Applet Security Issue in Vista?

Similar Messages

• Applet security issue in version "1.5.0_05-b05"

  Dear all,
  I have a problem to run my applet since I downloaded the last version of jdk. This applet was running on version "jdk-1_5_0_02" but now I get access denied for SocketPermission and for FilePermission (
  java.security.AccessControlException: access denied (java.net.SocketPermission XXXXXXXXXXXX resolve))
  I would like to avoid using signed applet and find a easy solution, like update the "java.policy" file.
  Could you please help me ?
  Thanks !

  Hi
  first u create a policy file in u r c:\document..Setting\Adminis\.
  The policy file name should be ".java.policy" . Create the policy file using policytool.exe in c:\jdk1.5.0\bin\. then try u r applet

• CMI adapter and Vista security issues

  Hi,
  We have recently noticed that most of our vista users are complaining that they are unable to run courses despite downloading the latest JRE. On investigating we found that unless we lower the security in IE on Vista CMI adapter aplet is blocked by Vista.
  We run iLearn5.0 - any solutions?
  Kg

  See if using the signed applet resolves the security issue.
  Add the following parameter at the end of the CMI Adapter URL:
  ?lms_signed=on

• Security issues with cached applets

  Question: Can anyone tell me where there is a summary or discussion of security issues relating to applets cached by the Java Plug-in?
  I'd like to use the Plug-in to cache applets on client boxes, but I'm wondering if that opens a security hole for hostile/attack applets. Most of the write-ups on applet security I've seen only deal with security on the client side. Does Sun or anyone else address "cached-applet security" as it relates to the server from which it was downloaded?

  The cached applets are treated as same as those downloaded from the net - permissions will be granted based on the original codebase - nothing more, nothing less.

• Security issues with Applets

  I have a web server that has access to a database server as i am able to create web pages with ASP and connect to the database fine using a DSN, i have created a web page that contains an applet, the applet attempts to connect to the database but i get a security error, how do i overcome this security issue, the sucurity error looks like this:
  Exception: java.security.AccessControlException: accessdenied(java.lang.RuntimePermission accessClassInPackage.sun.jdbc.odbc)
  Can anyone help??

  There is a java.policy file in
  C:\Program Files\JavaSoft\JRE\1.3.1\lib\security\java.policy
  And a tool you can use in
  C:\Program Files\JavaSoft\JRE\1.3.1\bin\policytool.exe
  You might have to tell the policytool.exe where to open the java.policy file.
  You can also just modify it in a text editor and save it as plain text when you are done.
  I don't know which permission you should look for, but you can try with
  grant {
  permission java.security.AllPermission;
  and remove or comment out the other lines. Make a backup of the policy file before you try it. Restart the browser.
  Note that you have to do this on all client machines that wants to run your applet.

• Inter Applet Communication Security Issues

  Hello,
  Given that applets, contained on a card, can communicate with each other: Has anyone found any articles relating to any possible security issues this feature may present?
  If you have any ideas on possible security threats, please share. It would be great to bounce some ideas around, no matter how radical, unusual or "done to death."
  Thankyou in advance,
  Joanne : )

  I found a very interesting article regarding this subject written by Michael Montgomery and Ksheerabdhi Krishna, Austin Product Center, Schlumberger.
  http://www.usenix.org/publications/library/proceedings/smartcard99/montgomery.html
  Best regards
  Jonas Nilsson

• Sandbox Security Issue (MIDI Not Working In Applet)

