Security Checks on I/O
One of the original fears about downloading executable content like applets from the Internet was that a hostile applet could erase your hard disk or read your Quicken files. Nothing’s happened to change that since Java was introduced. This is why Java applets run under the control of a security manager that checks each operation an applet performs to prevent potentially hostile acts.
The security manager is particularly careful about I/O operations. For the most part, the checks are related to these questions:
Can an applet read a file?
Can an applet write a file?
Can an applet delete a file?
Can an applet determine whether a file exists?
Can an applet make a network connection to a particular host?
Can applet accept an incoming connection from a particular host?
The short answer to all these questions is “No, it cannot.” A slightly more elaborate answer would specify a few exceptions. Applets can make network connections to the host they came from; applets can read a few very specific files that contain information about the Java environment; and trusted applets may sometimes run without these restrictions. But for almost all practical purposes, the answer is almost always no.
Note
For more exotic situations, such as trusted applets, see Java Security by Scott Oaks, (O’Reilly & Associates, 1998). Trusted applets are useful on corporate networks, but you shouldn’t waste a lot of time laboring under the illusion that anyone on the Internet at large will trust ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access