Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can you sign a Java applet but keep it in the sandbox (NOT give it full access to user's computer)?

Tags:

Thanks to Oracle's latest changes, it appears I have to sign an applet even though I don't need or want it to have unrestricted access to the user's computer (which is why its currently unsigned). In particular, I don't want the warning they show for signed applets:

This application will run with unrestricted access which may put your computer and personal information at risk.

...which will scare the people using it.

Is it possible to sign an applet but mark it in some way to say "but keep using the sandbox"?

The only reason I'm signing it is that as of Version 7, Update 40, Oracle has further increased the nagging users have to deal with when running unsigned applets. It used to be that you could check a box saying you trusted an applet once, and that would be remembered. As of Update 40, it's only remembered for that browser session; the warning reappears if you close the browser and come back later. They've also said they're going to disable unsigned applets entirely in "a future version" of the Java plug-in.

like image 416
Garret Harrison Avatar asked Sep 20 '13 10:09

Garret Harrison


People also ask

What is a sandbox applet?

Sandbox applets are run in a security sandbox that allows only a set of safe operations. Privileged applets can run outside the security sandbox and have extensive capabilities to access the client. Applets that are not signed are restricted to the security sandbox, and run only if the user accepts the applet.

Are Java applets secure?

One of the most important features of Java is its security model. It allows untrusted code, such as applets downloaded from arbitrary web sites, to be run in a restricted environment that prevents that code from doing anything malicious, like deleting files or sending fake email.


1 Answers

Yes, you can. This page shows how to do it (well, most of it; you also need this page). There are two main steps:

  1. Put the Permissions and Codebase attributes in your manifest file:

    Permissions: sandbox  Codebase: *.myserver.com

    These new attributes were introduced in Java 7 Update 25 and are discussed here. The first page linked above just shows Codebase: myserver.com, but most sites are going to want the wildcard above. (I don't know if the Codebase attribute is required for sandboxing the applet, but it seems like a good idea for most signed applets anyway.)

    Then use that manifest file when building your jar, like:

    jar cvfm YourJarFile.jar your_manifest_file.txt classes_and_such

    Those attributes will wind up in the MANIFEST.MF file in the jar, which tells the Java runtime to keep the applet sandboxed.

  2. In your <applet> tag, you have to specify the permissions param, as discussed here:

    <applet code='yourAppletClass' archive='YourJarFile.jar'>      <param name="permissions" value="sandbox">  </applet>

    Without this second step, a signed applet requesting sandboxed permissions in the jar but not the tag is prevented from being run with a dialog box titled "The Application Cannot Be Run" giving "Reason: JAR manifest requested to run in sandbox only."

If you do both steps above, the user gets a much more reassuring message (and presumably the applet remains sandboxed):

This application will run with limited access that is intended to protect your computer and personal information.

...and if they check the relevant checkbox trusting the publisher and location, they don't see it again when they next open their browser and run your applet.


(In the course of asking this question, I found the answer, but since the answer wasn't on Stack Overflow I thought I'd go ahead and post the question and answer.)

like image 88
Garret Harrison Avatar answered Nov 15 '22 22:11

Garret Harrison