UniveralConnect privilege

Russell Howden (russell.howden@dar.csiro.au)
Wed, 21 Oct 1998 12:47:18 +1000

Dear Security Guys

I have written a java applet called the weather wall at
http://www.dar.csiro.au

I am trying to download co-ordinate data (text) from the server that the
the html page and appplet were downloaded from
The idea is to draw a map

The code snippet goes like this
try {
PrivilegeManager.enablePrivilege("UniversalConnect");
PrivilegeManager.enablePrivilege("UniversalFileAccess");
PrivilegeManager.enablePrivilege("UniversalFileWrite");

is = new URL(getDocumentBase(), mapname).openStream();
m2d = new Map2D(is);
// this map obect creates a Stream Tokenizer Object to
download the code, and it has its own paint method
}
catch(SecurityException e){
this.showStatus("Caught Security Exception");
}
catch(Exception e){
mapname = null;
this.showStatus(e.toString());
}
I then create a Stream Tokenizer Object and download the co-ordinates.
The whole thing works fine with IE4 - no problems, and whats more with
MS Visual J++, I can even interactively debug the beast.

Not so with Netscape!!,

The browser status window keeps coming up with
Applet ppbay User didn't grant the Universal Connect privilege
after saying that it is loading the Java applet

Whats more, I can't get Visual J++ IDE to recognize Netscape to allow
the code to be debugged ( I guess thats no great surprise)

Interestingly when I add the following code to my preferences.js file in
the Netscape directory

user_pref("security.default_proxy_cert", "");
user_pref("security.lower_java_network_security_by_trusting_proxie",
true);
user_pref("security.warn_submit_insecure", false);
user_pref("signed.applets.codebase_principal_support", true);
user_pref("signed.applets.local_classes_have_30_powers", true);
user_pref("signed.applets.simulate_signatures_on_system_classes", true);
user_pref("signed.applets.verbose_security_exception", true);

everything just works fine. no problems whatsoever.

But I don't want everyone who connects to our server to edit the
preferences file with the above lines. Its a really frustrating me, as
it I can't get the Netscape browser to allow the Universal Connect
Privilege. and I don't have to do any of this mucking around with
IE4.0xx

I know my understanding of security issues is not in the expert
catagory, but this shouldn't be a complex issue to get around
Any ideas as what I do to get around this Universal Connect privilege
problem.

Thanks

-------------------------------------------------------
Russell Howden
Programmer
CSIRO Atmospheric Research
Station St
Aspendale Vic 3195
Australia
-------------------------------------------------------
Telephone: 61 3 9239 4677
Facsimile: 61 3 9239 4444
Email: russell.howden@dar.csiro.au
http://www.dar.csiro.au
-------------------------------------------------------