Could somebody please confirm if my understanding of some core security details regarding applet security for JDK 1.2 and above are correct ... I am pretty sure A is fine, I just want to ensure B is correct !
From Java 1.2 onwards A) if an applet is loaded into a browser over the net, and signed (ie it is trusted) it is still restricted in what it can do based on the SecurityManager and policy file combo B) if an unsigned applet is loaded into a browser via the file system - its code has originated locally (ie it is included in the CLASSPATH of the browser) it is NOT treated in the same way as above in that it can automatically * read and write files * load libraries
My understanding is that both applet scenarios are still constrained by the SecurityManager but because scenario B was loaded from the file system, the default behaviour of the SecurityManager is different in these 2 cases ...
Would appreciate it if someone could either confirm or blat my analysis of these 2 scenarios !
an unsigned applet can not, regardless of where it was launched from, access the local machine, unless you manually overwrite the security policy files that protect this. I dont recall where the files are, but bottom line, by default they cant do it, but there is an obscure manual mechanism to override this.
Signed Applets must be "trusted" and once they are, they have the freedom to do whatever
Thanks, but then I am very confused as to what Sun mean in their FAQ when they state, and I quote ... ( see http://java.sun.com/sfaq )
13 What is the difference between applets loaded over the net and applets loaded via the file system?
There are two different ways that applets are loaded by a Java system. The way an applet enters the system affects what it is allowed to do.
If an applet is loaded over the net, then it is loaded by the applet class loader, and is subject to the restrictions enforced by the applet security manager.
If an applet resides on the client's local disk, and in a directory that is on the client's CLASSPATH, then it is loaded by the file system loader. The most important differences are
* applets loaded via the file system are allowed to read and write files * applets loaded via the file system are allowed to load libraries on the client * applets loaded via the file system are allowed to exec processes * applets loaded via the file system are allowed to exit the virtual machine * applets loaded via the file system are not passed through the byte code verifier
Java-enabled browsers use the applet class loader to load applets specified with file: URLs. So, the restrictions and protections that accrue from the class loader and its associated security manager are now in effect for applets loaded via file: URLs.
and the file something.html contains an applet, the browser loads it using its applet class loader.
Joined: Mar 22, 2005
That FAQ entry seems to contradict itself, stating both that applets residing in file:/// URLs are loaded by the applet class loader and the file system class loader. (And, either way, the FAQ seems to be rather old).
In my experience, it can vary from browser to browser (and from appletviewer to appletviewer) whether the restrictions are enforced for file: URLs. [ August 21, 2006: Message edited by: Ulf Dittmer ]