Security


home | overview | plug-in | oji | security


There are three security-related areas in OJI:

For general information about security and applets, see Java Plug-in Security.

RSA Signed Applets

Previous to Netscape 6, Netscape had its own security model and its own signing method called Netscape Object Signing. The Object-Signing Tools could be used to sign a Java applet so that it could be executed in the JVM. Netscape also provides a set of Java classes, netscape.security, that is used by the applet to enable security in the browser.

In Netscape 6, two mechanisms may be used for applet signing:

In Netscape 4 an applet must call into the netscape.security package to enable a privilege — even if the applet is signed. If it does not, it will be treated as untrusted. Thus applet signing and granting of privileges are treated separately.

In Netscape 6, signed applets are directly supported by the Java Plug-in. When the browser encounters a signed applet, a security dialog is automatically popped up. The applet does not have to call any method to enable privileges; privileges are already enabled.

However, so that Netscape 4 applets will continue to work in Netscape 6, a stub class for the netscape.security package has been included. The stub class does nothing other than allow the applet to load into Java Plug-in as though it were loading in Netscape 4.

HTTPS

With this release of Java Plug-in, HTTPS is completely handled by the browser. Thus, anything related to HTTPS, such as the service certificate, can be configured through the browser.

LiveConnect

LiveConnect allows bi-directional communication between Java and JavaScript. But such communication can present security problems. For instance, suppose an applet and a web page originate from different hosts. Without a security policy, the applet might request sensitive information from a page through a call to JavaScript. Since an applet is allowed to connect to any host, it might then send such information out over the network in an irresponsible manner. A security policy has been implemented to prevent such actions from occurring.

Each direction of communication is considered separately below.

JavaScript-to-Java Communication

In JavaScript-to-Java communication, a call from JavaScript to an applet is allowed only if one or both of the following is true:

  1. The origin (URL) of the page is the same as the origin of the applet;
  2. JavaScript is signed and UniversalBrowserRead permission is enabled for JavaScript.

Without 1 or 2 being true, no call will be allowed from JavaScript to Java.

Given that a call is allowed, then there are two possibilities: JavaScript will have default or all permissions.

Permissions are determined by checking JavaScript signing:

Note that to access an applet from JavaScript, the applet tag will need to specify an ID or NAME attribute.

Java-to-JavaScript Communication

A call from Java to JavaScript is allowed only if the applet and JavaScript have the same origin.

Assuming the above condition is met, the applet is checked for its permissions. If it has all, then JavaScript will perform the requested actions. If the applet does not have all permissions, then JavaScript checks the origin of the applet and the SecurityManager of the browser then determines what actions the JavaScript engine may perform.

Note that to access JavaScript, Java does so through an instance of the netscape.javascript.JSObject class. For more information, see How Java-to-JavaScript Communication Works in Java Plug-in.

 


Copyright © 2000 Sun Microsystems, Inc. All Rights Reserved.

Please send comments to: java-plugin-feedback@java.sun.com
 Sun Microsystems, Inc
Java Software