From: "R. Scott Wood" <scottwo@wrq.com>
To: <java-security@web2.javasoft.com>
Subject: Netscape Capabilities API
Date: Mon, 27 Oct 1997 13:07:06 -0800
Message-Id: <01bce31c$47d93d20$6264d796@kufstein.wrq.com>
Greetings,
How does Netscape's Capabilities API fit in with the security model
presented at JavaOne this year and documented in Java Security Architecture
(JDK 1.2)? It appears that in order for my applet to be granted privileges
in Netscape 4.03 (with 1.1. patches), I must insert Netscape-specific code
into my otherwise 100%-pure applet to read/write to/from an arbitrary host.
Obviously I am loath to introduce this type of code into my applet, but I
seem to have no alternative.
Is this the direction Javasoft is going with Permissions model? It is not
clear from the Architecture document that an applet writer would have to
insert specific calls to gain socket privileges. Will the Netscape APIs
morph into the JDK's APIs, or will I be stuck with if..then...else code
which tries to determine if it's Netscape, Microsoft or some other browser
based on the Vendor system property and then make the "right" calls to make
each and every browser happy?
Thanks for your time,
R. Scott Wood
WRQ
(206) 217-7267