aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Signed Applet permission Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Signed Applet permission" Watch "Signed Applet permission" New topic
Author

Signed Applet permission

J Gupta
Ranch Hand

Joined: Jul 16, 2008
Posts: 30
Hi

I understand a regular applet runs under brower's security manager and can read system properties, does not have access to local files, can not make connection to host other then where it was loaded from. While that part is easy but when an applet is signed and assuming the certificate is valid and user has accepted the certificate, what are the permisisons or things this signed applet can do running on client machine.

I searched on the internet and browsed through some books they all talk about how to sign applet not necessarilty what are the things a signed applet can do

Thanks in advance for all your feedback
Abhinav Srivastava
Ranch Hand

Joined: Nov 19, 2002
Posts: 349

This thread should clear it up.
http://www.coderanch.com/t/156176/java-Architect-SCEA/certification/applet-security
J Gupta
Ranch Hand

Joined: Jul 16, 2008
Posts: 30
Thanks Abhinav for taking time to reply to my post. But it does not address my question. I am looking for specific permissions that it will be allowed like for example is this allowed to connect to any port or it is allowed to connect to host other than it was loded from or in other words does the applet becomes like a stand alone application and can do anything it wishes to
Abhinav Srivastava
Ranch Hand

Joined: Nov 19, 2002
Posts: 349

So signed Applets ask for permission to run, and are granted AllPermissions, unless there is a specific client-side policy for that Applet

Does that answer your question!
J Gupta
Ranch Hand

Joined: Jul 16, 2008
Posts: 30
Sure, thanks a lot
P Das
Ranch Hand

Joined: Jun 30, 2008
Posts: 123
If you are asking from SCEA viewpoint, I would like to add my twopence.

The question can be dealt with from historical perspective. The original Java 1.0 treated all applets as suspicious and provided a sandbox (kind of restrictions imposed on the user's system resources) to run them, while all local applications were given full access.

Java 1.1 allowed signed (trusted) applets (e.g. within the same network) to run like local apps.

However, Java 2 onwards, security is policy-driven, which allows it to be more powerful and granular. Policy is a polymorphic object that can decorate any Java object or parts of it that can be identified/accessed by the runtime.


Pranab Das, PMP, SCEA
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Signed Applet permission