https://luminoussheep.net/mediawiki/index.php?action=history&feed=atom&title=Applet_SecurityApplet Security - Revision history2026-04-16T19:03:54ZRevision history for this page on the wikiMediaWiki 1.43.8https://luminoussheep.net/mediawiki/index.php?title=Applet_Security&diff=72&oldid=prevMartin: Created page with "References: * http://web.archive.org/web/20071012223011/http://java.sun.com/sfaq/ * http://java.sun.com/javase/6/docs/technotes/guides/jweb/applet/applet_execution.html ==Sig..."2021-09-14T21:35:09Z<p>Created page with "References: * http://web.archive.org/web/20071012223011/http://java.sun.com/sfaq/ * http://java.sun.com/javase/6/docs/technotes/guides/jweb/applet/applet_execution.html ==Sig..."</p>
<p><b>New page</b></p><div>References:<br />
* http://web.archive.org/web/20071012223011/http://java.sun.com/sfaq/<br />
* http://java.sun.com/javase/6/docs/technotes/guides/jweb/applet/applet_execution.html<br />
<br />
==Signed applets==<br />
User will be asked if they want to accept the applet<br />
<br />
Signed applet may access files depending on security policy file<br />
?java.policy?<br />
<br />
Signed applets get access to everything - all or nothing approach.<br />
<br />
JNLP (similar to webstart) allows finer grained control - this is a full installation of an application.<br />
<br />
=Restrictions=<br />
Don't apply if the applet is on the browsers class path<br />
<br />
* may not read and write files<br />
* may not load libraries on the client<br />
* may not load or run native code/libraries<br />
* not allowed to exec processes<br />
* not allowed to exit the virtual machine<br />
* are passed through the byte code verifier <br />
* may not print<br />
<br />
==Policy Files==<br />
'''Control File'''<br />
* $JAVA_HOME/jre/lib/security/<br />
separate policy filesor each applet in ${java.home}lib/security/java.security file:<br />
policy.url.3=<url><br />
<br />
<br />
==Network access ==<br />
Only allowed to connect to the machine the applet was loaded from<br />
<br />
Name must match the name in the URL downloaded from<br />
<br />
==Access to files==<br />
Can not access files by default<br />
<br />
== System properties==<br />
Only allowed access to the following properties:<br />
java.version Java version number<br />
java.vendor Java vendor-specific string<br />
java.vendor.url Java vendor URL<br />
java.class.version Java class version number<br />
os.name Operating system name<br />
os.arch Operating system architecture<br />
os.version Operating system version<br />
file.separator File separator (eg, "/")<br />
path.separator Path separator (eg, ":")<br />
line.separator Line separator <br />
<br />
==Persist data==<br />
Can use connection to server to persist information</div>Martin