By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,080 Members | 1,817 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,080 IT Pros & Developers. It's quick & easy.

Applet Security Issue & .hotjava/properties file

P: n/a
Hello,
I've been reading up on security in Java Applets and whilst I understand
the concept, I can't successfully get my applet to read a file on my local
machine.
I discovered from http://java.sun.com/sfaq/#read:
-----
Sun's appletviewer allows applets to read files that are named on the access
control list for reading. The access control list for reading is null by
default, in the JDK. You can allow applets to read directories or files by
naming them in the acl.read property in your ~/.hotjava/properties file.

For example, to allow any files in the directory home/me to be read by
applets loaded into the appletviewer, add this line to your
~/.hotjava/properties file.
acl.read=/home/me
-----
(I am using Windows XP, my user name is Paul and I am trying to read
'video.properties' in my "My Documents\Java\" folder)

In my ~/.hotjava/properties file I have tried many combinations of:

acl.read=\My Documents\java\video.properties
acl.read=C:\Documents and Settings\Paul\My Documents\java\video.properties

Even after saving these changes, java still complains when I try to run the
applet using appletviewer at the command line:
java.security.AccessControlException: access
denied(java.util.PropertyPermission video.properties read)

I did notice however, that if I temporarily delete the .hotjava/properties
file, this made no difference and java did not complain that it couldn't be
found.

All this has confused me and left me a bit disgruntled!

How can I allow the applet to read the file?

Thank-you for your help,

Paul
Jul 17 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
Depending on how you want to eventually use the applet, it may be a better
idea to sign it (for development purposes, you can use a test certificate
so you won't have to pay for it).

The second thing I notice is that you say you are using Windows XP, and
then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
stands for the home directory. The next question on the same FAQ page
tells you how to do it in Windows - it is apparently NOT off your home
directory.

On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
Hello,
I've been reading up on security in Java Applets and whilst I understand
the concept, I can't successfully get my applet to read a file on my local
machine.
I discovered from http://java.sun.com/sfaq/#read:
-----
Sun's appletviewer allows applets to read files that are named on the access
control list for reading. The access control list for reading is null by
default, in the JDK. You can allow applets to read directories or files by
naming them in the acl.read property in your ~/.hotjava/properties file.

For example, to allow any files in the directory home/me to be read by
applets loaded into the appletviewer, add this line to your
~/.hotjava/properties file.
acl.read=/home/me
-----
(I am using Windows XP, my user name is Paul and I am trying to read
'video.properties' in my "My Documents\Java\" folder)

In my ~/.hotjava/properties file I have tried many combinations of:

acl.read=\My Documents\java\video.properties
acl.read=C:\Documents and Settings\Paul\My Documents\java\video.properties

Even after saving these changes, java still complains when I try to run the
applet using appletviewer at the command line:
java.security.AccessControlException: access
denied(java.util.PropertyPermission video.properties read)

I did notice however, that if I temporarily delete the .hotjava/properties
file, this made no difference and java did not complain that it couldn't be
found.

All this has confused me and left me a bit disgruntled!

How can I allow the applet to read the file?

Thank-you for your help,

Paul


--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Jul 17 '05 #2

P: n/a
I will look into using a test certificate whilst developing - thanks

The part of the FAQ you are referring to is:
If you install a web browser on your F:\ drive on your PC, and create a
top-level directory named .hotjava, then your properties file is found in
F:\.hotjava\properties.

This description isn't making a lot of sense to me, can anyone decipher it
for me?

Thank-you,

Paul

"Ingo Pakleppa" <in*************@kkeane.com> wrote in message
news:pa****************************@kkeane.com...
Depending on how you want to eventually use the applet, it may be a better
idea to sign it (for development purposes, you can use a test certificate
so you won't have to pay for it).

The second thing I notice is that you say you are using Windows XP, and
then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
stands for the home directory. The next question on the same FAQ page
tells you how to do it in Windows - it is apparently NOT off your home
directory.

On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
Hello,
I've been reading up on security in Java Applets and whilst I understand the concept, I can't successfully get my applet to read a file on my local machine.
I discovered from http://java.sun.com/sfaq/#read:
-----
Sun's appletviewer allows applets to read files that are named on the access control list for reading. The access control list for reading is null by
default, in the JDK. You can allow applets to read directories or files by naming them in the acl.read property in your ~/.hotjava/properties file.

