• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

applet policy files

 
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
for java2 we have policy files which have grant entries, which gives access to the protected resources.
where are the policy files placed (client side or server side), if it is on the client side , how do we place it on the client side.
 
Ranch Hand
Posts: 1551
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The client is often a browser and IE and Mozilla
have their own security mechanisms.
If the client or server is a JVM, I believe the
policy file has a couple of ways to be loaded. You can find the details in the Java Tutorial.
 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,


hi,
for java2 we have policy files which have grant entries, which gives access to the protected resources.
where are the policy files placed (client side or server side), if it is on the client side , how do we place it on the client side.


Well to be accurate they can are on both the java server and the java client. I believe you refer to the use of java applets...there are two obivous solutions to the "trust" problem: 1) make the client use policy tool to grant your applet the priviledges you need. 2) Sign you applet and make the client trust it so it can gain application-level rights on the clients computer. The latter is the easier one - the client simply has to click the browser dialog.
 
k doshi
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thnks nicky for the reply
to make the client use policy tool to grant your applet the priviledges you need, we have to copy the policy file on the client computer, or he has to download it.
so he has to trust the site first, which appears like a security hole.
what do u feel
kiran
 
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as I understood the issue, in the modified sandbox model (Java 2) both local and remote code can be subjected to a security mgr and policy files. i.e., there is no difference between the capabilities of local vs. remote code.
Now for client Java apps, the use of a security mgr is optional. Where as for Browser based clients, a security mgr is used by default (rendering remote code to all restrictions in Java 1.1). This default behavior may be changed by changing the permissions in the policy file.
The grant entries may either be for a remote host or for a specific alias (mapped in the keystore) or a combination of the two. So all signed applets would not be trusted by default. For example, if you're browsing through SUN's site, and there's an applet, obviously you do not want it to be able to read / write into your file system indiscriminately, just because it's signed.
To answer the question of how the policy file would be changed on the client, that sort of thing happens in Intranet environments, where the intended clients are under your control.
HTH.
 
    Bookmark Topic Watch Topic
  • New Topic