Java applet is run inside a web browser. But an applet is restricted in some areas, until it has been deemed trustworthy by the end user. The security restriction is provided for protecting the user by malicious code, like copy important information from the hard disk or deleting the files. Generally, applets are loaded from the Internet and they are prevented from: the writing and reading the files on client side. Some security issues to applet are following :
* Applets are loaded over the internet and they are prevented to make open network connection to any computer, except for the host, which provided the .class file. Because the html page come from the host or the host specified codebase parameter in the applet tag, with codebase taking precedence.
* They are also prevented from starting other programs on the client. That means any applet, which you visited, cannot start any rogue process on you computer. In UNIX, applets cannot start any exec or fork processes. Applets are not allowed to invoke any program to list the contents of your file system that means it cant invoke System.exit() function to terminate you web browser. And they are not allowed to manipulate the threads outside the applets own thread group.
* Applets are loaded over the net. A web browser uses only one class loader that’s established at start up. Then the system class loader can not be overloaded, overridden, extended, replaced. Applet is not allowed to create the reference of their own class loader.
* They cant load the libraries or define the native method calls. But if it can define native method calls then that would give the applet direct access to underlying computer.
Saturday, January 3, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment