Applet Security
Jump to navigation
Jump to search
References:
- http://web.archive.org/web/20071012223011/http://java.sun.com/sfaq/
- http://java.sun.com/javase/6/docs/technotes/guides/jweb/applet/applet_execution.html
Signed applets
User will be asked if they want to accept the applet
Signed applet may access files depending on security policy file ?java.policy?
Signed applets get access to everything - all or nothing approach.
JNLP (similar to webstart) allows finer grained control - this is a full installation of an application.
Restrictions
Don't apply if the applet is on the browsers class path
- may not read and write files
- may not load libraries on the client
- may not load or run native code/libraries
- not allowed to exec processes
- not allowed to exit the virtual machine
- are passed through the byte code verifier
- may not print
Policy Files
Control File
- $JAVA_HOME/jre/lib/security/
separate policy filesor each applet in ${java.home}lib/security/java.security file:
policy.url.3=<url>
Network access
Only allowed to connect to the machine the applet was loaded from
Name must match the name in the URL downloaded from
Access to files
Can not access files by default
System properties
Only allowed access to the following properties:
java.version Java version number java.vendor Java vendor-specific string java.vendor.url Java vendor URL java.class.version Java class version number os.name Operating system name os.arch Operating system architecture os.version Operating system version file.separator File separator (eg, "/") path.separator Path separator (eg, ":") line.separator Line separator
Persist data
Can use connection to server to persist information