Read somewhere that a
java program(say Try.java) can be run like :
java -Djava.security.manager -Djava.security.policy=someURL Try
Question : can the URL be some http url as well (i.e on the network) ?
Ok, I can code and find out by myself, but the real question is this:
If the answer to the above question is yes, then doesn't that mean that an
applet can have
any permissions granted in the policy file specified in that url
and have unlimited permissions and can thus be used for malicious purposes?How does java prevent that from happening ?