Applet Security Issue & .hotjava/properties file

Re: Applet Security Issue & .hotjava/properties file

Depending on how you want to eventually use the applet, it may be a better
idea to sign it (for development purposes, you can use a test certificate
so you won't have to pay for it).

The second thing I notice is that you say you are using Windows XP, and
then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
stands for the home directory. The next question on the same FAQ page
tells you how to do it in Windows - it is apparently NOT off your home
directory.

On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
[color=blue]
> Hello,
> I've been reading up on security in Java Applets and whilst I understand
> the concept, I can't successfully get my applet to read a file on my local
> machine.
> I discovered from http://java.sun.com/sfaq/#read:
> -----
> Sun's appletviewer allows applets to read files that are named on the access
> control list for reading. The access control list for reading is null by
> default, in the JDK. You can allow applets to read directories or files by
> naming them in the acl.read property in your ~/.hotjava/properties file.
>
> For example, to allow any files in the directory home/me to be read by
> applets loaded into the appletviewer, add this line to your
> ~/.hotjava/properties file.
> acl.read=/home/me
> -----
> (I am using Windows XP, my user name is Paul and I am trying to read
> 'video.properti es' in my "My Documents\Java\ " folder)
>
> In my ~/.hotjava/properties file I have tried many combinations of:
>
> acl.read=\My Documents\java\ video.propertie s
> acl.read=C:\Doc uments and Settings\Paul\M y Documents\java\ video.propertie s
>
> Even after saving these changes, java still complains when I try to run the
> applet using appletviewer at the command line:
> java.security.A ccessControlExc eption: access
> denied(java.uti l.PropertyPermi ssion video.propertie s read)
>
> I did notice however, that if I temporarily delete the .hotjava/properties
> file, this made no difference and java did not complain that it couldn't be
> found.
>
> All this has confused me and left me a bit disgruntled!
>
> How can I allow the applet to read the file?
>
> Thank-you for your help,
>
> Paul[/color]

--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Re: Applet Security Issue & .hotjava/properties file

I will look into using a test certificate whilst developing - thanks

The part of the FAQ you are referring to is:
If you install a web browser on your F:\ drive on your PC, and create a
top-level directory named .hotjava, then your properties file is found in
F:\.hotjava\pro perties.

This description isn't making a lot of sense to me, can anyone decipher it
for me?

Thank-you,

Paul

"Ingo Pakleppa" <ingo-newsgroups@kkea ne.com> wrote in message
news:pan.2003.0 7.17.00.40.10.9 59136@kkeane.co m...[color=blue]
> Depending on how you want to eventually use the applet, it may be a better
> idea to sign it (for development purposes, you can use a test certificate
> so you won't have to pay for it).
>
> The second thing I notice is that you say you are using Windows XP, and
> then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
> stands for the home directory. The next question on the same FAQ page
> tells you how to do it in Windows - it is apparently NOT off your home
> directory.
>
> On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
>[color=green]
> > Hello,
> > I've been reading up on security in Java Applets and whilst I[/color][/color]
understand[color=blue][color=green]
> > the concept, I can't successfully get my applet to read a file on my[/color][/color]
local[color=blue][color=green]
> > machine.
> > I discovered from http://java.sun.com/sfaq/#read:
> > -----
> > Sun's appletviewer allows applets to read files that are named on the[/color][/color]
access[color=blue][color=green]
> > control list for reading. The access control list for reading is null by
> > default, in the JDK. You can allow applets to read directories or files[/color][/color]
by[color=blue][color=green]
> > naming them in the acl.read property in your ~/.hotjava/properties file.
> >
> > For example, to allow any files in the directory home/me to be read by
> > applets loaded into the appletviewer, add this line to your
> > ~/.hotjava/properties file.
> > acl.read=/home/me
> > -----
> > (I am using Windows XP, my user name is Paul and I am trying to read
> > 'video.properti es' in my "My Documents\Java\ " folder)
> >
> > In my ~/.hotjava/properties file I have tried many combinations of:
> >
> > acl.read=\My Documents\java\ video.propertie s
> > acl.read=C:\Doc uments and Settings\Paul\M y[/color][/color]
Documents\java\ video.propertie s[color=blue][color=green]
> >
> > Even after saving these changes, java still complains when I try to run[/color][/color]
the[color=blue][color=green]
> > applet using appletviewer at the command line:
> > java.security.A ccessControlExc eption: access
> > denied(java.uti l.PropertyPermi ssion video.propertie s read)
> >
> > I did notice however, that if I temporarily delete the[/color][/color]
..hotjava/properties[color=blue][color=green]
> > file, this made no difference and java did not complain that it couldn't[/color][/color]
be[color=blue][color=green]
> > found.
> >
> > All this has confused me and left me a bit disgruntled!
> >
> > How can I allow the applet to read the file?
> >
> > Thank-you for your help,
> >
> > Paul[/color]
>
> --
> Keep American Families united! Support H.R. 539 and H.R. 832
> For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml
>[/color]