  Hi all,
  I'm having problems getting javax.sound.midi to work in a java applet. It works fine when I run the applet from within JGrasp, but when I try to run the applet from an HTML file there is no sound. From what info I've found, it seems like my problem has to do with the sandbox security so the applet is not being able to access the computer's sound card, but I still haven't found a solution or a work around to that problem (after about 2 weeks worth of searching). The world of applet security is all new territory for me.
  I am running the html file off of my hard drive and I have my test program's class file in the same directory. I have tried both firefox and internet explorer web browsers (and also did the "allow blocked content" in internet explorer).
  I have no other sound sources playing or paused that would interfere with the web browser playing (it works in JGrasp and immediately after closing JGrasp completely it doesn't work in the web browser).
  Any help help in getting this figured out would be greatly appreciated. An example of an open source MIDI Java applet that I can pick apart to figure out what I need to make this work would be fantastic. Thanks in advance!
  Here are the codes to my test program and HTML file:
  PlayMIDI.html
  <html>
  <body>
  <CENTER><applet code="PlayMIDI.class" width="1000" height="500"></applet></CENTER>
  </body>
  </html>PlayMIDI.java
  import java.awt.*;
  import java.awt.event.*;
  import javax.swing.*;
  import javax.swing.event.*;
  import java.net.*;
  import javax.sound.midi.*;
  public class PlayMIDI extends JApplet
      public void init()
          MIDITest play = new MIDITest(0);
          play.playSong(100);
  class MIDITest
      private final int C4 = 60;                                        // C4 is the note middle C
      private final int MF = Integer.MAX_VALUE / 2;        // MF stands for mezzo forte -- medium loud
      private int iTimbre;                                                 // midi instrument number
      private Synthesizer synth;                                        // get the java synthesizer
      private MidiChannel [] channels;                              // get an array of channels.  This is the number of notes that can sound simultaneously     
      // Creates a midi synthisizer using the supplied instrument "patch".
      //   instrument numbers can vary from 0 to 127
      public MIDITest(int instrumentNumber)
          iTimbre = instrumentNumber;
          try 
          {   synth = MidiSystem.getSynthesizer();                                   //synth = MidiSystem.getSynthesizer();
              synth.open();                                                                           // open the synthesizer
              synth.loadAllInstruments(synth.getDefaultSoundbank());     // make all instruments available
              channels = synth.getChannels();
              channels[0].programChange(0, iTimbre);                                   // set the instrument for the channel 0
          catch (Exception e)
          {  System.out.println(e);
      public void playSong(int tempo)
          int quarter     = 60000;
          int eigth     = 30000;
          int half          = 120000;
          int whole     = 240000;
          int D4 = C4 + 2;
          int E4 = C4 + 4;
          int G4 = C4 + 7;
          int A4 = C4 + 9;
          int B4 = C4 + 11;
          try
          {   channels[0].noteOn(E4, MF);                         // start the instrument on channel 0 sounding
              channels[0].noteOn(B4, MF);
              channels[0].noteOn(G4, MF);
              channels[0].noteOn(D4, MF);
              Thread.sleep(whole / tempo);                         // sleep causes the program to wait the given number of milliseconds
              channels[0].noteOff(E4, MF);                         // stop the sound on the instrument on channel 0
              channels[0].noteOff(B4, MF);
              channels[0].noteOff(G4, MF);
              channels[0].noteOff(D4, MF);
          catch (Exception e)
          {   System.out.println(e);
  }

  Hi ejp, thanks for the reply.
  I did some searching for applet signing and I found this:
  http://www.brendonwilson.com/projects/signed-java/
  "+Developers should be warned that signing alone is not enough to enable their Java applets to access resources normally restricted by the Java sandbox. Although signing provides proof of the integrity of the applet and validation of the author’s identity through trust-heirarchies, developers must also make use of the browser-dependent APIs to request permission from the user to perform restricted activities.+"
  So am I going to have to do ask permission from each browser in order to get access to the sound card for the MIDI to play or will the MIDI work without that?
  Also, I found this tutorial on signing applets. Does this look like a good one?
  http://www-personal.umich.edu/~lsiden/tutorials/signed-applet/signed-applet.html
  Thanks again,
  -tkr

• Applet security problems while connecting with database

  i hav problem in the japplet connecting with sql database
  it gives security access denied error while running program as my driver is jdbc:odbc:bridge driver
  so for resolving this error how can i turn off security of applet and also which security permission to be change?
  plz reply

  baftos wrote:
  Maybe I should question the need to access a local database on the client PC.
  But anyway, the normal way to obtain security clearance is to use a signed applet.
  Another possibility is to grant the applet all permissions by modifying the security policy file of each client to grant your applet 'all permissions'. Note that in this case you must have access to each and every client PC or ask them to do so before running the applet.Database access at client's machine is ridiculous. I doubt this is what OP wants.
  @OP: request you to post the original security issue and the environment details.
  Thanks,
  Mrityunjoy

