wood burning stoves 2.0*
The moose likes Applets and the fly likes Signed Applet - Can I read everywhere on Vista? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Applets
Bookmark "Signed Applet - Can I read everywhere on Vista?" Watch "Signed Applet - Can I read everywhere on Vista?" New topic

Signed Applet - Can I read everywhere on Vista?

Jarrod Moldrich

Joined: Aug 18, 2007
Posts: 11
Hi all,

I'm new here and am about to start using Java. I posted this on SDN but noticed the forums there can be a bit dead. But basically I am curious about the read permissions of signed applets on Vista

So far I have read the following two pages:


As I am about to embark on a large project involving an applet that will require arbitrary read access to the user drive, I am worried that signed applets will not allow me free access to the local disk. That said there has been no specific mention that I can find of what, if any, *read* restrictions apply for Java applets within IE7s sandbox.

I would like to make the assumption that after the user has given permission to the signed applet there is:

write access - only within applet scope
delete access - only within applet scope
read access - *full permissions!*

I really want to know for sure before I chose Java as my platform of choice for this project. Can someone help me out?


[ August 18, 2007: Message edited by: Jarrod Moldrich ]
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41101
Welcome to JavaRanch.

There is no particular "applet scope". If the applet is signed, and the user accepts its certificate, then the applet can do everything the user can do.
[ August 19, 2007: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
Jarrod Moldrich

Joined: Aug 18, 2007
Posts: 11
Hi Ulf,

Apparently applets run within IE7 that comes with Vista is different, and this known limitation is stated within the Java release notes. It only directly mentions saving and deleting files, though. I am still unsure how restricted read access is.

Jarrod Moldrich

Joined: Aug 18, 2007
Posts: 11
To whom it may concern,

I deciced to follow-up on this question now that I have gone to the lengths of finding the answer. I am now developing on a Vista machine and most manufacturers ship Java with their PCs, including mine. Most of the machines out there pre-installed with Windows Vista also have IE7 and the version of the Java that does not circumvent the tighter sandbox of IE7. This problem (Bug ID: 6504236) has caused much pain to people maintaining applications that used to take local disk access on signed applets for granted, as they should.

The bug claims to be fixed as of November pending a branch merge. While users encountering your website could be encouraged to get the latest version of the runtime, installation requests and futher disruption to the end-user experience can affect your bottom line. So best to try and work within the sandbox for those users who have had their Java installed by the OEMs the last year and saw the Java update balloons as annoyware (similar to every other update request the average user is bombarded with).

So, I tested signed applets on Java 1.6.0_02_b6 and found:

Internet Explorer 7.0.6000.16546
- Arbitrary read access
- Write file/directory and delete restricted to %USERPROFILE%\AppData\LocalLow\
- Searching on the internet suggests %USERPROFILE% is not directly accessible by Java
- the closest is System.getproperty("user.home") which Java find by getting the Desktop folder and finding its parent... dumb as the desktop folder can be moved around. (It's been like this since 1.3 - Bug ID: 4787931 )

- Arbitrary read access
- Arbitrary write access

Moral of the story, if you want to write to the local drive, be sure to detect for Vista do some nifty tricks to get the LocalLow directory of the user. I hope this helps other people who need to store local data and don't want to torture the user anymore than the Java install process already does.


I agree. Here's the link: http://aspose.com/file-tools
subject: Signed Applet - Can I read everywhere on Vista?
Similar Threads
Track download completion
Failing applet connection with (SSL) https connection using proxy
SCJP Brainteaser (9)
what is wrong with these two codes?
XMLEncoder with Applet