Date: Tue, 21 Apr 1998 17:29:34 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: Implementing multilple sandboxes
To: java-security@web1.javasoft.com, strangie@fox.uq.net.au
In JDK 1.1.x, you can have some applets be trusted and some remain untrusted.
The trusted applets have complete access, not fine-grained.
An applet is regarded as trusted if either (or both) of these is true:
* it's installed in a directory on the CLASSPATH (installed locally)
* it's signed by a signer marked as "trusted" in the identity
database
There's no clean way in JDK 1.1.x to associate different policies with
different classes. You can divide applets into those two groups,
trusted and untrusted, and it's all or nothing (either the applet is
confined to the sandbox or it has full access.)
In JDK 1.2, you can describe security policies for any classes, not just
applets, and you can express fine-grained access control.
For info on 1.1.x signing, see http://java.sun.com/security/signExample
and http://java.sun.com/security/usingJavakey.html
For info on 1.2 security, see
http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
Marianne