对未签名的 Java 小程序可以做什么的限制? [英] Restrictions on what an unsigned Java applet can do?

问题描述

我正在尝试编译一个对未签名 Java 小程序的所有限制的完整列表(定义为普通 Java 应用程序可以执行的操作，但未签名的 Java 小程序不能).

I'm trying to compile a complete list of all restrictions placed on unsigned Java applets (defined as things a normal Java application can do, but an unsigned Java applet cannot).

这是我目前整理的清单:

This is the list I've compiled so far:

一个未签名的 Java 小程序...

An unsigned Java applet ...

1. 无法访问本地文件系统.
   • 无法访问系统剪贴板.
   • 无法启动打印作业.
   • 无法连接到任何第三方服务器(小程序源自的服务器之外的任何服务器)或从中检索资源.
   • 不能使用多播套接字.
   • 无法创建或注册 SocketImplFactory、URLStreamHandlerFactory 或 ContentHandlerFactory.
   • 无法侦听传入的套接字连接.
   • 无法侦听数据报.
   • 无法访问某些系统属性(java.class.path、java.home、user.dir、user.home、user.name).
   • 无法创建或注册 SecurityManager 对象.
   • 无法使用Runtime 或System 的load() 或loadLibrary() 方法动态加载本机代码库>.
   • 无法通过调用任何 Runtime.exec() 方法来生成新进程.
   • 无法在运行不受信任代码的线程组之外创建或访问线程或线程组.
   • 无法在 java.*、sun.* 和 netscape.* 中定义类.
   • 无法从 sun.* 包中显式加载类.
   • 无法通过调用 System.exit() 或 Runtime.exit() 退出 Java 运行时.
   • 无法访问系统事件队列.
   • 不能使用 java.lang.Class 反射方法获取有关类的非公共成员的信息，除非该类与不受信任的代码从同一主机加载.
   • 不能以任何方式操纵安全身份 (java.security).
   • 无法设置或读取安全属性 (java.security).
   • 无法列出、查找、插入或删除安全提供程序 (java.security).

1. Cannot access the local filesystem.
   • Cannot access the system clipboard.
   • Cannot initiate a print job.
   • Cannot connect to or retrieve resources from any third party server (any server other than the server the applet originated from).
   • Cannot use multicast sockets.
   • Cannot create or register a SocketImplFactory, URLStreamHandlerFactory, or ContentHandlerFactory.
   • Cannot listen to incoming socket connections.
   • Cannot listen for datagrams.
   • Cannot access some of the system properties (java.class.path, java.home, user.dir, user.home, user.name).
   • Cannot create or register a SecurityManager object.
   • Cannot dynamically load native code libraries with the load() or loadLibrary() methods of Runtime or System.
   • Cannot spawn new processes by calling any of the Runtime.exec() methods.
   • Cannot create or access threads or thread groups outside of the thread group in which the untrusted code is running.
   • Cannot define classes in java.*, sun.* and netscape.*.
   • Cannot explicitly load classes from the sun.* package.
   • Cannot exit the Java runtime by calling System.exit() or Runtime.exit().
   • Cannot access the system event queue.
   • Cannot use the java.lang.Class reflection methods to obtain information about nonpublic members of a class, unless the class was loaded from the same host as the untrusted code.
   • Cannot manipulate security identities in any way (java.security).
   • Cannot set or read security properties (java.security).
   • Cannot list, look up, insert, or remove security providers (java.security).

问题: 是否缺少任何限制?如果是，请清楚说明您认为列表中缺少哪些限制.

Question: Are there any restrictions missing? If so, please clearly state what restriction you believe is missing from the list.

推荐答案

参见 Sun 的教程:小程序可以做什么和不能做什么.

See this from Sun's tutorial: What Applets Can and Cannot Do.

这篇关于对未签名的 Java 小程序可以做什么的限制?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！