Re: no signed applet

Marianne Mueller (Marianne.Mueller@Eng)
Tue, 30 Jun 1998 10:42:23 -0700 (PDT)

Date: Tue, 30 Jun 1998 10:42:23 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@Eng>
Subject: Re: no signed applet
To: java-security@java0.javasoft.com

[Resend due to alias problem]

> In a new security model, is the no signed applet inaccessible
> in a local resource?
>
>

An unsigned applet in the new security model is by default the same
as an unsigned applet in the old security model. However, the important
difference between 1.1 and 1.2 (one of the important differences) is that
the security policy is described in an external file in JDK 1.2. It is
not hardcoded into the security manager.

So, if you choose to allow unsigned applets to have access to local
resources, you can configure your policy file to do that. This will
affect your JDK or java installation only.

By default, unsigned applets cannot access local resources.
By configuration, you can selectively allow unsigned applets to have access.
You can choose which kinds of access you would grant. It is not
"all or nothing" as in JDK 1.1. In JDK 1.2, you can take advantage
of the fine-grain access control.

See http://java.sun.com/products/jdk/1.2/docs/guide/security/index.html
for more information about JDK 1.2 security.