Distributing java.policy with Applet.jar

Discussion in 'Java' started by Willy Stevens, Oct 4, 2007.

  1. Hello,

    How people usually distribute java.policy file when user is first time
    loading signed applet with browser?

    I tried to embed it into applet jar but that didn't work.

    What is nicest way to distribute policy file to user's browser?

    Cheers!
    Willy Stevens, Oct 4, 2007
    #1
    1. Advertising

  2. On Oct 5, 6:39 am, "Willy Stevens" <> wrote:
    ....
    > How people usually distribute java.policy file when user is first time
    > loading signed applet with browser?


    You would be the first I ever heard of.

    > I tried to embed it into applet jar


    Why? That would not work.

    >..but that didn't work.
    >
    > What is nicest way to distribute policy file to user's browser?


    Nicest? Don't *touch* my PC's policy files!

    What is it you are trying to offer to
    me (your pretend end-user) that requires
    delivery of policy files?

    Andrew T.
    Andrew Thompson, Oct 5, 2007
    #2
    1. Advertising

  3. "Andrew Thompson" <> wrote in message

    Don't write to this group if you have nothing to say, spammer!

    This kind of problem really exists. Applet is distributed to user's
    workstation
    and it is connected to serversoftware. Applet must write to directory of the
    user's
    pc if user wants to store his Applet's/applications settings.

    Do you think that Installation instructions should contain a own page
    "edit java.policy with notepad" or "copy policy file from CD" sections?
    If you thing yes, I think you should change are where you are working.

    Signed applets and policy files are the only way how applet can write/read
    to
    disk. You can find hundreds of artcles about signing applet
    and using policy files using Google but distributing them is different,
    that's why the question.

    But maybe your are freshman is your local college and you *know everything*
    ?



    "Andrew Thompson" <> wrote in message
    news:...
    > On Oct 5, 6:39 am, "Willy Stevens" <> wrote:
    > ...
    >> How people usually distribute java.policy file when user is first time
    >> loading signed applet with browser?

    >
    > You would be the first I ever heard of.
    >
    >> I tried to embed it into applet jar

    >
    > Why? That would not work.
    >
    >>..but that didn't work.
    >>
    >> What is nicest way to distribute policy file to user's browser?

    >
    > Nicest? Don't *touch* my PC's policy files!
    >
    > What is it you are trying to offer to
    > me (your pretend end-user) that requires
    > delivery of policy files?
    >
    > Andrew T.
    >
    Willy Stevens, Oct 6, 2007
    #3
  4. On Oct 6, 8:40 am, "Willy Stevens" <> wrote:
    > Don't write to this group if you have nothing to say, spammer!


    Is everyone at Helsinki Television (government funded, right?) as
    stupid as you are?

    As Andrew wrote, you do not mess with a user's policy file. He wrote
    it in simple, short sentences. If you don't get this, then please
    refrain from programming.
    Hunter Gratzner, Oct 6, 2007
    #4
  5. Willy Stevens wrote:
    >"Andrew Thompson" <> wrote in message


    (trimmed odd assertion***)

    (Security - applet)
    >This kind of problem really exists.


    Of course it does. I am quite familiar with trusted applets,
    as well as many of the problems with them. Some of those
    problems can be fixed by not using an applet within a
    browser, but instead launching it using Java web start*
    (JWS) and using services of the JNLP API, which
    can operate within a sandbox. Things like..

    >..Applet is distributed to user's
    >workstation
    >and it is connected to serversoftware. Applet must write to directory of the
    >user's
    >pc if user wants to store his Applet's/applications settings.


    ..storing application preferences. The JNLP API
    provides the PersistenceService** for that.

    >Do you think that Installation instructions should contain a own page
    >"edit java.policy with notepad" or "copy policy file from CD" sections?


    No and no. It should be unnecessary for either the
    end-user *or* the developer to ever mess with policy
    files. I have any number of JWS based apps. that
    successfully 'break out' of the tight sandbox which
    JWS applies (a very similar sandbox to the
    browser/applet sandbox).

    I have also dealt with full-trust applets in the past,
    and kept up on the later developments in security in
    relation to signed applets. The latest problem is with
    trusted applets (and JWS apps.) launched on Vista
    *using* *IE*.
    ...
    >Signed applets and policy files are the only way how applet can write/read
    >to
    >disk.


