Basic HTML version of Foils prepared Sept 21 1998

Foil 43 Security Concerns for Applets (Untrusted Code)

From Java Tutorial 98- 4: Multi-Treading, Useful Java Classes, I/O and Networking NAVO Tutorial -- Sept 23 1998. by Geoffrey C. Fox, Nancy McCracken
One aspect of Java security is language restrictions designed not to let a Java applet or application access memory on the machine outside of its own space.
Applets have additional restrictions:
  • they can never run a local executable program;
  • they cannot communicate with any host other than the server from which they were downloaded (the originating host);
  • they cannot read or write to the local computer's file system, except through the browser mechanism;
  • they cannot find out information about the local computer (see table on next slide for details).
As of summer 1997 no known applets have seriously broken security to steal client information or trash the local disk. Exceptions:
  • applets have been written to use up arbitrary amounts of client cpu.
  • applets with native code can trash the local disk. So far, native code is disallowed on publicly released browsers.

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Sat Nov 28 1998