HotJava(tm) Browser Applet Security

Basic Applet Security
Advanced Applet Security
Applet Security Developer Notes
HotJava Browser trustProxy Property

Basic Applet Security

Use the Applet Security page to set the level of security applied to applets running in the HotJava Browser on your system. Access this page by selecting Edit->Preferences->Applet Security.

Applets are small programs included on some Web pages that the HotJava Browser downloads to your computer when you access that page. These programs are executable code that runs on your computer system. HotJava can prevent them from affecting your system in any way. You can grant applets more relaxed permissions, thus allowing them to do more interesting things but opening the door for potentially insecure actions such as reading or writing files.

Use the settings on the Applet Security page to set a default security level that will apply to all signed applets, and one that will apply to all unsigned applets. Signed applets contain a signature, which is a sequence of characters embedded in the applet's code. It is placed there by the originator of the applet, and it can't be altered or duplicated. It tells who the applet comes from, and that the applet has not been tampered with. A signature doesn't tell you anything about the content or quality of the applet, just that it comes from the source it's signed by. If an applet is signed with a name you recognize and trust, you can probably have confidence in it.

The majority of applets currently on the Web are unsigned applets. Unsigned applets are probably reliable, but you have no way to know for sure where they came from. It's also possible for an unsigned applet to have been tampered with in such a way that it does things its author didn't intend.

You can allow signed applets any of four security levels, as defined below. Unsigned applets may be assigned untrusted, high, or medium security.

Untrusted: Untrusted applets are not permitted to run.
High Security: Applets granted the High Security level run with safe constraints and are blocked from unsafe actions. They can't read, write, or delete files, and they can't access most HotJava Browser settings. They may connect to, and accept connections from, only the server of their origin. They may only listen on network ports above 1024. They cannot access the print queue or clipboard.
Medium Security: Applets granted the Medium Security level run with safe constraints. In most cases, if they attempt any of the actions listed under High Security, above, the HotJava Browser will give you a warning, and you may then grant permission for that action if you want.
There are a few exceptions to this rule of thumb. For example, Medium Security applets cannot access the clipboard, even with a warning. For a complete list of what the security settings allow, see Details on Applet Security Levels on the Applet Security Developer Notes page.
Low Security: Applets granted the Low Security level run with minimal constraints, without warning of potentially unsafe actions. The HotJava Browser will warn you if the applet tries to launch local applications, but all the other actions listed above are permitted without warnings. Of all the possible default security settings, this setting carries the greatest risk.

If you would like to see a more specific and complete list of what the various security settings above allow, see Details on Applet Security Levels on the Applet Security Developer Notes page.

Advanced Applet Security Page

Use the Advanced Security page for setting more specific security options for signed applets, more specific options for both signed and unsigned applets coming from a particular site, and to manage certificates. This page is only available through the Advanced Security link or the Advanced button on the basic Applet Security page. It is not available directly from the Edit->Preferences menu.

On this page, you can override the global security levels you set on the basic Applet Security page and allow applets access to some parts of your system. You can grant certain system permissions, access to files, and access to networks. You can also specify that HotJava should warn you whenever an applet attempts a particular action. For example, in the Access to Files section, you can specify that HotJava should warn you when reading, writing, or deleting files. When warned, you're given the option to accept or deny the action. If you accept the action, the applet will keep that permission until the end of the current HotJava Browser session, or until you make a change on the Advanced Security Settings page that disallows the action.

There are various reasons that you might want to grant applets access to your system. You might want to allow a downloaded word processor, for example, to save a file to your hard disk. You might want to allow applets that originate within your company firewall to have full access to your system. You might want to allow applets to "listen" on a network port, which means that an applet can accept certain connections on that port.

A signed applet is accompanied by a certificate, which identifies the applet signer and prevents others from tampering with the applet. Certificates are issued by Certificate Authorities, such as the U.S. Postal Service or Verisign.

You can set a security level for all applets with a particular certificate, or all applets with a certificate from a particular Certificate Authority.

You can also set a security level for all applets from a certain Web site server, but you should use caution when doing this. In general, this is only recommended for a site inside a trusted firewall, as these settings apply to both signed and unsigned applets, and unsigned applets cannot be completely protected from tampering.

