Home > Archive > Java Security > February 2005 > java.policy question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
java.policy question
|
|
| Neil Cherry 2005-01-14, 4:01 pm |
| First let me say that I've used Google and come up with numerous
answers (too numerous!). I'm really looking for pointers more than the
direct answers as direct answer will most likely leave me with more
questions. I'm currently running Sun Java 1.5.0 and the initial work is
on Firefox 1.0. Later I'll work on IE.
I'm working on an applet which will eventually sit on a device where
it will be served from. But for now I need to run the applet from
another machine and, of course, it gets a security violation. To get
around this I search the web and found that I can change the local
..java.policy file for the user (that works well). It's currently set
to:
grant codeBase "http://host.uucp/device.jar" {
permission java.security.AllPermission;
};
How can I set it so I can limit it to connecting to that host and
only port 80? What permission do I need explicitly permit?
Then the obvious question is for Java 1.5 how sign or setup my applet
so it can be used anywhere to get to one or more servers?
My apologies for keeping the questions simplistic but Applets and
security tend to get to be confusing. Especially when IE & Mozilla are
involved.
Thanks
--
Linux Home Automation Neil Cherry ncherry@comcast.net
http://home.comcast.net/~ncherry/ (Text only)
http://hcs.sourceforge.net/ (HCS II)
http://linuxha.blogspot.com/ My HA Blog
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Neil Cherry wrote:
[snip]
> grant codeBase "http://host.uucp/device.jar" {
> permission java.security.AllPermission;
> };
>
> How can I set it so I can limit it to connecting to that host and
> only port 80? What permission do I need explicitly permit?
[snip]
How about :
grant codeBase "http://host.uucp/device.jar" {
permission java.net.SocketPermission "host.uucp:80", "connect";
};
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCBolugxSrXuMbw1YRAjDeAJ0dVZs+860k
2zyXwEeFpwgjIqBjxACeLYEt
sxen5p0ulB1QQmO5w+aV5rE=
=6MNh
-----END PGP SIGNATURE-----
| |
| Neil Cherry 2005-02-07, 4:05 pm |
| On Sun, 06 Feb 2005 21:17:29 GMT, Chris wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Neil Cherry wrote:
>
> [snip]
> [snip]
>
> How about :
>
> grant codeBase "http://host.uucp/device.jar" {
> permission java.net.SocketPermission "host.uucp:80", "connect";
> };
Thanks, that looks better.
--
Linux Home Automation Neil Cherry ncherry@comcast.net
http://home.comcast.net/~ncherry/ (Text only)
http://hcs.sourceforge.net/ (HCS II)
http://linuxha.blogspot.com/ My HA Blog
|
|
|
|
|