Date: Mon, 28 Jul 1997 10:34:18 -0700
Message-Id: <199707281734.KAA10966@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: ukgan@euler.mcs.utulsa.edu
Subject: Re: How can I allow applet a partial access to clients computer?
> Date: Mon, 28 Jul 1997 10:28:24 -0500 (CDT)
> From: Utpal Ganguly <ukgan@euler.mcs.utulsa.edu>
>
> Thanks for your prompt response.
>
> I am still not sure about a few things and would greatly appreciate your
> views.
Unfortunately this is not a typical technical support hotline,l but a
channel into the Java security team. I apologize that I won't be able
to take much time to provide you with the technical support that might
be appropriate for your situation.
Your best bet might be to experiment with the Java Web Server, and, I
hope that the digital signature interoperability situation will
improve soon.
>
> On Sun, 27 Jul 1997, Marianne Mueller wrote:
>
> >
> > If you install the applet on the client's machine in a directory on
> > the client's CLASSPATH, then the applet has full access.
> >
> Currently, I am not installing my applet on clients machine per se. The
> applet is part of the web page and activates as soon as the user
> downloads the web page. The client program is running as part of the applet.
> In other words, the applet requests for opening a socket to start
> communicating with the server (java server which is resident in the same
> machine as the http server) at a predecided port number.
>
> Is there a way I can install the applet in a directory on the client's
> CLASSPATH . My understanding is the popular vendors, i.e., Netscape and
> Microsoft's browser implements the sandbox philosophy and will not allow
> the applet to write/install anything on clients disk.
You are in a tight spot - yes, as you point out, the typical way that
applets are used is that they are downloaded in web pages, not
installed on the client side.
There is no way around this. This is the point of the sandbox,
actually, to protect clients from potentially harmful actions of
downloaded applets.
>
> > As for signed applets, the catch is that other than HotJava, the
> > Java-enabled browsers have yet to include support for Java digital
> > signatures.
>
> That was my understanding too.
> >
> > Microsoft supports a different file format in its Authenticode signing
> > system, than the standard JDK Java digital signature format that was
> > introduced in JDK 1.1. Let the browser vendors hear from you, if you
> > want to use the open Java format. The Java digital signature file
> > format and all details on how the signing is accomplished is 100%
> > public.
> >
> > Starting with the next major JDK release (public beta due out this
> > autumn) you will be able to specify partial access for signed applets.
> > Again, the usability of this with browsers will depend on whether or
> > not the browser vendors incorporate support for this functionality in
> > their browser, so do let the browser vendors hear from you, if you
> > like the Java security architecture, and our approach for allowing
> > limited forays outside the sandbox to trusted applets.
> >
> You bet.
>
> > You might want to download a copy of the Java Web Server
> > (http://jserv.javasoft.com) and look at an example of using
> > servlets+applets. You might also make headway by using signed
> > applets with HotJava (http://java.sun.com/products/HotJava.) HotJava
> > does support partial access for signed applets.
> >
> I will definitely try this.
>
>
> > Marianne
> >
> >
> >
> >
>