This page contains notes about JavaTM applet and JavaScriptTM security that are of particular interest to Java applet and JavaScript developers. Look here for information about:
This has no effect on users who download your applet unless they also use the javakey utility to mark the certificate as trusted.
For information about using javakey, see the Javakey page for Solaris or for Windows.
For information about how an applet's codebase relates to its scope, see Inter-Applet Communication in HotJava Browser.
See the Security Preferences Help page in HotJava Browser for information on how to set each of the security levels. The information on that Help page duplicates some of the information provided below, but this document provides additional technical information.
Note: For simplicity, the remainder of this document refers only to security for Java applets. The same information applies to security for JavaScript.
The following table provides information about allowed applet behavior at each security level. The Unprotected security level is only available on the Special Cases Security Preferences panel.
Note that in addition to the tangible protections described below, the Java language and HotJava Browser work together to enforce other constraints on Java applets to make them run in a safe fashion. For example, applets are not permitted to send messages to windows that cause them to be closed (except windows the applet has created on its own).
Security Restriction Level | ||||
Blocked | Restricted | Ask First | Unprotected | |
Read Files | No | No1 | Warn1 | Yes |
Write Files | No | No | Warn | Yes |
Delete Files | No | No | Warn | Yes |
Access HotJava Browser Properties | No | Limited2 | Warn | Yes |
Manipulate Threads | No | Limited3 | Limited3 | Limited3 |
Exit HotJava Browser | No | No | No | No |
Start Local Applications | No | No | Warn | Warn |
Link to Local Libraries or DLLs | No | No | No | Yes |
Listen on Network Port | No | Limited4 | Warn | Yes |
Accept Network Connection | No | Limited5 | Warn7 | Yes |
Connect to Another Computer | No | Limited6 | Warn7 | Yes |
Create Windows | No | Yes8 | Yes8 | Yes |
Access Clipboard | No | No | No | Yes |
Access Print Queue | No | No | No | Yes |
Access AWT Event Queue | No | No | No | Yes |
Permissions listed as "Warn" have the following behavior:
Each time an applet attempts one of the listed actions, (for example, read a file), HotJava Browser checks its list of granted permissions. If the specific permission has previously been granted, it is allowed. Otherwise, the user chooses through a dialog box to either allow this specific action (read the specified file), allow all similar actions (read any file), or block the action (deny reading this file this time).Footnotes:
1: Applets with Ask First or Restricted security that are loaded using the file protocol have read access (without warning) to files in the directory from which they were loaded.
2: Individual properties can be exposed to Restricted security applets by creating another property with a name in the form of propertyname.applet=true. For example, to allow applets access to the user.name property, add an additional property user.name.applet=true. See HotJava Browser Property Files for information about editing your personal or admin properties file. The default standard set of properties that applets have access to are java.version, java.vendor, java.vendor.url, java.class.version, os.name, os.version, os.arch, file.separator, path.separator, and line.separator.
3: Applets with Unprotected, Ask First, or Restricted security may manipulate their own thread priorities.
4: Applets with Restricted security may listen on ports 1024 and higher.
5: Applets with Restricted security may accept connections from their originating site, but no others.
6: Applets with Restricted security may connect to their originating site, but no others.
7: User is warned and can deny permission when an applet attempts any network access except when connecting to the applet's original site.
8: Windows created by applets with Restricted or Ask First security will show a warning banner.
Additional Restrictions and Permissions:
Avoiding Deadlocks in Ask First Mode:
Applet developers need to be aware of a condition that can cause deadlocks.
When applets are run in the Ask First security mode, security checks initiated from the AWT event queue thread will cause a deadlock. Deadlocks will occur because the event queue is no longer serviced during the dialog interaction. Therefore, avoid potentially security-restricted actions when running in the context of the AWT event queue thread, unless you can ensure the applet is not able to run in the Ask First mode.
Copyright © Sun Microsystems, Inc.