0

This link (http://www.java.com/en/download/help/jcp_security.xml) describes the Java security settings for applets in the browser. For setting "high" it says":

This is the minimum recommended (and default) security level setting. Applications that are signed with a valid or expired certificate and include the Permissions attribute in the manifest for the main JAR file are allowed to run with security prompts. Applications are also allowed to run with security prompts when the revocation status of the certificate cannot be checked. All other applications are blocked.

We're trying to establish if the Permissions level of our applet has any impact here - it's not mentioned but it seems logical a sandbox-level applet could legitimately run with lower permissions. Can anyone categorically answer this?

Mr. Boy
  • 60,845
  • 93
  • 320
  • 589

1 Answers1

0

Security setting (high, medium,...) are not related with the applet permissions attribuite ( sandbox or all-permission). The applet permissions deals with what an applet can or can't do. For example to Write a file somewhere in the filesystem you need all-permissione. This is indipendent from java security setting. Security setting deals more with applet Identity, a self signed applet is blocked if security is high. Starting from java 7u51 the permisssion attribuite must be included not only in the jnlp file but also in the manifest. Otherwise if security is high the applet Will be blocked.

Simone
  • 247
  • 2
  • 10