Configuring HotJava Security

This dialog lets you configure the network-related capabilities of applets. (An applet is interactive content written in the Java language and loaded over the network to execute inside your HotJava browser. See the HotJava White Paper for an overview of interactive content and HotJava.) Applets greatly expand what's possible with the World Wide Web, but if their capabilities aren't restricted, they can compromise your system's security.

Use this dialog to specify which hosts (computers) you want to protect (by disallowing questionable applets from reading the hosts' documents) and which hosts you trust enough to load applets from. With a separate mechanism, you can control precisely which files on your system can be read by applets. (See the discussion of the HOTJAVA_READ_PATH environment variable in the hotjava man page for details.)

Note: Applets in the 1.0Alpha3 release are not allowed to write or change files in any way.

By default, HotJava loads all applets it encounters, but lets an applet read only those documents that are on the host that supplied the applet.

The options you select in this dialog can be overridden by a system security configuration. By specifying a system security configuration, your system administrator can properly configure the security options according to the desired policies, freeing you and other users from having to do your own configuration.

UI Explanation

Enter desired security mode

This button lets you choose HotJava's security mode. This mode tells HotJava which set of URLs is accessible for a given applet.

When selected, this button displays the following choices:

No access -- Disallows any applets from loading any documents via URLs, no matter where they come from.
Applet host -- Allows an applet to load documents only from the same place it came from.
Firewall -- Lets you specify a firewall (a scope of hosts that you are willing to trust). Once you configure this firewall, applets that are inside the firewall can access any documents via URLs, but applets outside the firewall can access only those URLs that are also outside the firewall.
Unrestricted -- Allows any applet to load any URL.

Apply security mode to applet loading

When this toggle button isn't selected, the security mode restricts only the set of URLs accessible to an applet. However, you may wish to disallow even loading any applets that are outside of the domain you trust. When selected, this toggle causes the following behavior (based on the security mode you selected):

No access -- Disallows any applets from being loaded. This effectively limits HotJava to being a simple passive browser.
Applet host -- Allows only local applets to be loaded (applets specified with a "file:" URL).
Firewall -- Allows only applets that are inside your firewall to be loaded.
Unrestricted -- Allows any applet to be loaded.

Enter the kind of domain you're using

Use this button to specify whether your network uses Sun's Network Information Services (NIS) or the Domain Naming Service (DNS). If you are unsure which service you are using, ask your system administrator.

Configure firewall...

This button allows you to

Apply

This button applies and saves any changes you've specified. Note that some of the changes you make might not take effect if your system administrator has set up a system security configuration for HotJava, since you can't have security weaker than the system security configuration.

Cancel

This button cancels any changes and resets the dialog to the initial choices.

Help

This button brings up this page in HotJava.