Login/Register
Can you sign a Java applet but keep it in the sandbox (NOT give it full access to user's computer)?
Asked Answered
Solved javasecurityappletsandbox
N

1

22

Thanks to Oracle's latest changes, it appears I have to sign an applet even though I don't need or want it to have unrestricted access to the user's computer (which is why its currently unsigned). In particular, I don't want the warning they show for signed applets:

This application will run with unrestricted access which may put your computer and personal information at risk.

...which will scare the people using it.

Is it possible to sign an applet but mark it in some way to say "but keep using the sandbox"?

The only reason I'm signing it is that as of Version 7, Update 40, Oracle has further increased the nagging users have to deal with when running unsigned applets. It used to be that you could check a box saying you trusted an applet once, and that would be remembered. As of Update 40, it's only remembered for that browser session; the warning reappears if you close the browser and come back later. They've also said they're going to disable unsigned applets entirely in "a future version" of the Java plug-in.

Noticeable answered 20/9, 2013 at 10:35 Comment(0)
N
17

Yes, you can. This page shows how to do it (well, most of it; you also need this page). There are two main steps:

  1. Put the Permissions and Codebase attributes in your manifest file:

    Permissions: sandbox
 Codebase: *.myserver.com

    These new attributes were introduced in Java 7 Update 25 and are discussed here. The first page linked above just shows Codebase: myserver.com, but most sites are going to want the wildcard above. (I don't know if the Codebase attribute is required for sandboxing the applet, but it seems like a good idea for most signed applets anyway.)

    Then use that manifest file when building your jar, like:

    jar cvfm YourJarFile.jar your_manifest_file.txt classes_and_such

    Those attributes will wind up in the MANIFEST.MF file in the jar, which tells the Java runtime to keep the applet sandboxed.

  2. In your <applet> tag, you have to specify the permissions param, as discussed here:

    <applet code='yourAppletClass' archive='YourJarFile.jar'>
     <param name="permissions" value="sandbox">
 </applet>

    Without this second step, a signed applet requesting sandboxed permissions in the jar but not the tag is prevented from being run with a dialog box titled "The Application Cannot Be Run" giving "Reason: JAR manifest requested to run in sandbox only."

If you do both steps above, the user gets a much more reassuring message (and presumably the applet remains sandboxed):

This application will run with limited access that is intended to protect your computer and personal information.

...and if they check the relevant checkbox trusting the publisher and location, they don't see it again when they next open their browser and run your applet.

(In the course of asking this question, I found the answer, but since the answer wasn't on Stack Overflow I thought I'd go ahead and post the question and answer.)

Noticeable answered 25/9, 2013 at 16:47 Comment(1)
IMPORTANT addition to this answer -- you also need to add the "Application-Name" attribute to your manifest. OS X versions older than 10.7 use the Apple-distributed Java 6, which recently got update 65. This new release includes several security updates, but also includes a bug that will fail to run the applet (the plugin crashes!) if you leave out the Application-Name attribute in a signed applet.Opsonize

© 2022 - 2024 — McMap. All rights reserved.