JDK 1.1.6 & Java Plugin Security

Marvin (marvin@worldport.com.ph)
Fri, 24 Jul 1998 14:57:28 -0000

From: Marvin <marvin@worldport.com.ph>
To: "'java-security@java.sun.com'" <java-security@java.sun.com>
Subject: JDK 1.1.6 & Java Plugin Security
Date: Fri, 24 Jul 1998 14:57:28 -0000

Hi,

In http://www.javasoft.com/products/plugin/1.1.1/docs/signed.html says:

"The Java Plug-in supports the use of standard JDK 1.1 signed applets.

If an applet is signed with a trusted cryptographic key (see Deploying
Signed Applets, below) then the applet will be allowed to run fully
trusted
and will be able to access a user's local disk files, open arbitrary
network
connections, call native methods, etc. "

I got JDK 1.1.6 and Java Plugin 1.1.1 installed in my Win NT 4.0. I use
Netscape 4.05.
I signed my applet and performs writing & deleting files from local
machine.
The writing to local machine work fine but deleting file is not. My code
looks like this:

File file = new File(path);
FileOutputStream o = new FileOutputStream(file);
o.write('x'); o.flush();
o.close();
file.delete();

This code produce similar output:

java.lang.SecurityException
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.RuntimeException.<init>(Compiled Code)
at java.lang.SecurityException.<init>(SecurityException.java:39)
at java.lang.SecurityManager.checkDelete(SecurityManager.java:495)
at java.io.File.delete(File.java:618)
at writerApplet.deleteFilesInDir(Compiled Code)
at writerApplet.main(writerApplet.java:61)
at writerApplet.init(writerApplet.java:9)
at sun.applet.AppletPanel.run(Compiled Code)
at java.lang.Thread.run(Compiled Code)

Is this a bug? Is this something like not fully out of the sandbox? How
can I make this code work, that is, writing & deleting of file to local
machine?

Thanks,
Marvin