In the preceding discussion, we
assumed that you want to load classes from
www.xyz.com and that you want those classes to
be trusted, so that they might have some special permission when they
execute on your machine. For example, the spellchecking class might
need to open up a local dictionary file to learn how to spellcheck
names and other data you customized for the spellchecker.
Do not, however, make the assumption that all classes that are authenticated are therefore to be trusted, or even that all trusted classes should necessarily have the same set of permissions. There’s nothing that prevents me from obtaining the necessary information and tools so that I can sign and encrypt all of my classes. When you download those classes, you know with certainty that the classes came from me—they carry my digital signature, and they’ve been fingerprinted to ensure that they haven’t been tampered with.
But that’s all the information that you
know about these classes. In particular, just because the classes
were authenticated does not mean that I didn’t put a virus into
them that’s going to erase all the files on your hard disk. And
just because you know that a particular Java applet came from me does
not mean that you can necessarily track me down when something goes
wrong. If you surf to my home page and run my authenticated applet,
then surf to
www.sun.com and run their
authenticated applet, then surf to
www.EvilSite.org and run their authenticated applet, ...