Bean Security Query

Martyn Webster (mwebster@passgo.com)
Tue, 11 Aug 1998 09:43:12 +0100

Message-Id: <199808110945.JAA20611@relay.technocom.net>
From: "Martyn Webster" <mwebster@passgo.com>
To: <java-security@java.sun.com>
Subject: Bean Security Query
Date: Tue, 11 Aug 1998 09:43:12 +0100

Hello,

If you have the time, please could you answer a quick security question,
which I have been unable to clarify from the usual resources...

I am trying to create a Java bean that wraps up a set of security and
access functions provided by a third-party, using JDK 1.1.5, such that this
bean can then be available only to 'authorised' applets which I have
created. This works on a given machine and provides customised access
control via a supplied native 'C' API interface. The problem is this: How
can I ensure that
any incoming applet on an untrusted web page can be prevented from also
accessing the public functions exposed by the bean? - These exposed methods
should only be available to one specified applet and no-one else, but it
seems that any applet could also access them if they are in the CLASSPATH.

If you could shed any light on this it would be much appreciated.
Thanks *very* much in advance.
Stewart Elkin
selkin@passgo.com

*NOTE* Please reply to the following address (not the one you received
from)
selkin@passgo.com <-- return mail address