Why socket policy file has 20 KB limitation?

Similar Messages

• 100$ Bounty Question: How do I request a socket policy file?

  I'll send you 100$ via paypal or check in the mail for the person who solves this problem for me:
  4 years ago, my code requested a policy file fine, but it doesn't anymore.
  Here is my code:
                  Security.allowInsecureDomain("*");
                  Security.allowDomain("*");
                  Security.loadPolicyFile("xmlsocket://127.0.0.1:843");
              xmls.send("yo");   
              xmls.send("yo2");   
  My server receives "yo" and not "yo2".
  My server does not receive "<policy-file-request/>"
  What do I need to do on the Flash AS3 side to send "<policy-file-request/>" to my server?
  Other forums where I request this information:
  http://forums.adobe.com/message/6178906#6178906

  If your company doesn't let you do bounties, I'll donate the 100$ to fruit trees for Haiti.

• Configuring socket policy for flex apps(with blocked port 843)?

  We have built several flex-based ecommerce apps for a fortune 500 customer of ours, that for various reasons, we need to use sockets to a different domain and requires a socket policy file, but were having trouble configuring our flex apps for deployment in thier enviornment where they are blocking virtually everything except port 80 . The current documentation in in regards to socket policy files and crossdomain files in a non-standard configuration not using port 843 is not providing any useful help to us.
  Here is the scenario:
  Flex apps are served from domain www.a.com in  to users browsers via http. The apps then make socket connections to domain www.b.com:80 where there are php scripts serving json data to the flex apps via port 80 using http(we use sockets because we need to set and read back http headers). The problem is the flex apps cannot make socket connections to the www.b.com domain without errors like below(unless we setup a socket policy server on port 843 of www.b.com, in which case everything works):
  Warning: Timeout on xmlsocket://www.b.com:80 (at 3 seconds) while waiting for socket policy file.  This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation.
  Error: Request for resource at xmlsocket://www.b.com:80 by requestor from http://www.a.com/bin-debug/DownloadManagerFlex.swf is denied due to lack of policy file permissions.
  Error: Request for resource at xmlsocket://www.b.com:80 by requestor from http://www.a.com.us/bin-debug/DownloadManagerFlex.swf is denied due to lack of policy file permissions.
  Since we cannot use port  843 for the socket policy file server, we setup the socket policy server on a different ip in the same domain: spf.b.com:80 (using the sample perl code Adobe provides), and per the docs(cited below), use Security.loadPolicyFile("xmlsocket://spf.b.com:80") before we invoke "socket.connect", to supposedly tell the flash player to check there for the socket policy file. The problem, as you can see from the error log, is that the  loadPolicyFile("xmlsocket://spf.b.com:80") is ignored.
  No matter what we do or how we set things up, we cannot get the flash player to recognize the loadPolicyFile(), it always wants to go to the port were making the socket connection on. It is unclear how to properly configure the flex app, socket policy file and crossdomain file for the above scenario. The docs allude to being able to serve  the socket policy file from a different port 80 in the same domain as the socket connection were trying to make, but were having no luck with that.
  ->Can anyone shed some light on how to make this work or what are we  missing/doing wrong? Also, if we can get this to work, are we  stuck with a 3 second delay because this(very large) customer is blocking port 843?
  As an aside,  the documentation for all this is a bit scattered, unclear and contrdictory:
  One document says:(http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_07.html)
  "This warning usually means one of two things: first, that you need to set up a
              socket policy file server on port 843, which is the first location that Flash
              Player checks by default; or second, that you need to provide more explicit
              guidance to Flash Player from ActionScript by calling loadPolicyFile to indicate the location
              of a socket policy file. When you call loadPolicyFile rather than allowing Flash Player to check
              locations by default, Flash Player will wait as long as necessary for a
              response from a socket policy file server, rather than timing out after 3
              seconds."
  Another document says(http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html):
  "If an ActionScript Security.loadPolicyFile() command exists within               the SWF file, then the Flash Player runtime checks that location. Flash Player checks               the destination of the loadPolicyFile() only after it has checked the               master policy file on port 843 for permission to acknowledge other policy               files. If the developer has not specified a loadPolicyFile() command,               then Flash Player checks the destination port of the connection."

  I found the reason why the Flex application was ignoring the socket policy (crossdomain.XML). I have a policy server that listens to port 843 and submits the policy to the Flex client. My policy was getting ignored by the Flex application and I was getting the sandbox security error you were getting. The solution to this problem isto write a null byte right after the policy server sends the policy. I'm using Apache Mina that is wrtten is Java and the null byte is written as follows:
  public void sessionCreated (IoSession session)
          throws Exception
          session.write(_policy);  -- > policy string
          session.write("\u0000"); --> null byte
           //session.close(true); ---> No need to close the session because it is closed by the Flex client after it receives the null byte.
  Now my Flex application can read and accept the policy from port 843 and I'm not getting more security violations.
  Thanks for your reply,
  Alberto

• Cross-Domain Policy File

  I just made an IRC client for Android + iOS, and now I'm having issues porting it to the browser.  I've built flash games where the server hosts the Policy Domain File, obviously with an IRC client that's not going to happen in all instances.
  I'm wondering why the browser version can run perfectly fine under CS6's debug mode, but when it's been deployed to the browser it can't seem to connect?  What settings would I have to do [if at all possible] to replicate this debug mode [in CS6] inside the browser?
  Thanks!

  In the browser, are you running it via Flash Player or are you making an AIR for web app?
  The browser is the strictest sandbox Flash can run in. The infamous #2048 is a generic security violation. You're doing something your current sandbox doesn't allow. The most obvious thing to verify is on the SWF output settings make sure your sandbox is set to access network files, not access local files. Otherwise you'll get that error.
  Outside that it's going to be looking for a socket policy file. I won't even get into creating these because your endpoint is an IRC server. Unless you're running your own IRC server you're not going to get some IRC server host to install a socket policy file for you so that point is moot. Without the socket policy file you're in some tough territory that will require some advanced debugging.
  My suggestion would be to get Fiddler so you can actually see the request and response packets being sent to and from Flash inside your browser. You will definitely see Flash make a request and the response will give you clues on what's happening just before you receive the #2048 security error. You may see it request the policy file and then the server returns nothing or an invalid response and then Flash gives you the error. If that happens you may be out of luck.
  Here's fiddler (I'd update your .NET to the latest and use V4 instead of V2):
  http://www.fiddler2.com/fiddler2/version.asp
  Here's another Adobe post of someone having a #2048 error while using fiddler to diagnose it:
  http://forums.adobe.com/message/4668901#4668901
  The fiddler site has some documentation. It's a pretty great tool for analyzing packet traffic (using the "select process" target will limit the packets to a browser you select (or any other app)). You may need to enable decrypting HTTPS traffic if you're using a SecureSocket. There's all instructions there on helping you diagnose and watch the inner workings of all requests/responses to track down the issue quickly.
  Lastly I would uninstall Fiddler after you're done with it and reinstall it later when you need it. Especially if you enable HTTPS decryption. It must install some fake certificates to allow itself to intercept traffic. You'll just clutter up your certificates with junk certs if you keep fiddler installed. It's a very quick install/uninstall and the software itself is very widely used and regarded. It's not a trust thing, it's a cleanliness thing.