For example, to allow any files in the directory home/me to be read by
applets loaded into the appletviewer, add this line to your
~/.hotjava/properties file.
acl.read=/home/me
-----
(I am using Windows XP, my user name is Paul and I am trying to read
'video.properties' in my "My Documents\Java\" folder)

In my ~/.hotjava/properties file I have tried many combinations of:

acl.read=\My Documents\java\video.properties
acl.read=C:\Documents and Settings\Paul\My Documents\java\video.properties
Even after saving these changes, java still complains when I try to run the applet using appletviewer at the command line:
java.security.AccessControlException: access
denied(java.util.PropertyPermission video.properties read)

I did notice however, that if I temporarily delete the ..hotjava/properties file, this made no difference and java did not complain that it couldn't be found.

All this has confused me and left me a bit disgruntled!

How can I allow the applet to read the file?

Thank-you for your help,

Paul


--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Jul 17 '05 #3

P: n/a
In all honesty, I had problems with it, too (that's why I didn't directly
refer to it), but it seemed to me that the .hotjava directory needs to be
off the root directory of the drive that holds your JVM binaries.

On Thu, 17 Jul 2003 02:42:03 +0000, Paul wrote:
I will look into using a test certificate whilst developing - thanks

The part of the FAQ you are referring to is: If you install a web
browser on your F:\ drive on your PC, and create a top-level directory
named .hotjava, then your properties file is found in
F:\.hotjava\properties.

This description isn't making a lot of sense to me, can anyone decipher
it for me?

Thank-you,

Paul

"Ingo Pakleppa" <in*************@kkeane.com> wrote in message
news:pa****************************@kkeane.com...
Depending on how you want to eventually use the applet, it may be a
better idea to sign it (for development purposes, you can use a test
certificate so you won't have to pay for it).

The second thing I notice is that you say you are using Windows XP, and
then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
stands for the home directory. The next question on the same FAQ page
tells you how to do it in Windows - it is apparently NOT off your home
directory.

On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
> Hello,
> I've been reading up on security in Java Applets and whilst I understand > the concept, I can't successfully get my applet to read a file on my local > machine.
> I discovered from http://java.sun.com/sfaq/#read:
> -----
> Sun's appletviewer allows applets to read files that are named on the access > control list for reading. The access control list for reading is null
> by default, in the JDK. You can allow applets to read directories or
> files by > naming them in the acl.read property in your ~/.hotjava/properties
> file.
>
> For example, to allow any files in the directory home/me to be read
> by applets loaded into the appletviewer, add this line to your
> ~/.hotjava/properties file.
> acl.read=/home/me
> -----
> (I am using Windows XP, my user name is Paul and I am trying to
> read
> 'video.properties' in my "My Documents\Java\" folder)
>
> In my ~/.hotjava/properties file I have tried many combinations of:
>
> acl.read=\My Documents\java\video.properties acl.read=C:\Documents
> and Settings\Paul\My Documents\java\video.properties >
> Even after saving these changes, java still complains when I try to
> run the > applet using appletviewer at the command line:
> java.security.AccessControlException: access
> denied(java.util.PropertyPermission video.properties read)
>
> I did notice however, that if I temporarily delete the .hotjava/properties > file, this made no difference and java did not complain that it
> couldn't be > found.
>
> All this has confused me and left me a bit disgruntled!
>
> How can I allow the applet to read the file?
>
> Thank-you for your help,
>
> Paul


--
Keep American Families united! Support H.R. 539 and H.R. 832 For more
information, see http://www.kkeane.com/lobbyspousal-faq.shtml


--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Jul 17 '05 #4

P: n/a
I've tried everything, it still doesn't work - this is driving me insane!

All I want to do is allow my applet to read a file, this is ridiculous.

What now should I do?

I also tried signing my applet but the sun tutorial on this involves buying
a certificate from verisign for an unbelievable amount of money!

ARGH.

Thanks,

Paul

"Ingo Pakleppa" <in*************@kkeane.com> wrote in message
news:pa****************************@kkeane.com...
In all honesty, I had problems with it, too (that's why I didn't directly
refer to it), but it seemed to me that the .hotjava directory needs to be
off the root directory of the drive that holds your JVM binaries.

On Thu, 17 Jul 2003 02:42:03 +0000, Paul wrote:
I will look into using a test certificate whilst developing - thanks

The part of the FAQ you are referring to is: If you install a web
browser on your F:\ drive on your PC, and create a top-level directory
named .hotjava, then your properties file is found in
F:\.hotjava\properties.

