A Trojan horse is any program that has an overt function and a covert function.
As a typical example, imagine a program that plays Solitaire, while secretly
emailing interesting files to the program's creator. This attack works
because a program usually inherits its access rights from the invoking user
based on the way the SecurityManager
is set up.
Though the security wall prevents rogue applets, interapplet security is
weak. Since applets can persist after the Web browser leaves the page which
contains them, it becomes important to separate applets from each other.
Otherwise, a hostile applet can sabotage a third party's applet. If an applet
gains access to the top level ThreadGroup
, it can enumerate every thread and
use the stop()
or setPriority()
methods to make them look slow and buggy. Most browsers implement this by
putting applets from different sources and applets in different frames in
separate ThreadGroups
. Applets can communicate across frames
using static classes and within a page by the getAppletContext()
methods.
Copyright © 1996 Virginia Polytechnic Institute & State University
All Rights Reserved
Vijay Sureshkumar
<vijay@csgrad.cs.vt.edu>
Last modified: Sun Oct 20 21:52:09 1996