Click to See Complete Forum and Search --> : Security Restrictions in Applets
ksteo1
October 10th, 1999, 02:07 AM
Hi
I am trying to write a image processing applet which takes in a user defined file from his harddisk, does some processing on it and later writes it back onto his harddisk. However, due to the security restrictions of applets which I have read so much about, this seems like an impossible task. I've visited the Java Trail at Sun's website and it says there should be a workaround for applets restrictions. Does anyone have any idea how I should proceed or work around this problem?.. I'm under a tight deadline and will appreciate any form of help. +)
poochi
October 10th, 1999, 09:02 AM
You need to sign you java applet. Check this site..
http://www.experts-exchange.com/bin/BuyPAQ?qid=10207460
Here is the content ..
=============================================================================
How can I develop 100% portable applets using security frameworks?
Well, this is a little bit difficult since each commercial browser uses its own security architecture. Basically, your applet must know which browser is running and act in accordance.
There are several methods:
Getting properties.
Using Class.ForName() method with try and catch blocks.
Using dummies Capabilities classes (which can be downloaded from developer.netscape.com).
Using Java Activator plug-in: see JDK 1.1 Compatibility issues.
I'm getting a SecurityException when I run my applet in Netscape Communicator 4.0x, but it works fine with Appletviewer/IE. Why?
Please note that Netscape has its own security architecture which is different from Javasoft's and Microsoft's Java security architecture. Before trying to implement it, please refer to the documentation available at:
http://developer.netscape.com/docs/manuals/signedobj/capabilities/index.html
http://developer.netscape.com/docs/manuals/signedobj/capsapi.html
http://developer.netscape.com/docs/manuals/signedobj/javadoc/Package-netscape_security.html
http://developer.netscape.com/docs/manuals/signedobj/targets/index.htm
Is there any way to have a browser independent Java Security mechanism?
There are differences between Java security implementations by Netscape, Javasoft and Microsoft. If you want to get rid of the hassle of using different .jar files/certs for different browsers, you can use the Activator Plug-in from Javasoft with Javasoft's security model. This will not be a problem when Netscape comes out with Open Java APIs (OJI). Then VM vendors will have APIs available from Netscape to plug-in their VM into the browsers.
Code signing resources:
http://www.javasoft.com/products/jdk/1.1/docs/guide/security/index.html
http://java.sun.com/security/signExample/index.html
http://www.verisign.com/library/guide/developer/signing/index.html
http://www.suitable.com/Doc_CodeSigning.shtml
http://www.securingjava.com/appdx-c/
MS:
http://www.thawte.com/support/developer/ms.html
http://www.developer.com/journal/techworkshop/curr.html
http://www.verisign.com/library/guide/developer/authenticode/index.html
NN:
http://developer.netscape.com/docs/manuals/signedobj/targets/contents.htm
http://developer.netscape.com/support/faqs/objfaq.html
http://developer.netscape.com/docs/manuals/signedobj/javadoc/Package-netscape_security.html
===============================================================================================
Poochi
codeguru.com
Copyright Internet.com Inc., All Rights Reserved.