I'm trying to compile a complete list of all restrictions placed on unsigned Java applets (defined as things a normal Java application can do, but an unsigned Java applet cannot). This is the list I've compiled so far: An unsigned Java applet ... <ol> <li>Cannot access the local filesystem. <ul> <li>Cannot access the system clipboard.</li> <li>Cannot initiate a print job.</li> <li>Cannot connect to or retrieve resources from any third party server (any server other than the server the applet originated from).</li> <li>Cannot use multicast sockets.</li> <li>Cannot create or register a <code>SocketImplFactory</code>, <code>URLStreamHandlerFactory</code>, or <code>ContentHandlerFactory</code>.</li> <li>Cannot listen to incoming socket connections.</li> <li>Cannot listen for datagrams.</li> <li>Cannot access some of the system properties (java.class.path, java.home, user.dir, user.home, user.name).</li> <li>Cannot create or register a <code>SecurityManager</code> object.</li> <li>Cannot dynamically load native code libraries with the <code>load()</code> or <code>loadLibrary()</code> methods of <code>Runtime</code> or <code>System</code>.</li> <li>Cannot spawn new processes by calling any of the <code>Runtime.exec()</code> methods.</li> <li>Cannot create or access threads or thread groups outside of the thread group in which the untrusted code is running.</li> <li>Cannot define classes in <code>java.*</code>, <code>sun.*</code> and <code>netscape.*</code>.</li> <li>Cannot explicitly load classes from the <code>sun.*</code> package.</li> <li>Cannot exit the Java runtime by calling <code>System.exit()</code> or <code>Runtime.exit()</code>.</li> <li>Cannot access the system event queue.</li> <li>Cannot use the <code>java.lang.Class</code> reflection methods to obtain information about nonpublic members of a class, unless the class was loaded from the same host as the untrusted code.</li> <li>Cannot manipulate security identities in any way (java.security).</li> <li>Cannot set or read security properties (java.security).</li> <li>Cannot list, look up, insert, or remove security providers (java.security).</li> </ul> </li> </ol> Question: Are there any restrictions missing? If so, please clearly state what restriction you believe is missing from the list.

Also you cannot register an <code>UncaughtExceptionHandler</code>.

Restrictions on what an unsigned Java applet can do?

I'm trying to compile a complete list of all restrictions placed on unsigned Java applets (defined as things a normal Java application can do, but an unsigned Java applet cannot).

This is the list I've compiled so far:

An unsigned Java applet ...

Cannot access the local filesystem.
- Cannot access the system clipboard.
- Cannot initiate a print job.
- Cannot connect to or retrieve resources from any third party server (any server other than the server the applet originated from).
- Cannot use multicast sockets.
- Cannot create or register a SocketImplFactory, URLStreamHandlerFactory, or ContentHandlerFactory.
- Cannot listen to incoming socket connections.
- Cannot listen for datagrams.
- Cannot access some of the system properties (java.class.path, java.home, user.dir, user.home, user.name).
- Cannot create or register a SecurityManager object.
- Cannot dynamically load native code libraries with the load() or loadLibrary() methods of Runtime or System.
- Cannot spawn new processes by calling any of the Runtime.exec() methods.
- Cannot create or access threads or thread groups outside of the thread group in which the untrusted code is running.
- Cannot define classes in java.*, sun.* and netscape.*.
- Cannot explicitly load classes from the sun.* package.
- Cannot exit the Java runtime by calling System.exit() or Runtime.exit().
- Cannot access the system event queue.
- Cannot use the java.lang.Class reflection methods to obtain information about nonpublic members of a class, unless the class was loaded from the same host as the untrusted code.
- Cannot manipulate security identities in any way (java.security).
- Cannot set or read security properties (java.security).
- Cannot list, look up, insert, or remove security providers (java.security).

Question: Are there any restrictions missing? If so, please clearly state what restriction you believe is missing from the list.

What are the restrictions imposed on Java applets?

An applet cannot load libraries or define native methods. An applet cannot ordinarily read or write files on the execution host. An applet cannot read certain system properties. An applet cannot make network connections except to the host that it came from.

Why there are so many restrictions in applet programming?

Applets have many restrictions over the areas of security because they are obtained from remote machines and can harm client-side machines.

What are the security issues related to Java applets?

There is a security model for Java applets that has two rules: Applets may communicate only with the Web server from which they were downloaded. Applets may not have access to local resources, such as files, the clipboard and printer ports, on a workstation to which they are downloaded.

See this from Sun's tutorial: What Applets Can and Cannot Do.

Also you cannot register an UncaughtExceptionHandler.

Restrictions on what an unsigned Java applet can do?

Tags:

java

security

jvm

applet

knorv

People also ask

2 Answers

Jesper

fury

Recent Activity

Donate For Us

Restrictions on what an unsigned Java applet can do?

Tags:

java

security

jvm

applet

knorv

People also ask

2 Answers

Jesper

fury

Related questions

Recent Activity

Donate For Us