    No they aren't. A signed applet, so long as the user
    accepts the signed code, can do pretty much whatever
    it wants short of calling System.exit(int). That is of
    course, short of breaking out of the default directories
    that the Vista/IE combo. mentioned above, imposes on
    even fully trusted applets.

    >..You can find hundreds of artcles about signing applet
    >and using policy files using Google but distributing them is different,
    >that's why the question.


    I agree there is a lot of information using policy
    files with applets. It is bad information. Try this
    search instead..
    <http://www.google.com/search?q=applet+signed>

    Distribution is as simple as ..deploying an unsigned,
    untrusted applet, because excepting that the unsigned
    applet might be not in a jar (one less attribute in the
    <APPLET> element), it is identical.

    >But maybe your are freshman is your local college and you *know everything*
    >?


    I sure don't know everything. But what if I *were* a
    freshman in the local college, would you not want
    me to answer?

    * demo applet/JWS <http://www.physci.org/jws/#jtest>
    ** demo+e.g. PS <http://www.physci.org/jws/#ps>

    *** Oh, but both of those demos are coming from my
    own site, so I suppose if you wanted to accuse me
    of spamming *now*..

    --
    Andrew Thompson
    http://www.athompson.info/andrew/

    Message posted via JavaKB.com
    http://www.javakb.com/Uwe/Forums.aspx/java-general/200710/1
    Andrew Thompson, Oct 6, 2007
    #5
  6. "Hunter Gratzner" <> wrote in message
    news:...
    > Is everyone at Helsinki Television (government funded, right?) as
    > stupid as you are?


    It's operator not goverment funded like you have in East Germany :)
    It is also free of goverment's inside police department like Stasi.
    But I thing we understand us more now.
    Happy Halloween!
    Willy Stevens, Oct 6, 2007
    #6
  7. By the way: it's easy to create fake email id to yahoo, isn't it?

    "Hunter Gratzner" <> wrote in message
    news:...
    > On Oct 6, 8:40 am, "Willy Stevens" <> wrote:
    >> Don't write to this group if you have nothing to say, spammer!

    >
    > Is everyone at Helsinki Television (government funded, right?) as
    > stupid as you are?
    >
    > As Andrew wrote, you do not mess with a user's policy file. He wrote
    > it in simple, short sentences. If you don't get this, then please
    > refrain from programming.
    >
    Willy Stevens, Oct 6, 2007
    #7
  8. Willy Stevens

    Roedy Green Guest

    On Thu, 4 Oct 2007 23:39:44 +0300, "Willy Stevens" <>
    wrote, quoted or indirectly quoted someone who said :

    >
    >How people usually distribute java.policy file when user is first time
    >loading signed applet with browser?


    You don't. The only person who fiddles with that is the system
    administrator. Imagine him to be a Russian bureaucrat of the cold war
    era. He won't change it unless you blackmail him.

    You need a real certificate, and let the people who work there beg and
    bribe to get him to open the security to let your code run.

    You can't go changing that file. It represents the security policy of
    the corporation. You are not the only program in the universe they are
    concerned about.
    --
    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Oct 6, 2007
    #8
  9. Willy Stevens

    Roedy Green Guest

    On Sat, 6 Oct 2007 09:40:18 +0300, "Willy Stevens" <>
    wrote, quoted or indirectly quoted someone who said :

    >Don't write to this group if you have nothing to say, spammer!


    Andrew gave you the correct answer. If you did find a way to do it,
    there would be hell to pay. You might even get sued for opening a
    company's security to other threats inadvertently by replacing their
    policy file.

    The answer is DON'T DO IT.
    --
    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Oct 6, 2007
    #9
  10. On Oct 6, 11:26 am, "Willy Stevens" <> wrote:
    > But I thing we understand us more now.


    Yes, I understand that you are even to stupid to come up with the
    traditional Nazi insult. I further understand that your history
    knowledge is 17 years behind reality in general and sufficiently
    lacking in detail.
    Hunter Gratzner, Oct 6, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Arnold Peters
    Replies:
    0
    Views:
    551
    Arnold Peters
    Jan 5, 2005
  2. muttley
    Replies:
    0
    Views:
    2,687
    muttley
    Oct 20, 2005
  3. cyberco
    Replies:
    4
    Views:
    3,722
    Roedy Green
    Feb 14, 2006
  4. Arnold Peters
    Replies:
    0
    Views:
    637
    Arnold Peters
    Jan 5, 2005
  5. Krist
    Replies:
    3
    Views:
    1,528
    Andrew Thompson
    May 15, 2010
Loading...

Share This Page