Java-applet security

Java applets
Providing signed applets
Validity of certificates
Browser support for signed applets

Java applets

There is a security model for Java applets that has two rules:

Applets may communicate only with the Web server from which they were downloaded.
Applets may not have access to local resources, such as files, the clipboard and printer ports, on a workstation to which they are downloaded.

This model was created so that applets received from one computer could not do harm to other computers on the network. However, Host On-Demand must be able to connect to many different servers and needs access to local resources so that you can do such things as file transfer, copy/paste, and printing.

To break free of the model, while still maintaining control over the applets, Host On-Demand provides two features:

Redirector: The Redirector lets the Host On-Demand applets connect to any other telnet server (such as a host computer) by accepting connections from clients and rerouting them to the target server. Since the Redirector is part of the server from which the applet was downloaded, it solves the problem created by rule 1 without breaking the rule. However, an applet still cannot use local resources.
Signed (or trusted) applet
: A signed applet can break free of both rules because it gives you the opportunity to say whether you trust the applet not to do harm if it connects to other servers or has access to your computer's resources.

Providing signed applets

To provide a signed applet, the developer obtains a security certificate from a Certificate Authority (CA). The certificate includes several pieces of information, such as the name of the owner, the name of the issuer, the serial number, the finger or thumb print, and the expiration date. The purpose of the certificate is to verify the fact that the applet was produced, in the case of Host On-Demand, by IBM. It does not make any statement as to whether the applet is good or bad.

The developer embeds the certificate in the JAR or CAB file in which the applet is stored. This is known as signing the file.

The first time you load a Host On-Demand applet through a browser that supports signed applets, such as Netscape Navigator 4 or Microsoft Internet Explorer 4, you will see a window that tells you that the applet was signed by IBM and asks whether you trust the applet not to do harm. If you respond in the affirmative, the applet continues to load. You will also see such a window the first time you try to use the clipboard, file transfer or a printer.

There is a check box in the window that lets you agree always to trust applets from IBM. If you check that, you will not see the window again.

Validity of certificates

Currently, CA-issued certificates are valid for one year. This means that, at some time during your use of Host On-Demand, its certificate could expire. Some browsers display a message when this happens, while others merely register the fact.

Although a certificate might expire, it was valid at the time that Host On-Demand was released. Two important points arise from this:

Host On-Demand is no less safe the day after the certificate expires than it was the day before.
All the Host On-Demand functions continue to work normally, and you can continue to use Host On-Demand safely, just as you always have.

IBM renews certificates before they expire. In other words, a valid certificate always exists. When a release of Host On-Demand is made, it includes a certificate that is valid at the time of the release. IBM cannot make new certificates available to customers because there is no way that a customer can embed a certificate in the Host On-Demand files.

Browser support for signed applets

The browsers that are supported by Host On-Demand recognize signed applets, with the exception of Microsoft Internet Explorer on UNIX or Macintosh workstations.