The unofficial webstart FAQ (http://webstartfaq.com)suggests that you can overwrite the javaws.policy file to define access to resources. Inspection of the default javaws.policy file (I'm using Java 1.4.2) shows that it is allowing full access so implies that this file is not controlling sandbox permissions. I've commented out the permissions completely and tried running my signed app. That doesn't affect anything either. So now my question what is this file for?