Security feauture, hole or bug ?(JDK1.2)

Wei-Ching Su (suwc@iii.org.tw)
Mon, 25 Jan 1999 17:16:43 +0800

Now I write a Signing Agent which is pre-installed class on client,
and can sign the message requested from some applet.
So the Signing Agent should be able to access the Key File
on the local side and it must grant the access right to un-trusted
applet as it access the file.

But now I find all method in the actionPerformed or indirect called
method can access the file without any granted code.

I cannot find any description about this. And, I don't know why the
actionPerformed must violate the Access Control Mechanisms.
Is it the necessary security feauture, hole or bug ?

Wei-Ching Su
Institute for Information Industry