are asking from SCEA viewpoint, I would like to add my twopence.

The question can be dealt with from historical perspective. The original Java 1.0 treated all applets as suspicious and provided a sandbox (kind of restrictions imposed on the user's system resources) to run them, while all local applications were given full access.

Java 1.1 allowed signed (trusted) applets (e.g. within the same network) to run like local apps.

However, Java 2 onwards, security is policy-driven, which allows it to be more powerful and granular. Policy is a polymorphic object that can decorate any Java object or parts of it that can be identified/accessed by the runtime.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic