So I want to install a SecurityManager to sandbox the code I download,
but I don't want my application itself to be sandboxed (it needs to make
network connections, access the file system, load native method DLLs
etc.)
If my application does System.setSecurityManager(new SecurityManager()),
then my application itself is sandboxed.
Do I have to write my own SecurityManager which allows my application to
do anything while sandboxing the downloaded code? The docs say
"customization of a security manager (via subclassing) should be the
last resort"
http://www.javasoft.com/products/jdk/1.2/docs/guide/security/spec/security-spec.doc6.html#28195
Should I write a java.policy file that grants my application
AllPermissions and invoke the VM with -Djava.security.policy=<path to my
policy file> ? The problem is I would have to dynamically generate the
policy file because my applications codebase will be different depending
on where the user installed me. I guess I could invoke the VM with
-Dsoftcom.codebase=<my codebase> and then use $(softcom.codebase)
property expansion in my policy file.
What is the best way to handle this? What does the HotJava browser do
to sandbox applets in 1.2?
Andrew
-- Andrew Wason SoftCom, Inc. aw@softcom.com