• Problem fetching policy-file-request

  According to
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_print.html
  quote:
  * A SWF file may no longer make a socket connection to its
  own domain without a socket policy file. Prior to version
  9,0,115,0, a SWF file was permitted to make socket connections to
  ports 1024 or greater in its own domain without a policy file.
  * HTTP policy files may no longer be used to authorize
  socket connections. Prior to version 9,0,115,0, an HTTP policy
  file, served from the master location of /crossdomain.xml on port
  80, could be used to authorize a socket connection to any port 1024
  or greater on the same host.
  So with the tighter security measures, a policy file has to
  be fetched on port 843 or on the same port on which a connection is
  desired. That leads to another problem. The policy file request
  made by the player has a simple format: clear text
  <policy-file-request/> is sent as raw data bytes on
  the ports.
  As most firewalls block such raw data traffic (of unknown
  protocols) on all the ports, this means that the policy file fetch
  will fail almost always if the user is behind any firewall.
  This will render all SWFs, that do not use well known ports,
  unusable. Does anyone know what is the solution to this
  problem? Or am I missing something here?

  Common guys, someone has to know what to do here.
  I have read all that I can read and tried all that I could
  and the flash app is not accepting my policy file.

• Policy files and the Web

  Hi,
  I created an applet that required a policy file, but now I want to transfer this applet onto the Web. I am wondering how to do this while still somehow incorporating the policy file.
  Help would be greatly appreciated - thanks!!

  I'm trying to put all my files into a .jar file - that is, my .class file, my .html fileYou can't activate a HTML file from a jar file -- at least not that I'm aware of.
  links to a file, which the user can then download.If this file that you want the user to be able to download is not a known MIME type (e.g., another HTML file, an image, or a text file), why don't you just create a link in your HTML file like this:
  Click here to download file
  If your file is of a known MIME type, just zip it and create a link as shown above.
  ......my policy file.When you run an applet out of a web server, it runs in a sandbox and requires permission(s) to be granted if the user's browser is correctly configured and the applet is signed (as shown in my file I/O demo). Policy file has nothing to do with an applet -- only when a java program runs in a standalone system.
  Hope this helps.
  V.V.

• Socket Policy in 9,0115,0

  Is there anyone out there who knows how to sort out this
  issue?
  I am trying to access mail.myserver.com from myserver.com, I
  have been told that I need a socket policy file, which is like the
  crossdomain.xml file I think.
  I have spoke with my webmaster admin and I told them that I
  think it has to be served over port 843 per adobe docs. I can't
  seem to get it working, has anyone managed to do this?
  Thanks
  Neil

  Could be. File a support case or open a bug in the public
  bugbase (
  http://www.adobe.com/go/kb403392)

• Replace the JCE Unlimited Strength Jurisdiction Policy files - SAP JVM 5

  Hi Experts,
  I had a NetWeaver 7.1 system with SAP JVM 5. I tried to run a cryptography software on the system, but the current JCE Unlimited Strength Jurisdiction Policy files of the JVM limited encryption algorithms and key lengths.
  I downloaded the jce_policy-1_5_0.zip file from the Sun website, unzipped it, replaced the old policy files (sapjvm_5/jre/lib/security/local_policy.jar and sapjvm_5/jre/lib/security/US_export_policy.jar) with the new ones, then restarted the server. But, after the server was restarted, the new policy files were deleted and the old ones were restored.
  Could you tell me what should I do to apply the new policy files?
  Thanks in advance.
  Victor

  Issue Resolved..with help of OSS note :739043
  EP 6.0 SP15.... I had same issue for Portal prodution:
  I had  copied new files (local_policy.jar and US_export_policy.jar) in directory /opt/java1.4/jre/lib/security
  Jun 16  2003 local_policy.jar
  -rw-rr   1 root       sys           4355 Jun 16  2003 US_export_policy.jar
  -rw-rr   1 root       sys           2910 Aug  2  2007 local_policy.1.jar
  -rw-rr   1 root       sys           2429 Aug  2  2007 US_export_policy.1.jar
  -rrr--   1 bin        bin           2910 Dec 12 10:14 local_policy.2.jar
  -rrr--   1 bin        bin           2429 Dec 12 10:14 US_export_policy.2.jar
  -rrr--   1 bin        bin           2223 Dec 12 10:25 java.policy
  -rrr--   1 bin        bin           6871 Dec 12 10:25 java.security
  -rrr--   1 bin        bin          41278 Dec 12 10:25 cacerts
  Thanks,
  Hari

• Does anyone know how to set policy file, so applet can connect other host?