Re: Applet Security Issue &amp; .hotjava/properties file

In all honesty, I had problems with it, too (that's why I didn't directly
refer to it), but it seemed to me that the .hotjava directory needs to be
off the root directory of the drive that holds your JVM binaries.

On Thu, 17 Jul 2003 02:42:03 +0000, Paul wrote:
[color=blue]
> I will look into using a test certificate whilst developing - thanks
>
> The part of the FAQ you are referring to is: If you install a web
> browser on your F:\ drive on your PC, and create a top-level directory
> named .hotjava, then your properties file is found in
> F:\.hotjava\pro perties.
>
> This description isn't making a lot of sense to me, can anyone decipher
> it for me?
>
> Thank-you,
>
> Paul
>
> "Ingo Pakleppa" <ingo-newsgroups@kkea ne.com> wrote in message
> news:pan.2003.0 7.17.00.40.10.9 59136@kkeane.co m...[color=green]
>> Depending on how you want to eventually use the applet, it may be a
>> better idea to sign it (for development purposes, you can use a test
>> certificate so you won't have to pay for it).
>>
>> The second thing I notice is that you say you are using Windows XP, and
>> then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
>> stands for the home directory. The next question on the same FAQ page
>> tells you how to do it in Windows - it is apparently NOT off your home
>> directory.
>>
>> On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
>>[color=darkred]
>> > Hello,
>> > I've been reading up on security in Java Applets and whilst I[/color][/color]
> understand[color=green][color=darkred]
>> > the concept, I can't successfully get my applet to read a file on my[/color][/color]
> local[color=green][color=darkred]
>> > machine.
>> > I discovered from http://java.sun.com/sfaq/#read:
>> > -----
>> > Sun's appletviewer allows applets to read files that are named on the[/color][/color]
> access[color=green][color=darkred]
>> > control list for reading. The access control list for reading is null
>> > by default, in the JDK. You can allow applets to read directories or
>> > files[/color][/color]
> by[color=green][color=darkred]
>> > naming them in the acl.read property in your ~/.hotjava/properties
>> > file.
>> >
>> > For example, to allow any files in the directory home/me to be read
>> > by applets loaded into the appletviewer, add this line to your
>> > ~/.hotjava/properties file.
>> > acl.read=/home/me
>> > -----
>> > (I am using Windows XP, my user name is Paul and I am trying to
>> > read
>> > 'video.properti es' in my "My Documents\Java\ " folder)
>> >
>> > In my ~/.hotjava/properties file I have tried many combinations of:
>> >
>> > acl.read=\My Documents\java\ video.propertie s acl.read=C:\Doc uments
>> > and Settings\Paul\M y[/color][/color]
> Documents\java\ video.propertie s[color=green][color=darkred]
>> >
>> > Even after saving these changes, java still complains when I try to
>> > run[/color][/color]
> the[color=green][color=darkred]
>> > applet using appletviewer at the command line:
>> > java.security.A ccessControlExc eption: access
>> > denied(java.uti l.PropertyPermi ssion video.propertie s read)
>> >
>> > I did notice however, that if I temporarily delete the[/color][/color]
> .hotjava/properties[color=green][color=darkred]
>> > file, this made no difference and java did not complain that it
>> > couldn't[/color][/color]
> be[color=green][color=darkred]
>> > found.
>> >
>> > All this has confused me and left me a bit disgruntled!
>> >
>> > How can I allow the applet to read the file?
>> >
>> > Thank-you for your help,
>> >
>> > Paul[/color]
>>
>> --
>> Keep American Families united! Support H.R. 539 and H.R. 832 For more
>> information, see http://www.kkeane.com/lobbyspousal-faq.shtml
>>[/color][/color]