• Privacy/Security Issue with Adobe Flash 10

  Not sure if anyone has noticed this or not, but there is a
  bizarre (if minor) privacy/security issue with Adobe Flash Player
  10. I came across it while attempting to upload a file to Flickr.
  Previous versions of AFP do not exhibit this problem.
  Specifics: using Firefox 3.x, Vista.
  The problem: When Flickr calls the "open file" dialogue in
  Flash 10 (in order to upload files) via the "Upload Photos and
  Videos" link, at the bottom of the dialogue, to the right of the
  "File Name" box, sits a common UI element that brings up a dropdown
  menu of what appear to be (or at least are supposed to be) recently
  viewed or downloaded or accessed files. Actually I'm not sure how
  Flash 10 compiles or accesses this list of files, but at any rate,
  a list of files come up.
  The problem is that, as far as I can tell, the list of files
  that come up reference a long list of files, some that are very old
  and that no longer exist, and that there is no way that I can find
  to clear the list. This is a minor security/privacy issue, as
  generally there should be a way to prevent a dialogue from
  displaying a long list of past-accessed files by clearing a cache
  somewhere or other -- imagine if it was impossible to clear the
  history of a web browser, for example -- this would be considered a
  pretty significant privacy issue. I have tried everything from
  flushing the browser cache to uninstalling and reinstalling the
  browser to uninstalling and reinstalling Adobe Flash to using the
  Flash Settings Manager to clear out the Flash saved sites to
  turning off Vista indexing to clearing out Vista's Recent Items
  list. None of these actions did anything to clear out this list of
  files. I can find no references to these files anywhere when I use
  Vista Search (with unindexed and system files searched as well),
  and I can find no reference to the files anywhere in the registry
  (I checked just in case Flash 10 was storing this index in some
  really bizarre place.) I've linked to a screenshot below of what
  I'm talking about -- most of the files listed below were deleted a
  long, long time ago, and so I have no idea why this dialogue refers
  to them.
  Screenshot
  Is there a simple work-around for this that I'm unaware of?
  Even if there is, there needs to be some more obvious way to clear
  out this list. Where is this information being stored, and what
  criteria does this list use to "put a file on the list"?

  Thanks for putting me on the right scent. That's what I'd
  originally thought, too -- it's just that the file-> open dialog
  was giving an entirely different list of files with other
  applications, so I assumed that it must be Flash that was the
  culprit. Turns out the reason it was different with Flickr was
  because it was restricting the file results via a long string of
  video and picture filetypes that are compatible with the Flickr
  service.
  It turns out the information I'm looking for is buried deep
  within the registry. The only way to clear out this list of files
  is to delete the following key (or specific subkeys):
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidl MRU
  Seems more than a little stupid to store such information in
  the registry if security is your concern. Vista beguiles me
  sometimes.

• Thread security issues

  I have been trying to use threads in coding, but even a simple thread program from the java.sun.com seems to generate an error. I get an error like
  java.lang.NoClassDefFoundError: SlideShow/SlideShow (wrong name: SlideShow)
  at java.lang.ClassLoader.defineClass0(Native Method)
  at java.lang.ClassLoader.defineClass(ClassLoader.java:539)
  at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
  at sun.applet.AppletClassLoader.findClass(AppletClassLoader.java:157)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:289)
  at sun.applet.AppletClassLoader.loadClass(AppletClassLoader.java:123)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:235)
  at sun.applet.AppletClassLoader.loadCode(AppletClassLoader.java:561)
  at sun.applet.AppletPanel.createApplet(AppletPanel.java:617)
  at sun.applet.AppletPanel.runLoader(AppletPanel.java:546)
  at sun.applet.AppletPanel.run(AppletPanel.java:298)
  at java.lang.Thread.run(Thread.java:534)
  for any thread program I put in my IDE
  I feel if I could solve this security issue, I could get around to use threads in the program I am working on.
  I am using NetBeans v 4.0 IDE .
  Thanks a lot in advance,
  Sathy

  it's a class not found error, not a security error. If in a jar, make sure your class files are in the correct folders to match the package order. If not in a jar, make sure your classpath points at the location of the class files

• Forest trust - security issues and how to avoid

  Hi guys,
  I have few questions.
  1/Planning do Forest trust.We have Forest + Domain functional level at WS 2003 level.
  In case of trust what are the security issues and how to avoid them? Meant something like browsing in AD, possible hacking from new destination etc.
  2/ What in case that the trust will not be possible create because of security reasons (rejected by other company)? What can be an workaround for that? I have idea with resource forest or ADFS? Any other ideas?
  Thanks in advance or for a good link to study about.
  Petr Weiner

  Other than broad general answers it is difficult to answer this from the negative side.  I work in a very large company where we have hundreds of domains with one way trusts in place and I don't believe we have any security issues in place.  With
  the large numbers of domains we can't operate in any other fashion.  We have a user forest and many resource forests.  All of our domains and forests are operated and maintained within the company but if you have domains operated by different departments
  then you can run into issues on who trusts.  Also if you need to have a situation where you need to trust other companies then you start to look at ADFS, you can also use it internally for many applications as well as cloud services.  But as I already
  mentioned you haven't detailed what exactly is going on so it is hard to try and give you a concrete answer.
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  Can not view slidshows or creat a book on Snapfish.  SF IT folks say it's a security issue on my end.  Any ideas?

