Security in applet cache

Similar Messages

• Security issues with cached applets

  Question: Can anyone tell me where there is a summary or discussion of security issues relating to applets cached by the Java Plug-in?
  I'd like to use the Plug-in to cache applets on client boxes, but I'm wondering if that opens a security hole for hostile/attack applets. Most of the write-ups on applet security I've seen only deal with security on the client side. Does Sun or anyone else address "cached-applet security" as it relates to the server from which it was downloaded?

  The cached applets are treated as same as those downloaded from the net - permissions will be granted based on the original codebase - nothing more, nothing less.

• Applet cache is not working on Mountain Lion(Mac 10.8)

  Applet cache is not working on Mountain Lion(Mac 10.8)
  OS Details:  Mac 10.8
  Applet cache is not working on Safari 6 and Firefox 15.0.1 with java 7(provided by oracle) on Mac 10.8(mountain Lion) and even applets are not working  on chrome because its not supporting java 7(64 bit).
  In order to run applets on Firefox and Safari we need to install Java SE6 which provided by Apple otherwise “PlugInProcess” does not work and it show the below warning message.
  For your information I given screen shots below
  ) Safari screen shot with Java Plug-in
       2.) Firefox screen shot with Java Plug-in
       3) Chrome screen shot( it does not have java plugin)
  4) Java cache viewer console
  5) Applet Java console and it is using Java 7
  Kindly review above mentioned problem and suggest us.

  Problem solved.
  I switched to a Western Digital powered Hard Drive from the Toshiba Canvio I was using.
  I suspect the USB 3.0 did not mount correctly after the first save.
  Fortnuately the Canvio does work on my Windows 7 machine.
  Thanks for yur suggestions

• Java applet cache parameter

  I'm sorry if that what I'm looking for is described elsewhere. I couldn't find it. I seem to have a bug with the latest Apple's java implementation (1.5) downloaded with the latest Software Update.
  I have to switch off applet caching for a certain applet and tried to do this via the Java preference app. It seems that it doesn't work using the offered checkbox. Because everytime when I check it and leave the dialog and turn back it's still checked. I tried it with the deployment properties file but had no luck not knowing (finding) the correct parameter to set false.
  As setting the cache size to zero didn't resolve the problem finally I tried to set the cache path to "/dev/zero" what for sure is the worst solution but it works out. Caching is disabled (This way I discovered that trying to write the cache path in the box in the preference pane you can write it only in reverse manner! llun/ved/ No, it's not a joke)
  Anyone could tell me the right parameter for the deployment properties file that I can correct this situation?
  Thanks
  Powerbook   Mac OS X (10.4.6)  

  Unfortunately, this did not resolve the issue. I have been doing a bit more looking and it appears I'm getting a null resource error on reload/refresh:
  public abstract class SimpleWindow extends JInternalFram
     public SimpleWindow()
        initComponents();
  public class FancyWindow extends SimpleWindow
     public FancyWindow()
        initComponents();
  }During startup, it tries to create a new FancyWindow, which calls initComponents(). Inside initComponents is a call to create a JEditorPane.
  The function runs fine, and I am able to create a new JEditorPane; however, when I do:
  jedit.setText("Text Here");I get my null error (tracing through the calls, it looks like it's unable to initialize the editorkit.
  This does not happen on a normal first-time load. It does not happen if I completely close the browser and restart it to re-run the applet, but if I just try to refresh it, it seemingly can't get memory for this?
  Edit: It looks like this may be a regression in 1.6.0_22 and later: 1.6.0_22 HTMLEditorKit throws NullPointerException when reloaded
  Edited by: Jamie.McPeek on Jan 15, 2011 12:28 AM

• Delete  user applet cache....(Question) ?

