Q4: with standard browser policy for applets what file i/o can be achieved under which conditions? with i/o i mean reading/writing/deleting/... files/directories. with conditions i mean something like: "reading is always possible IF the applet is self-signed OR CA signed AND the applet has been accepted by the user" (i dont know if this is correct ^^)
Q5: if i run a CA applet does the user have to accept it too like a self signed applet? if yes why do i need a certified authority? how do i get CA signature? do i have to provide the source code which will be signed or only checksums
The standard policy forbids any use of the java.io package. If it is signed, everything is possible, regardless of who created the certificate. Signing is an all-or-nothing approach. If you want the restrictions to be somewhere in the middle you'll need to use a custom security policy.
does ca signing only validate that an existing person spent money to get a signature?
which also means that the user is asked to accept the applet independent of self signed or ca signed?
what is the real advantage of a ca signature if the way to get it is simply sending money to a company which returns the signature i can use?
i tought trust means that i can trust the code of the applet!?