Applet security

Marie Ricketts (Marie.G.Ricketts@Dartmouth.EDU)
Wed, 10 Jun 1998 11:03:59 -0400

Date: Wed, 10 Jun 1998 11:03:59 -0400
From: Marie Ricketts <Marie.G.Ricketts@Dartmouth.EDU>
To: java-security@web1.javasoft.com
Subject: Applet security

Hi,

The page: http://java.sun.com/security/signExample/ states that signing
and verification is suppprted in HotJava and appletviewer.

I can get the example applet to work in appletviewer both using the

appletviewer
http://java.sun.com/security/signExample/signedWriteFile.html and by
making and signing the jar file myself.

I can't get either case to work in HotJava. The
Hotjava/UsersGuide/dev_security.html states that "If you mark a
certificate as "trusted" using the JDK's javakey utility, applets
running on your machine that are signed with that certificate are
treated by your system as if they are trusted local application code.
These applets will not be subject to any security manager controls you
set in the HotJava Browser. "

I interpret that I should not set any applet security in HotJava.

Could you point me to more references on Applet Security. I think that
I've read everything on http://java.sun.com wrt to it.

Thanks,

Marie Ricketts