• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Applets vs. Security...is it worth it?

 
cardwell cupp
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am in the middle of maintaining/writing an applet. The applet connects to a database, a directory, and perhaps the local disk. I have read tons of documentation on applets, and through my experience I have found that making the connections and accessing the drive is not trivial. I am trying to find a better solution. But I have a couple of questions that, if answered, would help make me make a better decision.
1) if, through an applet, I instanciate a class that inherits from a jframe, do I still face the same security problems?
2) Is there an easy way of securing my applet?
3) Are there any suggestions on any solutions?
Thanks for the time.
Cardwell Cupp
 
Manfred Leonhardt
Ranch Hand
Posts: 1492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Cardwell,
An applet is restricted by the sandbox no matter what component it creates.
To play outside the sandbox you simply need to sign your applet and let the user choose to let you play with their disk. See the link: http://java.sun.com/docs/books/tutorial/jar/sign/index.html
Typically what my company does is to place the information you were thinking about placing onto the local disk into some database. That way, no local disk I/O is required and I am in total control of the information.
Regards,
Manfred.
 
Tim Holloway
Saloon Keeper
Posts: 18367
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Java encourages a 3-tier approach. This is actually good even though it make for more complex programming because it nudges you towards best practices for the management of data in an entrprise environment and minimizes the security risks.
I suspect that 9 out of 10 signed applets out there were done that way because people were trying to force things to work the "way we've always done it" when they should have taken the hint and tried to work WITH the architecture instead of fighting it.
Not that I didn't have to learn the hard way myself
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic