Comments on: How SnapABug works – and what they should do

By: Randy

Randy — Tue, 18 Jan 2011 21:16:52 +0000

There is an easier way for the applet to get the dimensions of the browser window to capture that image.
The javascript code can just get the x and y coordinates of the browser and the height and width, then pass that value (of the browser) to the applet.

By: Barklund

Barklund — Wed, 20 Oct 2010 12:26:27 +0000

@Ondrej: No, not as far as I know, but it is quite simple to re-create the desired functionality based on the above description. I have however also suggested another use-case for this kind of applet as outlined in this post, so if you do create one, you might want to keep that idea in mind as well :)

By: Ondrej Medek

Ondrej Medek — Thu, 14 Oct 2010 19:08:14 +0000

It there any opensource alternative for this applet? Thanks.

By: My daily readings 04/21/2010 « Strange Kite

My daily readings 04/21/2010 « Strange Kite — Wed, 21 Apr 2010 11:30:28 +0000

[...] How SnapABug works – and what they should do | Barklund.org [...]

By: Barklund

Barklund — Mon, 19 Oct 2009 11:53:47 +0000

Please see my follow-up post Why signed applet trust is a stupid question (and why SnapABug is not to blame).

By: semanticist

semanticist — Thu, 15 Oct 2009 05:58:38 +0000

Do any browsers actually show what permissions are being requested to the user? I have never seen an applet request anything other than “unrestricted access” to my computer.

By: TimZon

TimZon — Thu, 15 Oct 2009 01:50:39 +0000

Hej,

Thank you for very detailed analysis of our solution.

We decided to implement a signed applet because we cannot expect each user of our application to change their policy settings.
This is beyond what the average (non-technical) person could or would do, signing the applet was the easier and most user friendly solution.
Our identity is clearly stated on the applet certificate (also verified by the certificate issuer) and as you attested our code is not malicious in any way.
As far, I we know, once an applet is signed it is automatically granted AllPermissions, unless there is a specific client-side policy in place for that Applet.
If you know of another way to limit permissions while still providing a certifiable and simple solution for the end user, we would love to learn about it.

If a more restrictive environment is necessary, SnapABug permissions can be limited as follow:
grant {
permission java.awt.AWTPermission “accessClipboard”;
permission java.awt.AWTPermission “accessEventQueue”;
permission java.awt.AWTPermission “createRobot”;
permission java.awt.AWTPermission “readDisplayPixels”;
permission java.net.SocketPermission “snapabug.appspot.com”, “connect”;
permission java.lang.RuntimePermission “modifyThread”;
permission java.lang.RuntimePermission “modifyThreadGroup”;
};

Thanks,
The TimZon team.