Re: AppletSecurity.class

Marianne Mueller (mrm@eng.sun.com)
Tue, 18 Feb 1997 13:40:52 -0800

Date: Tue, 18 Feb 1997 13:40:52 -0800
Message-Id: <199702182140.NAA09746@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: bryan.weingarten@CyberSafe.COM
Subject: Re: AppletSecurity.class

I don't think Netscape supports this so they may not have
documentation or advice on how to do it.

I did forward your request to some folks at Netscape, so perhaps they
will contact you directly.

You might try contacting Netscape's support line directly.

As for replacing the security manager in the browser: we don't really
encourage this, either. Not because you might not create and
implement a fantastic security manager, but, because it becomes harder
and harder for endusers to evaluate the trust worthiness of a
Java-enabled browser. The model to date is that there is one security
manager per Java-enabled application, and it defines and implements
the single security policy. This is pretty rigid and inflexible, we
understand that, but that is the situation right now.

We recognize that you (and lots of folks) need more flexible and
configurable security policies and we are working hard in that
direction.

One thing you could try is to experiment with signed Java applets.
Get a copy of JDK 1.1 final version (should be available later today)
and follow the steps in http://java.sun.com/security/signExample.html.
If that approach appeals to you, lobby the browser vendors to support
the open, documented Java digital signatures in their browsers. (such
support is forthcoming, but we don't have any announced release dates,
and I think the user community can help, by letting the browser
companies know that they are waiting for this support to be integrated
into the browser.)

Marianne