Re: Netscape Capabilities API

Li Gong (gong@games.eng.sun.com)
Mon, 27 Oct 1997 14:28:36 -0800

Date: Mon, 27 Oct 1997 14:28:36 -0800
Message-Id: <199710272228.OAA06237@games.eng.sun.com>
From: Li Gong <gong@games.eng.sun.com>
To: "R. Scott Wood" <scottwo@wrq.com>
Subject: Re: Netscape Capabilities API
In-Reply-To: R. Scott Wood's mail of Mon, 27 October, 1997

In our model, you do not have to write any special code -- and old
code runs under a new security policy if you set the policy. Maybe
Netscape 5.x will support this model.

Li

R. Scott Wood writes:
> Greetings,
>
> How does Netscape's Capabilities API fit in with the security model
> presented at JavaOne this year and documented in Java Security Architecture
> (JDK 1.2)? It appears that in order for my applet to be granted privileges
> in Netscape 4.03 (with 1.1. patches), I must insert Netscape-specific code
> into my otherwise 100%-pure applet to read/write to/from an arbitrary host.
> Obviously I am loath to introduce this type of code into my applet, but I
> seem to have no alternative.
>
> Is this the direction Javasoft is going with Permissions model? It is not
> clear from the Architecture document that an applet writer would have to
> insert specific calls to gain socket privileges. Will the Netscape APIs
> morph into the JDK's APIs, or will I be stuck with if..then...else code
> which tries to determine if it's Netscape, Microsoft or some other browser
> based on the Vendor system property and then make the "right" calls to make
> each and every browser happy?
>
> Thanks for your time,
>
> R. Scott Wood
> WRQ
> (206) 217-7267
>
>