For all three browsers, we’ll use the same applet, called Renegade. Renegade isn’t really dangerous, but it does try to find out your name, using System.getProperty(""). This action is not allowed in the applet sandbox, to protect the privacy of the user. In Renegade, we enclose this call in a try block in case a SecurityException is thrown. Save the source code for this class in

import java.applet.*;
import java.awt.*;

public class Renegade extends Applet {
  private String mMessage;

  public void init() {
    try {
      mMessage = "Your name is " + System.getProperty("") + ".";
    catch (SecurityException e) {
      mMessage = "Can't get your name, due to a SecurityException.";

  public void paint(Graphics g) {
    g.drawString("Renegade", 25, 25);
    g.drawString(mMessage, 25, 50);

The HTML page that contains this applet, Renegade.html, is as follows:

  <applet code = Renegade width = 300 height = 200></applet>

If you point your browser at this applet, the call to System.getProperty() fails, just as we expected. Figure 8.1 shows this applet in Navigator 4.01.

The unsigned Renegade applet can’t get out of the sandbox
Figure 8-1. The unsigned Renegade applet can’t get out of the sandbox

Get Java Cryptography now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.