1.2 Security Model and Applets

Joanne Beausoleil (joanneb@segue.com)
Wed, 17 Feb 1999 13:32:15 -0500

Date: Wed, 17 Feb 1999 13:32:15 -0500
From: "Joanne Beausoleil" <joanneb@segue.com>
To: java-security@java.sun.com
Subject: 1.2 Security Model and Applets

How do I get around the chicken or the egg problem with the 1.2 model?

I don't want to update the client machines when the user runs my applet
with a policy file or a policy file reference in the java.security file.

I want the user to be able to run my applet with permissions by just
bringing up their browser and hitting a web server, as we were able to
do with the IE and Netscape native jvms and signed jars and cabs.

How can I do this with the 1.2 security model, if I need to update the
java.security file with my applications policy file reference? This goes
against the no-install paradigm for applets.

What is the company position on this? Thanks, Joanne