This week's book giveaway is in the Agile and Other Processes forum. We're giving away four copies of Darcy DeClute's Scrum Master Certification Guide: The Definitive Resource for Passing the CSM and PSM Exams and have Darcy DeClute on-line! See this thread for details.
"In Java-enabled browsers, untrusted applets cannot read or write files at all. By default, downloaded applets are considered untrusted. There are two ways for an applet to be considered trusted 1)The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets. 2)The applet is signed by an identity marked as trusted in your identity database. For more information on signed applets, refer to an example of using signed applets, and to a short description on using javakey. " above is the comment from SUN about applet, all applets loaded from CLASSPATH are considered trusted?
ok I will try to make my question clear. by default in java1.2 1)all java application loaded from local are not in the sandbox 2)applet started by appletviewer or from network are in default sandbox box 3)java-plug-in applicaton are in default sandbox box what about the java classes and applet loaded from CLASSPATH? are they in default sandbox box too( by default)? [ April 15, 2002: Message edited by: Robin Zhang ] [ April 16, 2002: Message edited by: Robin Zhang ]
Hello, When you install JDK or JRE you do not install a security manager. This means you can do anything the security manager wouldn’t allow. However when it comes to browsers the security manager will always be installed so you can’t write to files etc. Ian
I read a book it says all applet loaded by appletviewer will be put in sandbox,but sun'faq says all classed that is in classpath will be trusted. I am confused. [ April 16, 2002: Message edited by: Robin Zhang ]
Hello, The boot classpath is essentially running a program on your machine, e.g. you type: java MyApp This program will not be subject to any security restrictions and could do whatever it wants. You could also run a program like: java –cp something.jar MyApp The jar file could also do whatever it wants. If you wanted to restrict it you could run it in the following way: java –Djava.security.manager MyApp Or getting the code to use the security manager e.g. System.setSecurityManager(new SecurityManager()); So I’m guessing that the appletviewer program runs with a security manager but maybe not as restrictive as the ones you would find in a browser. Ian
I understant what you said, but SUN said " 1)The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets. " does it mean,all applets and classes in CLASSPATH are trusted and not be put in the default sandbox. PLEASE HELP