• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

applet policy files

 
k doshi
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
for java2 we have policy files which have grant entries, which gives access to the protected resources.
where are the policy files placed (client side or server side), if it is on the client side , how do we place it on the client side.
 
Rufus BugleWeed
Ranch Hand
Posts: 1551
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The client is often a browser and IE and Mozilla
have their own security mechanisms.
If the client or server is a JVM, I believe the
policy file has a couple of ways to be loaded. You can find the details in the Java Tutorial.
 
Nicky Moelholm
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

hi,
for java2 we have policy files which have grant entries, which gives access to the protected resources.
where are the policy files placed (client side or server side), if it is on the client side , how do we place it on the client side.

Well to be accurate they can are on both the java server and the java client. I believe you refer to the use of java applets...there are two obivous solutions to the "trust" problem: 1) make the client use policy tool to grant your applet the priviledges you need. 2) Sign you applet and make the client trust it so it can gain application-level rights on the clients computer. The latter is the easier one - the client simply has to click the browser dialog.
 
k doshi
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thnks nicky for the reply
to make the client use policy tool to grant your applet the priviledges you need, we have to copy the policy file on the client computer, or he has to download it.
so he has to trust the site first, which appears like a security hole.
what do u feel
kiran
 
Sanjay Raghavan
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as I understood the issue, in the modified sandbox model (Java 2) both local and remote code can be subjected to a security mgr and policy files. i.e., there is no difference between the capabilities of local vs. remote code.
Now for client Java apps, the use of a security mgr is optional. Where as for Browser based clients, a security mgr is used by default (rendering remote code to all restrictions in Java 1.1). This default behavior may be changed by changing the permissions in the policy file.
The grant entries may either be for a remote host or for a specific alias (mapped in the keystore) or a combination of the two. So all signed applets would not be trusted by default. For example, if you're browsing through SUN's site, and there's an applet, obviously you do not want it to be able to read / write into your file system indiscriminately, just because it's signed.
To answer the question of how the policy file would be changed on the client, that sort of thing happens in Intranet environments, where the intended clients are under your control.
HTH.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic