0

I need to know whether an applet could use direct file access functionality, NOT via JNLP.

Is it possible for applet to access files via standard file classes:

  • java.nio.file.Files;
  • java.io.FileInputStream;

Is this possible for "Next Generation applet"?

Is this possible for pre "Next Generation applet"?

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
JRr
  • 1,552
  • 1
  • 19
  • 23
  • for those like me. here the link to know what a "Next Generation apple" is. http://www.oracle.com/technetwork/articles/javase/newapplets-142049.html or here a stack overflow question: http://stackoverflow.com/questions/10825212/what-is-the-next-generation-plugin-for-java – StefanHeimberg Sep 20 '15 at 18:11
  • First link do not contain anything for security. Second link tells some features are butchered in the new plugin and mentions "Applets were never very trusted", so it has nothing more specific for file operations... – JRr Sep 20 '15 at 19:38

1 Answers1

2

Yes. If it is a signed and privileged (the user allows it) applet.

What Applets Can and Cannot Do says (in part)

Applets are either sandbox applets or privileged applets. Sandbox applets are run in a security sandbox that allows only a set of safe operations. Privileged applets can run outside the security sandbox and have extensive capabilities to access the client.

Applets that are not signed are restricted to the security sandbox, and run only if the user accepts the applet. Applets that are signed by a certificate from a recognized certificate authority can either run only in the sandbox, or can request permission to run outside the sandbox. In either case, the user must accept the applet's security certificate, otherwise the applet is blocked from running.

Community
  • 1
  • 1
Elliott Frisch
  • 198,278
  • 20
  • 158
  • 249
  • It seems that priviled applets have the same security rights as java applications run on client-side. Is this correct? – JRr Sep 20 '15 at 19:27
  • Yes. But the user must click allow and it must be signed. – Elliott Frisch Sep 20 '15 at 20:40
  • *"It seems that priviled applets have the same security rights as java applications run on client-side"* No, not quite. Even a trusted applet cannot call `System,exit(..);` for example. But they can certainly use classes from `java.io` & `java.nio`. – Andrew Thompson Sep 21 '15 at 13:12