The certificates that appear in the scrolling list on the Advanced Security Settings page are those certificates used by applets or sites you have accessed. There is currently no other way to add a certificate to the HotJava Browser's list other than accessing an applet or site that uses the certificate.

Besides setting permissions for a specific certificate or a particular site, you can create a group of several certificates or Web sites, and provide all applets in that group a set of additional common permissions. To create a group, click the Add Group button. In the dialog box, name the group folder and drag the certificates and sites from the scrolling list that you want to group together into the folder.

The permissions you give to a group are added to the permissions already set for each individual item in the group. Thus each item in the group has its unique individual permission settings, plus all the settings you provide for the general group. If there is a conflict in settings between group settings and an individual item, the group setting takes priority.

Note that when you select a group in the top-level scrolling list, only the permissions that are common to all members of that group are shown. When you select an item within that group, only the permissions that are specific to that item are displayed. The real set of permissions for that item in the group are the permissions shown for that item, plus the permissions that apply to the entire group. Also note that you cannot choose "Use default permissions for this site or certificate" when you select a group, as the purpose of a group is to add permissions to a group of items, not use existing defaults.

To use the Advanced Security page:

Select a certificate name, site, or group from the scrolling list.
The permissions you grant will apply to all applets with that certificate or from that site. If you select a group, permissions apply to all applets with a certificate or from a site in that group.
Certificates that appear in this scrolling list are those used by applets or sites you have accessed.
Choose System Permissions, Access to Files, or Network Access, and select from the options that appear.
Initially, System Permissions is selected, and the permissions are set to be the default set of permissions for signed applets, as specified on the Basic Security page.
NOTE: You must deselect Use default permissions for this site or certificate to have access to other System Permissions, Access to Files, or Network Access. As soon as you deselect the "Use default permissions..." setting, the default permissions become everything currently set in all three categories: System Permissions, Access to Files, and Network Access.

Choose System Permissions to indicate that the designated applets are allowed to open windows without warning banners being displayed, access HotJava properties, access the clipboard, access print jobs, launch applications, or any combination of these permissions. If you allow the designated applets to launch local applications, you can also specify whether you want to first see warning messages, which will provide you with the chance to deny permission to launch an application at the time it is attempted.

Choose Access to Files to indicate which of the files and directories on your system the designated applets are allowed to read from and write to. You can list these files separately by name, or you can specify groups of files by using the wildcard character * to substitute for any text. For example, "java.*.com" can mean "java.sun.foo.com," "java.sun.com," "java.crazy.com," and so on. This applies to all entry fields on this page.

For files not listed on the read and write access list, by default, applets can access the files, but a warning banner is displayed first. If you uncheck the "Warn before...." settings, access to files not on the lists will be automatically declined.

For example, the default Advanced Applet Security setting allows an applet to delete any file, but only after a warning banner is displayed and the user approves the deletion. If you uncheck the "Warn when applet tries to delete a file" box, applets won't be able to delete files at all if they aren't in the write scrolling list. If you check the "Don't warn when deleting files in above list" box, applets can delete files specified in the write access scrolling list without warning.

Choose Network Access to specify which sites the designated applets may connect to, through which ports, and also on which ports they may "listen." An applet authorized to listen on a port does not have access to all the data that comes through that port. It is only listening for requests to connect to sites you've specified. (It's like waiting for a phone to ring, rather than listening to an actual conversation.)

As in the Access to Files section, if you uncheck any of the "Warn before" boxes, the corresponding action is disallowed for all ports or site connections that are not explicitly specified.

In addition to the security settings available on the Basic and Advanced Applet Security pages, there is also a property you can set to increase security (but severely limit the ability to load applets) for users running the HotJava Browser within a network that is separated from the main Internet by a firewall. For information, see the HotJava Browser trustProxy Property.

For information about writing your own applets, see The Java Tutorial. For information on including existing applets in your HTML Web page, see The Applet Tag.

Applet developers: If you are using the JDK's javakey utility, if you want more details about the untrusted, high, medium, and low security levels, or for information about a potential problem when loading multiple applets from a single CODEBASE, please see Applet Security Developer Notes.

Back to HotJava User's Guide Table of Contents

Back to HotJava Browser Menus

Continue to HotJava Browser Troubleshooting (next topic)

Follow these links for information about other Preferences pages: