Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Distributing java.policy with Applet.jar

Reply
Thread Tools

Distributing java.policy with Applet.jar

 
 
Willy Stevens
Guest
Posts: n/a
 
      10-04-2007
Hello,

How people usually distribute java.policy file when user is first time
loading signed applet with browser?

I tried to embed it into applet jar but that didn't work.

What is nicest way to distribute policy file to user's browser?

Cheers!


 
Reply With Quote
 
 
 
 
Andrew Thompson
Guest
Posts: n/a
 
      10-05-2007
On Oct 5, 6:39 am, "Willy Stevens" <(E-Mail Removed)> wrote:
....
> How people usually distribute java.policy file when user is first time
> loading signed applet with browser?


You would be the first I ever heard of.

> I tried to embed it into applet jar


Why? That would not work.

>..but that didn't work.
>
> What is nicest way to distribute policy file to user's browser?


Nicest? Don't *touch* my PC's policy files!

What is it you are trying to offer to
me (your pretend end-user) that requires
delivery of policy files?

Andrew T.

 
Reply With Quote
 
 
 
 
Willy Stevens
Guest
Posts: n/a
 
      10-06-2007
"Andrew Thompson" <(E-Mail Removed)> wrote in message

Don't write to this group if you have nothing to say, spammer!

This kind of problem really exists. Applet is distributed to user's
workstation
and it is connected to serversoftware. Applet must write to directory of the
user's
pc if user wants to store his Applet's/applications settings.

Do you think that Installation instructions should contain a own page
"edit java.policy with notepad" or "copy policy file from CD" sections?
If you thing yes, I think you should change are where you are working.

Signed applets and policy files are the only way how applet can write/read
to
disk. You can find hundreds of artcles about signing applet
and using policy files using Google but distributing them is different,
that's why the question.

But maybe your are freshman is your local college and you *know everything*
?



"Andrew Thompson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> On Oct 5, 6:39 am, "Willy Stevens" <(E-Mail Removed)> wrote:
> ...
>> How people usually distribute java.policy file when user is first time
>> loading signed applet with browser?

>
> You would be the first I ever heard of.
>
>> I tried to embed it into applet jar

>
> Why? That would not work.
>
>>..but that didn't work.
>>
>> What is nicest way to distribute policy file to user's browser?

>
> Nicest? Don't *touch* my PC's policy files!
>
> What is it you are trying to offer to
> me (your pretend end-user) that requires
> delivery of policy files?
>
> Andrew T.
>



 
Reply With Quote
 
Hunter Gratzner
Guest
Posts: n/a
 
      10-06-2007
On Oct 6, 8:40 am, "Willy Stevens" <(E-Mail Removed)> wrote:
> Don't write to this group if you have nothing to say, spammer!


Is everyone at Helsinki Television (government funded, right?) as
stupid as you are?

As Andrew wrote, you do not mess with a user's policy file. He wrote
it in simple, short sentences. If you don't get this, then please
refrain from programming.

 
Reply With Quote
 
Andrew Thompson
Guest
Posts: n/a
 
      10-06-2007
Willy Stevens wrote:
>"Andrew Thompson" <(E-Mail Removed)> wrote in message


(trimmed odd assertion***)

(Security - applet)
>This kind of problem really exists.


Of course it does. I am quite familiar with trusted applets,
as well as many of the problems with them. Some of those
problems can be fixed by not using an applet within a
browser, but instead launching it using Java web start*
(JWS) and using services of the JNLP API, which
can operate within a sandbox. Things like..

>..Applet is distributed to user's
>workstation
>and it is connected to serversoftware. Applet must write to directory of the
>user's
>pc if user wants to store his Applet's/applications settings.


..storing application preferences. The JNLP API
provides the PersistenceService** for that.

>Do you think that Installation instructions should contain a own page
>"edit java.policy with notepad" or "copy policy file from CD" sections?


No and no. It should be unnecessary for either the
end-user *or* the developer to ever mess with policy
files. I have any number of JWS based apps. that
successfully 'break out' of the tight sandbox which
JWS applies (a very similar sandbox to the
browser/applet sandbox).

I have also dealt with full-trust applets in the past,
and kept up on the later developments in security in
relation to signed applets. The latest problem is with
trusted applets (and JWS apps.) launched on Vista
*using* *IE*.
...
>Signed applets and policy files are the only way how applet can write/read
>to
>disk.