--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Re: HIGHLY Annoying! Applet Security Cont.....

I've tried everything, it still doesn't work - this is driving me insane!

All I want to do is allow my applet to read a file, this is ridiculous.

What now should I do?

I also tried signing my applet but the sun tutorial on this involves buying
a certificate from verisign for an unbelievable amount of money!

ARGH.

Thanks,

Paul

"Ingo Pakleppa" <ingo-newsgroups@kkea ne.com> wrote in message
news:pan.2003.0 7.17.09.04.53.4 79645@kkeane.co m...[color=blue]
> In all honesty, I had problems with it, too (that's why I didn't directly
> refer to it), but it seemed to me that the .hotjava directory needs to be
> off the root directory of the drive that holds your JVM binaries.
>
> On Thu, 17 Jul 2003 02:42:03 +0000, Paul wrote:
>[color=green]
> > I will look into using a test certificate whilst developing - thanks
> >
> > The part of the FAQ you are referring to is: If you install a web
> > browser on your F:\ drive on your PC, and create a top-level directory
> > named .hotjava, then your properties file is found in
> > F:\.hotjava\pro perties.
> >
> > This description isn't making a lot of sense to me, can anyone decipher
> > it for me?
> >
> > Thank-you,
> >
> > Paul
> >
> > "Ingo Pakleppa" <ingo-newsgroups@kkea ne.com> wrote in message
> > news:pan.2003.0 7.17.00.40.10.9 59136@kkeane.co m...[color=darkred]
> >> Depending on how you want to eventually use the applet, it may be a
> >> better idea to sign it (for development purposes, you can use a test
> >> certificate so you won't have to pay for it).
> >>
> >> The second thing I notice is that you say you are using Windows XP, and
> >> then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
> >> stands for the home directory. The next question on the same FAQ page
> >> tells you how to do it in Windows - it is apparently NOT off your home
> >> directory.
> >>
> >> On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
> >>
> >> > Hello,
> >> > I've been reading up on security in Java Applets and whilst I[/color]
> > understand[color=darkred]
> >> > the concept, I can't successfully get my applet to read a file on my[/color]
> > local[color=darkred]
> >> > machine.
> >> > I discovered from http://java.sun.com/sfaq/#read:
> >> > -----
> >> > Sun's appletviewer allows applets to read files that are named on the[/color]
> > access[color=darkred]
> >> > control list for reading. The access control list for reading is null
> >> > by default, in the JDK. You can allow applets to read directories or
> >> > files[/color]
> > by[color=darkred]
> >> > naming them in the acl.read property in your ~/.hotjava/properties
> >> > file.
> >> >
> >> > For example, to allow any files in the directory home/me to be read
> >> > by applets loaded into the appletviewer, add this line to your
> >> > ~/.hotjava/properties file.
> >> > acl.read=/home/me
> >> > -----
> >> > (I am using Windows XP, my user name is Paul and I am trying to
> >> > read
> >> > 'video.properti es' in my "My Documents\Java\ " folder)
> >> >
> >> > In my ~/.hotjava/properties file I have tried many combinations of:
> >> >
> >> > acl.read=\My Documents\java\ video.propertie s acl.read=C:\Doc uments
> >> > and Settings\Paul\M y[/color]
> > Documents\java\ video.propertie s[color=darkred]
> >> >
> >> > Even after saving these changes, java still complains when I try to
> >> > run[/color]
> > the[color=darkred]
> >> > applet using appletviewer at the command line:
> >> > java.security.A ccessControlExc eption: access
> >> > denied(java.uti l.PropertyPermi ssion video.propertie s read)
> >> >
> >> > I did notice however, that if I temporarily delete the[/color]
> > .hotjava/properties[color=darkred]
> >> > file, this made no difference and java did not complain that it
> >> > couldn't[/color]
> > be[color=darkred]
> >> > found.
> >> >
> >> > All this has confused me and left me a bit disgruntled!
> >> >
> >> > How can I allow the applet to read the file?
> >> >
> >> > Thank-you for your help,
> >> >
> >> > Paul
> >>
> >> --
> >> Keep American Families united! Support H.R. 539 and H.R. 832 For more
> >> information, see http://www.kkeane.com/lobbyspousal-faq.shtml
> >>[/color][/color]
>
> --
> Keep American Families united! Support H.R. 539 and H.R. 832
> For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml
>[/color]