  Hi guy,
  I am looking for any idea or suggestion that how i can delete user's applet cache . Lets suppose i have got new applet, i mean new version with some changes, then how i can automatically delete current cached applet and let the user download with new one from server.
  Thanks in advance.
  Romi

  Hi Romi,
  You wrote:
  I am looking for any idea or suggestion that how i can delete user's applet cacheYou don't have control over the user's browser, but you can specify the cache version of each jar file in your applet. When you have a new release, you can specify a newer version. If the browser/plug-in follows the version convention, it will download the new jar file and not use the older cached file.
  See [Applet Cachine|http://java.sun.com/products/plugin/1.3/docs/appletcaching.html].
  Was this what you were looking for?
  (Reading the document again, I see you could also specify "cache_option" to be "No" which would force reloading every time.)
  -David-

• Shared applet cache location

  In order to reduce both load times and network burden we are looking at the possibility using a common location for the java applet cache. Our internal tests, albeit limited, have proved successful. By specifying a common local network location for storing temporary files in the java control panel we were able to pull the jars for our applet by one initial user and use that cache (on a different pc) by another user. Specifically, we are looking at implementing this in a citrix environment using a local cache on the citrix server (rather than the network location in our tests).
  Does anyone have experience doing this? If so, what potential problems could arise? Is there a better solution?
  Thanks for any advise.

  Can I get help from you?
  If my question was not clear, please point out and I will supply more information.
  Looking forward to getting answer from you - Java Expert :)

• How to lower the security of applet ?

  How to lower the security of applet because i want the web browser to communicate with com port.

  Sign the applet and hope the user trusts it:
  Signing applets:
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and reply 18 for the java class file using doprivileged
  Still problems?
  A Full trace might help us out:
  http://forum.java.sun.com/thread.jspa?threadID=656028

• How to get security verified applet?

  please help me..
  how to implement applet which can get computer and network information securely? (security verified applet)
  thanks!

  rockster14 wrote:
  how to implement applet which can get computer and network information securely? (security verified applet)Now, you're not going to claim this has something to do with "..[sell printer related products|http://forums.sun.com/thread.jspa?messageID=10764588#10764588]" are you? ;-)
  What is it you are trying to do? Or rather, my same question in that original thread, what is the "user feature"?
  And while I am here, what is causing the problem? Is it ..
  a) Deploying an applet so that it is trusted?
  b) Obtaining this 'computer and network' information?

• Sharing JVM applet cache among multiple users

  Our browser plugin clients run in a Citrix environment where Windows Terminal Services servers host the client sessions for multiple users and the users only have a thin client hardware device at their desks. We've discovered that as a consequence of optimizing certain aspects of the Citrix environment a user's JVM cache is remote to the server hosting his/her browser session, and that the remote caching is a performance bottleneck.
  Turning applet caching off improves performance considerably, but we'd like to get the cache directed locally to the server hosting the browser session and turn caching back on. But since hundreds of users times tens of servers in the "Citrix farm" adds up to a lot of cache disk space, we're wondering about users sharing a JVM cache. This already happens when one runs multiple browser/plugin sessions locally on a regular workstation. But what about fifty users' separate plugins sharing a single applet cache? It appears from file timestamps that jars'/classes' idx files in a cache are updated when a file is loaded from the cache. What if multiple browser plugins were trying to do this concurrently? Is there a risk of locking, or a data integrity exposure? Or are those idx updates insignificant since they don't affect the last modified date or the sticky cache version number? (Most apps use a 1_5_0_2 JRE, but some apps require a 1.4 plugin.)
  Thanks,
  Brian

  This sounds very similar to a problem that's occuring for us at the moment. Did you ever find some solution to this problem?
  Regards,
  Jon.

• Sharing JVM applet cache among multiple users (crosspost)

  Does anyone have experience sharing a single JVM applet cache among multiple users?
  (This is a crosspost of http://forum.java.sun.com/thread.jspa?threadID=5157018. I know crossposting is frowned on, but it went a week without replies in the plug-in forum.)
  Our browser plugin clients run in a Citrix environment where Windows Terminal Services servers host the client sessions for multiple users and the users only have a thin client hardware device at their desks. We've discovered that as a consequence of optimizing certain aspects of the Citrix environment a user's JVM cache is remote to the server hosting his/her browser session, and that the remote caching is a performance bottleneck.
  Turning applet caching off improves performance considerably, but we'd like to get the cache directed locally to the server hosting the browser session and turn caching back on. But since hundreds of users times tens of servers in the "Citrix farm" adds up to a lot of cache disk space, we're wondering about users sharing a JVM cache. This already happens when one runs multiple browser/plugin sessions locally on a regular workstation. But what about fifty users' separate plugins sharing a single applet cache? It appears from file timestamps that jars'/classes' idx files in a cache are updated when a file is loaded from the cache. What if multiple browser plugins were trying to do this concurrently? Is there a risk of locking, or a data integrity exposure? Or are those idx updates insignificant since they don't affect the last modified date or the sticky cache version number? (Most apps use a 1_5_0_2 JRE, but some apps require a 1.4 plugin.)
  Thanks,
  Brian

  This sounds very similar to a problem that's occuring for us at the moment. Did you ever find some solution to this problem?
  Regards,
  Jon.

