Re: security-model should be more like netscape's

Marianne Mueller (Marianne.Mueller@Eng)
Fri, 31 Jul 1998 11:21:59 -0700 (PDT)

Date: Fri, 31 Jul 1998 11:21:59 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: security-model should be more like netscape's
To: java-security@java.Sun.COM, dag.x.welinder@telia.se

Did you have an opportunity to look at the JDK 1.2 security model?

It offers fine grain access control based on the code's origin (URL) and
identity (signed by.)

See http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html

and the paper that describes it at
http://java.sun.com/security/usenix-jdk12security.ps

> Date: Wed, 29 Jul 1998 09:18:45 +0200
> From: Dag Welinder <dag.x.welinder@telia.se>
> MIME-Version: 1.0
> To: java-security@java.sun.com
> Subject: security-model should be more like netscape's
> Content-Transfer-Encoding: 7bit
>
> Hello!
>
> I'm developing an applet, which uses a database residing on the applet
> host. When I first started, I thought an applet could make
> database-connections to its host and still remain in the applet sandbox.
> I thought so even more, when it worked in Netscape Communicator 4.04
> with SmnartUpdate (java 1.1.4) I was a bit confused though, when the
> applet could even get database-access when I ran it locally, not on the
> host with the database. But it worked, so I was happy.
>
> Then, when I was pretty much ready with the applet, I tested it in IE
> 4.0, in Netscape with java plugin 1.1.1 and in the appletviewer. I got
> security exceptions and had no idea what to do. It didn't matter where
> the applet was loaded from. Someone on a newsgroup told me applets using
> JDBC-ODBC (mine does) need access to the local filesystem and thus it
> has to be signed. That's when I started to work with signing. I tried
> javakey and keytool. I liked keytool better (even if I never could get
> it working with applets signed with it), but since it seemed like people
> used javakey more, I stayed with it. I got it working somewhat.
>
> Later I tried netscape's Capabilities-classes and signing with their
> signtool. I liked that one more. it was more straightforward. And
> userfriendly! (It's getting closer to my point) Using javakey, the end
> user has to either (If I got the main parts right)
> 1 ) install JDK, download my certificate, install it using some obscure
> javakey option and then get going or
> 2) download the identitydb.obj-file containing my certificate, copy it
> to the right location (which depends) and then run the applet. The
> problem here must be if two departements of the same company both send
> an end-user their identitydb.obj-file.
>
> With Netscape's model, you, being the developer, import
> netscape.security.PrivilegeManager and use it. Then you can decide
> whether you want to sign the file (using netscape signtool) or not. If
> you don't sign it, the user gets informed about the risk and that the
> applet is not signed and can the decide whether he/she wants to run the
> applet or not. If it's signed, then a dialog tells the user so and again
> asks the user to grant the applet.
>
> Couldn't the java-plugin work the same way?
>
> Ok, that's it. Regards, Dag Welinder
>