Question:
I read(somewhere) that the Java spec. allows for applet access to the local diskin a restricted way. That is, the client should be able to specify adirectory on the disk that Java can access. Is this true? Netscape’simplementation does not support this. Is this a Java language issue orNetscape implementation issue? How else could I implement some sort of fileupload in Java?
Answer:
What an applet can or cannot do at runtime is determined by the particularimplementation of the Java Security Manager that comes with the browserrather than the version of the Java language itself. In general, theSecurity Manager in a browser prevents applets from reading, writing,renaming or removing any files, but the details of how the policy isenforced is up to the browser. For example, the security manager in Netscape prevents applets from reading,writing or accessing any files whatsoever.
However, the security managers in Sun’s Hotjava and Appletviewer are moreconfigurable. They allow applets to read files when they are explicitlynamed on user-defined access control lists. The access control list is nullby default but can be defined in the ~/.hotjava/properties file by the user.
(The “~” symbol refers to the user’s home directory on UNIX systems. On aPC, if the web browser is installed in the C: drive, then the propertiesfile resides in C:.hotjavaproperties)
The acl.read property specifies which files or directories are readable byapplets and the acl.write property specifies which files or directories canbe written by applets. When acl.read is not defined, no applet can read anyfile and likewise, so long as acl.write hasn’t been defined, applets cannotwrite to any files.
You can define individual files or directories to be readable or writeableby simply adding a line to the properties file as follows:
acl.read=/home/docs/resume acl.write=/htdocs/visitorcounter -or- acl.read=/home/published/papers acl.write=/home/incoming/imagesTo define multiple items on the access control list, separate the entries,with a “:”
acl.read=/home/docs/resume:/home/published/papers acl.write=/home/incoming/images:/htdocs/visitorcounterAllowing an applet to read/write a directory means that it can read/writeall the files in that directory, including any files in any subdirectoriesthat might be hanging off that directory.
Also note that allowing write access to files or directories opens up yoursystem to potential mischief by applets that might rename files, consumelarge amounts of disk space, remove your files, etc. Be cautious in usingthis scheme and avoid it if at all possible. Instead have your applets keepany state they need back on the server where they reside.
