• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Applet security - is signing all you need?

 
Jay Schrock
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Reading through the Java 2 network security pages the examples show that after you sign your jar file you need to create a java.policy file to address the particular security functions (like print to a printer, or write to a local file). I have however tested that the applet can indeed write to a file if all I do is sign the jar. I have not created a java.policy file and also deleted any existing java.policy file on my computer. I've run this locally and on a web server. I thought (and read) that signing a jar file that gives all permissions to the applet was something only in JRE 1.1. This seems to work with JRE 1.4 unless I'm missing something. Is signing the jar for JAVA 2 1.4 all I need as my examples indicate or do I have gremlins in my computer?
[ May 28, 2003: Message edited by: Jay Schrock ]
 
Nicholas Turner
Ranch Hand
Posts: 126
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well actually it depends on the level of security set up by the administrator. For instance on win2k networks if the admin sets controls and applets to signed safe only then you need cant even to view the applet unless you have policy files and the admin installed signed certificates .
Hope that helps
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic