Re: security violation

Lily Cheng (lilyc@stic.net)
Tue, 05 May 1998 10:32:23 -0500

Date: Tue, 05 May 1998 10:32:23 -0500
From: Lily Cheng <lilyc@stic.net>
To: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: security violation

Dear Marianne,

Thanks for your answer to my question. But the security problem is about the
client side as I know from book. Is there any problem when I read files on
server side?

Hope to hear from you soon!

Sincerely,
Lily Cheng
lilyc@stic.net
Tel: 210-6272516

Marianne Mueller wrote:

> Netscape doesn't pay attention to the ~/.hotjava/properties file, where
> you set up the acl.read and acl.write.
>
> Only appletviewer and HotJava pay attention to that file.
>
> For more info see
> http://java.sun.com/sfaq/
> http://java.sun.com/security
> http://java.sun.com/security/signExample
> http://java.sun.com/security/usingJavakey.html
>
> In general, I don't think untrusted applets are allowed to read and write
> files in Netscape's browsers. They added some special hooks to allow
> programmers to program this capability into their code. Those hooks
> are non-standard (they'll only work on Netscape) - more info on
> Netscape-specific hooks, see
> http://developer.netscape.com/software/signedobj/index.html