Applet Security Suggestion

Wang, Jun-Hwa (Jun-Hwa.Wang@AIG.com)
Wed, 4 Aug 1999 15:01:10 -0400

From: "Wang, Jun-Hwa" <Jun-Hwa.Wang@AIG.com>
To: "'java-security@java.sun.com'" <java-security@java.sun.com>
Subject: Applet Security Suggestion
Date: Wed, 4 Aug 1999 15:01:10 -0400

------_=_NextPart_001_01BEDEAB.710938DA
Content-Type: text/plain
X-Sun-Content-Length: 1374

Dear sir,
I understand the Security is a very important issue in Java.
Especially Applet. But we really have a lot of trouble to deal with Java
Security Model. I know we can set security and permission through the
"policy file" on the Java2 Platform. What I am concern is Applet security.
Our users are Internet users. There is no way we can set up the policy file
on each users' computer or ask them to exchange and maintain the key (Using
signed Applet). And I understand we can setup a Application Server and
create CORBA object to work way around. But Can we have something easier.
Here is the suggestion:

Every time or the first time the users load the Applet. If there are
security issues in the Applet. It will pop-up a dialog box to show the
Applet requesting permissions for some specific security issues (network
access or file access). If users grant the permissions. Applet will gain the
access permission like it have a "policy file". Applet will need a function
to SetPermission. Java VM (Java Runtimes Environment) will control the
pop-up dialog box. So it must prompt users there are security permission
they need to make the decision. The idea comes from the way IE handle the
ActiveX Control. But we need to list the specific permissions the Applet
requesting and organize those permissions to more enduser-friendly.

Hope it make sense to you.

- Jun

------_=_NextPart_001_01BEDEAB.710938DA
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Sun-Content-Length: 2078

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
Applet Security Suggestion

Dear sir,
        I understand the Security is a very important issue in = Java. Especially Applet. But we really have a lot of trouble to deal = with Java Security Model. I know we can set security and permission = through the "policy file" on the Java2 Platform. What I am = concern is Applet security. Our users are Internet users. There is no = way we can set up the policy file on each users' computer or ask them = to exchange and maintain the key (Using signed Applet). And I = understand we can setup a Application Server and create CORBA object to = work way around. But Can we have something easier. Here is the = suggestion:

        Every time or the first time the users load the Applet. = If there are security issues in the Applet. It will pop-up a dialog box = to show the Applet requesting permissions for some specific security = issues (network access or file access). If users grant the permissions. = Applet will gain the access permission like it have a "policy = file". Applet will need a function to SetPermission. Java VM (Java = Runtimes Environment) will control the pop-up dialog box. So it must = prompt users there are security permission they need to make the = decision. The idea comes from the way IE handle the ActiveX Control. = But we need to list the specific permissions the Applet requesting and = organize those permissions to more enduser-friendly.

        Hope it make sense to you.

- Jun

------_=_NextPart_001_01BEDEAB.710938DA--