Date: Sun, 12 Oct 1997 15:15:13 -0400
From: gjost@ca.newbridge.com (George Jost)
Message-Id: <199710121915.PAA09331@tweety.newbridge>
To: java-security@web2.javasoft.com, java-intl@web2.javasoft.com,
Subject: A standards requirement proposal. (Relevant to JAVA subset which works on WWW browsers.)
This proposal could possibly generate the requirements for two new JAVA classes which all JAVA complient browsers will support)
1) Controlled File creation access. (Browser configured directory which contains files which can be accessed by any applet. The total amount of disk space allocated to this open directory is also configured by the client browser. It should be impossible to make hidden files using this scheme. An intelligent browser should allow a user to protect certain files before running an applet. A backup facility would also be a nice feature.
2) Controlled udp socket communication between clients.
The aim here is to prevent spoofing/impostor attacks by specifying that the is a special "applet datagram" protocol. A datagram is further encoded by the JAVA object to have a special header specifying the appet name, client which is running the applet, and the site from which the applet was loaded. Any message received by the applet which does not have this format will not be accessible by the appelet.