It's not a secret anymore!*
The moose likes Applets and the fly likes Trusted applet - without signing ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Applets
Bookmark "Trusted applet - without signing ?" Watch "Trusted applet - without signing ?" New topic
Author

Trusted applet - without signing ?

Sreedevi Vinod
Ranch Hand

Joined: Jan 17, 2005
Posts: 117
hi

The Whizlabs SCEA simulator says "In JDK 1.1, only signed applets were trusted whereas in JDK 1.2, any applet with the right security permissions can be trusted." Is this correct ? How can this be implemented without signing?

Thanks
Devi
Ernest Friedman-Hill
author and iconoclast
Marshal

Joined: Jul 08, 2003
Posts: 24187
    
  34

The Java 2 security model can grant permissions based on codebase (URL) as well. This is rarely used as it's rather unsafe: it could easily be defeated by a DNS poisoning attack.


[Jess in Action][AskingGoodQuestions]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42357
    
  64
It should be noted that an applet can not grant itself those permissions - they would need to be set up this way by a user on the client machine.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Trusted applet - without signing ?