From: Charlie Lai <charlie@angeles.eng.sun.com>
Message-Id: <199908302113.OAA00823@angeles.eng.sun.com>
Subject: Re: Applets and the File System
To: hblank@pxlmagic.com
Date: Mon, 30 Aug 1999 14:13:33 -0800 (PDT)
In-Reply-To: <000801bef318$964f0bc0$0efa010a@pxlmagic.com> from "Harold" at Aug 30, 99 01:50:53 pm
> Hello. I recently sent a letter to Sun regarding a requested feature =
> which would allow me to pop up a dialog box and let the user browse his =
> file system, select an image file and then display the image in the =
> applet. Because of the tight security, this was looking rather hopeless =
> and I feared I would have to use ActiveX controls only. Then I received =
> a reply from Sun which mentioned signed applets and policy files. So I =
> read information on signed applets and policy files. In the end, I am =
> right back where I started...activeX. So, either I misread things or =
> the signed applets require the user to create a policy file (like a user =
> will know how to do that). With ActiveX, the user simply clicks an OK =
> button which allows the activeX control access to resources it would not =
> normally have. Can Java security not come up with a similar method? =
> One which does not require the intervention of a mostly ignorant user =
> base? Or am I ignorant in that Java does have such a feature?
in JDK 1.2.2:
http://developer.java.sun.com/developer/earlyAccess/j2sdk122/index.html
we have added the following new features to the Plug-in, which
will allow you to grant all permissions to an applet whose
signature has been verified and authenticated, without you having to
set up any policy/keystore files:
If your applet is signed, and the permissions granted to it
do not include the "usePolicy" RuntimePermission (note that
this permission is not granted by default),
we will verify the entire applet certificate chain.
Verification will go all the way up to the Root CA of the chain
and check if that Root CA is contained in
your browser's (native) database of trusted Root CAs.
If so, the user will be prompted if they want to grant the special
"AllPermission" (which implies every other single permission)
to the applet. If the user clicks "OK", then "AllPermission" is granted
and everything will just work (security is essentially bypassed
from that point onwards).
thanks,
charlie