  You will need to contact Snapfish to find out their system requirements and which plugin you need
  - http://support.snapfish.com/app/answers/detail/a_id/669/brand/3

• I updated some security issues and suddenlly my gmail does not open. it shows 75% of the procees and does not go on

  I updated automatically some security issues in my computer (I don't remember which) and now my gmail will start opening until it reaches 75% and it will not go on opening.
  I can open it Internet explorer but not in Mozila fireworks

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  *Tools > Options > Advanced > Network > Cached Web Content: "Clear Now"
  "Remove Cookies" from sites causing problems:
  *Tools > Options > Privacy > Cookies: "Show Cookies"
  Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).
  *Don't make any changes on the Safe mode start window.
  *https://support.mozilla.org/kb/Safe+Mode
  *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes

• Other web browsers and security issues?

  Since even an Apple KB article recognizes the need for an additional browser and because of Safari's limitations and problems, I'm going to try switching to another browser (most likely OmniWeb and am looking at Firefox, Shira and Opera also though perhaps not as a primary browser) but I'm wondering about their ability to keep on top of any security issues for Mac? (and how do you keep up with security updates?)
  Though perhaps unfounded, at least with Safari, I feel that Apple has a vested interest in keeping on top of security issues (for Safari and Java) and I can readily find out about security updates via software updater.

  Most of the other Mac browsers have their adherents. They are all good browsers (I have 7 browsers installed to test various web sites and for change-of-pace usage). They all have their strengths and they all have their weaknesses. Only iCab and OmniWeb are still shareware, the rest are now or always have been free (Opera just recently stopped charging for its browser).
  I have settled on Firefox as my alternate browser and I use it maybe just a tad more than Safari, but I do switch back and forth between them. The Mozilla foundation is good at getting security updates out when needed. Firefox has a button on the toolbar to check for updates. One nice thing about Firefox is that you can install free extensions which enhance the features available. I have one to supplement tab features, one to control iTunes from Firefox's status bar, one to help me format messages in discussion forums, and one to block ads.
  I prefer OmniWeb for doing intensive research because of the way it handles tabs in its sidebar, showing me which ones I've looked at and which ones I haven't, and giving me great flexibility in rearranging tabs, which are viewable as thumbnails or text names (I have had up to a hundred or so tabs open in OmniWeb.
  Shiira is good and its fast. I have not checked for updates for a while, but the last time I updated there was still a problem with Shiira kicking you out of logged-in sites when you moved from page to page with in web site. This may have been fixed by now - they were aware of the problem back then.
  Camino is a native OS X cousin of Firefox and is also fast, but is not updated as often.
  I would stay away from Mozilla or Netscape unless you need all the additional modules they have and which take up hard disk space. Firefox and Camino represent the browser module of Mozilla/Netscape. Mozilla and Netscape have modules for email, irc chat, newsgroups, and for creating and editing web pages. Netscape is a branded and slightly customized version of Mozilla and is not updated as often.
  Opera is a nice browser and some use it as their main browser, but I have not seen anything that really stands out for me, but that does not mean it is not worth a look.
  I would stay away from abandonware Internet Explorer.
  As for checking for updates, several of them, as with many Mac programs, now have a menu item that allows you to check for updates. Most of them also announce their updates on both VersionTracker and MacUpdate.
  Happy Exploring.

• Security Issue with Apple ID

  Today while using my iphone and trying to use facetime for the first time since updating to IOS6, my phone asked me if I wanted to use some email address that I do not have for facetime. What? The message pretty much said that this email address was linked to my apple ID. So I got to work logged into AppleID.Apple.com and saw the email address verified and also saw it displayed as an alternate apple id. Immediately, I changed my Apple ID password and called apple at 1800myapple since that is the number on the website and try to talk to someone that could assist me with this severe issue. Anyway, my iphone went dead and the people on the phone couldn't connect me to anyone because I couldn't give them a serial number to an apple device. I tried to explain to the technicians that this is a problem with my ID and that the alternate ID has access to everything that my Apple ID has access to. Both times the call went nowhere. This is ridiculous. Why can't I talk to a security team? Why is the technician telling me that I can manage my ID from the website, when I know that I am looking at the website and I cannot remove the alternate ID? How did this ID get associated with my account and why did I never receive an email informing me of the change?
  Since Apple has other services and not just products STOP ASKING FOR A SERIAL NUMBER AND ASSIST THE CUSTOMER WITH THE ISSUE especially since it is a SECURITY ISSUE.

  oh man, I know exactly what you're talking about. i have a relatively easy to guess apple id email and everybody in the world thinks it's theirs... but once I turned on two-step authentication, the emails stopped completely.  here's a faq about it:
  http://support.apple.com/kb/HT5570
  once i turned that on, whenever they'd want to reset my password, they would get asked for my recovery key, which they don't have, haha!  victory is mine.