Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
776 views
in Technique[技术] by (71.8m points)

security - Restrictions on what an unsigned Java applet can do?

I'm trying to compile a complete list of all restrictions placed on unsigned Java applets (defined as things a normal Java application can do, but an unsigned Java applet cannot).

This is the list I've compiled so far:

An unsigned Java applet ...

  1. Cannot access the local filesystem.
    • Cannot access the system clipboard.
    • Cannot initiate a print job.
    • Cannot connect to or retrieve resources from any third party server (any server other than the server the applet originated from).
    • Cannot use multicast sockets.
    • Cannot create or register a SocketImplFactory, URLStreamHandlerFactory, or ContentHandlerFactory.
    • Cannot listen to incoming socket connections.
    • Cannot listen for datagrams.
    • Cannot access some of the system properties (java.class.path, java.home, user.dir, user.home, user.name).
    • Cannot create or register a SecurityManager object.
    • Cannot dynamically load native code libraries with the load() or loadLibrary() methods of Runtime or System.
    • Cannot spawn new processes by calling any of the Runtime.exec() methods.
    • Cannot create or access threads or thread groups outside of the thread group in which the untrusted code is running.
    • Cannot define classes in java.*, sun.* and netscape.*.
    • Cannot explicitly load classes from the sun.* package.
    • Cannot exit the Java runtime by calling System.exit() or Runtime.exit().
    • Cannot access the system event queue.
    • Cannot use the java.lang.Class reflection methods to obtain information about nonpublic members of a class, unless the class was loaded from the same host as the untrusted code.
    • Cannot manipulate security identities in any way (java.security).
    • Cannot set or read security properties (java.security).
    • Cannot list, look up, insert, or remove security providers (java.security).

Question: Are there any restrictions missing? If so, please clearly state what restriction you believe is missing from the list.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

See this from Sun's tutorial: What Applets Can and Cannot Do.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...