Configuring HotJava Security
This dialog lets you configure the network-related capabilities of applets.
(An applet is interactive content written in the Java language
and loaded over the network to execute inside your HotJava browser.
See the HotJava
White Paper for an overview of interactive content and HotJava.)
Applets greatly expand what's possible with the World Wide Web,
but if their capabilities aren't restricted,
they can compromise your system's security.
Use this dialog to specify which hosts (computers)
you want to protect
(by disallowing questionable applets from reading the hosts' documents)
and which hosts you trust enough to load applets from.
With a separate mechanism, you can control precisely
which files on your system can be read by applets.
(See the discussion of the HOTJAVA_READ_PATH environment variable
in the hotjava man page for details.)
Note:
Applets in the alpha2 release are not allowed to
write or change files in any way.
By default, HotJava loads all applets it encounters,
but lets an applet read only those documents that are on
the host that supplied the applet.
The options you select in this dialog can be overridden
by a system security configuration.
By specifying a system security configuration,
your system administrator can properly
configure the security options according to the desired policies,
freeing you and other users from having to do your own configuration.
UI Explanation
Enter desired security mode
This button lets you choose HotJava's security mode.
This mode tells HotJava which set of URLs is
accessible for a given applet.
When selected, this button displays the following choices:
- No access -- Disallows any applets from loading any documents via
URLs, no matter where they come from.
- Applet host -- Allows an applet to load documents only from the
same place it came from.
- Firewall -- Lets you specify a firewall
(a scope of hosts that you are willing to trust).
Once you configure this firewall,
applets that are inside the firewall
can access any documents via URLs,
but applets outside the firewall can access only those URLs
that are also outside the firewall.
- Unrestricted -- Allows any applet to load any URL.
Apply security mode to applet loading
When this toggle button isn't selected,
the security mode restricts only the set of URLs accessible to an applet.
However, you may wish to disallow even loading any
applets that are outside of the domain you trust.
When selected, this toggle causes the following behavior
(based on the security mode you selected):
- No access -- Disallows any applets from being loaded.
This effectively limits HotJava to being a simple passive browser.
- Applet host -- Allows only local applets to be loaded
(applets specified with a "file:" URL).
- Firewall -- Allows only applets that are inside your firewall
to be loaded.
- Unrestricted -- Allows any applet to be loaded.
Enter the kind of domain you're using
Use this button to specify whether your network uses
Sun's Network Information Services (NIS)
or the Domain Naming Service (DNS).
If you are unsure which service you are using,
ask your system administrator.
Configure firewall...
This button allows you to
Apply
This button applies and saves any changes you've specified.
Note that some of the changes you make
might not take effect if your system administrator has set up a
system security configuration
for HotJava,
since you can't have security weaker than the system security configuration.
Cancel
This button cancels any changes and resets the dialog to the initial choices.
Help
This button brings up this page in HotJava.