  I have an signed applet, it may connect to other host.
  The applet should display a HTML pages, which may contains image tag points to a picture stored anywhere. I use a JTextPane to display this HTML page, but when it is loaded. a error occurs.
  java.lang.SecurityException
  at java.lang.SecurityManager.checkPermission(Unknown Source)
  at java.lang.SecurityManager.checkConnect(Unknown Source)
  at sun.awt.image.URLImageSource.checkSecurity(Unknown Source)
  at sun.awt.image.ImageRepresentation.imageComplete(Unknown Source)
  at sun.awt.image.InputStreamImageSource.errorConsumer(Unknown Source)
  at sun.awt.image.InputStreamImageSource.setDecoder(Unknown Source)
  at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source)
  at sun.awt.image.ImageFetcher.fetchloop(Unknown Source)
  at sun.awt.image.ImageFetcher.run(Unknown Source)
  I have those kind of error (connection refused) before I signed my applet and write policy file to granr socketpermission to the codebase of my class files. But this error still occurs. I suppose it is because the sun.awt.image.* is Java standard class, so my policy file has no effect on them. But how can I make it works?

  you need to install the jre, and place the win32.dll at JavaSoft\JRE\1.3.1_06\bin, that properties file place at JavaSoft\JRE\1.3.1_06\lib, comm.jar at JavaSoft\JRE\1.3.1_06\lib\ext\
  and in ur code try to use it to open ur com port
  public String test() {
  String drivername = "com.sun.comm.Win32Driver";
  try
  CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
  catch (Throwable th)
  {* Discard it */}
  drivername = "javax.comm.*";
  try
  CommDriver driver = (CommDriver) Class.forName(drivername).newInstance(); driver.initialize();
  catch (Throwable th)
  {* Discard it */}
  portList = CommPortIdentifier.getPortIdentifiers();
  while (portList.hasMoreElements()) {
  portId = (CommPortIdentifier) portList.nextElement();
  if (portId.getPortType() == CommPortIdentifier.PORT_SERIAL) {
  if (portId.getName().equals("COM2")) {
  //if (portId.getName().equals("/dev/term/a")) {
  try {
  serialPort = (SerialPort)
  portId.open("SimpleWriteApp", 2000);
  } catch (PortInUseException e) {}
  try {
  outputStream = serialPort.getOutputStream();
  } catch (IOException e) {}
  try {
  serialPort.setSerialPortParams(9600,
  SerialPort.DATABITS_8,
  SerialPort.STOPBITS_1,
  SerialPort.PARITY_NONE);
  } catch (UnsupportedCommOperationException e) {}
  int i=0;
  while(true)
  try {
  messageString="hi";
  System.out.println(i++);
  outputStream.write(messageString.getBytes());
  } catch (IOException e)
  System.out.println(e);
  messageString=String.valueOf(e);
  return messageString;
  and yet u need to signed the applet
  1. Compile the applet
  2. Create a JAR file
  3. Generate Keys
  4. Sign the JAR file
  5. Export the Public Key Certificate
  6. Import the Certificate as a Trusted Certificate
  7. Create the policy file
  8. Run the applet
  Susan
  Susan bundles the applet executable in a JAR file, signs the JAR file, and exports the public key certificate.
  1. Compile the Applet
  In her working directory, Susan uses the javac command to compile the SignedAppletDemo.java class. The output from the javac command is the SignedAppletDemo.class.
  javac SignedAppletDemo.java
  2. Make a JAR File
  Susan then makes the compiled SignedAppletDemo.class file into a JAR file. The -cvf option to the jar command creates a new archive (c), using verbose mode (v), and specifies the archive file name (f). The archive file name is SignedApplet.jar.
  jar cvf SignedApplet.jar SignedAppletDemo.class
  3. Generate Keys
  Susan creates a keystore database named susanstore that has an entry for a newly generated public and private key pair with the public key in a certificate. A JAR file is signed with the private key of the creator of the JAR file and the signature is verified by the recipient of the JAR file with the public key in the pair. The certificate is a statement from the owner of the private key that the public key in the pair has a particular value so the person using the public key can be assured the public key is authentic. Public and private keys must already exist in the keystore database before jarsigner can be used to sign or verify the signature on a JAR file.
  In her working directory, Susan creates a keystore database and generates the keys:
  keytool -genkey -alias signFiles -keystore susanstore -keypass kpi135 -dname "cn=jones" -storepass ab987c
