Re: sandboxing in 1.2
schemers@Eng
Thu, 19 Nov 1998 10:50:50 -0800 (PST)
Andrew Wason writes:
> Should I write a java.policy file that grants my application
> AllPermissions and invoke the VM with -Djava.security.policy=<path to my
> policy file> ? The problem is I would have to dynamically generate the
> policy file because my applications codebase will be different depending
> on where the user installed me. I guess I could invoke the VM with
> -Dsoftcom.codebase=<my codebase> and then use $(softcom.codebase)
> property expansion in my policy file.
That would be the best way. Basically:
grant codebase "file:${softcom.codebase}/-" {
permission java.security.AllPermission;
};
It would of course be best if you didn't have to grant your
application AllPermission, and you could get away with only
granting it the permissions it needs.
> What is the best way to handle this? What does the HotJava browser do
> to sandbox applets in 1.2?
HotJava hasn't been rewritten to handle the new 1.2 model yet.
roland