I'm not a Java programmer, but I'm trying to solve some application
compatibility issues with locked down security settings on Windows.

My question:  How do different Java-delivery tools invoke client-side Java
in their HTML?  Is the <APPLET> tag the way they usually go, or do they use
another mechanism?  E.g., invoking it as an ActiveX via <OBJECT>?  Through
some kind of scripted invocation?  Some other tag?  One specific:  what does
Oracle Application Server / Oracle Forms do?

The reason for the question is that in locked down configurations on
Windows, the Internet Explorer setting for "Java Permissions" (settable via
Group Policy) is set to "Disable Java", which comes into play only when the
<APPLET> tag is used.  So in app-compat testing, I've seen the "Java
Permissions" setting completely block some Java apps from even loading,
while in other cases they do run.  I'm trying to gain insight into the
specific causes that would cause one result or the other.

Follow-on question:  The Internet Explorer "Java Permissions" setting can be
set to "Disable Java", "High safety", "Medium safety", or "Low safety".  Do
any versions of Java other than the now-extinct Microsoft JVM look at those
settings at all?  That is, if the "High safety" setting is chosen, does it
actually restrict what Java applets can actually do?  Or do all the Java
implementations out there have their own authorization mechanism that
doesn't look at the Windows/IE setting?

Thanks.

(And my apologies if I cross-posted too broadly -- I don't know which
newsgroups provide the best responses.)

-- Aaron