ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvriskapplets.htm

54 lines
3.4 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Risk: Trust signed applets" />
<meta name="abstract" content="This topic describes security risks from signed Java applets and provides recommendations for reducing these risks." />
<meta name="description" content="This topic describes security risks from signed Java applets and provides recommendations for reducing these risks." />
<meta name="DC.Relation" scheme="URI" content="rzamvsecurityinternet.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="riskapplets" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Risk: Trust signed applets</title>
</head>
<body id="riskapplets"><a name="riskapplets"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Risk: Trust signed applets</h1>
<div><p>This topic describes security risks from signed Java™ applets
and provides recommendations for reducing these risks.</p>
<p>Your users might have followed your advice and set up their browsers to
prevent applets from writing to any PC drives. However, your PC users need
to be aware that a signed applet can override the setting for their browser.</p>
<p>A signed applet has an associated digital signature to establish its authenticity.
When a user accesses a Web page that has a signed applet, the user sees a
message. The message indicates the applets signature, who signed it and when
it was signed. When your user accepts the applet, the user grants the applet
an override to the security settings for the browser. The signed applet can
write to the PCs local drives, even though the default setting for the browser
prevents it. The signed applet can also write to mapped drives on your server
because they appear to the PC to be local drives.</p>
<p>For your own Java applets that come from your server, you might need
to use signed applets. However, you should instruct your users in not
to accept signed applets from unknown sources.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvsecurityinternet.htm" title="Use this information to learn about common security threats from using Internet browsers.">Security considerations for internet browsers</a></div>
</div>
</div>
</body>
</html>