Comments on: How SnapABug works – and what they should do http://www.barklund.org/blog/2009/10/14/how-snapabug-works/ My life with ActionScript, JavaScript and their families Fri, 12 Feb 2010 14:23:54 +0100 http://wordpress.org/?v=2.9.2 hourly 1 By: Barklund http://www.barklund.org/blog/2009/10/14/how-snapabug-works/comment-page-1/#comment-89895 Barklund Mon, 19 Oct 2009 11:53:47 +0000 http://www.barklund.org/blog/?p=390#comment-89895 Please see my follow-up post <a href="http://www.barklund.org/blog/2009/10/19/signed-applet-trust-stupid/" rel="nofollow">Why signed applet trust is a stupid question (and why SnapABug is not to blame)</a>. Please see my follow-up post Why signed applet trust is a stupid question (and why SnapABug is not to blame).

]]> By: semanticist http://www.barklund.org/blog/2009/10/14/how-snapabug-works/comment-page-1/#comment-89532 semanticist Thu, 15 Oct 2009 05:58:38 +0000 http://www.barklund.org/blog/?p=390#comment-89532 Do any browsers actually show what permissions are being requested to the user? I have never seen an applet request anything other than "unrestricted access" to my computer. Do any browsers actually show what permissions are being requested to the user? I have never seen an applet request anything other than “unrestricted access” to my computer.

]]> By: TimZon http://www.barklund.org/blog/2009/10/14/how-snapabug-works/comment-page-1/#comment-89509 TimZon Thu, 15 Oct 2009 01:50:39 +0000 http://www.barklund.org/blog/?p=390#comment-89509 Hej, Thank you for very detailed analysis of our solution. We decided to implement a signed applet because we cannot expect each user of our application to change their policy settings. This is beyond what the average (non-technical) person could or would do, signing the applet was the easier and most user friendly solution. Our identity is clearly stated on the applet certificate (also verified by the certificate issuer) and as you attested our code is not malicious in any way. As far, I we know, once an applet is signed it is automatically granted AllPermissions, unless there is a specific client-side policy in place for that Applet. If you know of another way to limit permissions while still providing a certifiable and simple solution for the end user, we would love to learn about it. If a more restrictive environment is necessary, SnapABug permissions can be limited as follow: grant { permission java.awt.AWTPermission "accessClipboard"; permission java.awt.AWTPermission "accessEventQueue"; permission java.awt.AWTPermission "createRobot"; permission java.awt.AWTPermission "readDisplayPixels"; permission java.net.SocketPermission "snapabug.appspot.com", "connect"; permission java.lang.RuntimePermission "modifyThread"; permission java.lang.RuntimePermission "modifyThreadGroup"; }; Thanks, The TimZon team. Hej,

Thank you for very detailed analysis of our solution.

We decided to implement a signed applet because we cannot expect each user of our application to change their policy settings.
This is beyond what the average (non-technical) person could or would do, signing the applet was the easier and most user friendly solution.
Our identity is clearly stated on the applet certificate (also verified by the certificate issuer) and as you attested our code is not malicious in any way.
As far, I we know, once an applet is signed it is automatically granted AllPermissions, unless there is a specific client-side policy in place for that Applet.
If you know of another way to limit permissions while still providing a certifiable and simple solution for the end user, we would love to learn about it.

If a more restrictive environment is necessary, SnapABug permissions can be limited as follow:
grant {
permission java.awt.AWTPermission “accessClipboard”;
permission java.awt.AWTPermission “accessEventQueue”;
permission java.awt.AWTPermission “createRobot”;
permission java.awt.AWTPermission “readDisplayPixels”;
permission java.net.SocketPermission “snapabug.appspot.com”, “connect”;
permission java.lang.RuntimePermission “modifyThread”;
permission java.lang.RuntimePermission “modifyThreadGroup”;
};

Thanks,
The TimZon team.

]]>