The Artima Developer Community
Sponsored Link

Java Answers Forum
Java Security Question

2 replies on 1 page. Most recent reply: Jun 6, 2002 11:32 AM by Matt Gerrans

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 2 replies on 1 page
Steven

Posts: 2
Nickname: steve
Registered: Jun, 2002

Java Security Question Posted: Jun 6, 2002 8:58 AM
Reply to this message Reply
Advertisement
According to the http://java.sun.com/sfaq/ the first of two ways that a java applet can become trusted. The first of these two ways is: "The applet is installed on the local hard disk, in a directory on the CLASSPATH used by the program that you are using to run the applet. Usually, this is a Java-enabled browser, but it could be the appletviewer, or other Java programs that know how to load applets. "

Now lets say I'm using a machine where I don't have administrator rights. And lets say I download an applet contained in a .zip file and unzip it on my local machine. When I attempted to run the applet, would it be considered a trusted applet because it is being run from my hard drive?

If yes, then is there a way to prevent this?
If no, why not?

Also, I'm interested in web sites/articles that give proof of whether or not this applet would be considered trusted. If anyone could post links concerning this topic specifically please do so.

Thanks!


Steven

Posts: 2
Nickname: steve
Registered: Jun, 2002

Re: Java Security Question Posted: Jun 6, 2002 9:16 AM
Reply to this message Reply
Another question, variation on the above question:

Lets say I download the applet through a .zip and unzip it, then I load a webpage which accesses the applet already on my hard drive. Will the applet running be trusted or untrusted?

Thanks.

Matt Gerrans

Posts: 1153
Nickname: matt
Registered: Feb, 2002

Re: Java Security Question Posted: Jun 6, 2002 11:32 AM
Reply to this message Reply
On the first question, the applet (or even a Java application, for that matter) will have no more security access than the logged on user (you) who is running it. This fact is controlled by the operating system and is beyond the JVM's sphere of influence. So unless you are an adminstrator, the applet or application will not be able to do system level things (but it will be able to wreak havok in your home directory, of course!).

As for the second one, I don't think the applet will be trusted unless you either modify the security policy to make it so, or make it a signed applet and then accept its signature.

I haven't fooled with it much, but a while back I looked at Java WebStart and it had another variation where an applet could modify only files that were opened through a special Open File dialog. I think this involves making WebStart a locally installed, trusted application and then it brokers this process.

I'm not an applet expert by any means, however, so you can take my opinions with a proverbial grain of salt (as always!).

Flat View: This topic has 2 replies on 1 page
Topic: Points on the Bezier Curve Previous Topic   Next Topic Topic: using

Sponsored Links



Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use