why do i love unsigned applets (much) more?
By Weijun on Oct 10, 2005
on the other hand, signed applets are always evil, that's the attitude of trust-me-wholly-or-not. (which reminds me of the windows ActiveX controls.) if you accept the signer's credit, then the applet can just do anything on your system. the current JRE honestly shows a dialog box indicating this. every time when i need to press the "i accept" button, i pray that it really be a nice player, and the programmer behind it has not intentionally or un-intentionally added any evil codes inside. i know there are ways to deal with this with usePolicy or so, but they need client-side config. it's acceptable inside an enterprise, but surely useless for we out in the public and want to protect us from the unknown sites.
so, why it cannot act at some point in between? inside the signed jar, somewhere in the meta directory, we can just put a file app.policy that we can specify a list of Permissions that we want to explicitly grant to the codes inside. then, instead of "this application will be run without the security restrictions normally provided by Java", it can show something like "this application will have access to part of your file system and the network". a button labeled "more" will show the permissions.toFriendlyString() in more details. once this file is placed in the jar, the plugin security manager will enforce the permissions as described. this way, i'll be more comfortable running them.
will this be a new feature in dolphin?