Home > Archive > Java Security > July 2006 > Java.policy question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Java.policy question
|
|
| Jason Doyama 2006-06-26, 7:07 pm |
| Hello All
Regrettably I'm a programming beginner so this question may be somewhat
silly.
We are integrating some applets from various groups and have run into
an issue with one of them. The applet runs fine if the MS JVM is used
by default for applets. However if we use Java 1.4.2 as the default the
users receive a security error "Netscape security model is no longer
supported. Please migrate to the Java 2 security model instead"
Now basically we have no access to change the applet, so our options
are fairly limited.
One person suggested we implement this: change the .java.policy file to
read
grant {
permission java.security.AllPermission;
};
Now, while I'm not too familiar with the Java security model, my gut
tells me this is a very bad thing to do. Can anyone offer any
technical/seucrity risks for doing this? I'd like to talk a bit
intelligently about this before I say its a bad idea
Thanks
Jason
| |
| Surya Vellanki 2006-07-04, 4:02 am |
| Hi,
Its indeed a bad idea to change the .java.policy file to give any
applet(Not just the one created by you) all the permissions.
This will be very dangerous.
Instead grant all permissions only to your classes, like this:
grant codeBase "http://yoursite/application/class_or_jar_filename" {
permission java.security.AllPermission;
};
You can test it locally by providing appropriate path to your classes
in the codeBase value.
But the file change has to be done on all client machines who ever is
running your applet
Let me know if I did not answer your question
--
Satish
|
|
|
|
|