Re: HIGHLY Annoying! Applet Security Cont.....

For the signing, check out the -selfcert option. See

and http://www.iit.edu/~kulkabh1/signing_jar_file.txt

Note that, for security reasons, you won't be able to actually deploy the
applet this way, it is strictly only for testing purposes.

As for the hotjava properties file: I think the answer is at


I haven't tried that, though.

On Fri, 18 Jul 2003 01:10:11 +0000, Paul wrote:
[color=blue]
> I've tried everything, it still doesn't work - this is driving me
> insane!
>
> All I want to do is allow my applet to read a file, this is ridiculous.
>
> What now should I do?
>
> I also tried signing my applet but the sun tutorial on this involves
> buying a certificate from verisign for an unbelievable amount of money!
>
> ARGH.
>
> Thanks,
>
> Paul
>
> "Ingo Pakleppa" <ingo-newsgroups@kkea ne.com> wrote in message
> news:pan.2003.0 7.17.09.04.53.4 79645@kkeane.co m...[color=green]
>> In all honesty, I had problems with it, too (that's why I didn't
>> directly refer to it), but it seemed to me that the .hotjava directory
>> needs to be off the root directory of the drive that holds your JVM
>> binaries.
>>
>> On Thu, 17 Jul 2003 02:42:03 +0000, Paul wrote:
>>[color=darkred]
>> > I will look into using a test certificate whilst developing - thanks
>> >
>> > The part of the FAQ you are referring to is: If you install a web
>> > browser on your F:\ drive on your PC, and create a top-level
>> > directory named .hotjava, then your properties file is found in
>> > F:\.hotjava\pro perties.
>> >
>> > This description isn't making a lot of sense to me, can anyone
>> > decipher it for me?
>> >
>> > Thank-you,
>> >
>> > Paul
>> >
>> > "Ingo Pakleppa" <ingo-newsgroups@kkea ne.com> wrote in message
>> > news:pan.2003.0 7.17.00.40.10.9 59136@kkeane.co m...
>> >> Depending on how you want to eventually use the applet, it may be a
>> >> better idea to sign it (for development purposes, you can use a test
>> >> certificate so you won't have to pay for it).
>> >>
>> >> The second thing I notice is that you say you are using Windows XP,
>> >> and then talk about the ~/.hotjava/properties file. What is ~? In
>> >> Unix, it stands for the home directory. The next question on the
>> >> same FAQ page tells you how to do it in Windows - it is apparently
>> >> NOT off your home directory.
>> >>
>> >> On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
>> >>
>> >> > Hello,
>> >> > I've been reading up on security in Java Applets and whilst I
>> > understand
>> >> > the concept, I can't successfully get my applet to read a file on
>> >> > my
>> > local
>> >> > machine.
>> >> > I discovered from http://java.sun.com/sfaq/#read:
>> >> > -----
>> >> > Sun's appletviewer allows applets to read files that are named on
>> >> > the
>> > access
>> >> > control list for reading. The access control list for reading is
>> >> > null by default, in the JDK. You can allow applets to read
>> >> > directories or files
>> > by
>> >> > naming them in the acl.read property in your ~/.hotjava/properties
>> >> > file.
>> >> >
>> >> > For example, to allow any files in the directory home/me to be
>> >> > read by applets loaded into the appletviewer, add this line to
>> >> > your ~/.hotjava/properties file.
>> >> > acl.read=/home/me
>> >> > -----
>> >> > (I am using Windows XP, my user name is Paul and I am trying
>> >> > to read
>> >> > 'video.properti es' in my "My Documents\Java\ " folder)
>> >> >
>> >> > In my ~/.hotjava/properties file I have tried many combinations
>> >> > of:
>> >> >
>> >> > acl.read=\My Documents\java\ video.propertie s acl.read=C:\Doc uments
>> >> > and Settings\Paul\M y
>> > Documents\java\ video.propertie s
>> >> >
>> >> > Even after saving these changes, java still complains when I try
>> >> > to run
>> > the
>> >> > applet using appletviewer at the command line:
>> >> > java.security.A ccessControlExc eption: access
>> >> > denied(java.uti l.PropertyPermi ssion video.propertie s read)
>> >> >
>> >> > I did notice however, that if I temporarily delete the
>> > .hotjava/properties
>> >> > file, this made no difference and java did not complain that it
>> >> > couldn't
>> > be
>> >> > found.
>> >> >
>> >> > All this has confused me and left me a bit disgruntled!
>> >> >
>> >> > How can I allow the applet to read the file?
>> >> >
>> >> > Thank-you for your help,
>> >> >
>> >> > Paul
>> >>
>> >> --
>> >> Keep American Families united! Support H.R. 539 and H.R. 832 For
>> >> more information, see http://www.kkeane.com/lobbyspousal-faq.shtml
>> >>
>> >>[/color]
>> --
>> Keep American Families united! Support H.R. 539 and H.R. 832 For more
>> information, see http://www.kkeane.com/lobbyspousal-faq.shtml
>>[/color][/color]

