This class implements permissions for AWT. This is a named
permission. No actions are defined.
The following table provides a list of all the possible AWTPermission
permission names with a description of what that permission allows.
Permission Name | Permission Allows | Risks |
---|
accessClipboard |
posting and reading the AWT clipboard |
the clipboard may contain sensitive data |
accessEventQueue |
access to the AWT event queue |
malicious code could remove real events and replace them with bogus
ones, including simulating the user granting permission |
listenToAllAWTEvents |
listen to system-wide AWT events |
malicious code can read passwords entered in an AWT event, and in
combination with accessEventQueue, could fake system events |
showWindowWithoutWarningBanner |
display a window without a banner notification of insecurity |
malicious code could install a Trojan horse applet that looks like
a normal window, and thus steal data like passwords |
readDisplayPixels |
read back pixels from the display screen |
malicious code could snoop on the user's actions |
createRobot |
create an instance of java.awt.Robot |
these objects can generate events as though they were the user; so
malicious code could control the system |
fullScreenExclusive |
enter full-screen exclusive mode |
malicious code could masquerade as a trusted program |
The following table provides a list of all the possible AWTPermission permission names with a description of what that permission allows.
accessClipboard
accessEventQueue
listenToAllAWTEvents
showWindowWithoutWarningBanner
readDisplayPixels
createRobot
fullScreenExclusive