|
One aspect of Java security is language restrictions designed not to let a Java applet or application access memory on the machine outside of its own space.
|
Applets have additional restrictions:
-
they can never run a local executable program;
-
they cannot communicate with any host other than the server from which they were downloaded (the originating host);
-
they cannot read or write to the local computer's file system, except through the browser mechanism;
-
they cannot find out information about the local computer (see table on next slide for details).
|
As of summer 1997 no known applets have seriously broken security to steal client information or trash the local disk. Exceptions:
-
applets have been written to use up arbitrary amounts of client cpu.
-
applets with native code can trash the local disk. So far, native code is disallowed on publicly released browsers.
|