--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Re: HIGHLY Annoying! Applet Security Cont.....


"Paul" <please@dontema ilmedirectly.co m> wrote in message
news:TNHRa.8199 9$xg5.28522@twi ster.austin.rr. com...[color=blue]
> I've tried everything, it still doesn't work - this is driving me insane!
>
> All I want to do is allow my applet to read a file, this is ridiculous.
>
> What now should I do?
>
> I also tried signing my applet but the sun tutorial on this involves[/color]
buying[color=blue]
> a certificate from verisign for an unbelievable amount of money!
>
> ARGH.[/color]

Welcome to the realization that applets are not nearly as useful as anyone
imagined they would be. This is why Sun repositioned Java from a browser
technology to a server technology about 5 years ago.

Re: HIGHLY Annoying! Applet Security Cont.....

"Paul" <please@dontema ilmedirectly.co m> wrote in message news:<TNHRa.819 99$xg5.28522@tw ister.austin.rr .com>...[color=blue]
> I've tried everything, it still doesn't work - this is driving me insane!
>
> All I want to do is allow my applet to read a file, this is ridiculous.
>
> What now should I do?[/color]

Here is a solution to all your problems:



was posted a long time ago and works like a charm. We should thank the
poster.

Re: HIGHLY Annoying! Applet Security Cont.....

On Fri, 18 Jul 2003 01:10:11 GMT, "Paul" <please@dontema ilmedirectly.co m>
two-finger typed:
[color=blue]
>I've tried everything, it still doesn't work - this is driving me insane!
>
>All I want to do is allow my applet to read a file, this is ridiculous.
>
>What now should I do?
>
>I also tried signing my applet but the sun tutorial on this involves buying
>a certificate from verisign for an unbelievable amount of money!
>
>ARGH.
>Thanks,
>Paul[/color]

Indeed.
The idea behind Applets is that they are secure. Therefore an Applet cannot
access files on the machine that the browser runs, without the user giving
permission to your Applet to read (one) local file(s).
For that you need a certificate, so that the user can identify you without
a doubt, so he is able to trust you to do the right thing (i.e. not scan
his computer for a porn collection, or something).

No way around it.

Cheers.