is an java applet able to harm my computer?

Hi,

I use IE and netscape. In the options of IE, i see that the default settings
concerning Java applet are:
run java applets in script: yes

I read that an applet can do more than a javascript. So, is an applet able
to harm my system (by writing, deleting ..). If yes, why is the default yes?

Thanks
carl




0
Carl
9/23/2003 12:54:15 PM
comp.lang.java.security 1500 articles. 0 followers. Post Follow

4 Replies
904 Views

Similar Articles

[PageSpeed] 20
On Tue, 23 Sep 2003 14:54:15 +0200, "Carl" <jhkl@fgnfn.us> wrote or
quoted :

>I read that an applet can do more than a javascript. So, is an applet able
>to harm my system (by writing, deleting ..). If yes, why is the default yes?

An unsigned applet can't hurt you.  A signed one is equivalent to an
installed program  if you give it permission to run.


I think this parameter just allows triggering applets from Javascript.
This is not a particularly dangerous thing to do.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming. 
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
0
Roedy
9/23/2003 7:00:21 PM
Some Netscape.6x versions have a security hole allowing an unsigned
JavaScript code access methods of signed applet. This way "bad guys" can
combine a signed trusted third-party applet with access privileges (an ftp
client for example) and their own JavaScript  code to misuse applet's
methods (if you granted privileges to the applet).

If your Netscape is 6.xx, I would check it, or just disallow Java in it.

Carl <jhkl@fgnfn.us> wrote in message news:bkpg0d$8me$1@reader11.wxs.nl...
> Hi,
>
> I use IE and netscape. In the options of IE, i see that the default
settings
> concerning Java applet are:
> run java applets in script: yes
>
> I read that an applet can do more than a javascript. So, is an applet able
> to harm my system (by writing, deleting ..). If yes, why is the default
yes?
>
> Thanks
> carl
>
>
>
>


0
VK
9/23/2003 9:18:09 PM
*IF* (a very big if) you're still using Microsoft's VM, then there could be
a chance - because MSJVM has bugs in it.

My virus shield has information about a virus (forgot its name) that is a
Java applet. It will exploit a security loophole in MSJVM to access and
execute files on your computer.

Microsoft has patches for MSJVM, but god knows if there're more lurking in
there. More reason to download JRE!


KC


0
KC
9/24/2003 3:27:00 AM
Hi, SUN JRE is also vulnerable if you use the java media framework: 

See

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760&zone_32=category%3Asecurity

"1. Impact 
A vulnerability in the Java(TM) Media Framework (JMF) may potentially
allow an untrusted applet to exit unexpectedly ("crash") the Java
Virtual Machine (JVM) or gain unauthorized privileges.."

 
Cheers
Marc 



"KC Wong" <sterilize.the.spammers@killkillkill.com> wrote in message news:<bkr2si$4rqc0$1@ID-200690.news.uni-berlin.de>...

> *IF* (a very big if) you're still using Microsoft's VM, then there could be
> a chance - because MSJVM has bugs in it.
> 
> My virus shield has information about a virus (forgot its name) that is a
> Java applet. It will exploit a security loophole in MSJVM to access and
> execute files on your computer.
> 
> Microsoft has patches for MSJVM, but god knows if there're more lurking in
> there. More reason to download JRE!
> 
> 
> KC
0
marc
10/3/2003 12:38:21 PM
Reply:
Similar Artilces:

java
Hello All, What is the present state of opengl 'binding' to java (or vice versa). The picture emerging from the internet confuses me. Any comments gratefully received. Ivan "ivan danicic" <ivan@goaway.spam> wrote in message news:aWq8f.7097$iD.5529@fe2.news.blueyonder.co.uk... > Hello All, What is the present state of opengl 'binding' to java (or vice > versa). The picture emerging from the internet confuses me. Any comments > gratefully received. > Ivan > "jogl" is still active and probably one of the most complete. I've assumed ...

plz how to diffrentaite then compute that function
plz i want how to diff function u =3xy-y^2 w.r.t x and w.r.t y then evalute these derivatives at x=[1 2],y=[-6 -3] essam roshdy wrote: > plz i want how to diff function u =3xy-y^2 w.r.t x and w.r.t y then > evalute these derivatives at x=[1 2],y=[-6 -3] First, please don't post multiple topics on the same subject. Secondly, read the documentation and make an attempt yourself. Then come back here with more information like what you have tried. Finally, don't beg, it just makes you look pathetic. Hints despite my instincts: Obviously you'll need the symbolic math toolbox, ...

