Date: Thu, 6 Feb 1997 21:49:51 -0800
From: mrm@doppio (Marianne Mueller)
Message-Id: <199702070549.VAA17905@puffin.eng.sun.com>
To: massaro@llnl.gov
Subject: Re: Signed applets
Unfortunately we don't have as much documentation as we'd like,
but there are some general docs at
There isn't any particular interaction between a downloaded applet
and the server it comes from, apart from the fact that the Java
platform allows the applet to make any connection it likes back
to that server. The Java system neither creates nor prevents
such a connection. It's up to the applet and the server it came
from to work out a handshake that makes sense for the applet.
The constraint on a signed applet is really set up on the client
side (where the browser is running), not on the server side.
If the identity database on the client side is set up so that
it accepts applets from certain identities, then applets signed
by those identities are allowed full access. that's the situation
in JDK 1.1. In followon releases we plan to have support for
finer grain access control, so that you can limit the access
granted to a signed and downloaded applet (and not have to grant
it full access.)
An example is at http://java.sun.com/security/signExample/
(apologies, right now the example is broken on the PC,
I'll fix that ASAP)
Marianne
p.s. hypermail of this Q&A is at
http://jeeves.javasoft.com:8080/hypermail/java-security-html/