  This keytool -genkey command invocation generates a key pair that is identified by the alias signFiles. Subsequent keytool command invocations use this alias and the key password (-keypass kpi135) to access the private key in the generated pair.
  The generated key pair is stored in a keystore database called susanstore (-keystore susanstore) in the current directory, and accessed with the susanstore password (-storepass ab987c).
  The -dname "cn=jones" option specifies an X.500 Distinguished Name with a commonName (cn) value. X.500 Distinguished Names identify entities for X.509 certificates.
  You can view all keytool options and parameters by typing:
  keytool -help
  4. Sign the JAR File
  JAR Signer is a command line tool for signing and verifying the signature on JAR files. In her working directory, Susan uses jarsigner to make a signed copy of the SignedApplet.jar file.
  jarsigner -keystore susanstore -storepass ab987c -keypass kpi135 -signedjar SSignedApplet.jar SignedApplet.jar signFiles
  The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
  5. Export the Public Key Certificate
  The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
  The -storepass ab987c and -keystore susanstore options specify the keystore database and password where the private key for signing the JAR file is stored. The -keypass kpi135 option is the password to the private key, SSignedApplet.jar is the name of the signed JAR file, and signFiles is the alias to the private key. jarsigner extracts the certificate from the keystore whose entry is signFiles and attaches it to the generated signature of the signed JAR file.
  5: Export the Public Key Certificate
  The public key certificate is sent with the JAR file to the whoever is going to use the applet. That person uses the certificate to authenticate the signature on the JAR file. To send a certificate, you have to first export it.
  In her working directory, Susan uses keytool to copy the certificate from susanstore to a file named SusanJones.cer as follows:
  keytool -export -keystore susanstore -storepass ab987c -alias signFiles -file SusanJones.cer
  Ray
  Ray receives the JAR file from Susan, imports the certificate, creates a policy file granting the applet access, and runs the applet.
  6. Import Certificate as a Trusted Certificate
  Ray has received SSignedApplet.jar and SusanJones.cer from Susan. He puts them in his home directory. Ray must now create a keystore database (raystore) and import the certificate into it. Ray uses keytool in his home directory /home/ray to import the certificate:
  keytool -import -alias susan -file SusanJones.cer -keystore raystore -storepass abcdefgh
  7. Create the Policy File
  The policy file grants the SSignedApplet.jar file signed by the alias susan permission to create newfile (and no other file) in the user's home directory.
  Ray creates the policy file in his home directory using either policytool or an ASCII editor.
  keystore "/home/ray/raystore";
  // A sample policy file that lets a JavaTM program
  // create newfile in user's home directory
  // Satya N Dodda
  grant SignedBy "susan"
  permission java.security.AllPermission;
  8. Run the Applet in Applet Viewer
  Applet Viewer connects to the HTML documents and resources specified in the call to appletviewer, and displays the applet in its own window. To run the example, Ray copies the signed JAR file and HTML file to /home/aURL/public_html and invokes Applet viewer from his home directory as follows:
  Html code :
  </body>
  </html>
  <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  width="600" height="400" align="middle"
  codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,1,2">
  <PARAM NAME="code" VALUE="SignedAppletDemo.class">
  <PARAM NAME="archive" VALUE="SSignedApplet.jar">
  <PARAM NAME="type" VALUE="application/x-java-applet;version=1.3">
  </OBJECT>
  </body>
  </html>
  appletviewer -J-Djava.security.policy=Write.jp
  http://aURL.com/SignedApplet.html
  Note: Type everything on one line and put a space after Write.jp
  The -J-Djava.security.policy=Write.jp option tells Applet Viewer to run the applet referenced in the SignedApplet.html file with the Write.jp policy file.
  Note: The Policy file can be stored on a server and specified in the appletviewer invocation as a URL.
  9. Run the Applet in Browser
  Download JRE 1.3 from Javasoft
  good luck! [email protected]
  i already give u many tips, i use 2 weeks to try this to success, hopw that u understand that, a result of success is not important, the process of how to get things done is most usefull!

