Overview -- Applet Security Basics

Overview—Applet Security Basics

Applet Security Basics

Below are the basic facts regarding applet security and Java Plug-in. More detail can be found in the next chapter, How RSA Signed Applet Verification Works in Java Plug-in.

All unsigned applets are run under the standard applet security model.
If usePolicy IS NOT DEFINED in the java.policy file, then a signed applet has the AllPermission permission if:
Java Plug-in can verify the signers, and the user, when prompted, agrees to granting the AllPermission permission.
If usePolicy IS DEFINED, then a signed applet has only the permissions defined in java.policy and no prompting occurs.

Moreover, note that Java Plug-in now handles certificate management; i.e., the certificate verification task is no longer passed off to the browser.