• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

applet security,still confused

 
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"In Java-enabled browsers, untrusted applets cannot read or write files at all. By default, downloaded applets are considered untrusted. There are two ways for an applet to be considered trusted
1)The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets.
2)The applet is signed by an identity marked as trusted in your identity database. For more information on signed applets, refer to an example of using signed applets, and to a short description on using javakey. "
above is the comment from SUN about applet, all applets loaded from CLASSPATH are considered trusted?
 
Ranch Hand
Posts: 1551
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you allowed it to be written on your disk, you trust it. You put it there, or you trusted someone to put it there.
What seems confusing about this, I'm missing your point.
 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree with Rufus. Robin, what's the question you're asking?
 
Robin Zhang
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
all applets loaded from CLASSPATH are considered trusted?
 
Robin Zhang
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok I will try to make my question clear.
by default in java1.2
1)all java application loaded from local are not in the sandbox
2)applet started by appletviewer or from network are in default sandbox box
3)java-plug-in applicaton are in default sandbox box
what about the java classes and applet loaded from CLASSPATH? are they in default sandbox box too( by default)?
[ April 15, 2002: Message edited by: Robin Zhang ]
[ April 16, 2002: Message edited by: Robin Zhang ]
 
Ranch Hand
Posts: 275
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
When you install JDK or JRE you do not install a security manager. This means you can do anything the security manager wouldn’t allow. However when it comes to browsers the security manager will always be installed so you can’t write to files etc.
Ian
 
Rufus BugleWeed
Ranch Hand
Posts: 1551
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I seem to remember that it's just the boot classpath that's trusted. I'm not sure about the whole class path.
 
Robin Zhang
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I read a book it says all applet loaded by appletviewer will be put in sandbox,but sun'faq says all classed that is in classpath will be trusted. I am confused.
[ April 16, 2002: Message edited by: Robin Zhang ]
 
Ian B Anderson
Ranch Hand
Posts: 275
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
The boot classpath is essentially running a program on your machine, e.g. you type:
java MyApp
This program will not be subject to any security restrictions and could do whatever it wants. You could also run a program like:
java –cp something.jar MyApp
The jar file could also do whatever it wants.
If you wanted to restrict it you could run it in the following way:
java –Djava.security.manager MyApp
Or getting the code to use the security manager e.g.
System.setSecurityManager(new SecurityManager());
So I’m guessing that the appletviewer program runs with a security manager but maybe not as restrictive as the ones you would find in a browser.
Ian
 
Robin Zhang
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I understant what you said, but SUN said
" 1)The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets. "
does it mean,all applets and classes in CLASSPATH are trusted and not be put in the default sandbox.
PLEASE HELP
 
Ranch Hand
Posts: 237
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think that this is what you are looking for.
QUESTION 1: Are all applets & classes in the CLASSPATH trusted?
ANSWER 1: Yes
QUESTION 2: Is EVERYTHING in the CLASSPATH trusted?
ANSWER 2: Yes
 
what if we put solar panels on top of the semi truck trailer? That could power this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic