Date: Tue, 03 Aug 1999 08:28:49 +0100
From: Andrew Cooke <andrew@intertrader.com>
To: java-security@java.sun.com
Subject: Unsigned Applet loading local class files
Hi,
I did some experiments with signed and unsigned applets some time ago,
and it now seems that my company may want to use applets in a product.
However, looking back through my notes and your FAQ there seems to be
one difference.
According to my notes an *unsigned* applet is able to load class files
from the local classpath and, via those classes, change local files (ie
the local classes contained the code to change the local files, but were
invoked by the applet). The line from my notes is:
- An unsigned applet loaded via http can load a local class that
requests permission to access local files etc. The user is prompted
but the certificate is blank.
Is this still possible (at the time I was using Netscape 4.5 - we will
probably be using one of the plug-ins, but I'm not sure whether we will
go with Java 1 or 2)?
Thanks,
Andrew Cooke