Below are the basic facts regarding applet security and Java Plug-in. More details can be found in the next chapter, Verification of RSA Signed Applets in Java Plug-in.
usePolicy
is not defined in the java.policy
file, then a signed applet has the
AllPermission permission only if Java Plug-in can
verify the signers, and the user agrees to granting the
AllPermission permission when prompted.usePolicy is defined, then a
signed applet has only the permissions defined in
java.policy and no prompting occurs.Moreover, note that Java Plug-in now handles certificate
management; i.e., the certificate verification task is no longer
passed on to the browser.
Signed applets on Windows Vista have less privileges compared to the applets running on other Windows operating systems such as Windows XP Home or Windows XP Professional. This is due to the fact that browser process has low level of integrity. Low level integrity implies lesser privileges than an Administrator. This causes the signed applet not to write and delete files in specific medium and high integrity level directories.
If you run a signed applet in Windows Vista, a dialog box with a security warning appears. Click Run, to allow the applet to run with all permissions except write or delete permissions for files on local drive.
Java applets using Java SE 5.0 Update 6 or earlier versions could specify the exact version of the JRE on which they can be run. This allowed Java applets to run with a JRE that might not have the latest security fixes.
Java SE 6 allows all the applets to be executed with the latest installed JRE version.This is a new enhancement that provides additional security.