• Applet cached problem

  Have a deployed applet and am upgrading it for the next release.
  Problem I came across is if I go to a URL with the older applet, it gets cached and when I go to a URL where it should load the newer applet, the older applet is still cached and fails. In my case its the same URL I go to but additional stuff going on decides whether I should eventually get to the old applet or the new applet.
  So I was trying to find a way to prevent the applet being cached / force it to load but couldn't find anything for that. Any suggestions?
  I then came across some info on the OBJECT tag (http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/applet_caching.html) and using the cache_archive_ex to specify a jar version, which I thought I could use to force the latest version of the applet/jar to load as the newer version is backward compatable.
  But I am having some problems trying to convert the applet html to object html to get the applet located and loaded for the new version. I presume in order to use the object tag to force the jar version I want, I have to completely replace the applet html with object html?
  I rebuilt the applet jar with a manifest so it has version number 2.0.0.
  my existing applet html is like:
  <applet archive=/applets/myapplet.jar,/applets/myssl.jar" code="my.code.MyApplet" width="1" height="1' MAYSCRIPT>
  <PARAM ....>
  <PARAM ....>
  </applet>now to convert this to using the object tag, do I HAVE to put my stuff in a CAB file, or can I reference it out of the jar? I tried like this:
  <object codetype="application/java" classid="java:my.code.MyApplet" codebase="/applets/myapplet.jar">
  <PARAM NAME="cache_archive_ex" VALUE="/applets/myapplet.jar;preload;2.0.0,/applets/mysll.jar;preload">
  <PARAM NAME="MAYSCRIPT" VALUE=true>
  <PARAM ...>
  <PARAM ...>
  </object>But its not working and I have tried various things like removing the my.code from the classid or not specifying the codebase. No luck.
  So I guess my questions are:
  (1) is there any way to prevent applet caching / force it to reload ?
  (2) is there a way with the applet html to use the applet version-number to force it to load the new version ?
  (3) If I have to onvert to the object tag, so I have to put my jars in a CAB or am I anywheres close up above?
  (4) How can "debug" my OBJECT tag specification to figure out whats wrong?
  Appreciate any pointers ...

  I used the SUN html converter to jump start the change, then changed the archive param to cache_archive_ex and that seems to have done the trick, just to to check newer applet version 2.0.0 really does get loaded.

• Increase lyfecyle applet cache on java runtime

  Hi .
  Applet in IE6 on windows XP SP1, with java 15.0_09.
  I launch 3 times the applet with the same codebase.
  I launch the applet on first time on i go to a transaction after i launch in the same IE window the applet for the second time and i go in another transaction. I return in the first applet, that reload it in the first transaction when i do the same action on second applet i return in the second transaction. I this point there is no problem ...
  But when i launch the applet on third time and i go to another transaction, i lost the context of my first applet when i come back in.
  On tracing i can see that java use a "lifecycle applet cache", and this cache have 2 slots, that the reason that i lost the first applet context on the third launch.
  My question i how can i increase the number of slots on "lifecycle applet cache" ?

