Re: Access to local files with signed applet in Vista/IE7
Hansi wrote:
Hi Andrew,
Hi. Please refrain from top-posting.
I find it most confusing. Instead, break in
wherever you have a comment.
I'll show you..
I do not understnad the whole thing.
It is a complicated area, with a lot of history.
Microsoft secures applets to deny any local access, even when signed.
(block moved)
Even a sandoxed JWS applet can access local
files using the JNLP API's FileOpenService and
FileSaveService.
Sun builds a new api to allow local access (even if unsigned??)
It is *not* new. Web start was avialable as a separate
plug-in from around late 1.1, was 'cobundled' along
with 1.2/1.3, and integrated with the normal Java install
as of Java 1.4.2 (from memory).
Where is the security?
May applets do anything with this crazy api?
Did you try the examples, from the page I linked to?
Again, that example is here..
..<http://www.physci.org/jws/#fs>
The '.jnlp' file launches the application(s).
The 'sandbox'ed one is most relevant.
<http://www.physci.org/jws/filetest-sandbox.jnlp>
I can assure you of the following, about the examples.
- I wrote them.
- They are coming off my own domain/site (PhySci).
- They are safe (barring bugs on my part,
or bugs in the JRE).
- If you have ant, and a few minutes, you
can download the .zip & compile and build
them from the source, and see them running
on a 'sandboxed' computer.
Why did I mention all that?
Because I do not think you tried my examples,
which explain, on-screen, better than words
can, how the JNLP API allows safe access to
files, from a web-start application.
So, if you have some valid reason not to try the
examples, please mention it. Otherwise, please
save yourself, and everyone else, some time by
trying the sandboxed file service example, as a
launched application.
Report back your results (for further discussion).
Andrew T.