• HT3705 Has anyone any ideas why a Pages file v09 exported from v5 bloats from around 212kb to 5.9mb? I had to export existing template files back from the latest version to v09 due to limited features in latest version.

  Recently updated Pages because of Mavericks update, quickly discovered how limited new version is, exported altered files back to Pages 09 format and re-opened using earlier Pages. In amending to re-save as templates again noticed a 212kb file has bloated to 5.9mb.
  Has anyone any ideas or experience as it will not take long to fill up a 1TB drive at this rate! - I had left behind PC's and MS Office and was reasobaly happy using Pages for business, but it looks like Office for Mac is now going to b eneeded.

  Yes, I opened them all with 5 then re-saved as v5 templates. Then realised other problems with v5 so exported them all back v09 as xxx.pages files. Used some with v09 and noticed they had all increased.
  I just checked again and noticed that the initial v5 saved templates had typically increased from 412kb to 1.1MB (they do have 4 graphics) - then after exporting the templates are 5.9MB in v09 an dthe files are still 412kb.
  I had a similar problem many years ago using RTF files with Word and they kept bloating everytime you edited and saved due to saved or linked graphics?

• Override JCE default (limited strength) jurisdiction policy files

  Hi!
  I am writing an applet, which has to decrypt encrpyted file with some simetric algorithm, e.g. PBEWithMD5AndTripleDes. Due llimitations of key lengths in default (limited strength) jurisdiction policy files for JCE I cannot use for example TripleDES with 168 bit key or. Blowfish with 400 bit key.
  I know I can obtain Unlimited version of these files from java.sun.com and replace this files in JDK/JRE installation directory. That's ok for us at server side, but disaster at client (applet) side, because we must modify installation of JRE on every computer where user want to use applet and update it every time when JRE is being updated.
  So me question is: is there any way to distribute unlimited jurisdiction files with an applet (I know how to include *.jar files) and make it work? For example via endorsed mechanism, setting some security property, reloading JCE?
  Thanks for help!

  You can't override them. Since the restriction apply only to the JCE, your best bet is to use the lightweight API from Bouncy Castle which does not use the JCE.

• Why can't I open a pdf file on my desktop?  I keep getting this message: Adobe Reader could not open '8pdk_96_4.pdf' because it is either not a supported file type or because the file has been damaged (for example, it was sent as an email attachment and w

  Why can't I open a pdf file on my desktop?  I have Adobe Reader and running OS 10.10.1  I keep getting the same message: "Adobe Reader could not open '8pdk_96_4.pdf' because it is either not a supported file type or because the file has been damaged (for example, it was sent as an email attachment and wasn't correctly decoded)."

  I tried that.
  I saved the file 8pdk_96_4.pdf to my desktop and tried to open it using Adobe Reader but I get the same message: Adobe Reader could not open '8pdk_96_4.pdf' because it is either not a supported file type or because the file has been damaged (for example, it was sent as an email attachment and wasn't correctly decoded).

• I'm unable to email PDF attachments, this has started in the last 2 weeks - any clues why as other file types are sending?

  I'm unable to email PDF attachments, this has started in the last 2 weeks - any clues why as other file types are sending?