No they aren't. A signed applet, so long as the user
accepts the signed code, can do pretty much whatever
it wants short of calling System.exit(int). That is of
course, short of breaking out of the default directories
that the Vista/IE combo. mentioned above, imposes on
even fully trusted applets.

>..You can find hundreds of artcles about signing applet
>and using policy files using Google but distributing them is different,
>that's why the question.


I agree there is a lot of information using policy
files with applets. It is bad information. Try this
search instead..
<http://www.google.com/search?q=applet+signed>

Distribution is as simple as ..deploying an unsigned,
untrusted applet, because excepting that the unsigned
applet might be not in a jar (one less attribute in the
<APPLET> element), it is identical.

>But maybe your are freshman is your local college and you *know everything*
>?


I sure don't know everything. But what if I *were* a
freshman in the local college, would you not want
me to answer?

* demo applet/JWS <http://www.physci.org/jws/#jtest>
** demo+e.g. PS <http://www.physci.org/jws/#ps>

*** Oh, but both of those demos are coming from my
own site, so I suppose if you wanted to accuse me
of spamming *now*..

--
Andrew Thompson
http://www.athompson.info/andrew/

Message posted via JavaKB.com
http://www.javakb.com/Uwe/Forums.asp...neral/200710/1

 
Reply With Quote
 
Willy Stevens
Guest
Posts: n/a
 
      10-06-2007
"Hunter Gratzner" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> Is everyone at Helsinki Television (government funded, right?) as
> stupid as you are?


It's operator not goverment funded like you have in East Germany
It is also free of goverment's inside police department like Stasi.
But I thing we understand us more now.
Happy Halloween!




 
Reply With Quote
 
Willy Stevens
Guest
Posts: n/a
 
      10-06-2007
By the way: it's easy to create fake email id to yahoo, isn't it?

"Hunter Gratzner" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ps.com...
> On Oct 6, 8:40 am, "Willy Stevens" <(E-Mail Removed)> wrote:
>> Don't write to this group if you have nothing to say, spammer!

>
> Is everyone at Helsinki Television (government funded, right?) as
> stupid as you are?
>
> As Andrew wrote, you do not mess with a user's policy file. He wrote
> it in simple, short sentences. If you don't get this, then please
> refrain from programming.
>



 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      10-06-2007
On Thu, 4 Oct 2007 23:39:44 +0300, "Willy Stevens" <(E-Mail Removed)>
wrote, quoted or indirectly quoted someone who said :

>
>How people usually distribute java.policy file when user is first time
>loading signed applet with browser?


You don't. The only person who fiddles with that is the system
administrator. Imagine him to be a Russian bureaucrat of the cold war
era. He won't change it unless you blackmail him.

You need a real certificate, and let the people who work there beg and
bribe to get him to open the security to let your code run.

You can't go changing that file. It represents the security policy of
the corporation. You are not the only program in the universe they are
concerned about.
--
Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
Roedy Green
Guest
Posts: n/a
 
      10-06-2007
On Sat, 6 Oct 2007 09:40:18 +0300, "Willy Stevens" <(E-Mail Removed)>
wrote, quoted or indirectly quoted someone who said :

>Don't write to this group if you have nothing to say, spammer!


Andrew gave you the correct answer. If you did find a way to do it,
there would be hell to pay. You might even get sued for opening a
company's security to other threats inadvertently by replacing their
policy file.

The answer is DON'T DO IT.
--
Roedy Green Canadian Mind Products
The Java Glossary
http://mindprod.com
 
Reply With Quote
 
Hunter Gratzner
Guest
Posts: n/a
 
      10-06-2007
On Oct 6, 11:26 am, "Willy Stevens" <(E-Mail Removed)> wrote:
> But I thing we understand us more now.


Yes, I understand that you are even to stupid to come up with the
traditional Nazi insult. I further understand that your history
knowledge is 17 years behind reality in general and sufficiently
lacking in detail.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question on distributing ASP.NET Terry Olsen ASP .Net 4 06-20-2005 05:17 PM
How can I use IIS to connect & compiler distributing ASP.NET files =?Utf-8?B?U2xhc2g=?= ASP .Net 1 01-19-2005 06:11 AM
Re: distributing programs on server Brendan Duffy ASP .Net 0 07-25-2003 01:05 AM
Re: distributing programs on server Merlin ASP .Net 0 07-10-2003 11:20 PM
Re: distributing programs on server Merlin ASP .Net 0 07-10-2003 11:01 PM



Advertisments