This description isn't making a lot of sense to me, can anyone decipher
it for me?

Thank-you,

Paul

"Ingo Pakleppa" <in*************@kkeane.com> wrote in message
news:pa****************************@kkeane.com...
Depending on how you want to eventually use the applet, it may be a
better idea to sign it (for development purposes, you can use a test
certificate so you won't have to pay for it).

The second thing I notice is that you say you are using Windows XP, and
then talk about the ~/.hotjava/properties file. What is ~? In Unix, it
stands for the home directory. The next question on the same FAQ page
tells you how to do it in Windows - it is apparently NOT off your home
directory.

On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:

> Hello,
> I've been reading up on security in Java Applets and whilst I

understand
> the concept, I can't successfully get my applet to read a file on my

local
> machine.
> I discovered from http://java.sun.com/sfaq/#read:
> -----
> Sun's appletviewer allows applets to read files that are named on the

access
> control list for reading. The access control list for reading is null
> by default, in the JDK. You can allow applets to read directories or
> files

by
> naming them in the acl.read property in your ~/.hotjava/properties
> file.
>
> For example, to allow any files in the directory home/me to be read
> by applets loaded into the appletviewer, add this line to your
> ~/.hotjava/properties file.
> acl.read=/home/me
> -----
> (I am using Windows XP, my user name is Paul and I am trying to
> read
> 'video.properties' in my "My Documents\Java\" folder)
>
> In my ~/.hotjava/properties file I have tried many combinations of:
>
> acl.read=\My Documents\java\video.properties acl.read=C:\Documents
> and Settings\Paul\My

Documents\java\video.properties
>
> Even after saving these changes, java still complains when I try to
> run

the
> applet using appletviewer at the command line:
> java.security.AccessControlException: access
> denied(java.util.PropertyPermission video.properties read)
>
> I did notice however, that if I temporarily delete the

.hotjava/properties
> file, this made no difference and java did not complain that it
> couldn't

be
> found.
>
> All this has confused me and left me a bit disgruntled!
>
> How can I allow the applet to read the file?
>
> Thank-you for your help,
>
> Paul

--
Keep American Families united! Support H.R. 539 and H.R. 832 For more
information, see http://www.kkeane.com/lobbyspousal-faq.shtml


--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Jul 17 '05 #5

P: n/a
For the signing, check out the -selfcert option. See
http://forum.java.sun.com/thread.jsp...essage=1298211
and http://www.iit.edu/~kulkabh1/signing_jar_file.txt

Note that, for security reasons, you won't be able to actually deploy the
applet this way, it is strictly only for testing purposes.

As for the hotjava properties file: I think the answer is at
http://www.ocs.mq.edu.au/UserDoc/hot...e/viewers.html

I haven't tried that, though.

On Fri, 18 Jul 2003 01:10:11 +0000, Paul wrote:
I've tried everything, it still doesn't work - this is driving me
insane!

All I want to do is allow my applet to read a file, this is ridiculous.

What now should I do?

I also tried signing my applet but the sun tutorial on this involves
buying a certificate from verisign for an unbelievable amount of money!

ARGH.

Thanks,

Paul

"Ingo Pakleppa" <in*************@kkeane.com> wrote in message
news:pa****************************@kkeane.com...
In all honesty, I had problems with it, too (that's why I didn't
directly refer to it), but it seemed to me that the .hotjava directory
needs to be off the root directory of the drive that holds your JVM
binaries.