Java Web Console
Hello, What security restrictions should be considered when accessing Solaris 10 Web Console using root account? I have no problem to log in using another user account, but my root password seems not to work.... Feb 19 15:24:15 dwsol Sun Java(TM) Web Console[704]: [ID 197375 daemon.warning] Authentication of user {0} failed. bash-3.00# /usr/sbin/smcwebserver status Sun Java(TM) Web Console is running bash-3.00# cacaoadm restart bash-3.00# /usr/sbin/smcwebserver restart Restarting Sun Java(TM) Web Console Version 3.0.2 ... The console is running bash-3.00# svcs -a |grep webconsole onli...

Java run-time error in starting Hudson
I followed the instructions to install Hudson at http://weblogs.java.net/blog/kohsuke/archive/2007/03/installing_huds.html Simply download hudson.war and run java -jar hudson.war But I get this run-time error: Running from: /cgbu/home0/cgbubldt/hudson/hudson.war [Winstone 2009/07/20 13:09:41] - Beginning extraction from war file [Winstone 2009/07/20 13:10:06] - No webapp classes folder found - / cgbu/home0/cgbubldt/.hudson/war/WEB-INF/classes 20-Jul-09 1:10:06 PM hudson.WebAppMain contextInitialized SEVERE: Failed to initialize Hudson java.lang.NoClassDefFoundError: hudson.model.Hudson ...

Calling IDL Objects from JAVA
Folks, We are working on a new web portal that uses JAVA code for most of its operations. We wish to add some graphical functionality to the web page, so we are using the JAVA bridge to call some already defined IDL objects that open a file, process the data, create a PNG file, and display it on the web page. All of this works reasonably well. (We have had some weird problems with the IDL JAVA Bridge Assistant Wizard, or whatever it is calling itself these days, but for the moment we have overcome these.) Our main problem is that our IDL objects use a LOT of keywords in their methods. Spec...

Java in Java
Is it possible to download a Java app (applet etc?) and run it inside a desktop Java app? -- Dirk http://www.transcendence.me.uk/ - Transcendence UK http://www.theconsensus.org/ - A UK political party http://www.onetribe.me.uk/wordpress/?cat=5 - Our podcasts on weird stuff Dirk Bruere at NeoPax wrote: > Is it possible to download a Java app (applet etc?) and run it inside a > desktop Java app? > Quite likely, but you won't necessarily get the same security model, unless you were careful about it. -- Daniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/&g...

US-NJ: Princeton-Jr. Java Web Developer
************************************************************** JobCircle.com - Careers, Content and Community for Technology professionals in the Northeastern United States! Jobcircle.com provides resume submission, classified searches, eLearning, hundreds of career development articles, tech news, and more to tens of thousands of Technology professionals in your area - visit us today at http://www.jobcircle.com! !!! Voted a TOP 50 Career Web Site in 2002 by CareerXRoads !!! ************************************************************** Job Title: Jr. Java Web Developer J...

Vintage Computer Festival
Just a reminder about VCF this weekend.��I've�been�there�for�all�the�events so far and will be there for this one too.��I�have�an�exhibit�and�a�vendor booth (clearing out a lot of extras and oddities).��See�Robert�Bernardo�of the Fresno Commodore Group (always has mucho commodore goodies for sale at great prices), Cameron Kaiser with his Secret Weapons of Commodore on display (Saturday only) and Jeri Ellsworth, with the C-1 and Commodore-DTV demonstrations.��Also�it�is�in�the�Computer�museum�history�center,�the largest computer museum in the US with some really interesting exhibits, (want ...

Java navigation bar
Anyone know a good site that'll teach you how to make a drop-down navigation bar? I assume it is javascript In article <20031015232805.29165.00000668@mb-m06.aol.com>, kkiely@aol.comnojunk enlightened us with... > Anyone know a good site that'll teach you how to make a drop-down navigation > bar? I assume it is javascript > Why re-invent the wheel? There's tons of free ones out there. Try http://www.dynamicdrive.com ------------------------------------------------- ~kaeli~ Jesus saves, Allah protects, and Cthulhu thinks you'd make a nice sandwich. http://www...

