| Title: | JAVA |
| Moderator: | KOALA::CIOT |
| Created: | Mon Nov 13 1995 |
| Last Modified: | Wed Jun 04 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 236 |
| Total number of notes: | 1251 |
I was under the impression that most of the security features of Java
were part of 'the sandbox', and that the sandbox is only included with
VMs that are part of browsers, ie for applets, and that standalone
Java applications would not have many/any of those security features.
Can anyone confirm or correct that? Got a reference to some doc?
I havent found anything directly addressing this issue.
Many thanks,
- Jim
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 224.1 | sounds about right | TLE::JRICHARD | Fri Apr 25 1997 16:41 | 6 | |
You may want to check out the papers on the java web site. Also look at http://www.javasoft.com/forum/securityForum.html. and http://www.javasoft.com/sfaq/index.html. | |||||
| 224.2 | HOUBA::MEHERS | Damian, http://bigbird.geo.dec.com/ | Tue Apr 29 1997 11:45 | 20 | |
re .0
Alll "sensitive" operations ask a "security manager" object if
the operation can be performed. Netscape's Web Browser has a security
manager object installed which pretty much disallows anything.
By default, there is no security manager object installed, which means
that standalone applications can do anything, but it is trivial to
install your own security manager object.
Things get more interesting with JDK1.1 - Sun and Netscape have
diverged somewhat, but both have the idea of trusted classes that have
been cryptographically signed, to which the user may grant additional
priviliges - opening a small hole in the sandbox. The difference
between Netscape and Sun is that Netscape's model is more "fine
grained".
Cheers,
/Damian
| |||||