Date: Tue, 11 Feb 1997 18:52:08 -0800
Message-Id: <199702120252.SAA24184@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: R.H.Janes@ctc.cummins.com
Subject: Re: Documentation Request
This is a good question and you're right, it needs to be documented
better. We are working on docs.
You might also reference the Q&A that is archived on
http://java.sun.com/hypermail/java-security-html/ since I think
this question has come up. I know it's hard to find specific
info in the archive ...
> What I would like to see is a basic discussion of the most common
> scenario surrounding Java 1.1 security: How can I get my applet to be
> trusted and be able to access the users operating system files.
In JDK 1.1, we supply a miniature browser called the appletviewer.
This is a browser that only understands one HTML tag, the <applet>
tag.
If you load a signed JAR file into the JDK 1.1 appletviewer, and
these two things are true
1) your identity database holds the certificate for the person
who signed the JAR file -- in our jargon, this is the "identity"
2) that identity is marked as trusted in your identity
database
then the applet will be allowed to run as though it were part of your
trusted local system. It will be allowed full access to the
underlying system.
So, if you want your applet to be trusted on someone else's system,
you need to:
1. Generate a key pair for yourself. (Safeguard your
private key.) Give your certificate to people who
will download your code, and have them import it
into their identity database.
2. Use your private key to sign the JAR file, and
distribute that. Refer to
http://java.sun.com/security/usingJavakey.html
3. Caution: Note that for now, the other people will
only be able to view your applet with the JDK 1.1
appletviewer ... see the note below about browsers ...
Refer also to the signing example at
http://java.sun.com/security/signExample.html
About the big browsers:
I don't know when the big browser vendors will announce support for
Java digital signatures, or what sort of GUI support they will have,
to let you configure this. JDK 1.1 delivers the basic technology to
the application vendors and to the OS vendors, and they take it from
there. You can view the appletviewer as an example of how it could
work.
In the next release of the JDK, we plan to support finer-grain access
control on trusted applets, so that a signed applet might be allowed
access to /tmp/foo, but not to any other file. (for example.)
Marianne