US-TX-Austin: Java Developer, Web Logic, Web servers, EJB, JSP, Linux; 2040 hrs. (45360214411)
US-TX-Austin: Java Developer, Web Logic, Web servers, EJB, JSP, Linux; 2040 hrs. (45360214411) ============================================================================================== Position: Java Developer Reference: ZYD00205 Location: Austin TX Duration: 2040 h Skills: Progressive information technology experience and responsibility. Knowledge of Internet application servers (especially Web Logic), Web servers, EJB, JSP, Linux, Oracle, OO analysis/design, and multiple programming languages. ...

Would like to move my DSL computer from downstairs to upstairs
When DSL was first installed in the house, the installer put a separate jack in the wall in a downstairs home office which is where it's been for five years now. Now we want to relocate the office (including PC) to an upstairs room. Was I told correctly that the DSL modem can be plugged into any phone jack in the house? (There is a jack in the upstairs room already) Do I need to purchase a filter or any other sort of hardware to attach to the line? (I do not want to pull wires through the wall unless there is no way to avoid it) Would appreciate a pointer to any websites or FAQ's...

Practically Free Live 3 to 5 day Online Codecamps on Grails, Rails, jQuery, Spring, Java SE, Java EE, HTML5, Android
From July 23rd, 2013, JPassion.com is going to offer 3 to 5 days "live", "i= nstructor-led", "hands-on" style, "intensity guaranteed" codecamps (be read= y to code!) to all paying members of JPassion.com for free. Yes, for FREE. = Each of these codecamps would typically cost between $2000 to $4000. Now w= ith a paying membership of JPassion.com, which is $99 per year for now, you= can attend all of these live codecamps without paying a single extra dolla= r. Moving forward, we are planning to offer one or two codecamps per month.= Popular code...

java.policy question 471540
First let me say that I've used Google and come up with numerous answers (too numerous!). I'm really looking for pointers more than the direct answers as direct answer will most likely leave me with more questions. I'm currently running Sun Java 1.5.0 and the initial work is on Firefox 1.0. Later I'll work on IE. I'm working on an applet which will eventually sit on a device where it will be served from. But for now I need to run the applet from another machine and, of course, it gets a security violation. To get around this I search the web and found that I can change the...

requirement for Java multi thread @sunnyvale, ca
hi Folks, Job Title: Java Multi-Threading Location : Sunnyvale, CA Duration: 12 months Need a hands-on developer with: * Strong server side Java skills * Fluent in developing multi-threaded apps * Experience developing applications with Cassandra with high read/write operations * Comfortable performance tuning app * Developed apps on Linux Strong JAVA experience building Multithreading / Scalable applications SEND RESUMES TO JWHITE@JBSAC.COM ...

Computing Fourier Coefficients and displaying data tia sal22
Greetings All I found some great matlab code that creates Fourier Coefficients and I=92m trying to display/export the coefficients into the format y=3Dao +an*cos(n*2*pi*x)+bn*sin(n*2*pi*x). I=92ve plotted y vs ynew using matlab and matrices which matches up great. But I'm having problems calculating the matrices and displaying/getting them into the correct format y=3Dao+an*cos(n*2*pi*x)+bn*sin(n*2*pi*x). I test the output in geogebra a nice free program to check the periodicity of the signal however the signal looks just like a sine wave. Code below: clear clc t1 =3D tic; %start time...

Java 6 Update 4 Application JDialog labelled (Java Applet Window)
Running Vista, Home Premium; Java 1.6 SERVER VM Update 4 using thefollowing command line:java.exe -server -dsa -Dsun.java2d.noddraw=true -Xbatch -Xss256k -Xms300m -Xmx300m -Xnoclassgc -XX:+RelaxAccessControlCheck -XX:MaxInlineSize=8192 -XX:-DontCompileHugeMethods -XX:+ForceTimeHighResolution -XX:-TieredCompilation -XX:CompileThreshold=20 -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:MaxGCPauseMillis=150 -XX:CICompilerCount=1 -XX:ThreadStackSize=256 -XX:+AggressiveOpts -cpsZoneTrader.jar;sZoneTraderAuth.jar;sZoneTraderSounds.jar;sZoneTraderChart.jar;sZoneTraderContracts.jarcom/twc/trader...

