Jacob said:
It is more a question of wether a layman is able to pick up
the .jar from the browser cache (or wherever it is put when
you access it) and execute it after the specific HTTP session
is closed?
Depends on the layman ;-)
I doubt if there are many people reading this newsgroup (if any) who couldn't
pull the applet out of the browser cache with ease, or who wouldn't know what
to do with it once they had done so. But that is not at all representative of
the general population.
I have absolutely no basis for quoting statistics, so I'll just invent a
number... I'd guess that fewer than 10%, probably fewer than 5%, of "ordinary"
users would have any idea how to pull an applet out of the cache (or otherwise
download it separately from the webpage), or any interest in doing so.
But that doesn't settle the question (or rather, it wouldn't even if I hadn't
just invented the numbers); since you may also need to consider whether that
minority of technically savvy users might copy your applet and make it
available to others who don't have the same skills themselves.
It occurs to me that one, moderately simple (but not totally reliable) way of
tying an applet to its intended host webpage would be to use the DOM API to
inspect the containing page, and see if it has the expected contents. There's
a simple example, and references to further documentation here:
http://www.javaworld.com/javaworld/jw-06-2005/jw-0627-plugin.html?page=3
I have never used this myself, so I don't know how many problems you'll
encounter. Google suggests that (a) Opera doesn't implement it at all, and (b)
the implementations in other browsers are incomplete. But, if you are writing
you applet for the Java plugin at all, it may give you some extra options.
-- chris