just not getting it......ACL/local file read

Jim Sims (jim.sims@game.net)
Tue, 30 Sep 97 12:13:44 -0500

Message-Id: <199709301614.MAA25894@game.net>
To: "java-security@java.sun.com" <java-security@web2.javasoft.com>
Subject: just not getting it......ACL/local file read
Date: Tue, 30 Sep 97 12:13:44 -0500
From: Jim Sims <jim.sims@game.net>

-- [ From: Jim Sims * EMC.Ver #2.5.02 ] --

I'm just not getting it, I guess. (JDK 1.1.3 on Win 95, Apache and NCSA
server)

I';ve read and re-read the Security FAQ, the nutshell book description, the
java-security archives, etc and am still unable to let a network-loaded
applet read a local file.

here are the 2 test cases:

(1) compile applet, ftp class files to server, delete class files from
local disk, run appletviewer http://server/app.html

when I bring up a load dialog, i can see the local files, but get a
CheckRead exception when I try to read one

(2) same as above, but leave class files in local directory on local disk

works fine

I've tried adding a .hotjava/properties file in the directory the classes
load from (locally) in example 2, but it seems ignored, even after adding a
HOME environment var using set home=c:\dir1\dir2. By changing the
properties file located in the JDK installation directory, I added acl.read=
+ and acl.read.default=c:\\dir1\\dir2 - I can verify these properties are
being set using System.getProperties() in example 2, but example 1 gets a
security exception when I call System.getProperties(). And I still can't
read the local file.

I tried the example to read /etc/password from the SFAQ, and it fails, even
after i add a acl.read=/etc to the properties file in the JDK install
directory also.

Obviously I'm missing something fundamental here. please help!

jim
jim.sims@game.net 803-762-7131