Oreilly upload and java bean
Hi, I am running tomcat 5 and have a form as jsp page. That form has lots of fields and am using oreilly's Multiparser class to upload a file from that form. For uploading the enctype should be multipart/form-data and it works fine. Now in the form I wanted to add a bean which will validate the form before processing it. I want validation to be done on server side. I am submitting the form to itself and then calling a bean. The bean does not run as it should be. The jsp:setProperty tag does not set the property. After a little testing I found that if I remove enctype it works fine. So t...

$links wiyh java
Hi all, Does somebody know how to get the content of the field "$Links" ? This field is created when you insert links in a document. With java if I use item.getText or get Value the result is empty with item.getType I have type=NOTELINKS Thanks Paola ...

Announcing "Academia.edu" to the Theoretical Computer Science community
Dear all, I recently finished my Ph.D at Oxford on the philosophy of perception. With a team of people from Stanford and Cambridge, I've just launched a website, Academia.edu, which does two things: - It shows academics around the world structured in a 'tree' format, displayed according to their departmental and institutional affiliations. - It enables academics to see news on the latest research in their area - the latest people, papers and talks. We are hoping that Academia.edu will eventually list every academic in the world -- Faculty Members, Post-Docs, Graduate Students,...

Java Problem
Hello. I have two applications that run off Java. One of them requires that you uncheck the install to Internet Explorer option during setup while the other app requires that you check it. consequently, only one program will run at a time. is there any way i can get around this so i can run them simultaneously? thanks richard ...

US-TX-San Antonio: Filenet Program Analyst,Visual Basic,Java,ASP,HTML, .Net (45357114979)
US-TX-San Antonio: Filenet Program Analyst,Visual Basic,Java,ASP,HTML, .Net (45357114979) ========================================================================================= Position: Filenet Program Analyst Reference: ZYD00162 Location: San Antonio TX Duration: Skills: 4 + years in a programmer / analyst capacity with FileNET imagine processing, Content Services, Panagon Capture, IDM Desktop, and Workflow application software and hardware. Business systems and related computer applications, with heavy...

US-TX-Houston: Java Developers, J2EE, XML, OOA/OOD, UML, C++/C#, API's; DH (45325957609)
US-TX-Houston: Java Developers, J2EE, XML, OOA/OOD, UML, C++/C#, API's; DH (45325957609) ======================================================================================== Position: Java Developers Reference: SMC01709 Location: Houston TX Duration: DH Skills: Strong server-side Java experience (e.g. J2EE, XML, Struts, JSP, HTML, etc.). 5-7ys of Application Development work experience. Prior experience in OOA/OOD, Design Patters, UML. Prior experience with team-based development following a ...

java
Do any of you know someone experienced in Java that is interested in a full time job in Tucson, Omaha or Dallas? Company dies not pay relo but has an excellent reputation as a great place to work. If you are interested sheck out www.retaliz.com ...

Isn't java.lang.Character.html#{ isLetterFromLang(int codePoint, String ISOLangDef) missing from the spec?
~ One possibly (and easily ;-)) could based on the Unicode code points check the ranges for each language, but I think it would be very useful for people parsing text from different languages. ~ Do you know of any java packages to address these NLP issues? or, if you don't, is there something like that for text processing in ANSI C or C++? ~ Thanks lbrtchx On 04-12-2010 19:16, lbrtchx@gmail.com wrote: > One possibly (and easily ;-)) could based on the Unicode code points > check the ranges for each language, but I think it would be very useful > for people pa...

Call For Papers
=20 SOFT COMPUTING Journal - SPRINGER =20 Special Issue on =20 Soft Computing for Bioinformatics and Medical Informatics =20 CALL FOR PAPERS =20 The past few years have witnessed phenomenal growth of=20 bioinformatics and medical informatics, exciting fields devoted to=20 the interpretation and analysis of biological and medical data using=20 computational techniques. Among the large number of computational=20 techniques used, soft computing, which incorporates=20 =20 * neural networks,=20 * evolutionary computat...