On Thu, 17 Jul 2003 02:42:03 +0000, Paul wrote:
> I will look into using a test certificate whilst developing - thanks
>
> The part of the FAQ you are referring to is: If you install a web
> browser on your F:\ drive on your PC, and create a top-level
> directory named .hotjava, then your properties file is found in
> F:\.hotjava\properties.
>
> This description isn't making a lot of sense to me, can anyone
> decipher it for me?
>
> Thank-you,
>
> Paul
>
> "Ingo Pakleppa" <in*************@kkeane.com> wrote in message
> news:pa****************************@kkeane.com...
>> Depending on how you want to eventually use the applet, it may be a
>> better idea to sign it (for development purposes, you can use a test
>> certificate so you won't have to pay for it).
>>
>> The second thing I notice is that you say you are using Windows XP,
>> and then talk about the ~/.hotjava/properties file. What is ~? In
>> Unix, it stands for the home directory. The next question on the
>> same FAQ page tells you how to do it in Windows - it is apparently
>> NOT off your home directory.
>>
>> On Wed, 16 Jul 2003 20:02:23 +0000, Paul wrote:
>>
>> > Hello,
>> > I've been reading up on security in Java Applets and whilst I
> understand
>> > the concept, I can't successfully get my applet to read a file on
>> > my
> local
>> > machine.
>> > I discovered from http://java.sun.com/sfaq/#read:
>> > -----
>> > Sun's appletviewer allows applets to read files that are named on
>> > the
> access
>> > control list for reading. The access control list for reading is
>> > null by default, in the JDK. You can allow applets to read
>> > directories or files
> by
>> > naming them in the acl.read property in your ~/.hotjava/properties
>> > file.
>> >
>> > For example, to allow any files in the directory home/me to be
>> > read by applets loaded into the appletviewer, add this line to
>> > your ~/.hotjava/properties file.
>> > acl.read=/home/me
>> > -----
>> > (I am using Windows XP, my user name is Paul and I am trying
>> > to read
>> > 'video.properties' in my "My Documents\Java\" folder)
>> >
>> > In my ~/.hotjava/properties file I have tried many combinations
>> > of:
>> >
>> > acl.read=\My Documents\java\video.properties acl.read=C:\Documents
>> > and Settings\Paul\My
> Documents\java\video.properties
>> >
>> > Even after saving these changes, java still complains when I try
>> > to run
> the
>> > applet using appletviewer at the command line:
>> > java.security.AccessControlException: access
>> > denied(java.util.PropertyPermission video.properties read)
>> >
>> > I did notice however, that if I temporarily delete the
> .hotjava/properties
>> > file, this made no difference and java did not complain that it
>> > couldn't
> be
>> > found.
>> >
>> > All this has confused me and left me a bit disgruntled!
>> >
>> > How can I allow the applet to read the file?
>> >
>> > Thank-you for your help,
>> >
>> > Paul
>>
>> --
>> Keep American Families united! Support H.R. 539 and H.R. 832 For
>> more information, see http://www.kkeane.com/lobbyspousal-faq.shtml
>>
>>

--
Keep American Families united! Support H.R. 539 and H.R. 832 For more
information, see http://www.kkeane.com/lobbyspousal-faq.shtml


--
Keep American Families united! Support H.R. 539 and H.R. 832
For more information, see http://www.kkeane.com/lobbyspousal-faq.shtml

Jul 17 '05 #6

P: n/a

"Paul" <pl****@dontemailmedirectly.com> wrote in message
news:TN*******************@twister.austin.rr.com.. .
I've tried everything, it still doesn't work - this is driving me insane!

All I want to do is allow my applet to read a file, this is ridiculous.

What now should I do?

I also tried signing my applet but the sun tutorial on this involves buying a certificate from verisign for an unbelievable amount of money!

ARGH.


Welcome to the realization that applets are not nearly as useful as anyone
imagined they would be. This is why Sun repositioned Java from a browser
technology to a server technology about 5 years ago.

Jul 17 '05 #7

P: n/a
"Paul" <pl****@dontemailmedirectly.com> wrote in message news:<TN*******************@twister.austin.rr.com> ...
I've tried everything, it still doesn't work - this is driving me insane!

All I want to do is allow my applet to read a file, this is ridiculous.

What now should I do?


Here is a solution to all your problems:

http://groups.google.com/groups?q=in...inet.fi&rnum=1

was posted a long time ago and works like a charm. We should thank the
poster.
Jul 17 '05 #8

P: n/a
On Fri, 18 Jul 2003 01:10:11 GMT, "Paul" <pl****@dontemailmedirectly.com>
two-finger typed:
I've tried everything, it still doesn't work - this is driving me insane!

All I want to do is allow my applet to read a file, this is ridiculous.

What now should I do?

I also tried signing my applet but the sun tutorial on this involves buying
a certificate from verisign for an unbelievable amount of money!

ARGH.
Thanks,
Paul


Indeed.
The idea behind Applets is that they are secure. Therefore an Applet cannot
access files on the machine that the browser runs, without the user giving
permission to your Applet to read (one) local file(s).
For that you need a certificate, so that the user can identify you without
a doubt, so he is able to trust you to do the right thing (i.e. not scan
his computer for a porn collection, or something).

No way around it.

Cheers.
Jul 17 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.