 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / October 2007Distributing java.policy with Applet.jar
Hello, How people usually distribute java.policy file when user is first time loading signed applet with browser? I tried to embed it into applet jar but that didn't work. What is nicest way to distribute policy file to user's browser? Cheers! ... > How people usually distribute java.policy file when user is first time > loading signed applet with browser? You would be the first I ever heard of. > I tried to embed it into applet jar Why? That would not work. >..but that didn't work. > > What is nicest way to distribute policy file to user's browser? Nicest? Don't *touch* my PC's policy files! What is it you are trying to offer to me (your pretend end-user) that requires delivery of policy files? Andrew T. "Andrew Thompson" <andrewthommo@gmail.com> wrote in message Don't write to this group if you have nothing to say, spammer! This kind of problem really exists. Applet is distributed to user's workstation and it is connected to serversoftware. Applet must write to directory of the user's pc if user wants to store his Applet's/applications settings. Do you think that Installation instructions should contain a own page "edit java.policy with notepad" or "copy policy file from CD" sections? If you thing yes, I think you should change are where you are working. Signed applets and policy files are the only way how applet can write/read to disk. You can find hundreds of artcles about signing applet and using policy files using Google but distributing them is different, that's why the question. But maybe your are freshman is your local college and you *know everything* ? > ... >> How people usually distribute java.policy file when user is first time [quoted text clipped - 17 lines] > > Andrew T. > Don't write to this group if you have nothing to say, spammer! Is everyone at Helsinki Television (government funded, right?) as stupid as you are? As Andrew wrote, you do not mess with a user's policy file. He wrote it in simple, short sentences. If you don't get this, then please refrain from programming. By the way: it's easy to create fake email id to yahoo, isn't it? >> Don't write to this group if you have nothing to say, spammer! > [quoted text clipped - 4 lines] > it in simple, short sentences. If you don't get this, then please > refrain from programming. > Is everyone at Helsinki Television (government funded, right?) as > stupid as you are? It's operator not goverment funded like you have in East Germany :) It is also free of goverment's inside police department like Stasi. But I thing we understand us more now. Happy Halloween! > But I thing we understand us more now. Yes, I understand that you are even to stupid to come up with the traditional Nazi insult. I further understand that your history knowledge is 17 years behind reality in general and sufficiently lacking in detail. >"Andrew Thompson" <andrewthommo@gmail.com> wrote in message (trimmed odd assertion***) (Security - applet) >This kind of problem really exists. Of course it does. I am quite familiar with trusted applets, as well as many of the problems with them. Some of those problems can be fixed by not using an applet within a browser, but instead launching it using Java web start* (JWS) and using services of the JNLP API, which can operate within a sandbox. Things like.. >..Applet is distributed to user's >workstation >and it is connected to serversoftware. Applet must write to directory of the >user's >pc if user wants to store his Applet's/applications settings. ..storing application preferences. The JNLP API provides the PersistenceService** for that. >Do you think that Installation instructions should contain a own page >"edit java.policy with notepad" or "copy policy file from CD" sections? No and no. It should be unnecessary for either the end-user *or* the developer to ever mess with policy files. I have any number of JWS based apps. that successfully 'break out' of the tight sandbox which JWS applies (a very similar sandbox to the browser/applet sandbox). I have also dealt with full-trust applets in the past, and kept up on the later developments in security in relation to signed applets. The latest problem is with trusted applets (and JWS apps.) launched on Vista *using* *IE*. ... >Signed applets and policy files are the only way how applet can write/read >to >disk. No they aren't. A signed applet, so long as the user accepts the signed code, can do pretty much whatever it wants short of calling System.exit(int). That is of course, short of breaking out of the default directories that the Vista/IE combo. mentioned above, imposes on even fully trusted applets. >..You can find hundreds of artcles about signing applet >and using policy files using Google but distributing them is different, >that's why the question. I agree there is a lot of information using policy files with applets. It is bad information. Try this search instead.. <http://www.google.com/search?q=applet+signed> Distribution is as simple as ..deploying an unsigned, untrusted applet, because excepting that the unsigned applet might be not in a jar (one less attribute in the <APPLET> element), it is identical. >But maybe your are freshman is your local college and you *know everything* >? I sure don't know everything. But what if I *were* a freshman in the local college, would you not want me to answer? * demo applet/JWS <http://www.physci.org/jws/#jtest> ** demo+e.g. PS <http://www.physci.org/jws/#ps> *** Oh, but both of those demos are coming from my own site, so I suppose if you wanted to accuse me of spamming *now*..  SignatureAndrew Thompson http://www.athompson.info/andrew/ >Don't write to this group if you have nothing to say, spammer! Andrew gave you the correct answer. If you did find a way to do it, there would be hell to pay. You might even get sued for opening a company's security to other threats inadvertently by replacing their policy file. The answer is DON'T DO IT. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >How people usually distribute java.policy file when user is first time >loading signed applet with browser? You don't. The only person who fiddles with that is the system administrator. Imagine him to be a Russian bureaucrat of the cold war era. He won't change it unless you blackmail him. You need a real certificate, and let the people who work there beg and bribe to get him to open the security to let your code run. You can't go changing that file. It represents the security policy of the corporation. You are not the only program in the universe they are concerned about. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.