  Unfortunately, this did not resolve the issue. I have been doing a bit more looking and it appears I'm getting a null resource error on reload/refresh:
  public abstract class SimpleWindow extends JInternalFram
     public SimpleWindow()
        initComponents();
  public class FancyWindow extends SimpleWindow
     public FancyWindow()
        initComponents();
  }During startup, it tries to create a new FancyWindow, which calls initComponents(). Inside initComponents is a call to create a JEditorPane.
  The function runs fine, and I am able to create a new JEditorPane; however, when I do:
  jedit.setText("Text Here");I get my null error (tracing through the calls, it looks like it's unable to initialize the editorkit.
  This does not happen on a normal first-time load. It does not happen if I completely close the browser and restart it to re-run the applet, but if I just try to refresh it, it seemingly can't get memory for this?
  Edit: It looks like this may be a regression in 1.6.0_22 and later: 1.6.0_22 HTMLEditorKit throws NullPointerException when reloaded
  Edited by: Jamie.McPeek on Jan 15, 2011 12:28 AM

• Provider Security Domain applet on JCOP

  hi, All
  I use the Eclipse plugin JCOP 3.0 tools, try to install myself Security Domain applet to OP.
  Is the JCOP card simulator support the Provider Security Domain ?
  If not, which JCOP real card can I use to upload & install my Security Domain ?
  thanks for advance!
  Andy Hua.

  MatiGdoc wrote:
  Hi,
  I'm newbie in JCOP programming, so I need help from "masters" ...
  Im using JCOP 10 v2.2 GP2.1.1 compliant with SCP02 support. I can compute sucesfully all neccessary session keys / cryptograms needed by initialize update / external authenticate commands.
  Original JCOP tools uses in external authenticate security mode "NO_SECURITY_LEVEL" - 84 82 00 00, so the load command contains plain Header, Directory, Import etc .cap files.
  But I want to load .cap in more secure way, using C_DECRYPTION mode. So, my questions are:
  - Is C_MAC mode mandatory with C_DECRYPTION ? In other way, can I use p1=0x02 instead of 0x03 in External Authenticate command ?C_DECRYPTION also mandates C_MAC. You can use for P1: 00, 01 and 03.
  - Which key must be used for Datafield encryption ? I suppose S_ENC key generated for secure channel, right ?Correct.
  - should datafield for Install_for_load command (80 E6 02) also be crypted with S_ENC ?Yes. Starting with C_MAC your class byte needs to be 84 though.
  - should the datafield also be padded before calculating the C_MAC ? You pad for C_MAC as first step, and then pad the data field as a second step, excluding C_MAC. Check out GP 2.1.1 card spec, figure E-6.

• Parameter that drives applet cache behavior

  Can anyone point to documentation related to the control of the applet cache behavior on the client?
  Thanks,
  Thomas

  I think it's important, (at least me I have found it important)
  it is deserving to read it
  [url http://forums.oracle.com/forums/thread.jspa?messageID=682193&#682193] Forms9i- Why base on applet?
  I hope let me know

• Java Applet: Caching data in User HDD?

  Hi,
  I'm trying to write a java applet which requires approximately 700K of mathematical data everytime it runs. One way to do this is to download those data off from server everytime the applet starts up, but it seems terribly inefficient for me cuz those data do not change at all.
  Is there anyway to work around such issue, for example, by storing the data into user's hdd? Or is it possible to pack the mathematical data together with .class files into a jar file and then somehow access them in user's side? (dunno how to do so and not sure if it's possible)
  Any help would be greatly appreciated. Thanks.
  Aaron

  Hi,
  I'm trying to write a java applet which requires
  approximately 700K of mathematical data everytime it
  runs. One way to do this is to download those data off
  from server everytime the applet starts up, but it
  seems terribly inefficient for me cuz those data do
  not change at all.
  Is there anyway to work around such issue, for
  example, by storing the data into user's hdd? Or is it
  possible to pack the mathematical data together with
  .class files into a jar file and then somehow access
  them in user's side? (dunno how to do so and not sure
  if it's possible)
  Any help would be greatly appreciated. Thanks.
  AaronYou have one answer above.
  Create a jar file, put your applet classes in it, and then put the data files in the jar with the application. Theres no restriction as to the types of file you can put in a jar, and Jars are essentially zip files, so no point in zipping the data first.
  As to storing stuff locally on the client, that's unadvisable, and disallowed due to the java security model anyhow. It is possible to override the security manager but, I'm not sure if this is possible with an applet though. It would undoubtedly not be hassle free.
  Another thing that could help is jar caching..
  http://java.sun.com/products/plugin/1.3/docs/appletcaching.html this would improve the start up time by caching the jar file on the client, between invocations.