0

I am developing an applet and wonder what are the exact security reasons why 'plugin.jar' is not accessible like the rest of the Java libraries and why JSObject also is disabled for security reasons.

The only statement I can find, is that it is disabled for security reasons but I can't find any further information.

http://docs.oracle.com/javase/7/docs/technotes/guides/plugin/developer_guide/java_js.html

Hope someone here knows some details.

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
enRGi
  • 71
  • 2

1 Answers1

0

My take on it is that as soon as another language is involved that is not immediately subject to the Java security sand-box, the JVM effectively cannot be held responsible for the total effect of applet/other thing and notes that is therefore insecure.

See the other side of the effect with the AccessController do privileged methods. They add trust back into an applet method that might be called by a 3rd party.

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
  • Yes, seems to be reasonable. Nevertheless unfortunate that there is no official statement – enRGi Apr 16 '13 at 06:34