  Greetings,
  That is rather strange. Attachments are attachments.  The big difference between what will send and what won't is usually either who you are sending it to (wrong email address) or how big the attachment is (most email providers have a limit to the total message size between 10 MB and 20 MB).
  -- What happens when you say you are "unable to email PDF attachments"?  What error message do you get?
  -- Are you sending these emails using the Mail program?
  -- What is the file size of the PDF you are trying to send?
  -- What happens if you compress the PDF before you email it (Highlight the PDF on the desktop and then go to File > Compress) ?
  -- What happens if you send the PDF to yourself?
  Cheers.

• When downloading, why do I get a message saying "Safari cant open file because the file has moved since it was downloaded?"  I just attempted to download the file from a website.  Thanks.

  When downloading from a website, I get a message that says, "Safari cant open th file--- because the file has been moved since you downloaded it.  How do I correct this problem.  It wont let me open attachments from yahoo email either.  Thanks.

  EDIT:
  After posting I see this question has the tag of "windows". I don't know if this applies to the Windows version or not.
  The only time I see this message is if I download something, trash it, AND empty the trash. If I don't empty the trash, it finds it there. It will find it wherever I move it to, unless it is was in the trash and emptied.
  Using Finder, is the downloaded file in your Downloads folder?
  Maybe if you go to Safari/Preferences/General and change the location for downloads to something else then change it back to Downloads it might correct it.

• Signed applets (are policy files needed!)

  I have experienced on a number of different machines that a signed applet that the client trusts (via clicking on yes to the prompt asking to trust the applet), is able to access the local resources with NO policy file on the client machine. I'm using JRE 1.4.1_02
  Is this the expected behavior?
  I sure hope it is because how in the world can you install applications to many clients and update their policy file? you can't via the web! BUT why am I reading that you have to have a policy file even if you sign an applet. I want to get rid of using Netscape security model but I can not update many client machine policy files... Please help!!! thanks. Is signing an applet all you have to do to access local machines, I sure hope so! Thanks in advance.

  I've done some more research specifically a very good article at http://developer.java.sun.com/developer/technicalArticles/Security/applets/index.html. I'll try to highlight the more interesting comments that I found. At least for the JRE 1.3 there appears to be a new class loader, sun.plugin.security.PluginClassLoader that allows a signed jar file (once trusted by the client) to have access to local resources.
  Code signed using the private key of the signer can be run on client machines once the public key corresponding to the signer is deemed as trusted on the respective machine.
  Applet security in browsers strives to prevent untrusted applets from performing potentially dangerous operations, while simultaneously allowing optimal access to trusted applets.
  There is no simply way to deploy and use customized policy files, a policy will have to be set by files based on the JRE installation. Customized class loaders or security managers cannot be installed easily.
  Policy files are difficult or at least not very straightforward for normal users, which could be thousands of machines where an applet is deployed.
  The java plug-in (I believe its 1.3 and later) provides a workaround although its recommended to use policy files wherever practical and applicable. (This implies to me that using the plug-in, all that is required is to sign the jar file to have access to local resources).
  RSA-signed applets can be deployed using the Java plug-in. (which can run in an identical way for Netscape and IE).
  In order for a plug-in enhanced browser to trust an applet and grant it all privileges or a set of fine-grained permissions (as specified in a J2EE policy file), the user has to preconfigure his or her cache of trusted signer certificates (the .keystore file in JRE 1.3) to add the applet's signer to it. However, this solution does not scale well if the applet needs to be deployed on thousands of client machines, and may not always be feasible because users may not know in advance who signed the applet that they are trying to run. A NEW CLASS LOADER, sun.plugin.security.PluginClassLoader in the Java Plug-in 1.3, OVERCOMES THE LIMITATIONS MENTIONED ABOVE.
  I hope this helps, I've been looking for this solution for quite some time, trying to understand why singed applets work with no policy files for version 1.4... Talk to you later, Jay.