Re: Disabling the Sandbox

From:

Thomas Hawtin <usenet@tackline.plus.com>

Newsgroups:

comp.lang.java.programmer

Date:

Mon, 06 Aug 2007 05:14:07 +0100

Message-ID:

<46b69dc9$0$1614$ed2619ec@ptn-nntp-reader02.plus.net>

Andrew Thompson wrote:

* Most of those questions were related to finding the
location on disk where the classes were cached, and
that was always a broken and fragile way to go about
finding resources, even before Sun included an option
for the end user to specify the cache location.

The exact path name not predictable any more. There is a random element.
IIRC, there were a number of IE/Netscape bugs that involved planting a
script file in a guessable location on the victim machine, and then
executing it as if it were from the local machine.

Sockets, sure, but I thought the Print API was locked out,
except by use of the PrintService** (had never bothered
checking it though, and frustratingly - do not even have
a printer to test my own JWS example!).

I don't have a printer either (at least not in this (constituent)
country). I guess I could use a print-to-file printer driver.

Anyway, if you have the JDK source,
deploy/src/plugin/share/classes/sun/plugin/security/ActivatorSecurityManager.java.
The override of SecurityManager.checkPrintJobAccess first checks super,
and if that fails opens a dialog. It confused me the first time I saw it
as I was expecting a security exception but got a deadlock.

Tom Hawtin