A signed Applet is a trusted Applet. By default, and for security reasons, Java applets are contained within a “sandbox”. Refer to the diagram below:
This means that the applets can’t do anything, which might be construed as threatening to the user’s machine (e.g. reading, writing or deleting local files, putting up message windows, or querying various system parameters). Early browsers had no provisions for Java applets to reach outside of the sandbox. Recent browsers, however (Internet Explorer 4 on Windows etc), have provisions to give “trusted” applets the ability to work outside the sandbox. For this power to be granted to one of your applets, the applet’s code must be digitally signed with your unforgeable digital ID, and then the user must state that he trusts applets signed with your ID. The untrusted applet can request to have privileges outside the sand box but will have to request the user for privileges every time it executes. But with the trusted applet the user can choose to remember their answer to the request, which means they won’t be asked again.
No comments:
Post a Comment